Edit tour

Windows Analysis Report
4yOuoT4GFy.exe

Overview

General Information

Sample name:	4yOuoT4GFy.exe renamed because original name is a hash value
Original sample name:	A6D1D3DC7A39BA925EBC17953A7D6B24.exe
Analysis ID:	1561650
MD5:	a6d1d3dc7a39ba925ebc17953a7d6b24
SHA1:	33500513781da4c6ef41db97226c0658274d7d35
SHA256:	56e59b7a9a99a1662e1213ed0b9c4278f6e6dcea89068936ea22d318521c9c4c
Tags:	AsyncRATexeRATuser-abuse_ch
Infos:

Detection

AsyncRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Scheduled temp file as task from temp location

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected AsyncRAT

.NET source code contains potential unpacker

.NET source code contains very large strings

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

C2 URLs / IPs found in malware configuration

Loading BitLocker PowerShell Module

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses schtasks.exe or at.exe to add and modify task schedules

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Schtasks From Env Var Folder

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

4yOuoT4GFy.exe (PID: 7492 cmdline: "C:\Users\user\Desktop\4yOuoT4GFy.exe" MD5: A6D1D3DC7A39BA925EBC17953A7D6B24)

powershell.exe (PID: 7688 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 8104 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

powershell.exe (PID: 7736 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\StcHfDkbCv.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7768 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MSBuild.exe (PID: 7948 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

StcHfDkbCv.exe (PID: 8044 cmdline: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe MD5: A6D1D3DC7A39BA925EBC17953A7D6B24)

schtasks.exe (PID: 7244 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp25D9.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MSBuild.exe (PID: 2800 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
AsyncRAT	AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/asyncrat-onenote-dropper https://aidenmitchell.ca/asyncrat-via-vbs/ https://assets.virustotal.com/reports/2021trends.pdf https://axmahr.github.io/posts/asyncrat-detection/ https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/	https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Malware Configuration

Threatname: AsyncRAT

{"Server": "ronymahmoud.casacam.net,skype.onthewifi.com", "Port": "6606,7707,8808", "Version": "0.5.6D", "MutexName": "jhgafoymglrhbrsdp", "Autorun": "false", "Group": "null"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x9731:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x1c931:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM 0x28611:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM 0x3491d:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
00000009.00000002.1765381766.0000000002812000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
00000009.00000002.1765381766.0000000002812000.00000004.00000800.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x1a001:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM 0x25ce1:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM 0x32019:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
00000008.00000002.4127051817.0000000002A91000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Process Memory Space: 4yOuoT4GFy.exe PID: 7492	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Process Memory Space: 4yOuoT4GFy.exe PID: 7492	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: 4yOuoT4GFy.exe PID: 7492	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0xcf332:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
Process Memory Space: MSBuild.exe PID: 7948	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Process Memory Space: StcHfDkbCv.exe PID: 8044	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Process Memory Space: StcHfDkbCv.exe PID: 8044	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: StcHfDkbCv.exe PID: 8044	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x4c7aa:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
Process Memory Space: MSBuild.exe PID: 2800	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Process Memory Space: MSBuild.exe PID: 2800	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0xae17:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
Click to see the 11 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
9.2.StcHfDkbCv.exe.28226d0.1.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
9.2.StcHfDkbCv.exe.28226d0.1.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x7b31:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
13.2.MSBuild.exe.400000.0.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
13.2.MSBuild.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.4yOuoT4GFy.exe.2625000.1.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
13.2.MSBuild.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x9931:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
0.2.4yOuoT4GFy.exe.2625000.1.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x7b31:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
9.2.StcHfDkbCv.exe.282e3b0.3.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
9.2.StcHfDkbCv.exe.282e3b0.3.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x7b31:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
0.2.4yOuoT4GFy.exe.2630ce0.3.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0.2.4yOuoT4GFy.exe.2630ce0.3.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x7b31:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x9931:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM 0x15611:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM 0x2191d:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
9.2.StcHfDkbCv.exe.28226d0.1.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
9.2.StcHfDkbCv.exe.28226d0.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
9.2.StcHfDkbCv.exe.28226d0.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x9931:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM 0x15611:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM 0x21949:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
9.2.StcHfDkbCv.exe.282e3b0.3.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
9.2.StcHfDkbCv.exe.282e3b0.3.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
9.2.StcHfDkbCv.exe.282e3b0.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x9931:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM 0x15c69:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x9931:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM 0x15c3d:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
Click to see the 18 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\4yOuoT4GFy.exe", ParentImage: C:\Users\user\Desktop\4yOuoT4GFy.exe, ParentProcessId: 7492, ParentProcessName: 4yOuoT4GFy.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe", ProcessId: 7688, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp25D9.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp25D9.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe, ParentImage: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe, ParentProcessId: 8044, ParentProcessName: StcHfDkbCv.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp25D9.tmp", ProcessId: 7244, ProcessName: schtasks.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\4yOuoT4GFy.exe", ParentImage: C:\Users\user\Desktop\4yOuoT4GFy.exe, ParentProcessId: 7492, ParentProcessName: 4yOuoT4GFy.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp", ProcessId: 7768, ProcessName: schtasks.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\4yOuoT4GFy.exe", ParentImage: C:\Users\user\Desktop\4yOuoT4GFy.exe, ParentProcessId: 7492, ParentProcessName: 4yOuoT4GFy.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe", ProcessId: 7688, ProcessName: powershell.exe

Persistence and Installation Behavior

Sigma detected: Scheduled temp file as task from temp location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\4yOuoT4GFy.exe", ParentImage: C:\Users\user\Desktop\4yOuoT4GFy.exe, ParentProcessId: 7492, ParentProcessName: 4yOuoT4GFy.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp", ProcessId: 7768, ProcessName: schtasks.exe

Suricata Signatures

ET MALWARE Generic AsyncRAT Style SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-24T03:17:17.367502+0100	2035595	1	Domain Observed Used for C2 Detected	3.145.156.44	6606	192.168.2.4	49737	TCP

ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-24T03:17:17.367502+0100	2035607	1	Domain Observed Used for C2 Detected	3.145.156.44	6606	192.168.2.4	49737	TCP

ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-24T03:17:17.367502+0100	2842478	1	Malware Command and Control Activity Detected	3.145.156.44	6606	192.168.2.4	49737	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: skype.onthewifi.com	Avira URL Cloud: Label: malware
Source: ronymahmoud.casacam.net	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000008.00000002.4127051817.0000000002A91000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: AsyncRAT {"Server": "ronymahmoud.casacam.net,skype.onthewifi.com", "Port": "6606,7707,8808", "Version": "0.5.6D", "MutexName": "jhgafoymglrhbrsdp", "Autorun": "false", "Group": "null"}

Multi AV Scanner detection for domain / URL

Source: skype.onthewifi.com	Virustotal: Detection: 12%	Perma Link
Source: ronymahmoud.casacam.net	Virustotal: Detection: 14%	Perma Link
Source: skype.onthewifi.com	Virustotal: Detection: 12%	Perma Link
Source: ronymahmoud.casacam.net	Virustotal: Detection: 14%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe

ReversingLabs: Detection: 83%

Multi AV Scanner detection for submitted file

Source: 4yOuoT4GFy.exe	ReversingLabs: Detection: 83%
Source: 4yOuoT4GFy.exe	Virustotal: Detection: 73%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: 4yOuoT4GFy.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49992 version: TLS 1.2

Source: 4yOuoT4GFy.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: opTA.pdbSHA256o source: 4yOuoT4GFy.exe, StcHfDkbCv.exe.0.dr
Source:	Binary string: opTA.pdb source: 4yOuoT4GFy.exe, StcHfDkbCv.exe.0.dr

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 3.145.156.44:6606 -> 192.168.2.4:49737
Source: Network traffic	Suricata IDS: 2030673 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) : 3.145.156.44:6606 -> 192.168.2.4:49737
Source: Network traffic	Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 3.145.156.44:6606 -> 192.168.2.4:49737
Source: Network traffic	Suricata IDS: 2035607 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) : 3.145.156.44:6606 -> 192.168.2.4:49737

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: ronymahmoud.casacam.net
Source: Malware configuration extractor	URLs: skype.onthewifi.com

Yara detected Generic Downloader

Source: Yara match	File source: 13.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.28226d0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.282e3b0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack, type: UNPACKEDPE

Source: global traffic

TCP traffic: 192.168.2.4:49737 -> 3.145.156.44:6606

Source: Joe Sandbox View

ASN Name: AMAZON-02US AMAZON-02US

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 84.201.211.40
Source: unknown	TCP traffic detected without corresponding DNS query: 84.201.211.40
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: skype.onthewifi.com
Source: global traffic	DNS traffic detected: DNS query: ronymahmoud.casacam.net

Source: MSBuild.exe, 00000008.00000002.4125242253.0000000000ED6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: 77EC63BDA74BD0D0E0426DC8F80085060.8.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 4yOuoT4GFy.exe, 00000000.00000002.1720656894.0000000002571000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.4127051817.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, StcHfDkbCv.exe, 00000009.00000002.1765381766.0000000002771000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: 4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919

Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49992 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match	File source: 9.2.StcHfDkbCv.exe.28226d0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2625000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.282e3b0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2630ce0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.28226d0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.282e3b0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1765381766.0000000002812000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4127051817.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4yOuoT4GFy.exe PID: 7492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: StcHfDkbCv.exe PID: 8044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 2800, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 9.2.StcHfDkbCv.exe.28226d0.1.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 13.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 0.2.4yOuoT4GFy.exe.2625000.1.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 9.2.StcHfDkbCv.exe.282e3b0.3.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 0.2.4yOuoT4GFy.exe.2630ce0.3.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 9.2.StcHfDkbCv.exe.28226d0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 9.2.StcHfDkbCv.exe.282e3b0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 00000009.00000002.1765381766.0000000002812000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: Process Memory Space: 4yOuoT4GFy.exe PID: 7492, type: MEMORYSTR	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: Process Memory Space: StcHfDkbCv.exe PID: 8044, type: MEMORYSTR	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: Process Memory Space: MSBuild.exe PID: 2800, type: MEMORYSTR	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen

.NET source code contains very large strings

Source: 4yOuoT4GFy.exe, frmWeather.cs	Long String: Length: 13824
Source: StcHfDkbCv.exe.0.dr, frmWeather.cs	Long String: Length: 13824

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Code function: 0_2_00A6EEE4	0_2_00A6EEE4
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Code function: 0_2_02556F18	0_2_02556F18
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Code function: 0_2_02550040	0_2_02550040
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Code function: 0_2_0255001A	0_2_0255001A
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Code function: 0_2_02556F08	0_2_02556F08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 8_2_0128A278	8_2_0128A278
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 8_2_01286830	8_2_01286830
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 8_2_01285F60	8_2_01285F60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 8_2_01285C18	8_2_01285C18
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Code function: 9_2_00D6EEE4	9_2_00D6EEE4
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Code function: 9_2_04D4CB80	9_2_04D4CB80
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Code function: 9_2_04D4CB70	9_2_04D4CB70

Source: 4yOuoT4GFy.exe, 00000000.00000002.1721568574.000000000365B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs 4yOuoT4GFy.exe
Source: 4yOuoT4GFy.exe, 00000000.00000002.1720656894.00000000026DE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBeerPubProject.dll> vs 4yOuoT4GFy.exe
Source: 4yOuoT4GFy.exe, 00000000.00000002.1726676480.0000000006ED0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs 4yOuoT4GFy.exe
Source: 4yOuoT4GFy.exe, 00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameStub.exe" vs 4yOuoT4GFy.exe
Source: 4yOuoT4GFy.exe, 00000000.00000002.1726285393.0000000006C2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePowerShell.EXEj% vs 4yOuoT4GFy.exe
Source: 4yOuoT4GFy.exe, 00000000.00000002.1712612111.00000000007FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs 4yOuoT4GFy.exe
Source: 4yOuoT4GFy.exe, 00000000.00000000.1656500979.000000000011E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameopTA.exe< vs 4yOuoT4GFy.exe
Source: 4yOuoT4GFy.exe, 00000000.00000002.1720656894.000000000269C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBeerPubProject.dll> vs 4yOuoT4GFy.exe
Source: 4yOuoT4GFy.exe, 00000000.00000002.1724729490.0000000004B50000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameBeerPubProject.dll> vs 4yOuoT4GFy.exe
Source: 4yOuoT4GFy.exe	Binary or memory string: OriginalFilenameopTA.exe< vs 4yOuoT4GFy.exe

Source: 4yOuoT4GFy.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 9.2.StcHfDkbCv.exe.28226d0.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 13.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 0.2.4yOuoT4GFy.exe.2625000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 9.2.StcHfDkbCv.exe.282e3b0.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 0.2.4yOuoT4GFy.exe.2630ce0.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 9.2.StcHfDkbCv.exe.28226d0.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 9.2.StcHfDkbCv.exe.282e3b0.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 00000009.00000002.1765381766.0000000002812000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: Process Memory Space: 4yOuoT4GFy.exe PID: 7492, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: Process Memory Space: StcHfDkbCv.exe PID: 8044, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: Process Memory Space: MSBuild.exe PID: 2800, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys

Source: 4yOuoT4GFy.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: StcHfDkbCv.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack, Settings.cs	Base64 encoded string: 'sZ+gP4yrz0ZarAvGWvPcKARrH48XybZNSEafzswQr3tp12ZmBONnb17qqsyLkmcemREVEbm1XV9Z3FwT6lqYUQ==', 'T/eH3VZ/THy3t7r6yCu6cFfcpeC5HUK4zX2ZKbzcS/uDlArz1Y0xeBvfcbyPlr0Okz9ndURhjcg7nIgtXJJsa8N9e3t9JLi76+0aBjSoj5XpWMxxLS8BUVXfg/HDbHG5', 'jLSgAGWSuZDurwhS1FULswDUMmRr37har4Cqpquuzgtxy0eDWazRPCwWAr12P9jU5thG6GsPMTwFQCbi4Ucz0Q==', 'nn32aYwPOlUsJ7FNlf5TfQcC05k1CkJNzUAb43GsAwbgM5SrWyVkM5TXCWsnmxlGgjKYObyenWltthQgZ1dzA9p2OsUdKYAVDAYxb8oPh0M=', 'O1DanMOituSOiMjbVl1Tp+9IZXuH3XG1tcmbuFuwv0AJEdXvs+EEp+XKjhdbb0YMBZuwFdHq4JF3KEVgIP9GjnAHTz62nyML/vI4rZ/gJZmkQ2ixs4XSQfL1TVhsfBlFKqNy2nUpnJhtj4h2OroNqAwtdCeWiUxDRmKCKLwhmAiOlpiUeaLSG+A8JP46kvaBHlF1AzMJoN6pkCsRwU3oUydFKhhqBABpXfyB3tVIbGhBT3NKNrPAXZZY5zjLbpMVD/30JQjaKCZ5olj4b5FfkPdBI6JRPJ7NeBQxEPq4ZvHJmeDQpTu1jFXvbhGglqyYO5F5QnzFEBRf8py/VNaYaMKbgQcgsmqnmaykvs9ykrIINjTosZUiMmF/yu2h4Yni1rV97+DRRHGmdGbqE+Q9a1TxEGiJKtb5Igtx/9ZBbf+hfOMeJ21H+xBHKSNn2tX39W8k3YlyDhFA0ZXB/PfE9B9zPk3jovQ04mB6q4w0lbzCtm7UlCzGHJYD5BcucZnwUxGWbQPmSSsezUD5ulzsIaA1QF+DOHT/Om/6d9RA/MXES6ma9r12GSwZaMmfE37ewzrXqEUy5dEJ/hxHrXa6//KoYabEodP/KPVwR0DvcuFI43AtzYRWb5iESwbBL64OblsF5WuVHeaNu3smZwsh/oErlOk4BoClht4JrMjxQR7BdhobKrQrF+TuFrNEmeOGxtYD1eC0THHYfPPp7xfInqZpUPoKbN1aUKdPFvS4Qx7cwRaHgd5vSMQY36OKAPZ8cc7FFD/GDbjHdtHVZ/3mc0Dahyg/QSiiUw8PSXvFjtpsyub6RIRQKgHQbEzIAAxVadxqIpnqaoRWHdp9itXH5k6e7+KoF7yaJ1cmh64OAkfDXsAhL2oYdPc5UeOwP6WufTxneqFWsr1ensCb6RrIvoBkgxRv85upsBbEpLnEJRJH4z1zUiB7vT+haonlGzR03qAac+7VIoCGRyOY3IF+sA==', 'whDmrX3x3G/1cFu87Rzxytbg+WZl8eUflUxb00t2etimBOqaozI1kgz8vUSjmFlD6+TQfbvI7kWBW+h19IIjMA==', 'rJI49KgTSdlkO1Omqf6W4HTEzWk/fvw+7n5IvjCeHME0S2I+eaL217NHVhbk2uzn7iclcZ5IH7hLUXP0THHa8g==', 'mDtQQPQZ5XZMtuBzf0AjtZbAIvP2Q4p4LJw+cep/cMWgxPp/zNoWsMhTrK+EHZjau367C9E23jBWUYjq0EGEHQ==', 'xUWyVFwOElPFrUrOBBeoyTS2ldf3tl/BFrXwhk8R+7zdiQtaViI3oPXmvTnw7AQZJcH4yWEeJvLhgvg6HhWS2Q=='
Source: 0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack, Settings.cs	Base64 encoded string: 'sZ+gP4yrz0ZarAvGWvPcKARrH48XybZNSEafzswQr3tp12ZmBONnb17qqsyLkmcemREVEbm1XV9Z3FwT6lqYUQ==', 'T/eH3VZ/THy3t7r6yCu6cFfcpeC5HUK4zX2ZKbzcS/uDlArz1Y0xeBvfcbyPlr0Okz9ndURhjcg7nIgtXJJsa8N9e3t9JLi76+0aBjSoj5XpWMxxLS8BUVXfg/HDbHG5', 'jLSgAGWSuZDurwhS1FULswDUMmRr37har4Cqpquuzgtxy0eDWazRPCwWAr12P9jU5thG6GsPMTwFQCbi4Ucz0Q==', 'nn32aYwPOlUsJ7FNlf5TfQcC05k1CkJNzUAb43GsAwbgM5SrWyVkM5TXCWsnmxlGgjKYObyenWltthQgZ1dzA9p2OsUdKYAVDAYxb8oPh0M=', 'O1DanMOituSOiMjbVl1Tp+9IZXuH3XG1tcmbuFuwv0AJEdXvs+EEp+XKjhdbb0YMBZuwFdHq4JF3KEVgIP9GjnAHTz62nyML/vI4rZ/gJZmkQ2ixs4XSQfL1TVhsfBlFKqNy2nUpnJhtj4h2OroNqAwtdCeWiUxDRmKCKLwhmAiOlpiUeaLSG+A8JP46kvaBHlF1AzMJoN6pkCsRwU3oUydFKhhqBABpXfyB3tVIbGhBT3NKNrPAXZZY5zjLbpMVD/30JQjaKCZ5olj4b5FfkPdBI6JRPJ7NeBQxEPq4ZvHJmeDQpTu1jFXvbhGglqyYO5F5QnzFEBRf8py/VNaYaMKbgQcgsmqnmaykvs9ykrIINjTosZUiMmF/yu2h4Yni1rV97+DRRHGmdGbqE+Q9a1TxEGiJKtb5Igtx/9ZBbf+hfOMeJ21H+xBHKSNn2tX39W8k3YlyDhFA0ZXB/PfE9B9zPk3jovQ04mB6q4w0lbzCtm7UlCzGHJYD5BcucZnwUxGWbQPmSSsezUD5ulzsIaA1QF+DOHT/Om/6d9RA/MXES6ma9r12GSwZaMmfE37ewzrXqEUy5dEJ/hxHrXa6//KoYabEodP/KPVwR0DvcuFI43AtzYRWb5iESwbBL64OblsF5WuVHeaNu3smZwsh/oErlOk4BoClht4JrMjxQR7BdhobKrQrF+TuFrNEmeOGxtYD1eC0THHYfPPp7xfInqZpUPoKbN1aUKdPFvS4Qx7cwRaHgd5vSMQY36OKAPZ8cc7FFD/GDbjHdtHVZ/3mc0Dahyg/QSiiUw8PSXvFjtpsyub6RIRQKgHQbEzIAAxVadxqIpnqaoRWHdp9itXH5k6e7+KoF7yaJ1cmh64OAkfDXsAhL2oYdPc5UeOwP6WufTxneqFWsr1ensCb6RrIvoBkgxRv85upsBbEpLnEJRJH4z1zUiB7vT+haonlGzR03qAac+7VIoCGRyOY3IF+sA==', 'whDmrX3x3G/1cFu87Rzxytbg+WZl8eUflUxb00t2etimBOqaozI1kgz8vUSjmFlD6+TQfbvI7kWBW+h19IIjMA==', 'rJI49KgTSdlkO1Omqf6W4HTEzWk/fvw+7n5IvjCeHME0S2I+eaL217NHVhbk2uzn7iclcZ5IH7hLUXP0THHa8g==', 'mDtQQPQZ5XZMtuBzf0AjtZbAIvP2Q4p4LJw+cep/cMWgxPp/zNoWsMhTrK+EHZjau367C9E23jBWUYjq0EGEHQ==', 'xUWyVFwOElPFrUrOBBeoyTS2ldf3tl/BFrXwhk8R+7zdiQtaViI3oPXmvTnw7AQZJcH4yWEeJvLhgvg6HhWS2Q=='

Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, tLxkIT6mTqipms91mk.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, tLxkIT6mTqipms91mk.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, tLxkIT6mTqipms91mk.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	Security API names: _0020.SetAccessControl
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	Security API names: _0020.AddAccessRule
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	Security API names: _0020.SetAccessControl
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	Security API names: _0020.AddAccessRule
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	Security API names: _0020.SetAccessControl
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	Security API names: _0020.AddAccessRule
Source: 0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.evad.winEXE@19/18@2/1

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

File created: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7276:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7760:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7820:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Mutant created: \Sessions\1\BaseNamedObjects\jhgafoymglrhbrsdp
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7696:120:WilError_03
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Mutant created: \Sessions\1\BaseNamedObjects\unuGDAZRRtPluxvEGPKBsaO

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

File created: C:\Users\user\AppData\Local\Temp\tmp1109.tmp

Jump to behavior

Source: 4yOuoT4GFy.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 4yOuoT4GFy.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 4yOuoT4GFy.exe	ReversingLabs: Detection: 83%
Source: 4yOuoT4GFy.exe	Virustotal: Detection: 73%

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

File read: C:\Users\user\Desktop\4yOuoT4GFy.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\4yOuoT4GFy.exe "C:\Users\user\Desktop\4yOuoT4GFy.exe"
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\StcHfDkbCv.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe C:\Users\user\AppData\Roaming\StcHfDkbCv.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp25D9.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe"	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\StcHfDkbCv.exe"	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp25D9.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: 4yOuoT4GFy.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 4yOuoT4GFy.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: 4yOuoT4GFy.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: opTA.pdbSHA256o source: 4yOuoT4GFy.exe, StcHfDkbCv.exe.0.dr
Source:	Binary string: opTA.pdb source: 4yOuoT4GFy.exe, StcHfDkbCv.exe.0.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.4yOuoT4GFy.exe.2709734.2.raw.unpack, Pub.cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	.Net Code: KOdGH54x7R System.Reflection.Assembly.Load(byte[])
Source: 0.2.4yOuoT4GFy.exe.4b50000.6.raw.unpack, Pub.cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	.Net Code: KOdGH54x7R System.Reflection.Assembly.Load(byte[])
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	.Net Code: KOdGH54x7R System.Reflection.Assembly.Load(byte[])
Source: 0.2.4yOuoT4GFy.exe.26cee34.0.raw.unpack, Pub.cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 9.2.StcHfDkbCv.exe.29097c4.0.raw.unpack, Pub.cs	.Net Code: System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Code function: 0_2_00A65D72 push esp; iretd	0_2_00A65D81
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Code function: 9_2_00D65D73 push esp; iretd	9_2_00D65D81
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Code function: 9_2_04D458A8 pushfd ; ret	9_2_04D458A9

Source: 4yOuoT4GFy.exe	Static PE information: section name: .text entropy: 7.668386799469588
Source: StcHfDkbCv.exe.0.dr	Static PE information: section name: .text entropy: 7.668386799469588

Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	High entropy of concatenated method names: 'AvXQKlAMTf', 'QatQaEprwV', 'wTkQ5kCHEh', 'KS5QmKsnjE', 'XqcQ4J25ba', 'haxQ3f3rcn', 'KpxQ0qgxIt', 'ca5QMVRdBn', 'glVQfq5I3X', 'eKRQEFM9oo'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, iKCKwk87KxxprTOYDZ1.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VFXDnSBSA3', 'pBFDZN73MO', 'OTLDBpOiFX', 'mmRDPVX3n0', 'MHXDsVpW7x', 'LIJDcHDEkd', 'JaZDR0QGGf'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, V5VmFx1usO1LQBdNhc.cs	High entropy of concatenated method names: 'oSgDm3jU1O', 'jaCD4u1ucU', 'PIAD3UICRe', 'zuZD0sinM7', 'G33DYLuIBR', 'OgRDMdfTYL', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, pDt9nHmHiofPihRN2C.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'a3akVmNLiK', 'DEik1vDfbv', 'cubkzpfcnR', 'Gg0Q7kNNCV', 'y8uQ85YtjB', 'VrKQkr6y86', 'OntQQB7eDO', 'Fxywpnk8WhhIbWtGFUs'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, YSK5xQRbF4U503Q8rC.cs	High entropy of concatenated method names: 'OftWEVJDZD', 'lvuWwkGAF2', 'ToString', 'KscWakI2HO', 'HygW5TE18g', 'PMjWmGvPrQ', 'TLjW44bj1M', 'x5RW3bjXca', 'HLwW0LCCFU', 'tFAWMZWwsd'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, tLxkIT6mTqipms91mk.cs	High entropy of concatenated method names: 'v805P1iR1q', 'aUL5s78UjD', 'NRq5cQRfPq', 'uVO5R1ydGH', 'RKD5OwG1bv', 'ed65rw3vna', 'OeH5uuNeXt', 'o7F5oPqicF', 'vg65VaRkBo', 'Ykv51altmj'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, LQnwKHLBAjq3omwY3D.cs	High entropy of concatenated method names: 'S0M3KWXLkJ', 'eC835gtDvU', 'z7K34eN8dH', 'M2O30s3bCW', 'JYl3MdXa5X', 'foo4O1x69O', 'GSv4rJndLn', 'EG84uuPGPR', 'OlA4oXY5v1', 'u5m4VMwZo8'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, wX0THu8QELgeS66B78c.cs	High entropy of concatenated method names: 'GZNl1cGruy', 'tjBlzA9r2x', 'DMnJ7Xddwm', 'WY403q3TyanGSOOlXVL', 'Doj6r033rTonsAmuTl7', 'vPlAMu3p8ovYDhRAyHy', 'ukiYaW3sEx4FhBbL5HC'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, sNq39XuiXdrIL3xAMZ.cs	High entropy of concatenated method names: 'rDCYNiWdJT', 'JtaYWRnjsJ', 'veCYYtlO0M', 'arKYlY6tA2', 'TkDYguL8vD', 'BsmYTp14Kt', 'Dispose', 'LMvvaXgb3r', 'fmlv5NNpSL', 'e3bvmBtB6b'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, DdrD8QiDVAC9B0bhSe.cs	High entropy of concatenated method names: 'Bqe0aeZR1y', 'VD50mt8QFf', 'KE1031Y7VA', 'Nni31frHON', 'yOA3zJVBuG', 'QbS07T1dln', 'RCf08eYya6', 'Slp0kZAED2', 'abG0Q5Is6m', 'k3h0GpNUBX'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, lfuoPVVkfQmyvKqAYy.cs	High entropy of concatenated method names: 'L2tYLUnEK1', 'YlXYh4wQU9', 'a3PYbs7Ed0', 'zW6YewgPiq', 'Ja1Yyf57qu', 'BiHYjbX9OF', 'CWyYiUiAim', 'PnFYS55eKs', 'X0dYprjgMQ', 'zpnY2Epx0D'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, e5vZwIAlFMIp8hWqLF.cs	High entropy of concatenated method names: 'gPF49cdPm9', 'jt24XTweuG', 'N6pmbpf0eI', 'DAYmeqjhl4', 'YM6myujRf2', 'dy0mjaJbRf', 'Cp5miwUUcd', 'UIHmSwWx31', 'UnBmpyeP1l', 'P8tm2YQ5Uy'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, dbSJ6kkvGxIN5F4S66.cs	High entropy of concatenated method names: 'nGQHXJTN9', 'MJdtGmd0S', 'VfeFNyPNy', 'aZOX2rZn7', 'xsZdDDB8u', 'DkcAEnHGm', 'GslB8GVFgVPj0QcQ68', 'i4rBRGZnEtUGd6vwEY', 'ADyvk7ksC', 'nsdDHBUSm'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, jUf5anPVY0txVbFl2o.cs	High entropy of concatenated method names: 'OkMN2fIEvn', 'q8nNZ12LBB', 'Qg4NPG21r0', 'py6Nsfqqa2', 'd1INhZ4qK8', 'cWTNbuil9a', 'GrVNenBExL', 'twMNytAoSi', 'nVWNj7PwTD', 'TgBNiCqXWV'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, lMhAnHruvgBfTCbcRh.cs	High entropy of concatenated method names: 'y0MWoS0s9P', 'LKvW1Hbh6S', 'i1Zv7PbPKg', 'Qu2v8ueiVf', 'GYaWnbYpoM', 'I4MWZW3gtm', 'ba7WBF712A', 'M86WPf5iSL', 'CXnWsgfHF3', 'ya8WclSPh4'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, InCtC65afvQCY47vjJ.cs	High entropy of concatenated method names: 'Dispose', 'ErI8VL3xAM', 'rFOkhC2E3j', 'Wrg9s5teAt', 'Pb581w9YMZ', 'mXQ8zU0HHf', 'ProcessDialogKey', 'fOfk7fuoPV', 'cfQk8myvKq', 'FYykkr5VmF'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, mubF09GaO4GPVqwQwH.cs	High entropy of concatenated method names: 'Dll80LxkIT', 'gTq8Mipms9', 'h1W8ErTN4K', 'HeK8wKK5vZ', 'HWq8NLFSQn', 'nKH8IBAjq3', 'UWp4vN2xI0m878cv5U', 's1fHTZOaUhcV35Y4Ze', 'L5D882VWC3', 'v6B8QCIlGq'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, Rnec7UpUy4Z3JlcAOl.cs	High entropy of concatenated method names: 'BVS0CCYUtD', 'wdT0UPPnBb', 'UB50HFcuan', 'D2W0tLd5fM', 'hU009pQWJa', 'P0P0FZLat2', 'VM40X8uZpW', 'LDQ06QVyN1', 'tYh0d7vwmQ', 'tLZ0AJ6YVf'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, NCgsg3BleELvsW3MXQ.cs	High entropy of concatenated method names: 'Tauq6G6wKr', 'DNSqdBS1j7', 'yHsqLS4YtC', 'sn0qhT21LS', 'kItqerjvk3', 'P4Lqyjhtis', 'l0Uqioe58b', 'aXJqSMVyFF', 'zGlq2lymKZ', 'coBqnADi3v'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, oYkmZt88LXyY6Xsq2PA.cs	High entropy of concatenated method names: 'RhID1KhlrF', 'DBvDzkTD7H', 'gu3l7Vgk8G', 'V37l8q5Pu4', 'gIClkSkbVR', 'IxClQwBs3Z', 'wWDlGJ3bjW', 'zqXlKwWXII', 'qoQlajqpmy', 'OE3l51nMKF'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, F6xTP4d1WrTN4KheKK.cs	High entropy of concatenated method names: 'EnwmtD1AU7', 'xMOmFhIc8W', 'C75m69lAnR', 'PHKmd37jip', 'nP7mNimrrW', 'sxGmIXvs5m', 'o60mWRelwH', 'FYQmvX0LhL', 'yp2mYvJk7l', 'jT5mD4a1sH'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, RayEShzeo8UDhBjgnW.cs	High entropy of concatenated method names: 'B4YDFtIUA0', 'ETVD61124O', 'z31DdUP29x', 's5DDLGvQtF', 'cdcDhFPjLY', 'VXjDeNscBo', 'nqHDytvPaY', 'xvKDTDpkXB', 'OF4DCo0t8q', 'lqgDUBG14Q'
Source: 0.2.4yOuoT4GFy.exe.373caf0.4.raw.unpack, m8UGda8G4dfnrtBMk3S.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xAyJYkRpfS', 'snAJDPU5wk', 'tW7JlaZqrV', 'WRUJJoVZRE', 'wn9JglY4s9', 'LEdJxT8TFR', 'P6AJTEYT04'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	High entropy of concatenated method names: 'AvXQKlAMTf', 'QatQaEprwV', 'wTkQ5kCHEh', 'KS5QmKsnjE', 'XqcQ4J25ba', 'haxQ3f3rcn', 'KpxQ0qgxIt', 'ca5QMVRdBn', 'glVQfq5I3X', 'eKRQEFM9oo'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, iKCKwk87KxxprTOYDZ1.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VFXDnSBSA3', 'pBFDZN73MO', 'OTLDBpOiFX', 'mmRDPVX3n0', 'MHXDsVpW7x', 'LIJDcHDEkd', 'JaZDR0QGGf'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, V5VmFx1usO1LQBdNhc.cs	High entropy of concatenated method names: 'oSgDm3jU1O', 'jaCD4u1ucU', 'PIAD3UICRe', 'zuZD0sinM7', 'G33DYLuIBR', 'OgRDMdfTYL', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, pDt9nHmHiofPihRN2C.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'a3akVmNLiK', 'DEik1vDfbv', 'cubkzpfcnR', 'Gg0Q7kNNCV', 'y8uQ85YtjB', 'VrKQkr6y86', 'OntQQB7eDO', 'Fxywpnk8WhhIbWtGFUs'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, YSK5xQRbF4U503Q8rC.cs	High entropy of concatenated method names: 'OftWEVJDZD', 'lvuWwkGAF2', 'ToString', 'KscWakI2HO', 'HygW5TE18g', 'PMjWmGvPrQ', 'TLjW44bj1M', 'x5RW3bjXca', 'HLwW0LCCFU', 'tFAWMZWwsd'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, tLxkIT6mTqipms91mk.cs	High entropy of concatenated method names: 'v805P1iR1q', 'aUL5s78UjD', 'NRq5cQRfPq', 'uVO5R1ydGH', 'RKD5OwG1bv', 'ed65rw3vna', 'OeH5uuNeXt', 'o7F5oPqicF', 'vg65VaRkBo', 'Ykv51altmj'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, LQnwKHLBAjq3omwY3D.cs	High entropy of concatenated method names: 'S0M3KWXLkJ', 'eC835gtDvU', 'z7K34eN8dH', 'M2O30s3bCW', 'JYl3MdXa5X', 'foo4O1x69O', 'GSv4rJndLn', 'EG84uuPGPR', 'OlA4oXY5v1', 'u5m4VMwZo8'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, wX0THu8QELgeS66B78c.cs	High entropy of concatenated method names: 'GZNl1cGruy', 'tjBlzA9r2x', 'DMnJ7Xddwm', 'WY403q3TyanGSOOlXVL', 'Doj6r033rTonsAmuTl7', 'vPlAMu3p8ovYDhRAyHy', 'ukiYaW3sEx4FhBbL5HC'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, sNq39XuiXdrIL3xAMZ.cs	High entropy of concatenated method names: 'rDCYNiWdJT', 'JtaYWRnjsJ', 'veCYYtlO0M', 'arKYlY6tA2', 'TkDYguL8vD', 'BsmYTp14Kt', 'Dispose', 'LMvvaXgb3r', 'fmlv5NNpSL', 'e3bvmBtB6b'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, DdrD8QiDVAC9B0bhSe.cs	High entropy of concatenated method names: 'Bqe0aeZR1y', 'VD50mt8QFf', 'KE1031Y7VA', 'Nni31frHON', 'yOA3zJVBuG', 'QbS07T1dln', 'RCf08eYya6', 'Slp0kZAED2', 'abG0Q5Is6m', 'k3h0GpNUBX'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, lfuoPVVkfQmyvKqAYy.cs	High entropy of concatenated method names: 'L2tYLUnEK1', 'YlXYh4wQU9', 'a3PYbs7Ed0', 'zW6YewgPiq', 'Ja1Yyf57qu', 'BiHYjbX9OF', 'CWyYiUiAim', 'PnFYS55eKs', 'X0dYprjgMQ', 'zpnY2Epx0D'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, e5vZwIAlFMIp8hWqLF.cs	High entropy of concatenated method names: 'gPF49cdPm9', 'jt24XTweuG', 'N6pmbpf0eI', 'DAYmeqjhl4', 'YM6myujRf2', 'dy0mjaJbRf', 'Cp5miwUUcd', 'UIHmSwWx31', 'UnBmpyeP1l', 'P8tm2YQ5Uy'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, dbSJ6kkvGxIN5F4S66.cs	High entropy of concatenated method names: 'nGQHXJTN9', 'MJdtGmd0S', 'VfeFNyPNy', 'aZOX2rZn7', 'xsZdDDB8u', 'DkcAEnHGm', 'GslB8GVFgVPj0QcQ68', 'i4rBRGZnEtUGd6vwEY', 'ADyvk7ksC', 'nsdDHBUSm'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, jUf5anPVY0txVbFl2o.cs	High entropy of concatenated method names: 'OkMN2fIEvn', 'q8nNZ12LBB', 'Qg4NPG21r0', 'py6Nsfqqa2', 'd1INhZ4qK8', 'cWTNbuil9a', 'GrVNenBExL', 'twMNytAoSi', 'nVWNj7PwTD', 'TgBNiCqXWV'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, lMhAnHruvgBfTCbcRh.cs	High entropy of concatenated method names: 'y0MWoS0s9P', 'LKvW1Hbh6S', 'i1Zv7PbPKg', 'Qu2v8ueiVf', 'GYaWnbYpoM', 'I4MWZW3gtm', 'ba7WBF712A', 'M86WPf5iSL', 'CXnWsgfHF3', 'ya8WclSPh4'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, InCtC65afvQCY47vjJ.cs	High entropy of concatenated method names: 'Dispose', 'ErI8VL3xAM', 'rFOkhC2E3j', 'Wrg9s5teAt', 'Pb581w9YMZ', 'mXQ8zU0HHf', 'ProcessDialogKey', 'fOfk7fuoPV', 'cfQk8myvKq', 'FYykkr5VmF'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, mubF09GaO4GPVqwQwH.cs	High entropy of concatenated method names: 'Dll80LxkIT', 'gTq8Mipms9', 'h1W8ErTN4K', 'HeK8wKK5vZ', 'HWq8NLFSQn', 'nKH8IBAjq3', 'UWp4vN2xI0m878cv5U', 's1fHTZOaUhcV35Y4Ze', 'L5D882VWC3', 'v6B8QCIlGq'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, Rnec7UpUy4Z3JlcAOl.cs	High entropy of concatenated method names: 'BVS0CCYUtD', 'wdT0UPPnBb', 'UB50HFcuan', 'D2W0tLd5fM', 'hU009pQWJa', 'P0P0FZLat2', 'VM40X8uZpW', 'LDQ06QVyN1', 'tYh0d7vwmQ', 'tLZ0AJ6YVf'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, NCgsg3BleELvsW3MXQ.cs	High entropy of concatenated method names: 'Tauq6G6wKr', 'DNSqdBS1j7', 'yHsqLS4YtC', 'sn0qhT21LS', 'kItqerjvk3', 'P4Lqyjhtis', 'l0Uqioe58b', 'aXJqSMVyFF', 'zGlq2lymKZ', 'coBqnADi3v'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, oYkmZt88LXyY6Xsq2PA.cs	High entropy of concatenated method names: 'RhID1KhlrF', 'DBvDzkTD7H', 'gu3l7Vgk8G', 'V37l8q5Pu4', 'gIClkSkbVR', 'IxClQwBs3Z', 'wWDlGJ3bjW', 'zqXlKwWXII', 'qoQlajqpmy', 'OE3l51nMKF'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, F6xTP4d1WrTN4KheKK.cs	High entropy of concatenated method names: 'EnwmtD1AU7', 'xMOmFhIc8W', 'C75m69lAnR', 'PHKmd37jip', 'nP7mNimrrW', 'sxGmIXvs5m', 'o60mWRelwH', 'FYQmvX0LhL', 'yp2mYvJk7l', 'jT5mD4a1sH'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, RayEShzeo8UDhBjgnW.cs	High entropy of concatenated method names: 'B4YDFtIUA0', 'ETVD61124O', 'z31DdUP29x', 's5DDLGvQtF', 'cdcDhFPjLY', 'VXjDeNscBo', 'nqHDytvPaY', 'xvKDTDpkXB', 'OF4DCo0t8q', 'lqgDUBG14Q'
Source: 0.2.4yOuoT4GFy.exe.36ecad0.5.raw.unpack, m8UGda8G4dfnrtBMk3S.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xAyJYkRpfS', 'snAJDPU5wk', 'tW7JlaZqrV', 'WRUJJoVZRE', 'wn9JglY4s9', 'LEdJxT8TFR', 'P6AJTEYT04'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, lAo4hvM4vb6k6gjoDH.cs	High entropy of concatenated method names: 'AvXQKlAMTf', 'QatQaEprwV', 'wTkQ5kCHEh', 'KS5QmKsnjE', 'XqcQ4J25ba', 'haxQ3f3rcn', 'KpxQ0qgxIt', 'ca5QMVRdBn', 'glVQfq5I3X', 'eKRQEFM9oo'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, iKCKwk87KxxprTOYDZ1.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VFXDnSBSA3', 'pBFDZN73MO', 'OTLDBpOiFX', 'mmRDPVX3n0', 'MHXDsVpW7x', 'LIJDcHDEkd', 'JaZDR0QGGf'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, V5VmFx1usO1LQBdNhc.cs	High entropy of concatenated method names: 'oSgDm3jU1O', 'jaCD4u1ucU', 'PIAD3UICRe', 'zuZD0sinM7', 'G33DYLuIBR', 'OgRDMdfTYL', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, pDt9nHmHiofPihRN2C.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'a3akVmNLiK', 'DEik1vDfbv', 'cubkzpfcnR', 'Gg0Q7kNNCV', 'y8uQ85YtjB', 'VrKQkr6y86', 'OntQQB7eDO', 'Fxywpnk8WhhIbWtGFUs'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, YSK5xQRbF4U503Q8rC.cs	High entropy of concatenated method names: 'OftWEVJDZD', 'lvuWwkGAF2', 'ToString', 'KscWakI2HO', 'HygW5TE18g', 'PMjWmGvPrQ', 'TLjW44bj1M', 'x5RW3bjXca', 'HLwW0LCCFU', 'tFAWMZWwsd'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, tLxkIT6mTqipms91mk.cs	High entropy of concatenated method names: 'v805P1iR1q', 'aUL5s78UjD', 'NRq5cQRfPq', 'uVO5R1ydGH', 'RKD5OwG1bv', 'ed65rw3vna', 'OeH5uuNeXt', 'o7F5oPqicF', 'vg65VaRkBo', 'Ykv51altmj'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, LQnwKHLBAjq3omwY3D.cs	High entropy of concatenated method names: 'S0M3KWXLkJ', 'eC835gtDvU', 'z7K34eN8dH', 'M2O30s3bCW', 'JYl3MdXa5X', 'foo4O1x69O', 'GSv4rJndLn', 'EG84uuPGPR', 'OlA4oXY5v1', 'u5m4VMwZo8'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, wX0THu8QELgeS66B78c.cs	High entropy of concatenated method names: 'GZNl1cGruy', 'tjBlzA9r2x', 'DMnJ7Xddwm', 'WY403q3TyanGSOOlXVL', 'Doj6r033rTonsAmuTl7', 'vPlAMu3p8ovYDhRAyHy', 'ukiYaW3sEx4FhBbL5HC'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, sNq39XuiXdrIL3xAMZ.cs	High entropy of concatenated method names: 'rDCYNiWdJT', 'JtaYWRnjsJ', 'veCYYtlO0M', 'arKYlY6tA2', 'TkDYguL8vD', 'BsmYTp14Kt', 'Dispose', 'LMvvaXgb3r', 'fmlv5NNpSL', 'e3bvmBtB6b'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, DdrD8QiDVAC9B0bhSe.cs	High entropy of concatenated method names: 'Bqe0aeZR1y', 'VD50mt8QFf', 'KE1031Y7VA', 'Nni31frHON', 'yOA3zJVBuG', 'QbS07T1dln', 'RCf08eYya6', 'Slp0kZAED2', 'abG0Q5Is6m', 'k3h0GpNUBX'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, lfuoPVVkfQmyvKqAYy.cs	High entropy of concatenated method names: 'L2tYLUnEK1', 'YlXYh4wQU9', 'a3PYbs7Ed0', 'zW6YewgPiq', 'Ja1Yyf57qu', 'BiHYjbX9OF', 'CWyYiUiAim', 'PnFYS55eKs', 'X0dYprjgMQ', 'zpnY2Epx0D'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, e5vZwIAlFMIp8hWqLF.cs	High entropy of concatenated method names: 'gPF49cdPm9', 'jt24XTweuG', 'N6pmbpf0eI', 'DAYmeqjhl4', 'YM6myujRf2', 'dy0mjaJbRf', 'Cp5miwUUcd', 'UIHmSwWx31', 'UnBmpyeP1l', 'P8tm2YQ5Uy'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, dbSJ6kkvGxIN5F4S66.cs	High entropy of concatenated method names: 'nGQHXJTN9', 'MJdtGmd0S', 'VfeFNyPNy', 'aZOX2rZn7', 'xsZdDDB8u', 'DkcAEnHGm', 'GslB8GVFgVPj0QcQ68', 'i4rBRGZnEtUGd6vwEY', 'ADyvk7ksC', 'nsdDHBUSm'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, jUf5anPVY0txVbFl2o.cs	High entropy of concatenated method names: 'OkMN2fIEvn', 'q8nNZ12LBB', 'Qg4NPG21r0', 'py6Nsfqqa2', 'd1INhZ4qK8', 'cWTNbuil9a', 'GrVNenBExL', 'twMNytAoSi', 'nVWNj7PwTD', 'TgBNiCqXWV'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, lMhAnHruvgBfTCbcRh.cs	High entropy of concatenated method names: 'y0MWoS0s9P', 'LKvW1Hbh6S', 'i1Zv7PbPKg', 'Qu2v8ueiVf', 'GYaWnbYpoM', 'I4MWZW3gtm', 'ba7WBF712A', 'M86WPf5iSL', 'CXnWsgfHF3', 'ya8WclSPh4'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, InCtC65afvQCY47vjJ.cs	High entropy of concatenated method names: 'Dispose', 'ErI8VL3xAM', 'rFOkhC2E3j', 'Wrg9s5teAt', 'Pb581w9YMZ', 'mXQ8zU0HHf', 'ProcessDialogKey', 'fOfk7fuoPV', 'cfQk8myvKq', 'FYykkr5VmF'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, mubF09GaO4GPVqwQwH.cs	High entropy of concatenated method names: 'Dll80LxkIT', 'gTq8Mipms9', 'h1W8ErTN4K', 'HeK8wKK5vZ', 'HWq8NLFSQn', 'nKH8IBAjq3', 'UWp4vN2xI0m878cv5U', 's1fHTZOaUhcV35Y4Ze', 'L5D882VWC3', 'v6B8QCIlGq'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, Rnec7UpUy4Z3JlcAOl.cs	High entropy of concatenated method names: 'BVS0CCYUtD', 'wdT0UPPnBb', 'UB50HFcuan', 'D2W0tLd5fM', 'hU009pQWJa', 'P0P0FZLat2', 'VM40X8uZpW', 'LDQ06QVyN1', 'tYh0d7vwmQ', 'tLZ0AJ6YVf'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, NCgsg3BleELvsW3MXQ.cs	High entropy of concatenated method names: 'Tauq6G6wKr', 'DNSqdBS1j7', 'yHsqLS4YtC', 'sn0qhT21LS', 'kItqerjvk3', 'P4Lqyjhtis', 'l0Uqioe58b', 'aXJqSMVyFF', 'zGlq2lymKZ', 'coBqnADi3v'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, oYkmZt88LXyY6Xsq2PA.cs	High entropy of concatenated method names: 'RhID1KhlrF', 'DBvDzkTD7H', 'gu3l7Vgk8G', 'V37l8q5Pu4', 'gIClkSkbVR', 'IxClQwBs3Z', 'wWDlGJ3bjW', 'zqXlKwWXII', 'qoQlajqpmy', 'OE3l51nMKF'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, F6xTP4d1WrTN4KheKK.cs	High entropy of concatenated method names: 'EnwmtD1AU7', 'xMOmFhIc8W', 'C75m69lAnR', 'PHKmd37jip', 'nP7mNimrrW', 'sxGmIXvs5m', 'o60mWRelwH', 'FYQmvX0LhL', 'yp2mYvJk7l', 'jT5mD4a1sH'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, RayEShzeo8UDhBjgnW.cs	High entropy of concatenated method names: 'B4YDFtIUA0', 'ETVD61124O', 'z31DdUP29x', 's5DDLGvQtF', 'cdcDhFPjLY', 'VXjDeNscBo', 'nqHDytvPaY', 'xvKDTDpkXB', 'OF4DCo0t8q', 'lqgDUBG14Q'
Source: 0.2.4yOuoT4GFy.exe.6ed0000.7.raw.unpack, m8UGda8G4dfnrtBMk3S.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xAyJYkRpfS', 'snAJDPU5wk', 'tW7JlaZqrV', 'WRUJJoVZRE', 'wn9JglY4s9', 'LEdJxT8TFR', 'P6AJTEYT04'

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

File created: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe

Jump to dropped file

Boot Survival

Yara detected AsyncRAT

Source: Yara match	File source: 9.2.StcHfDkbCv.exe.28226d0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2625000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.282e3b0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2630ce0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.28226d0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.282e3b0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1765381766.0000000002812000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4127051817.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4yOuoT4GFy.exe PID: 7492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: StcHfDkbCv.exe PID: 8044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 2800, type: MEMORYSTR

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp"

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: 4yOuoT4GFy.exe PID: 7492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: StcHfDkbCv.exe PID: 8044, type: MEMORYSTR

Yara detected AsyncRAT

Source: Yara match	File source: 9.2.StcHfDkbCv.exe.28226d0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2625000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.282e3b0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2630ce0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.28226d0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.282e3b0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1765381766.0000000002812000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4127051817.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4yOuoT4GFy.exe PID: 7492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: StcHfDkbCv.exe PID: 8044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 2800, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 4yOuoT4GFy.exe, 00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp, StcHfDkbCv.exe, 00000009.00000002.1765381766.0000000002812000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Memory allocated: A60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Memory allocated: 2570000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Memory allocated: 23C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Memory allocated: 71D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Memory allocated: 81D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Memory allocated: 8370000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Memory allocated: 9370000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 1280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2A90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 4A90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Memory allocated: D60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Memory allocated: 2770000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Memory allocated: 2670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Memory allocated: 6F70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Memory allocated: 7F70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Memory allocated: 8100000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Memory allocated: 9100000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 15A0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2FB0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2E00000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7038	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 518	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6506	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 566	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 1386	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 8469	Jump to behavior

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe TID: 7496	Thread sleep time: -119380s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe TID: 7496	Thread sleep time: -32009s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe TID: 7496	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe TID: 7512	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7828	Thread sleep count: 7038 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7808	Thread sleep count: 518 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8000	Thread sleep time: -6456360425798339s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7940	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8004	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7988	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 2852	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7416	Thread sleep time: -22136092888451448s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7484	Thread sleep count: 1386 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7484	Thread sleep count: 8469 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe TID: 8048	Thread sleep time: -119380s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe TID: 8048	Thread sleep time: -32009s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe TID: 8048	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe TID: 8184	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5960	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Thread delayed: delay time: 119380	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Thread delayed: delay time: 32009	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Thread delayed: delay time: 35000	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Thread delayed: delay time: 119380	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Thread delayed: delay time: 32009	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Thread delayed: delay time: 35000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477

Source: MSBuild.exe, 0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: vmware
Source: 4yOuoT4GFy.exe, 00000000.00000002.1712612111.0000000000831000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: MSBuild.exe, 00000008.00000002.4132471756.0000000005172000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.4125969011.0000000000F6F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.4131685073.0000000005101000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: MSBuild.exe, 00000008.00000002.4131685073.0000000005101000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW)

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe"
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\StcHfDkbCv.exe"
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe"	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\StcHfDkbCv.exe"	Jump to behavior

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe"	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\StcHfDkbCv.exe"	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp25D9.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: MSBuild.exe, 00000008.00000002.4125242253.0000000000ED6000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Users\user\Desktop\4yOuoT4GFy.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4yOuoT4GFy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Queries volume information: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation

Source: C:\Users\user\Desktop\4yOuoT4GFy.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match	File source: 9.2.StcHfDkbCv.exe.28226d0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2625000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.282e3b0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2630ce0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2625000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.28226d0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.StcHfDkbCv.exe.282e3b0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.4yOuoT4GFy.exe.2630ce0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1765381766.0000000002812000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4127051817.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4yOuoT4GFy.exe PID: 7492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: StcHfDkbCv.exe PID: 8044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 2800, type: MEMORYSTR

Source: MSBuild.exe, 00000008.00000002.4132471756.0000000005172000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.4125722504.0000000000F38000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	2 Scheduled Task/Job	12 Process Injection	1 Masquerading	OS Credential Dumping	221 Security Software Discovery	Remote Services	1 Archive Collected Data	12 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Scheduled Task/Job	1 DLL Side-Loading	2 Scheduled Task/Job	11 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	121 Obfuscated Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Software Packing	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
4yOuoT4GFy.exe	83%	ReversingLabs	ByteCode-MSIL.Backdoor.Asyncrat
4yOuoT4GFy.exe	74%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\StcHfDkbCv.exe	83%	ReversingLabs	ByteCode-MSIL.Backdoor.Asyncrat

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
skype.onthewifi.com	12%	Virustotal		Browse
ronymahmoud.casacam.net	15%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
skype.onthewifi.com	100%	Avira URL Cloud	malware
ronymahmoud.casacam.net	100%	Avira URL Cloud	malware
skype.onthewifi.com	12%	Virustotal		Browse
ronymahmoud.casacam.net	15%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		high
skype.onthewifi.com	0.0.0.0	true	true	12%, Virustotal, Browse	unknown
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false		high
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		high
ronymahmoud.casacam.net	3.145.156.44	true	true	15%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
skype.onthewifi.com	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
ronymahmoud.casacam.net	true	15%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://www.apache.org/licenses/LICENSE-2.0	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designersG	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/?	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn/bThe	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers?	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.tiro.com	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.goodfont.co.kr	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.carterandcone.coml	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sajatypeworks.com	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.typography.netD	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/cabarga.htmlN	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn/cThe	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.galapagosdesign.com/staff/dennis.htm	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/frere-user.html	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.jiyu-kobo.co.jp/	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.galapagosdesign.com/DPlease	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers8	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fonts.com	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sandoll.co.kr	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.urwpp.deDPlease	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.zhongyicts.com.cn	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	4yOuoT4GFy.exe, 00000000.00000002.1720656894.0000000002571000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.4127051817.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, StcHfDkbCv.exe, 00000009.00000002.1765381766.0000000002771000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sakkal.com	4yOuoT4GFy.exe, 00000000.00000002.1725663791.0000000006712000.00000004.00000800.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
3.145.156.44	ronymahmoud.casacam.net	United States		16509	AMAZON-02US	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1561650
Start date and time:	2024-11-24 03:16:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	4yOuoT4GFy.exe renamed because original name is a hash value
Original Sample Name:	A6D1D3DC7A39BA925EBC17953A7D6B24.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@19/18@2/1
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 99% Number of executed functions: 203 Number of non-executed functions: 3
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.30.17.174, 20.109.210.53, 199.232.214.172, 192.229.221.95, 20.242.39.171, 13.85.23.206
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, azureedge-t-prod.trafficmanager.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Execution Graph export aborted for target MSBuild.exe, PID 2800 because it is empty
Execution Graph export aborted for target MSBuild.exe, PID 7948 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:17:01	Task Scheduler	Run new task: StcHfDkbCv path: C:\Users\user\AppData\Roaming\StcHfDkbCv.exe
21:16:56	API Interceptor	3x Sleep call for process: 4yOuoT4GFy.exe modified
21:16:59	API Interceptor	41x Sleep call for process: powershell.exe modified
21:17:03	API Interceptor	3x Sleep call for process: StcHfDkbCv.exe modified
21:17:18	API Interceptor	7436789x Sleep call for process: MSBuild.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0035.t-0009.t-msedge.net	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	13.107.246.63
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	Stealc	Browse	13.107.246.63
	file.exe	Get hash	malicious	Stealc	Browse	13.107.246.63
	CZxDiTktSY.exe	Get hash	malicious	XWorm	Browse	13.107.246.63
	file.exe	Get hash	malicious	Stealc	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	13.107.246.63
fp2e7a.wpc.phicdn.net	file.exe	Get hash	malicious	Credential Flusher	Browse	192.229.221.95
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	192.229.221.95
	file.exe	Get hash	malicious	Unknown	Browse	192.229.221.95
	file.exe	Get hash	malicious	Credential Flusher	Browse	192.229.221.95
	file.exe	Get hash	malicious	Amadey, Clipboard Hijacker, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	192.229.221.95
	decode_8dad31e2f9be3de071939da6e14b6f6e8366fd10a6e77ff91ad879dc0abe6334.exe	Get hash	malicious	PureLog Stealer	Browse	192.229.221.95
	file.exe	Get hash	malicious	Unknown	Browse	192.229.221.95
	n5QCsKJ0CP.exe	Get hash	malicious	RedLine	Browse	192.229.221.95
	file.exe	Get hash	malicious	Stealc	Browse	192.229.221.95
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	192.229.221.95
bg.microsoft.map.fastly.net	6xQ8CMUaES.exe	Get hash	malicious	Xmrig	Browse	199.232.210.172
	1732382826559c62d8b84c02e95636f46212b9f803082b7868187644fff4926ca8a53349c1874.dat-decoded.exe	Get hash	malicious	LummaC	Browse	199.232.214.172
	17323828261cfef277a3375a886445bf7f5a834ebb1cc85e533e9ac93595cd0e56ebd12426132.dat-decoded.exe	Get hash	malicious	XWorm	Browse	199.232.214.172
	file.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	199.232.210.172
	download.ps1	Get hash	malicious	Unknown	Browse	199.232.210.172
	download.ps1	Get hash	malicious	Unknown	Browse	146.75.30.172
	download.ps1	Get hash	malicious	Unknown	Browse	199.232.210.172
	download.ps1	Get hash	malicious	Unknown	Browse	199.232.214.172
	download.ps1	Get hash	malicious	Unknown	Browse	199.232.210.172
	file.exe	Get hash	malicious	Credential Flusher	Browse	199.232.214.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	arm.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	3.68.202.181
	sparc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	54.103.47.113
	m68k.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	54.176.148.48
	x86_32.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	54.189.236.73
	arm5.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	3.115.234.111
	x86_64.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	13.214.31.249
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	108.156.120.98
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	3.160.188.68
	CZxDiTktSY.exe	Get hash	malicious	XWorm	Browse	52.208.202.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.155.1.8

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	13.107.246.63
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	13.107.246.63
	https://lifetraces.org/spo/priv/auth/login.php	Get hash	malicious	Unknown	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	13.107.246.63
	file.exe	Get hash	malicious	Cryptbot	Browse	13.107.246.63
	2fQ8fpTWAP.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	13.107.246.63
	EsgeCzT4do.exe	Get hash	malicious	XWorm	Browse	13.107.246.63

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.2455963809668176
Encrypted:	false
SSDEEP:	6:kK7l/L9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:paDImsLNkPlE99SNxAhUe/3
MD5:	6B2810382ED051413ACC01E4499926F2
SHA1:	BA3DF4310F13F12F7CC1C53DA2F0E26BD40DAE0C
SHA-256:	50C7674482EF6CEF8D4ABD0751D78EB8DA9CA060607A143481FC88291492F037
SHA-512:	E70C0BE2F96286525E9AF88A9F89B9298A0775CEDFF4DC2835727242BEA16E1BA6FAFD2F9ACAB9901110EFDF064691F763E0864C23F3E1F68DAF986FE42B1253
Malicious:	false
Preview:	p...... ........ ,...>..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4yOuoT4GFy.exe.log

Download File

Process:	C:\Users\user\Desktop\4yOuoT4GFy.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1415
Entropy (8bit):	5.352427679901606
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4qnE4KMR584j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hy
MD5:	7EA049C66335D39DF0422ABA149E82D0
SHA1:	A226829287B29B182B16ECC9FA7E6F56D92E8306
SHA-256:	C52AB5990B46B4AB97816697DB5C11F089DD7B3BC4D48051CA0CE37E88B075AD
SHA-512:	EF1E2F30C7C89DD97AF8FF539B325D5A4017D02AD6E47125944605D07CD22E35F3F44A388E9D54C75CD8C49F4C5D29DED408E34E688059DDE8E7A2963B3B2C27
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\StcHfDkbCv.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\StcHfDkbCv.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1415
Entropy (8bit):	5.352427679901606
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4qnE4KMR584j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hy
MD5:	7EA049C66335D39DF0422ABA149E82D0
SHA1:	A226829287B29B182B16ECC9FA7E6F56D92E8306
SHA-256:	C52AB5990B46B4AB97816697DB5C11F089DD7B3BC4D48051CA0CE37E88B075AD
SHA-512:	EF1E2F30C7C89DD97AF8FF539B325D5A4017D02AD6E47125944605D07CD22E35F3F44A388E9D54C75CD8C49F4C5D29DED408E34E688059DDE8E7A2963B3B2C27
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.380805901110357
Encrypted:	false
SSDEEP:	48:lylWSU4xympjgs4RIoU99tK8NPZHUl7u1iMugeC/ZM0Uyus:lGLHxvCsIfA2KRHmOugw1s
MD5:	2841736A1E367C6D039C41512DA2893E
SHA1:	8AE1356D954F14390DD115EB92E2B01F86E98141
SHA-256:	70D4743FAB5C407020B872595615D3B018AC17A6F504084BF1E95B061C97047E
SHA-512:	E11A1F186A9B75658F905B7128526E054CEE572A4F55BBB864B5E8B5DC3D8B62D1E160F31472213DB0CEB8A612D71B23DAE03EBC6AB5BC0D8933732F2007EF6C
Malicious:	false
Preview:	@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ammdbpsj.b0f.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h0qgkaht.0mg.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_inc1as5t.kyl.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jqkzcae0.ekn.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nknxhoy0.tfj.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pcmi03ya.qkz.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pxkclzjc.cqb.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uibbunsl.kxm.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\tmp1109.tmp

Download File

Process:	C:\Users\user\Desktop\4yOuoT4GFy.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1576
Entropy (8bit):	5.1107672228841
Encrypted:	false
SSDEEP:	24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtavxvn:cge1wYrFdOFzOzN33ODOiDdKrsuT0v
MD5:	20FD0BBC08E5348B685F5FC715746A5E
SHA1:	A2E6702FE30EA76776AC2ABAEACF427E6BE2512D
SHA-256:	1097A91EE6E81528EB640D1B70C52762C038868EE9D2C7C62DC659F68A3F27F2
SHA-512:	7055DBE85B59C8E9CB2E05DA5111216195522D01BA8C9CEF5AF83CD6C4B08232C6ED5583669CABC12826AFC5F7FC49B6EB3EB29DE0FA19988812A07AFE941E10
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

C:\Users\user\AppData\Local\Temp\tmp25D9.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\StcHfDkbCv.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1576
Entropy (8bit):	5.1107672228841
Encrypted:	false
SSDEEP:	24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtavxvn:cge1wYrFdOFzOzN33ODOiDdKrsuT0v
MD5:	20FD0BBC08E5348B685F5FC715746A5E
SHA1:	A2E6702FE30EA76776AC2ABAEACF427E6BE2512D
SHA-256:	1097A91EE6E81528EB640D1B70C52762C038868EE9D2C7C62DC659F68A3F27F2
SHA-512:	7055DBE85B59C8E9CB2E05DA5111216195522D01BA8C9CEF5AF83CD6C4B08232C6ED5583669CABC12826AFC5F7FC49B6EB3EB29DE0FA19988812A07AFE941E10
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

C:\Users\user\AppData\Roaming\StcHfDkbCv.exe

Download File

Process:	C:\Users\user\Desktop\4yOuoT4GFy.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	643072
Entropy (8bit):	7.665185983195572
Encrypted:	false
SSDEEP:	12288:GrOR0I5wPYCPQFcwbe/p206gPiwjver7bzoCUlTh4OQg:aImYxcw6/Y+XrcoCIL
MD5:	A6D1D3DC7A39BA925EBC17953A7D6B24
SHA1:	33500513781DA4C6EF41DB97226C0658274D7D35
SHA-256:	56E59B7A9A99A1662E1213ED0B9C4278F6E6DCEA89068936EA22D318521C9C4C
SHA-512:	4EF03A5A712651F74957329B0D98FEDB4BDD3CC52067A6A8CAABFBF9A8274E3F32A4B48FA8DD8938C3205E9736D92A690DE3C0D582BB5E1CB107C4645891A1B9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.9g..............0......,........... ........@.. .......................@............`.....................................O........(................... ......p...T............................................ ............... ..H............text........ ...................... ..`.rsrc....(.........................@..@.reloc....... ......................@..B........................H.......,U...............................................................~...................}.....(#....{........{........(.....r...ps$...}....6.{0....o%.......0...........{....o&....{.....{....o'.......((...r...p()...o.....{.....X}......{....o'...l.{....X.{....l[}.....{)....\|....r!..p(+...r...p()...o....{.....{....o,.......((...r'..p()...o....{.....{....o-.......(....o....{.....{....o/.......((...r1..p()...o....{!....{....o0...o1...o*....{.....{....o2.......((...r9

C:\Users\user\AppData\Roaming\StcHfDkbCv.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\4yOuoT4GFy.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.665185983195572
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	4yOuoT4GFy.exe
File size:	643'072 bytes
MD5:	a6d1d3dc7a39ba925ebc17953a7d6b24
SHA1:	33500513781da4c6ef41db97226c0658274d7d35
SHA256:	56e59b7a9a99a1662e1213ed0b9c4278f6e6dcea89068936ea22d318521c9c4c
SHA512:	4ef03a5a712651f74957329b0d98fedb4bdd3cc52067a6a8caabfbf9a8274e3f32a4b48fa8dd8938c3205e9736d92a690de3c0d582bb5e1cb107c4645891a1b9
SSDEEP:	12288:GrOR0I5wPYCPQFcwbe/p206gPiwjver7bzoCUlTh4OQg:aImYxcw6/Y+XrcoCIL
TLSH:	40D4D07870AF55A7E15BC6740AF8BC631A7130E7B8C5A9B40BAD03558BA7F043E8461F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.9g..............0......,........... ........@.. .......................@............`................................

File Icon


Icon Hash:	ab16313961c1c156

Static PE Info

General

Entrypoint:	0x49c1da
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x67398C58 [Sun Nov 17 06:25:28 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
push edi
add byte ptr [ebp+00h], ah
popad
add byte ptr [eax+eax+68h], dh
add byte ptr [ebp+00h], ah
jc 00007F63447ADAB2h
push ebx
add byte ptr [ebp+00h], ah
outsb
add byte ptr [eax+eax+65h], ah
add byte ptr [edx+00h], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x9c188	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x9e000	0x28f8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa2000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x9a870	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x9a200	0x9a200	b06ddf03055dc393dbbe6a70eacc8f5e	False	0.8484308470194647	data	7.668386799469588	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x9e000	0x28f8	0x2a00	9e2b2c9ae0d5333c4ac71999ec85f003	False	0.9012276785714286	data	7.524660376960449	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa2000	0xc	0x200	70b715f270ae5285fe0398a28d69af17	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x9e0c8	0x24a8	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9786871270247229
RT_GROUP_ICON	0xa0580	0x14	data	1.05
RT_VERSION	0xa05a4	0x34e	data	0.4231678486997636

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-24T03:17:17.367502+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	3.145.156.44	6606	192.168.2.4	49737	TCP
2024-11-24T03:17:17.367502+0100	2030673	ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)	1	3.145.156.44	6606	192.168.2.4	49737	TCP
2024-11-24T03:17:17.367502+0100	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	3.145.156.44	6606	192.168.2.4	49737	TCP
2024-11-24T03:17:17.367502+0100	2035607	ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)	1	3.145.156.44	6606	192.168.2.4	49737	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 24, 2024 03:17:00.419146061 CET	49675	443	192.168.2.4	173.222.162.32
Nov 24, 2024 03:17:15.980619907 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:16.100552082 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:16.100658894 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:16.112262964 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:16.231910944 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:17.240488052 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:17.240502119 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:17.240565062 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:17.247991085 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:17.367501974 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:17.604727983 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:17.669085979 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:19.649291992 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:19.769078016 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:19.770922899 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:19.890633106 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:20.243577003 CET	80	49723	84.201.211.40	192.168.2.4
Nov 24, 2024 03:17:20.243724108 CET	49723	80	192.168.2.4	84.201.211.40
Nov 24, 2024 03:17:20.243854046 CET	49723	80	192.168.2.4	84.201.211.40
Nov 24, 2024 03:17:20.365746975 CET	80	49723	84.201.211.40	192.168.2.4
Nov 24, 2024 03:17:41.300662994 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:41.341211081 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:41.492588997 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:41.544337034 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:46.438189983 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:46.557837963 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:46.557945013 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:46.677721977 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:46.902060986 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:46.950596094 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:47.087474108 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:47.119467974 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:47.239044905 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:47.239166975 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:17:47.358859062 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:17:56.191704988 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:56.191777945 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:56.191881895 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:56.192208052 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:56.192241907 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.044497013 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.044610977 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.046236992 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.046269894 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.046551943 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.055417061 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.103373051 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.537472963 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.537499905 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.537517071 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.537583113 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.537583113 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.537652016 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.537708998 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.737181902 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.737205982 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.737304926 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.737343073 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.737395048 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.780715942 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.780740976 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.780931950 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.780956984 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.781019926 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.924007893 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.924050093 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.924143076 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.924181938 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.924246073 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.953336000 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.953353882 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.953514099 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.953531027 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.953591108 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.974196911 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.974214077 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.974380016 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.974396944 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.974455118 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.994838953 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.994856119 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.994924068 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:58.994939089 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:58.995089054 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.126260996 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.126279116 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.126430988 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.126430988 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.126458883 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.126517057 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.141697884 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.141720057 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.141889095 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.141905069 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.141967058 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.157377958 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.157445908 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.157447100 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.157460928 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.157514095 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.170902967 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.170923948 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.170974970 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.170990944 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.171250105 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.186594009 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.186610937 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.186678886 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.186695099 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.186742067 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.201097965 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.201116085 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.201203108 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.201219082 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.201287985 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.207673073 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.207743883 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.207747936 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.207801104 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.207866907 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.207866907 CET	49744	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.207925081 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.207938910 CET	443	49744	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.262625933 CET	49745	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.262666941 CET	443	49745	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.262748003 CET	49745	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.263679028 CET	49746	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.263767004 CET	443	49746	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.263849020 CET	49746	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.263982058 CET	49747	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.263982058 CET	49745	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.263992071 CET	443	49747	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.264007092 CET	443	49745	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.264045000 CET	49747	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.264127016 CET	49747	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.264131069 CET	443	49747	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.264245033 CET	49746	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.264273882 CET	443	49746	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.265126944 CET	49748	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.265170097 CET	443	49748	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.265235901 CET	49748	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.265295982 CET	49749	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.265356064 CET	49748	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.265371084 CET	443	49749	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.265381098 CET	443	49748	13.107.246.63	192.168.2.4
Nov 24, 2024 03:17:59.265454054 CET	49749	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.265554905 CET	49749	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:17:59.265604973 CET	443	49749	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:00.979659081 CET	443	49748	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:00.980290890 CET	49748	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:00.980310917 CET	443	49748	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:00.980812073 CET	49748	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:00.980818033 CET	443	49748	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:00.985822916 CET	443	49749	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:00.986320019 CET	49749	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:00.986377954 CET	443	49749	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:00.986686945 CET	49749	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:00.986706018 CET	443	49749	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.045502901 CET	443	49745	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.046015024 CET	49745	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.046040058 CET	443	49745	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.046230078 CET	49745	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.046236038 CET	443	49745	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.047461987 CET	443	49746	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.047720909 CET	49746	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.047812939 CET	443	49746	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.048038006 CET	49746	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.048053026 CET	443	49746	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.419045925 CET	443	49748	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.419080019 CET	443	49748	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.419116974 CET	49748	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.419131041 CET	443	49748	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.419637918 CET	49748	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.419646978 CET	443	49748	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.419662952 CET	49748	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.419698954 CET	443	49748	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.422409058 CET	49750	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.422446012 CET	443	49750	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.422508955 CET	49750	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.422648907 CET	49750	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.422665119 CET	443	49750	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.423336983 CET	443	49749	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.423404932 CET	443	49749	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.423578024 CET	49749	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.423578978 CET	49749	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.423578978 CET	49749	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.425555944 CET	49751	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.425623894 CET	443	49751	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.425715923 CET	49751	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.425837040 CET	49751	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.425869942 CET	443	49751	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.490596056 CET	443	49746	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.490669012 CET	443	49746	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.490848064 CET	49746	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.490849018 CET	49746	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.490849018 CET	49746	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.492815018 CET	49752	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.492914915 CET	443	49752	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.493000031 CET	49752	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.493129969 CET	49752	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.493165970 CET	443	49752	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.499816895 CET	443	49745	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.499845982 CET	443	49745	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.499891043 CET	443	49745	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.499898911 CET	49745	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.499932051 CET	49745	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.500071049 CET	49745	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.500087023 CET	443	49745	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.500097036 CET	49745	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.500102043 CET	443	49745	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.501986980 CET	49753	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.502015114 CET	443	49753	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.502087116 CET	49753	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.502211094 CET	49753	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.502221107 CET	443	49753	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.731925011 CET	49749	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.731965065 CET	443	49749	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:01.794406891 CET	49746	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:01.794442892 CET	443	49746	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.202999115 CET	443	49750	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.207468987 CET	443	49752	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.229263067 CET	49750	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.229273081 CET	443	49750	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.229723930 CET	49750	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.229727983 CET	443	49750	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.230302095 CET	49752	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.230382919 CET	443	49752	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.230695009 CET	49752	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.230710030 CET	443	49752	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.271140099 CET	443	49751	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.274607897 CET	49751	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.274671078 CET	443	49751	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.275006056 CET	49751	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.275034904 CET	443	49751	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.280950069 CET	443	49753	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.308042049 CET	49753	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.308057070 CET	443	49753	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.308851957 CET	49753	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.308856964 CET	443	49753	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.641083956 CET	443	49752	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.641169071 CET	443	49752	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.641232014 CET	49752	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.641444921 CET	49752	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.641444921 CET	49752	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.641484976 CET	443	49752	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.641510963 CET	443	49752	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.644710064 CET	49754	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.644758940 CET	443	49754	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.644833088 CET	49754	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.645020008 CET	49754	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.645047903 CET	443	49754	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.650156975 CET	443	49750	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.650230885 CET	443	49750	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.650290966 CET	49750	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.650393009 CET	49750	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.650413036 CET	443	49750	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.650437117 CET	49750	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.650444031 CET	443	49750	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.652606964 CET	49755	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.652625084 CET	443	49755	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.652681112 CET	49755	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.652796984 CET	49755	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.652806044 CET	443	49755	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.725193977 CET	443	49751	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.725250006 CET	443	49751	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.725411892 CET	49751	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.725502014 CET	49751	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.725502968 CET	49751	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.725545883 CET	443	49751	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.725574970 CET	443	49751	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.725630999 CET	443	49753	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.725687981 CET	443	49753	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.725737095 CET	49753	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.725852013 CET	49753	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.725862980 CET	443	49753	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.725873947 CET	49753	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.725878000 CET	443	49753	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.728332996 CET	49756	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.728364944 CET	443	49756	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.728435040 CET	49756	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.728552103 CET	49757	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.728606939 CET	443	49757	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.728638887 CET	49756	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.728658915 CET	443	49756	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:03.728673935 CET	49757	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.728734016 CET	49757	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:03.728751898 CET	443	49757	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:04.109600067 CET	443	49747	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:04.110277891 CET	49747	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:04.110359907 CET	443	49747	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:04.110682964 CET	49747	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:04.110698938 CET	443	49747	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:04.569411039 CET	443	49747	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:04.569458008 CET	443	49747	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:04.569516897 CET	49747	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:04.569570065 CET	443	49747	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:04.569696903 CET	49747	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:04.569814920 CET	49747	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:04.569814920 CET	49747	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:04.569834948 CET	443	49747	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:04.570058107 CET	443	49747	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:04.570096016 CET	443	49747	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:04.570149899 CET	49747	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:04.572751999 CET	49758	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:04.572793007 CET	443	49758	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:04.572855949 CET	49758	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:04.573008060 CET	49758	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:04.573020935 CET	443	49758	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.232820988 CET	443	49754	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.234133005 CET	49754	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.234159946 CET	443	49754	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.234627962 CET	49754	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.234636068 CET	443	49754	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.431674004 CET	443	49755	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.432158947 CET	49755	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.432188988 CET	443	49755	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.432487965 CET	49755	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.432492971 CET	443	49755	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.541738033 CET	443	49757	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.541785002 CET	443	49756	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.542256117 CET	49757	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.542292118 CET	443	49757	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.542454958 CET	49756	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.542475939 CET	443	49756	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.542777061 CET	49757	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.542790890 CET	443	49757	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.542926073 CET	49756	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.542931080 CET	443	49756	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.675899029 CET	443	49754	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.675965071 CET	443	49754	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.676026106 CET	49754	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.676192999 CET	49754	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.676239967 CET	443	49754	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.676269054 CET	49754	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.676304102 CET	443	49754	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.678916931 CET	49759	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.678982019 CET	443	49759	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.679075956 CET	49759	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.679244995 CET	49759	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.679274082 CET	443	49759	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.875222921 CET	443	49755	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.875303984 CET	443	49755	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.875463009 CET	49755	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.875499010 CET	49755	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.875514984 CET	443	49755	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.875524044 CET	49755	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.875528097 CET	443	49755	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.878068924 CET	49760	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.878130913 CET	443	49760	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.878206015 CET	49760	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.878361940 CET	49760	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.878381014 CET	443	49760	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.986681938 CET	443	49756	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.986745119 CET	443	49756	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.986855984 CET	49756	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.986957073 CET	49756	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.986970901 CET	443	49756	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.987011909 CET	49756	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.987018108 CET	443	49756	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.988990068 CET	49761	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.989039898 CET	443	49761	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:05.989111900 CET	49761	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.989238024 CET	49761	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:05.989257097 CET	443	49761	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.007354975 CET	443	49757	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.007422924 CET	443	49757	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.007493019 CET	49757	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.007694960 CET	49757	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.007694960 CET	49757	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.007726908 CET	443	49757	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.007750988 CET	443	49757	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.009545088 CET	49762	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.009567022 CET	443	49762	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.009634018 CET	49762	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.009880066 CET	49762	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.009890079 CET	443	49762	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.295593977 CET	443	49758	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.296246052 CET	49758	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.296267986 CET	443	49758	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.296745062 CET	49758	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.296749115 CET	443	49758	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.732664108 CET	443	49758	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.732753992 CET	443	49758	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.732811928 CET	49758	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.733015060 CET	49758	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.733030081 CET	443	49758	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.733038902 CET	49758	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.733043909 CET	443	49758	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.736191988 CET	49763	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.736284018 CET	443	49763	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:06.736390114 CET	49763	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.736686945 CET	49763	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:06.736767054 CET	443	49763	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.495563030 CET	443	49759	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.496105909 CET	49759	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.496144056 CET	443	49759	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.496614933 CET	49759	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.496629000 CET	443	49759	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.731420994 CET	443	49761	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.731996059 CET	49761	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.732078075 CET	443	49761	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.732418060 CET	443	49762	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.732501030 CET	49761	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.732518911 CET	443	49761	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.732875109 CET	49762	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.732899904 CET	443	49762	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.733221054 CET	49762	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.733228922 CET	443	49762	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.740626097 CET	443	49760	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.740964890 CET	49760	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.740974903 CET	443	49760	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.741430044 CET	49760	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.741436005 CET	443	49760	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.958252907 CET	443	49759	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.958348989 CET	443	49759	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.958473921 CET	49759	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.958688021 CET	49759	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.958688021 CET	49759	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.958723068 CET	443	49759	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.958748102 CET	443	49759	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.961067915 CET	49764	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.961110115 CET	443	49764	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:07.961172104 CET	49764	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.961308002 CET	49764	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:07.961322069 CET	443	49764	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.168838978 CET	443	49761	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.168910027 CET	443	49761	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.168986082 CET	49761	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.169178009 CET	49761	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.169226885 CET	443	49761	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.169256926 CET	49761	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.169272900 CET	443	49761	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.172338009 CET	49765	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.172434092 CET	443	49765	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.172529936 CET	49765	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.172674894 CET	49765	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.172713041 CET	443	49765	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.201096058 CET	443	49762	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.201169968 CET	443	49762	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.201221943 CET	49762	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.201297045 CET	49762	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.201316118 CET	443	49762	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.201327085 CET	49762	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.201332092 CET	443	49762	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.203294992 CET	49766	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.203330994 CET	443	49766	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.203389883 CET	49766	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.203495979 CET	49766	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.203507900 CET	443	49766	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.248749018 CET	443	49760	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.248830080 CET	443	49760	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.248881102 CET	49760	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.249025106 CET	49760	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.249034882 CET	443	49760	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.249042988 CET	49760	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.249047995 CET	443	49760	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.252068043 CET	49767	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.252098083 CET	443	49767	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.252182961 CET	49767	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.252310038 CET	49767	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.252336025 CET	443	49767	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.488019943 CET	443	49763	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.488430977 CET	49763	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.488482952 CET	443	49763	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.488883018 CET	49763	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.488898039 CET	443	49763	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.920816898 CET	443	49763	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.920881033 CET	443	49763	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.920948029 CET	49763	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.921128988 CET	49763	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.921180010 CET	443	49763	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.921210051 CET	49763	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.921225071 CET	443	49763	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.923682928 CET	49768	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.923782110 CET	443	49768	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:08.923877954 CET	49768	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.924002886 CET	49768	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:08.924037933 CET	443	49768	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:09.747250080 CET	443	49764	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:09.747697115 CET	49764	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:09.747719049 CET	443	49764	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:09.748169899 CET	49764	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:09.748176098 CET	443	49764	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:09.917336941 CET	443	49766	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:09.918230057 CET	49766	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:09.918242931 CET	443	49766	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:09.918740034 CET	49766	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:09.918744087 CET	443	49766	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.017319918 CET	443	49765	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.021961927 CET	49765	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.022044897 CET	443	49765	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.022408009 CET	49765	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.022423983 CET	443	49765	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.036612988 CET	443	49767	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.041821003 CET	49767	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.041840076 CET	443	49767	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.042217970 CET	49767	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.042228937 CET	443	49767	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.191447020 CET	443	49764	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.191628933 CET	443	49764	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.191674948 CET	49764	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.203586102 CET	49764	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.203604937 CET	443	49764	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.203614950 CET	49764	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.203620911 CET	443	49764	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.257457018 CET	49769	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.257496119 CET	443	49769	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.257555962 CET	49769	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.258379936 CET	49769	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.258394003 CET	443	49769	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.352720976 CET	443	49766	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.352819920 CET	443	49766	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.352894068 CET	49766	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.447475910 CET	49766	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.447491884 CET	443	49766	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.447520018 CET	49766	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.447525024 CET	443	49766	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.469527960 CET	443	49765	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.469599962 CET	443	49765	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.469656944 CET	49765	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.471544027 CET	49765	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.471544027 CET	49765	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.471601963 CET	443	49765	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.471626997 CET	443	49765	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.472477913 CET	49770	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.472534895 CET	443	49770	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.472601891 CET	49770	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.473171949 CET	49770	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.473187923 CET	443	49770	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.474066973 CET	49771	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.474097967 CET	443	49771	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.474148035 CET	49771	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.474359989 CET	49771	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.474370956 CET	443	49771	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.480458021 CET	443	49767	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.480513096 CET	443	49767	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.480564117 CET	49767	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.480664015 CET	49767	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.480681896 CET	443	49767	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.480705976 CET	49767	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.480719090 CET	443	49767	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.483346939 CET	49772	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.483377934 CET	443	49772	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.483433008 CET	49772	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.483879089 CET	49772	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.483892918 CET	443	49772	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.705440998 CET	443	49768	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.706166029 CET	49768	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.706201077 CET	443	49768	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:10.706726074 CET	49768	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:10.706733942 CET	443	49768	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:11.149538040 CET	443	49768	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:11.149597883 CET	443	49768	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:11.149727106 CET	49768	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:11.149976969 CET	49768	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:11.150022984 CET	443	49768	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:11.150059938 CET	49768	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:11.150094032 CET	443	49768	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:11.153080940 CET	49773	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:11.153121948 CET	443	49773	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:11.153208971 CET	49773	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:11.153378010 CET	49773	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:11.153393984 CET	443	49773	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:11.304136992 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:11.357048035 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:11.495959044 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:11.544441938 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:12.044888973 CET	443	49769	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.047557116 CET	49769	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.047591925 CET	443	49769	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.048005104 CET	49769	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.048012018 CET	443	49769	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.253725052 CET	443	49770	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.254993916 CET	49770	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.255043983 CET	443	49770	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.256316900 CET	49770	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.256335974 CET	443	49770	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.258331060 CET	443	49771	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.258654118 CET	49771	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.258667946 CET	443	49771	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.259104967 CET	49771	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.259110928 CET	443	49771	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.261831045 CET	443	49772	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.263008118 CET	49772	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.263019085 CET	443	49772	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.263541937 CET	49772	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.263546944 CET	443	49772	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.489327908 CET	443	49769	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.489521027 CET	443	49769	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.489607096 CET	49769	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.489870071 CET	49769	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.489881992 CET	443	49769	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.489895105 CET	49769	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.489900112 CET	443	49769	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.492660046 CET	49774	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.492691040 CET	443	49774	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.492754936 CET	49774	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.492904902 CET	49774	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.492918015 CET	443	49774	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.698379993 CET	443	49770	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.698523045 CET	443	49770	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.698589087 CET	49770	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.698913097 CET	49770	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.698956966 CET	443	49770	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.704917908 CET	49775	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.704982042 CET	443	49775	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.705060005 CET	49775	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.705497980 CET	49775	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.705528975 CET	443	49775	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.725593090 CET	443	49771	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.725670099 CET	443	49771	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.725711107 CET	49771	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.726078033 CET	49771	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.726089001 CET	443	49771	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.726114035 CET	49771	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.726118088 CET	443	49771	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.733937979 CET	49776	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.733957052 CET	443	49776	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.734003067 CET	49776	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.734616041 CET	49776	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.734627008 CET	443	49776	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.765786886 CET	443	49772	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.765876055 CET	443	49772	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.766047001 CET	49772	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.779335976 CET	49772	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.779362917 CET	443	49772	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.779371977 CET	49772	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.779377937 CET	443	49772	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.785883904 CET	49777	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.785933018 CET	443	49777	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.786007881 CET	49777	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.786194086 CET	49777	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.786226988 CET	443	49777	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.954297066 CET	443	49773	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.965462923 CET	49773	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.965481043 CET	443	49773	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:12.965934038 CET	49773	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:12.965941906 CET	443	49773	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:13.397121906 CET	443	49773	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:13.397290945 CET	443	49773	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:13.397361040 CET	49773	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:13.401215076 CET	49773	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:13.401267052 CET	443	49773	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:13.401302099 CET	49773	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:13.401316881 CET	443	49773	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:13.410906076 CET	49778	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:13.410943031 CET	443	49778	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:13.411026955 CET	49778	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:13.411195993 CET	49778	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:13.411207914 CET	443	49778	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.280431986 CET	443	49774	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.280958891 CET	49774	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.280972958 CET	443	49774	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.281522036 CET	49774	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.281527042 CET	443	49774	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.487356901 CET	443	49775	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.487921000 CET	49775	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.487967014 CET	443	49775	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.488403082 CET	49775	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.488415956 CET	443	49775	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.500833988 CET	443	49777	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.503354073 CET	49777	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.503437996 CET	443	49777	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.503736019 CET	49777	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.503751993 CET	443	49777	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.578171968 CET	443	49776	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.579493046 CET	49776	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.579518080 CET	443	49776	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.579787016 CET	49776	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.579792023 CET	443	49776	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.722659111 CET	443	49774	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.722737074 CET	443	49774	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.722785950 CET	49774	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.723002911 CET	49774	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.723016024 CET	443	49774	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.723048925 CET	49774	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.723054886 CET	443	49774	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.725594044 CET	49779	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.725686073 CET	443	49779	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.725763083 CET	49779	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.725891113 CET	49779	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.725934029 CET	443	49779	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.933257103 CET	443	49775	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.933337927 CET	443	49775	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.933402061 CET	49775	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.933646917 CET	49775	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.933681965 CET	443	49775	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.933710098 CET	49775	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.933723927 CET	443	49775	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.935906887 CET	443	49777	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.935970068 CET	443	49777	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.936110973 CET	49777	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.936433077 CET	49777	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.936433077 CET	49777	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.936466932 CET	443	49777	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.936544895 CET	443	49777	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.938361883 CET	49780	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.938406944 CET	443	49780	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.938513041 CET	49780	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.939135075 CET	49780	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.939162016 CET	443	49780	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.939929962 CET	49781	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.939964056 CET	443	49781	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:14.940021038 CET	49781	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.940139055 CET	49781	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:14.940152884 CET	443	49781	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.031223059 CET	443	49776	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.031282902 CET	443	49776	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.031343937 CET	49776	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.031502962 CET	49776	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.031518936 CET	443	49776	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.031527996 CET	49776	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.031532049 CET	443	49776	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.033513069 CET	49782	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.033556938 CET	443	49782	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.033620119 CET	49782	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.033754110 CET	49782	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.033782959 CET	443	49782	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.201708078 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:15.263427019 CET	443	49778	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.267740011 CET	49778	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.267787933 CET	443	49778	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.268234015 CET	49778	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.268239021 CET	443	49778	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.321382046 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:15.323148966 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:15.442723036 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:15.660887957 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:15.715235949 CET	443	49778	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.715429068 CET	443	49778	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.715481043 CET	49778	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.715691090 CET	49778	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.715707064 CET	443	49778	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.715734005 CET	49778	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.715738058 CET	443	49778	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.716341972 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:15.719862938 CET	49783	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.719902992 CET	443	49783	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.719958067 CET	49783	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.720247030 CET	49783	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:15.720264912 CET	443	49783	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:15.852740049 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:15.862054110 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:15.981599092 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:15.981652021 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:16.101217985 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:16.440908909 CET	443	49779	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.441411972 CET	49779	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.441476107 CET	443	49779	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.441910028 CET	49779	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.441924095 CET	443	49779	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.654498100 CET	443	49780	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.656433105 CET	49780	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.656433105 CET	49780	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.656477928 CET	443	49780	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.656507015 CET	443	49780	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.786658049 CET	443	49781	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.787895918 CET	49781	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.787916899 CET	443	49781	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.791134119 CET	49781	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.791141033 CET	443	49781	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.875590086 CET	443	49779	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.875771046 CET	443	49779	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.875991106 CET	49779	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.876220942 CET	49779	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.876265049 CET	443	49779	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.876300097 CET	49779	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.876315117 CET	443	49779	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.878885984 CET	443	49782	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.878946066 CET	49784	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.879041910 CET	443	49784	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.879201889 CET	49784	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.879394054 CET	49784	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.879400969 CET	49782	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.879431009 CET	443	49782	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.879431963 CET	443	49784	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:16.879740953 CET	49782	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:16.879754066 CET	443	49782	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.100765944 CET	443	49780	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.100847006 CET	443	49780	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.103209019 CET	49780	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.103281021 CET	49780	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.103281021 CET	49780	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.103332043 CET	443	49780	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.103358030 CET	443	49780	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.106084108 CET	49785	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.106138945 CET	443	49785	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.106266022 CET	49785	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.106548071 CET	49785	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.106563091 CET	443	49785	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.328521013 CET	443	49781	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.328583956 CET	443	49781	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.328666925 CET	49781	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.328891039 CET	49781	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.328891039 CET	49781	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.328912973 CET	443	49781	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.328926086 CET	443	49781	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.331646919 CET	49786	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.331746101 CET	443	49786	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.332731962 CET	443	49782	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.332792044 CET	443	49782	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.332828999 CET	49786	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.332905054 CET	49782	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.332987070 CET	49782	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.333009958 CET	443	49782	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.333055019 CET	49782	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.333059072 CET	49786	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.333069086 CET	443	49782	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.333092928 CET	443	49786	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.334974051 CET	49787	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.335025072 CET	443	49787	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.335129023 CET	49787	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.335238934 CET	49787	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.335262060 CET	443	49787	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.523170948 CET	443	49783	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.523714066 CET	49783	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.523734093 CET	443	49783	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.524430037 CET	49783	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.524436951 CET	443	49783	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.966713905 CET	443	49783	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.966800928 CET	443	49783	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.966893911 CET	49783	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.967138052 CET	49783	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.967159986 CET	443	49783	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.967171907 CET	49783	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.967180014 CET	443	49783	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.970118046 CET	49788	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.970200062 CET	443	49788	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:17.970288038 CET	49788	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.970438957 CET	49788	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:17.970463037 CET	443	49788	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:18.741432905 CET	443	49784	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:18.747204065 CET	49784	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:18.747270107 CET	443	49784	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:18.751168013 CET	49784	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:18.751183033 CET	443	49784	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:18.827276945 CET	443	49785	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:18.839157104 CET	49785	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:18.839180946 CET	443	49785	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:18.843146086 CET	49785	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:18.843151093 CET	443	49785	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.125173092 CET	443	49786	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.131148100 CET	49786	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.131198883 CET	443	49786	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.133358002 CET	49786	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.133374929 CET	443	49786	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.183238983 CET	443	49787	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.183722019 CET	49787	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.183741093 CET	443	49787	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.184448004 CET	49787	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.184453011 CET	443	49787	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.194775105 CET	443	49784	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.194832087 CET	443	49784	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.194917917 CET	49784	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.195462942 CET	49784	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.195496082 CET	443	49784	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.195538998 CET	49784	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.195553064 CET	443	49784	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.199978113 CET	49789	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.200020075 CET	443	49789	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.200220108 CET	49789	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.200896025 CET	49789	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.200911999 CET	443	49789	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.262926102 CET	443	49785	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.263000965 CET	443	49785	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.263139963 CET	49785	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.263206005 CET	49785	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.263219118 CET	443	49785	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.263228893 CET	49785	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.263233900 CET	443	49785	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.266855001 CET	49790	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.266947985 CET	443	49790	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.267190933 CET	49790	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.267404079 CET	49790	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.267436028 CET	443	49790	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.573637962 CET	443	49786	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.573717117 CET	443	49786	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.573764086 CET	49786	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.573923111 CET	49786	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.573946953 CET	443	49786	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.573961973 CET	49786	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.573967934 CET	443	49786	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.576900959 CET	49791	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.576940060 CET	443	49791	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.576989889 CET	49791	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.577143908 CET	49791	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.577156067 CET	443	49791	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.634922028 CET	443	49787	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.635087967 CET	443	49787	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.635135889 CET	49787	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.635162115 CET	49787	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.635174990 CET	443	49787	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.635184050 CET	49787	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.635188103 CET	443	49787	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.637378931 CET	49792	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.637435913 CET	443	49792	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.637494087 CET	49792	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.637619972 CET	49792	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.637639046 CET	443	49792	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.775085926 CET	443	49788	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.775563955 CET	49788	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.775603056 CET	443	49788	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:19.776030064 CET	49788	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:19.776043892 CET	443	49788	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:20.217395067 CET	443	49788	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:20.217554092 CET	443	49788	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:20.217643023 CET	49788	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:20.217854023 CET	49788	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:20.217854023 CET	49788	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:20.217902899 CET	443	49788	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:20.217930079 CET	443	49788	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:20.221034050 CET	49793	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:20.221077919 CET	443	49793	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:20.221257925 CET	49793	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:20.221431017 CET	49793	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:20.221443892 CET	443	49793	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.045049906 CET	443	49789	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.046169043 CET	49789	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.046180010 CET	443	49789	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.046585083 CET	443	49790	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.046921968 CET	49789	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.046927929 CET	443	49789	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.047629118 CET	49790	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.047708035 CET	443	49790	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.048261881 CET	49790	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.048275948 CET	443	49790	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.357132912 CET	443	49791	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.385936022 CET	49791	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.385950089 CET	443	49791	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.386823893 CET	49791	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.386828899 CET	443	49791	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.423501968 CET	443	49792	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.424179077 CET	49792	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.424264908 CET	443	49792	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.424910069 CET	49792	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.424926043 CET	443	49792	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.490818024 CET	443	49790	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.490895033 CET	443	49790	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.490962982 CET	49790	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.491239071 CET	49790	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.491290092 CET	443	49790	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.491342068 CET	49790	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.491358995 CET	443	49790	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.493984938 CET	49794	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.494035959 CET	443	49794	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.494133949 CET	49794	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.494312048 CET	49794	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.494327068 CET	443	49794	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.510828018 CET	443	49789	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.510976076 CET	443	49789	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.511135101 CET	49789	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.511199951 CET	49789	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.511210918 CET	443	49789	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.511243105 CET	49789	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.511248112 CET	443	49789	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.512800932 CET	49795	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.512837887 CET	443	49795	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.513006926 CET	49795	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.513154030 CET	49795	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.513168097 CET	443	49795	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.812820911 CET	443	49793	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.813489914 CET	49793	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.813517094 CET	443	49793	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.814099073 CET	49793	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.814104080 CET	443	49793	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.836858988 CET	443	49791	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.836944103 CET	443	49791	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.837100029 CET	49791	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.837275028 CET	49791	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.837291002 CET	443	49791	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.837300062 CET	49791	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.837306023 CET	443	49791	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.839991093 CET	49796	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.840090036 CET	443	49796	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.840177059 CET	49796	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.840352058 CET	49796	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.840385914 CET	443	49796	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.865377903 CET	443	49792	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.865628004 CET	443	49792	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.865741014 CET	49792	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.865741014 CET	49792	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.865823984 CET	49792	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.865864038 CET	443	49792	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.868407965 CET	49797	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.868441105 CET	443	49797	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:21.868505955 CET	49797	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.868659019 CET	49797	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:21.868670940 CET	443	49797	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:22.254498959 CET	443	49793	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:22.254669905 CET	443	49793	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:22.254738092 CET	49793	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:22.254945040 CET	49793	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:22.254965067 CET	443	49793	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:22.254976034 CET	49793	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:22.254983902 CET	443	49793	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:22.258229017 CET	49798	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:22.258295059 CET	443	49798	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:22.258423090 CET	49798	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:22.258580923 CET	49798	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:22.258610964 CET	443	49798	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.277118921 CET	443	49794	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.281452894 CET	49794	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.281507015 CET	443	49794	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.281995058 CET	49794	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.282011986 CET	443	49794	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.297435999 CET	443	49795	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.299561024 CET	49795	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.299587965 CET	443	49795	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.300007105 CET	49795	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.300012112 CET	443	49795	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.620767117 CET	443	49796	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.621269941 CET	49796	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.621334076 CET	443	49796	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.621828079 CET	49796	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.621843100 CET	443	49796	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.721077919 CET	443	49794	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.721155882 CET	443	49794	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.721295118 CET	49794	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.721538067 CET	49794	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.721538067 CET	49794	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.721584082 CET	443	49794	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.721617937 CET	443	49794	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.724441051 CET	49799	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.724483013 CET	443	49799	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.724622011 CET	49799	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.724864006 CET	49799	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.724884987 CET	443	49799	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.726555109 CET	443	49797	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.727509975 CET	49797	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.727530956 CET	443	49797	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.727972031 CET	49797	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.727982044 CET	443	49797	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.739933014 CET	443	49795	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.740010023 CET	443	49795	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.740073919 CET	49795	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.740190029 CET	49795	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.740190029 CET	49795	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.740202904 CET	443	49795	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.740211964 CET	443	49795	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.742604017 CET	49800	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.742623091 CET	443	49800	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:23.742712975 CET	49800	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.742865086 CET	49800	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:23.742875099 CET	443	49800	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.044681072 CET	443	49798	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.045244932 CET	49798	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.045295000 CET	443	49798	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.045800924 CET	49798	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.045819998 CET	443	49798	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.064130068 CET	443	49796	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.064203024 CET	443	49796	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.064336061 CET	49796	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.064512014 CET	49796	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.064512014 CET	49796	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.064543009 CET	443	49796	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.064564943 CET	443	49796	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.067682981 CET	49801	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.067754030 CET	443	49801	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.071242094 CET	49801	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.075165033 CET	49801	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.075201988 CET	443	49801	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.177726984 CET	443	49797	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.177926064 CET	443	49797	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.178149939 CET	49797	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.178297997 CET	49797	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.178297997 CET	49797	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.178352118 CET	443	49797	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.178373098 CET	443	49797	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.183156967 CET	49802	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.183201075 CET	443	49802	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.183303118 CET	49802	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.187159061 CET	49802	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.187170029 CET	443	49802	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.501250029 CET	443	49798	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.501425028 CET	443	49798	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.501738071 CET	49798	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.501739025 CET	49798	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.501810074 CET	49798	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.501837969 CET	443	49798	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.507177114 CET	49803	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.507266998 CET	443	49803	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:24.507405996 CET	49803	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.507574081 CET	49803	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:24.507594109 CET	443	49803	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.503000021 CET	443	49799	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.507325888 CET	49799	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.507340908 CET	443	49799	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.507833004 CET	49799	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.507843018 CET	443	49799	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.528078079 CET	443	49800	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.528876066 CET	49800	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.528903008 CET	443	49800	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.529378891 CET	49800	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.529385090 CET	443	49800	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.790760040 CET	443	49801	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.791276932 CET	49801	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.791307926 CET	443	49801	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.793972969 CET	49801	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.793979883 CET	443	49801	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.875163078 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:25.952820063 CET	443	49799	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.952920914 CET	443	49799	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.953071117 CET	49799	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.953259945 CET	49799	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.953259945 CET	49799	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.953283072 CET	443	49799	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.953289032 CET	443	49799	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.959165096 CET	49804	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.959203959 CET	443	49804	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.963324070 CET	49804	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.967163086 CET	49804	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.967180014 CET	443	49804	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.969218969 CET	443	49802	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.971667051 CET	49802	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.971689939 CET	443	49802	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.972091913 CET	49802	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.972099066 CET	443	49802	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.974303007 CET	443	49800	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.974450111 CET	443	49800	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.974638939 CET	49800	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.974667072 CET	49800	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.974667072 CET	49800	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.974684954 CET	443	49800	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.974695921 CET	443	49800	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.976757050 CET	49805	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.976788044 CET	443	49805	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.976955891 CET	49805	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.979160070 CET	49805	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:25.979171038 CET	443	49805	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:25.994590044 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:25.994698048 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:26.114080906 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:26.224899054 CET	443	49801	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.224977016 CET	443	49801	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.225095034 CET	49801	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.225317955 CET	49801	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.225337982 CET	443	49801	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.225364923 CET	49801	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.225372076 CET	443	49801	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.231168032 CET	49806	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.231203079 CET	443	49806	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.232165098 CET	49806	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.232355118 CET	49806	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.232371092 CET	443	49806	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.321449041 CET	443	49803	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.321923018 CET	49803	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.321985006 CET	443	49803	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.322419882 CET	49803	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.322433949 CET	443	49803	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.331819057 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:26.372648954 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:26.412609100 CET	443	49802	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.412761927 CET	443	49802	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.412843943 CET	49802	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.412900925 CET	49802	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.412900925 CET	49802	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.412916899 CET	443	49802	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.412928104 CET	443	49802	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.416218996 CET	49807	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.416254044 CET	443	49807	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.416599035 CET	49807	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.416708946 CET	49807	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.416718006 CET	443	49807	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.523730993 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:26.527179003 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:26.646713018 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:26.646790981 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:26.766354084 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:26.769260883 CET	443	49803	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.769332886 CET	443	49803	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.769376993 CET	49803	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.769625902 CET	49803	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.769650936 CET	443	49803	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.769665956 CET	49803	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.769673109 CET	443	49803	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.773722887 CET	49808	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.773761034 CET	443	49808	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:26.773814917 CET	49808	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.773962975 CET	49808	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:26.773974895 CET	443	49808	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:27.812340975 CET	443	49804	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:27.829441071 CET	443	49805	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:27.863192081 CET	49804	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:27.947182894 CET	49804	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:27.947206974 CET	443	49804	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:27.947643042 CET	49804	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:27.947654963 CET	443	49804	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:27.948031902 CET	49805	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:27.948048115 CET	443	49805	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:27.948400021 CET	49805	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:27.948404074 CET	443	49805	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:27.952517033 CET	443	49806	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:27.952933073 CET	49806	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:27.952950954 CET	443	49806	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:27.953618050 CET	49806	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:27.953644991 CET	443	49806	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.211791992 CET	443	49807	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.216197014 CET	49807	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.216208935 CET	443	49807	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.219480038 CET	49807	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.219486952 CET	443	49807	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.281577110 CET	443	49804	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.281641960 CET	443	49804	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.281975031 CET	49804	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.281975985 CET	49804	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.282054901 CET	49804	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.282083035 CET	443	49804	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.282423019 CET	443	49805	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.282613039 CET	443	49805	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.283277035 CET	49805	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.283423901 CET	49805	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.283423901 CET	49805	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.283441067 CET	443	49805	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.283448935 CET	443	49805	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.285244942 CET	49809	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.285275936 CET	443	49809	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.285384893 CET	49810	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.285475969 CET	49809	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.285475969 CET	443	49810	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.285717964 CET	49809	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.285728931 CET	443	49809	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.285763979 CET	49810	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.286011934 CET	49810	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.286046028 CET	443	49810	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.388994932 CET	443	49806	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.389061928 CET	443	49806	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.389148951 CET	49806	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.389301062 CET	49806	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.389307976 CET	443	49806	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.389338017 CET	49806	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.389343977 CET	443	49806	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.391329050 CET	49811	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.391341925 CET	443	49811	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.391447067 CET	49811	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.391613960 CET	49811	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.391623974 CET	443	49811	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.511579990 CET	443	49808	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.512460947 CET	49808	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.512460947 CET	49808	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.512526989 CET	443	49808	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.512551069 CET	443	49808	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.656125069 CET	443	49807	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.656286955 CET	443	49807	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.656336069 CET	49807	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.656523943 CET	49807	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.656543970 CET	443	49807	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.656553984 CET	49807	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.656559944 CET	443	49807	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.659972906 CET	49812	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.660007000 CET	443	49812	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.660058975 CET	49812	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.660203934 CET	49812	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.660221100 CET	443	49812	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.945245981 CET	443	49808	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.945328951 CET	443	49808	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.945394039 CET	49808	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.959798098 CET	49808	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.959867001 CET	443	49808	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.959906101 CET	49808	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.959944010 CET	443	49808	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.963042021 CET	49813	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.963093996 CET	443	49813	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:28.963159084 CET	49813	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.963329077 CET	49813	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:28.963340998 CET	443	49813	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.078277111 CET	443	49809	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.079183102 CET	49809	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.079204082 CET	443	49809	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.079350948 CET	49809	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.079355955 CET	443	49809	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.131982088 CET	443	49810	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.132524014 CET	49810	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.132572889 CET	443	49810	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.133131981 CET	49810	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.133143902 CET	443	49810	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.179270029 CET	443	49811	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.179933071 CET	49811	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.179980040 CET	443	49811	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.180506945 CET	49811	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.180515051 CET	443	49811	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.487118959 CET	443	49812	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.490005970 CET	49812	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.490006924 CET	49812	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.490029097 CET	443	49812	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.490046024 CET	443	49812	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.550678968 CET	443	49809	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.550884008 CET	443	49809	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.550939083 CET	49809	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.552103043 CET	49809	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.552134037 CET	443	49809	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.552146912 CET	49809	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.552150965 CET	443	49809	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.557617903 CET	49814	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.557670116 CET	443	49814	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.557740927 CET	49814	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.558003902 CET	49814	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.558020115 CET	443	49814	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.584907055 CET	443	49810	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.584973097 CET	443	49810	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.585014105 CET	49810	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.587857008 CET	49810	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.587893963 CET	443	49810	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.587914944 CET	49810	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.587923050 CET	443	49810	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.610707998 CET	49815	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.610778093 CET	443	49815	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.610851049 CET	49815	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.614207029 CET	49815	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.614239931 CET	443	49815	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.622029066 CET	443	49811	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.622081041 CET	443	49811	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.622126102 CET	49811	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.625190020 CET	49811	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.625204086 CET	443	49811	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.625211954 CET	49811	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.625216007 CET	443	49811	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.644845009 CET	49816	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.644906044 CET	443	49816	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.645020962 CET	49816	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.650075912 CET	49816	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.650114059 CET	443	49816	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.812190056 CET	443	49813	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.863504887 CET	49813	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.863878965 CET	49813	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.863894939 CET	443	49813	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.869991064 CET	49813	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.870002985 CET	443	49813	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.930031061 CET	443	49812	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.930118084 CET	443	49812	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.930159092 CET	49812	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.994997025 CET	49812	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.995024920 CET	443	49812	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:30.995038033 CET	49812	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:30.995043993 CET	443	49812	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:31.032893896 CET	49817	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:31.033018112 CET	443	49817	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:31.033104897 CET	49817	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:31.057730913 CET	49817	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:31.057769060 CET	443	49817	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:31.265177965 CET	443	49813	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:31.265343904 CET	443	49813	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:31.265400887 CET	49813	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:31.266309023 CET	49813	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:31.266309023 CET	49813	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:31.266340971 CET	443	49813	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:31.266369104 CET	443	49813	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:31.270886898 CET	49818	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:31.270987034 CET	443	49818	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:31.271051884 CET	49818	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:31.271303892 CET	49818	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:31.271352053 CET	443	49818	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.338682890 CET	443	49814	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.339241028 CET	49814	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.339262962 CET	443	49814	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.343226910 CET	49814	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.343240023 CET	443	49814	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.366712093 CET	443	49816	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.367655993 CET	49816	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.367655993 CET	49816	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.367687941 CET	443	49816	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.367717028 CET	443	49816	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.400736094 CET	443	49815	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.403743982 CET	49815	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.403770924 CET	443	49815	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.406191111 CET	49815	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.406198025 CET	443	49815	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.782367945 CET	443	49814	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.782434940 CET	443	49814	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.782478094 CET	49814	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.782677889 CET	49814	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.782696962 CET	443	49814	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.782706976 CET	49814	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.782713890 CET	443	49814	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.785903931 CET	49819	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.785934925 CET	443	49819	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.785988092 CET	49819	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.786147118 CET	49819	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.786161900 CET	443	49819	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.801191092 CET	443	49816	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.801243067 CET	443	49816	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.801301956 CET	49816	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.801446915 CET	49816	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.801446915 CET	49816	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.801491976 CET	443	49816	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.801518917 CET	443	49816	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.804174900 CET	49820	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.804203987 CET	443	49820	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.804296017 CET	49820	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.804421902 CET	49820	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.804435015 CET	443	49820	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.843871117 CET	443	49817	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.844343901 CET	49817	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.844423056 CET	443	49817	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.844902039 CET	49817	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.844917059 CET	443	49817	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.846378088 CET	443	49815	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.846549988 CET	443	49815	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.846621990 CET	49815	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.846622944 CET	49815	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.846705914 CET	49815	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.846734047 CET	443	49815	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.849034071 CET	49821	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.849142075 CET	443	49821	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:32.849206924 CET	49821	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.849466085 CET	49821	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:32.849502087 CET	443	49821	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.054465055 CET	443	49818	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.055109024 CET	49818	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.055213928 CET	443	49818	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.055707932 CET	49818	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.055723906 CET	443	49818	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.289236069 CET	443	49817	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.289407969 CET	443	49817	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.289462090 CET	49817	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.291084051 CET	49817	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.291121006 CET	443	49817	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.291142941 CET	49817	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.291151047 CET	443	49817	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.295492887 CET	49822	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.295531988 CET	443	49822	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.295583963 CET	49822	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.296019077 CET	49822	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.296032906 CET	443	49822	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.498228073 CET	443	49818	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.498434067 CET	443	49818	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.498508930 CET	49818	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.574445009 CET	49818	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.574445963 CET	49818	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.574497938 CET	443	49818	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.574531078 CET	443	49818	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.617249966 CET	49823	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.617311954 CET	443	49823	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:33.627203941 CET	49823	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.631203890 CET	49823	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:33.631238937 CET	443	49823	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:34.569437027 CET	443	49819	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:34.570341110 CET	49819	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:34.570422888 CET	443	49819	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:34.571191072 CET	49819	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:34.571204901 CET	443	49819	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:34.583627939 CET	443	49820	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:34.584203959 CET	49820	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:34.584216118 CET	443	49820	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:34.584779978 CET	49820	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:34.584784031 CET	443	49820	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:34.636885881 CET	443	49821	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:34.637331009 CET	49821	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:34.637366056 CET	443	49821	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:34.637953997 CET	49821	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:34.637960911 CET	443	49821	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.021828890 CET	443	49819	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.021991968 CET	443	49819	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.022063017 CET	49819	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.022192955 CET	49819	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.022232056 CET	443	49819	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.022260904 CET	49819	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.022275925 CET	443	49819	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.024918079 CET	49824	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.024991989 CET	443	49824	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.025074959 CET	49824	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.025218964 CET	49824	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.025253057 CET	443	49824	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.032743931 CET	443	49820	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.032761097 CET	443	49820	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.032808065 CET	49820	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.032825947 CET	443	49820	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.032836914 CET	443	49820	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.032869101 CET	49820	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.033013105 CET	49820	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.033025026 CET	443	49820	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.033035040 CET	49820	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.033039093 CET	443	49820	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.034966946 CET	49825	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.035005093 CET	443	49825	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.035068035 CET	49825	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.035176039 CET	49825	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.035190105 CET	443	49825	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.084168911 CET	443	49821	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.084316969 CET	443	49821	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.084378958 CET	49821	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.084496975 CET	49821	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.084496975 CET	49821	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.084537983 CET	443	49821	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.084564924 CET	443	49821	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.085020065 CET	443	49822	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.085474014 CET	49822	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.085485935 CET	443	49822	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.085927010 CET	49822	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.085931063 CET	443	49822	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.086463928 CET	49826	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.086528063 CET	443	49826	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.086610079 CET	49826	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.086709976 CET	49826	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.086735964 CET	443	49826	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.349252939 CET	443	49823	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.349740982 CET	49823	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.349771023 CET	443	49823	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.350195885 CET	49823	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.350203991 CET	443	49823	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.528451920 CET	443	49822	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.528531075 CET	443	49822	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.528625965 CET	49822	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.528866053 CET	49822	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.528896093 CET	443	49822	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.528907061 CET	49822	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.528912067 CET	443	49822	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.532776117 CET	49827	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.532847881 CET	443	49827	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.532912016 CET	49827	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.533150911 CET	49827	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.533166885 CET	443	49827	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.788876057 CET	443	49823	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.788933992 CET	443	49823	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.789092064 CET	49823	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.789130926 CET	443	49823	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.789400101 CET	49823	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.789419889 CET	443	49823	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.789463997 CET	49823	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.789774895 CET	443	49823	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.789849997 CET	443	49823	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.789974928 CET	49823	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.791906118 CET	49828	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.791954994 CET	443	49828	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:35.792377949 CET	49828	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.792545080 CET	49828	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:35.792557955 CET	443	49828	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:36.820477962 CET	443	49825	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:36.821333885 CET	49825	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:36.821352959 CET	443	49825	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:36.821830034 CET	49825	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:36.821835041 CET	443	49825	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:36.871721983 CET	443	49826	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:36.872369051 CET	49826	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:36.872416019 CET	443	49826	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:36.876034021 CET	49826	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:36.876048088 CET	443	49826	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:36.877732992 CET	443	49824	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:36.878343105 CET	49824	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:36.878360033 CET	443	49824	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:36.884293079 CET	49824	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:36.884305954 CET	443	49824	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.323168039 CET	443	49827	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.323736906 CET	49827	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.323759079 CET	443	49827	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.324388027 CET	443	49825	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.324400902 CET	49827	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.324405909 CET	443	49827	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.324408054 CET	443	49825	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.324451923 CET	49825	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.324461937 CET	443	49825	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.324713945 CET	49825	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.324736118 CET	443	49825	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.324743986 CET	49825	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.324893951 CET	443	49825	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.324923992 CET	443	49825	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.324965000 CET	49825	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.326718092 CET	443	49826	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.328823090 CET	49829	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.328896046 CET	443	49829	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.328969955 CET	49829	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.329085112 CET	49829	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.329113007 CET	443	49829	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.330178976 CET	443	49826	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.330255985 CET	49826	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.330333948 CET	49826	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.330384016 CET	443	49826	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.330400944 CET	49826	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.330418110 CET	443	49826	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.333312988 CET	49830	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.333347082 CET	443	49830	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.333401918 CET	49830	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.333528996 CET	49830	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.333542109 CET	443	49830	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.382931948 CET	443	49824	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.382950068 CET	443	49824	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.382998943 CET	49824	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.383032084 CET	443	49824	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.383084059 CET	49824	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.383354902 CET	49824	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.383368969 CET	443	49824	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.383409977 CET	49824	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.383538008 CET	443	49824	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.383563995 CET	443	49824	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.383608103 CET	49824	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.386400938 CET	49831	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.386430979 CET	443	49831	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.386503935 CET	49831	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.386609077 CET	49831	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.386636972 CET	443	49831	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.578072071 CET	443	49828	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.578723907 CET	49828	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.578742027 CET	443	49828	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.583223104 CET	49828	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.583229065 CET	443	49828	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.719233990 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:37.767183065 CET	443	49827	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.770180941 CET	443	49827	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.775276899 CET	49827	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.775276899 CET	49827	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.777851105 CET	49827	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.777851105 CET	49832	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.777869940 CET	443	49827	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.777928114 CET	443	49832	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.779423952 CET	49832	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.779424906 CET	49832	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:37.779515982 CET	443	49832	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:37.838941097 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:37.843787909 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:37.963332891 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:38.021143913 CET	443	49828	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:38.024255037 CET	443	49828	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:38.024446011 CET	49828	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:38.024518013 CET	49828	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:38.024518013 CET	49828	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:38.024534941 CET	443	49828	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:38.024538994 CET	443	49828	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:38.027234077 CET	49833	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:38.027339935 CET	443	49833	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:38.027506113 CET	49833	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:38.027617931 CET	49833	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:38.027656078 CET	443	49833	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:38.180262089 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:38.235222101 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:38.372184038 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:38.373600960 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:38.493237019 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:38.493371964 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:38.612979889 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:39.107350111 CET	443	49831	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.108490944 CET	443	49829	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.108818054 CET	49831	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.108834028 CET	443	49831	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.109590054 CET	49831	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.109596968 CET	443	49831	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.110088110 CET	49829	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.110102892 CET	443	49829	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.110693932 CET	49829	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.110699892 CET	443	49829	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.183218002 CET	443	49830	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.183753014 CET	49830	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.183773041 CET	443	49830	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.184456110 CET	49830	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.184461117 CET	443	49830	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.543112040 CET	443	49831	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.546137094 CET	443	49831	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.546216011 CET	49831	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.546366930 CET	49831	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.546413898 CET	443	49831	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.546449900 CET	49831	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.546466112 CET	443	49831	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.549043894 CET	49834	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.549098015 CET	443	49834	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.549176931 CET	49834	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.549312115 CET	49834	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.549350977 CET	443	49834	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.552531004 CET	443	49829	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.555672884 CET	443	49829	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.558393002 CET	49829	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.558393955 CET	49829	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.560195923 CET	49829	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.560211897 CET	443	49829	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.561371088 CET	49835	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.561415911 CET	443	49835	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.562792063 CET	443	49832	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.563137054 CET	49835	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.563137054 CET	49835	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.563179970 CET	443	49835	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.563209057 CET	49832	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.563231945 CET	443	49832	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.567229986 CET	49832	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.567240953 CET	443	49832	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.635123968 CET	443	49830	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.638189077 CET	443	49830	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.638432026 CET	49830	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.638509989 CET	49830	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.638509989 CET	49830	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.638530016 CET	443	49830	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.638539076 CET	443	49830	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.643215895 CET	49836	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.643248081 CET	443	49836	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.643526077 CET	49836	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.643526077 CET	49836	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.643556118 CET	443	49836	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.812562943 CET	443	49833	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.813007116 CET	49833	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.813040018 CET	443	49833	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:39.813628912 CET	49833	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:39.813635111 CET	443	49833	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:40.006654024 CET	443	49832	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:40.009550095 CET	443	49832	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:40.015368938 CET	49832	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.015368938 CET	49832	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.015431881 CET	49832	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.015459061 CET	443	49832	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:40.018089056 CET	49837	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.018155098 CET	443	49837	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:40.018266916 CET	49837	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.018459082 CET	49837	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.018508911 CET	443	49837	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:40.262950897 CET	443	49833	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:40.265973091 CET	443	49833	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:40.266139030 CET	49833	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.266244888 CET	49833	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.266292095 CET	443	49833	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:40.266323090 CET	49833	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.266355038 CET	443	49833	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:40.269012928 CET	49838	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.269057989 CET	443	49838	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:40.269207001 CET	49838	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.269403934 CET	49838	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:40.269418001 CET	443	49838	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.312407970 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:41.329287052 CET	443	49834	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.329799891 CET	49834	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.329844952 CET	443	49834	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.330281973 CET	49834	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.330292940 CET	443	49834	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.342274904 CET	443	49835	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.343072891 CET	49835	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.343136072 CET	443	49835	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.349558115 CET	49835	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.349571943 CET	443	49835	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.357081890 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:41.364285946 CET	443	49836	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.364716053 CET	49836	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.364733934 CET	443	49836	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.365134954 CET	49836	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.365142107 CET	443	49836	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.504121065 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:41.544576883 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:41.785501957 CET	443	49835	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.788606882 CET	443	49835	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.788942099 CET	49835	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.789239883 CET	49835	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.789283037 CET	443	49835	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.789325953 CET	49835	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.789343119 CET	443	49835	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.791282892 CET	443	49834	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.792515993 CET	49839	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.792613029 CET	443	49839	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.793574095 CET	49839	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.793819904 CET	49839	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.793853998 CET	443	49839	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.794317961 CET	443	49834	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.794398069 CET	49834	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.794478893 CET	49834	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.794478893 CET	49834	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.794543028 CET	443	49834	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.794569969 CET	443	49834	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.797364950 CET	443	49836	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.800380945 CET	443	49836	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.800498962 CET	443	49836	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.800529957 CET	49836	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.800643921 CET	49836	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.800643921 CET	49836	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.800854921 CET	49836	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.800870895 CET	443	49836	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.805572033 CET	49841	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.805582047 CET	49840	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.805634022 CET	443	49841	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.805634975 CET	443	49840	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.805727959 CET	49841	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.805728912 CET	49840	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.805942059 CET	49841	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.805975914 CET	443	49841	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.806232929 CET	49840	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.806260109 CET	443	49840	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.867660999 CET	443	49837	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.868288994 CET	49837	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.868320942 CET	443	49837	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:41.868776083 CET	49837	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:41.868788004 CET	443	49837	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.056699038 CET	443	49838	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.057437897 CET	49838	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.057449102 CET	443	49838	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.058075905 CET	49838	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.058080912 CET	443	49838	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.319912910 CET	443	49837	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.322947979 CET	443	49837	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.323110104 CET	49837	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.323110104 CET	49837	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.323216915 CET	49837	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.323247910 CET	443	49837	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.327689886 CET	49842	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.327753067 CET	443	49842	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.327862978 CET	49842	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.328052998 CET	49842	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.328088999 CET	443	49842	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.499206066 CET	443	49838	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.502293110 CET	443	49838	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.502413034 CET	443	49838	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.502423048 CET	49838	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.502517939 CET	49838	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.502517939 CET	49838	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.502546072 CET	49838	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.502562046 CET	443	49838	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.505537987 CET	49843	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.505667925 CET	443	49843	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:42.507354975 CET	49843	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.507460117 CET	49843	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:42.507486105 CET	443	49843	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.508510113 CET	443	49839	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.509138107 CET	49839	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.509207010 CET	443	49839	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.509505987 CET	49839	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.509522915 CET	443	49839	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.519864082 CET	443	49841	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.520237923 CET	49841	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.520301104 CET	443	49841	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.520618916 CET	49841	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.520634890 CET	443	49841	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.606475115 CET	443	49840	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.609994888 CET	49840	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.609994888 CET	49840	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.610061884 CET	443	49840	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.610119104 CET	443	49840	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.943969011 CET	443	49839	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.946871996 CET	443	49839	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.947007895 CET	49839	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.947009087 CET	49839	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.947175980 CET	49839	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.947216034 CET	443	49839	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.953761101 CET	49844	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.953809023 CET	443	49844	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.953872919 CET	443	49841	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.954024076 CET	49844	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.957026958 CET	443	49841	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.957065105 CET	49844	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.957097054 CET	443	49844	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.957135916 CET	49841	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.957135916 CET	49841	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.958056927 CET	49841	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.958092928 CET	443	49841	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.959728003 CET	49845	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.959770918 CET	443	49845	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:43.960191965 CET	49845	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.960268974 CET	49845	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:43.960280895 CET	443	49845	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.050445080 CET	443	49840	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.050523996 CET	443	49840	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.050621986 CET	49840	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.050724983 CET	49840	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.050767899 CET	443	49840	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.050802946 CET	49840	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.050818920 CET	443	49840	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.053649902 CET	49846	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.053694010 CET	443	49846	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.053864002 CET	49846	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.057344913 CET	49846	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.057372093 CET	443	49846	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.109513998 CET	443	49842	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.113512993 CET	49842	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.113574028 CET	443	49842	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.114154100 CET	49842	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.114167929 CET	443	49842	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.228077888 CET	443	49843	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.228615046 CET	49843	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.228650093 CET	443	49843	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.229113102 CET	49843	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.229129076 CET	443	49843	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.554230928 CET	443	49842	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.557113886 CET	443	49842	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.557161093 CET	443	49842	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.557296038 CET	49842	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.557296991 CET	49842	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.557296991 CET	49842	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.559847116 CET	49847	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.559887886 CET	443	49847	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.560043097 CET	49847	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.560182095 CET	49847	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.560195923 CET	443	49847	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.661056995 CET	443	49843	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.664297104 CET	443	49843	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.664361000 CET	49843	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.664520025 CET	49843	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.664577961 CET	443	49843	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.664611101 CET	49843	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.664627075 CET	443	49843	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.668342113 CET	49848	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.668401003 CET	443	49848	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.668459892 CET	49848	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.668715954 CET	49848	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.668728113 CET	443	49848	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:44.857129097 CET	49842	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:44.857204914 CET	443	49842	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:45.740981102 CET	443	49845	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:45.741780043 CET	49845	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:45.741799116 CET	443	49845	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:45.743284941 CET	49845	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:45.743288994 CET	443	49845	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:45.845675945 CET	443	49846	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:45.846226931 CET	49846	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:45.846293926 CET	443	49846	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:45.847273111 CET	49846	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:45.847287893 CET	443	49846	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.185549974 CET	443	49845	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.188409090 CET	443	49845	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.188507080 CET	49845	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.188507080 CET	49845	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.188544035 CET	49845	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.188563108 CET	443	49845	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.191968918 CET	49849	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.192018986 CET	443	49849	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.192249060 CET	49849	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.192249060 CET	49849	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.192289114 CET	443	49849	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.289458990 CET	443	49846	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.292483091 CET	443	49846	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.292614937 CET	443	49846	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.292711020 CET	49846	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.292798042 CET	49846	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.292798042 CET	49846	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.292840958 CET	443	49846	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.292866945 CET	443	49846	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.295648098 CET	49850	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.295695066 CET	443	49850	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.296463966 CET	49850	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.296711922 CET	49850	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.296729088 CET	443	49850	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.432423115 CET	443	49847	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.433401108 CET	49847	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.433401108 CET	49847	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.433415890 CET	443	49847	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.433432102 CET	443	49847	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.493886948 CET	443	49848	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.496098042 CET	49848	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.496098042 CET	49848	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.496119022 CET	443	49848	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.496138096 CET	443	49848	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.888475895 CET	443	49847	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.888550997 CET	443	49847	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.888595104 CET	49847	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.888869047 CET	49847	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.888889074 CET	443	49847	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.888896942 CET	49847	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.888904095 CET	443	49847	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.892021894 CET	49851	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.892118931 CET	443	49851	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.892227888 CET	49851	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.892474890 CET	49851	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.892515898 CET	443	49851	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.938175917 CET	443	49848	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.940987110 CET	443	49848	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.941020966 CET	49848	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.941063881 CET	443	49848	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.941083908 CET	443	49848	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.941122055 CET	49848	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.941170931 CET	49848	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.941185951 CET	443	49848	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.941198111 CET	49848	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.941205025 CET	443	49848	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.943999052 CET	49852	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.944087982 CET	443	49852	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:46.944159031 CET	49852	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.944314957 CET	49852	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:46.944353104 CET	443	49852	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:47.975225925 CET	443	49849	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.028984070 CET	49849	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.029618979 CET	443	49850	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.030636072 CET	49849	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.030649900 CET	443	49849	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.031225920 CET	49849	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.031233072 CET	443	49849	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.043806076 CET	49850	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.043837070 CET	443	49850	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.044470072 CET	49850	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.044480085 CET	443	49850	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.420237064 CET	443	49849	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.422981977 CET	443	49849	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.423423052 CET	49849	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.433590889 CET	49849	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.433631897 CET	443	49849	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.433655977 CET	49849	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.433666945 CET	443	49849	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.445621014 CET	49853	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.445683956 CET	443	49853	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.445744991 CET	49853	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.446542978 CET	49853	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.446561098 CET	443	49853	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.492490053 CET	443	49850	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.495469093 CET	443	49850	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.495577097 CET	49850	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.496150017 CET	49850	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.496179104 CET	443	49850	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.496195078 CET	49850	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.496203899 CET	443	49850	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.501912117 CET	49854	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.501966000 CET	443	49854	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.502049923 CET	49854	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.502299070 CET	49854	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.502315998 CET	443	49854	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.726286888 CET	443	49852	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.727149963 CET	49852	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.727196932 CET	443	49852	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.727663040 CET	49852	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.727674007 CET	443	49852	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.748816013 CET	443	49851	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.749260902 CET	49851	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.749322891 CET	443	49851	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.749726057 CET	49851	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.749738932 CET	443	49851	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.798352003 CET	443	49844	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.801600933 CET	49844	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.801665068 CET	443	49844	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:48.801985025 CET	49844	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:48.801999092 CET	443	49844	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.171509981 CET	443	49852	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.174608946 CET	443	49852	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.174675941 CET	49852	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.174762011 CET	443	49852	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.174818993 CET	443	49852	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.175029993 CET	49852	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.175029993 CET	49852	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.175029993 CET	49852	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.178121090 CET	49855	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.178174019 CET	443	49855	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.178239107 CET	49855	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.178422928 CET	49855	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.178447008 CET	443	49855	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.204336882 CET	443	49851	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.206531048 CET	443	49851	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.206614971 CET	49851	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.206695080 CET	49851	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.206695080 CET	49851	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.206743002 CET	443	49851	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.206789970 CET	443	49851	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.209147930 CET	49856	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.209162951 CET	443	49856	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.209279060 CET	49856	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.209431887 CET	49856	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.209450960 CET	443	49856	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.253360987 CET	443	49844	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.253465891 CET	443	49844	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.253551960 CET	49844	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.257234097 CET	49844	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.257234097 CET	49844	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.257298946 CET	443	49844	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.257333994 CET	443	49844	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.260385990 CET	49857	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.260473967 CET	443	49857	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.260540009 CET	49857	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.260742903 CET	49857	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.260796070 CET	443	49857	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:49.482115030 CET	49852	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:49.482172966 CET	443	49852	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.286020041 CET	443	49854	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.290673018 CET	49854	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.290673018 CET	49854	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.290740013 CET	443	49854	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.290791035 CET	443	49854	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.349148989 CET	443	49853	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.349637985 CET	49853	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.349668026 CET	443	49853	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.350255013 CET	49853	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.350260973 CET	443	49853	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.729923964 CET	443	49854	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.733052015 CET	443	49854	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.733118057 CET	49854	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.768667936 CET	49854	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.768668890 CET	49854	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.768738031 CET	443	49854	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.768769979 CET	443	49854	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.773458958 CET	49858	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.773502111 CET	443	49858	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.773555040 CET	49858	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.774111032 CET	49858	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.774127960 CET	443	49858	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.801841974 CET	443	49853	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.805232048 CET	443	49853	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.805295944 CET	49853	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.805381060 CET	49853	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.805399895 CET	443	49853	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.805421114 CET	49853	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.805427074 CET	443	49853	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.809870958 CET	49859	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.809967995 CET	443	49859	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.810038090 CET	49859	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.810339928 CET	49859	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.810378075 CET	443	49859	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.839759111 CET	443	49857	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.840378046 CET	49857	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.840440989 CET	443	49857	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.840913057 CET	49857	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.840967894 CET	443	49857	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.897438049 CET	443	49855	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.919114113 CET	49855	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.919131994 CET	443	49855	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.919514894 CET	49855	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.919521093 CET	443	49855	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.923568010 CET	443	49856	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.924046040 CET	49856	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.924056053 CET	443	49856	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:50.924459934 CET	49856	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:50.924463987 CET	443	49856	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.287842989 CET	443	49857	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.290941954 CET	443	49857	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.291023016 CET	49857	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.338421106 CET	443	49855	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.341411114 CET	443	49855	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.341528893 CET	49855	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.353652954 CET	49857	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.353652954 CET	49857	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.353724003 CET	443	49857	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.353773117 CET	443	49857	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.356259108 CET	49855	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.356287003 CET	443	49855	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.356298923 CET	49855	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.356306076 CET	443	49855	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.358325005 CET	443	49856	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.361195087 CET	443	49856	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.361236095 CET	49856	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.361244917 CET	443	49856	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.361257076 CET	443	49856	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.361304045 CET	49856	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.364957094 CET	49860	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.365051985 CET	443	49860	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.365127087 CET	49860	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.368891954 CET	49861	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.368931055 CET	443	49861	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.369023085 CET	49861	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.371977091 CET	49856	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.371982098 CET	443	49856	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.371992111 CET	49856	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.371997118 CET	443	49856	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.375643969 CET	49860	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.375710964 CET	49861	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.375711918 CET	443	49860	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.375725985 CET	443	49861	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.382179976 CET	49862	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.382287025 CET	443	49862	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:51.382348061 CET	49862	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.382550001 CET	49862	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:51.382601023 CET	443	49862	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:52.597671032 CET	443	49859	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:52.598187923 CET	49859	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:52.598274946 CET	443	49859	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:52.598798037 CET	49859	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:52.598853111 CET	443	49859	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:52.642102957 CET	443	49858	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:52.642411947 CET	49858	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:52.642431021 CET	443	49858	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:52.642880917 CET	49858	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:52.642885923 CET	443	49858	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.042176962 CET	443	49859	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.045151949 CET	443	49859	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.045241117 CET	49859	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.045331955 CET	49859	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.045331955 CET	49859	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.045377016 CET	443	49859	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.045407057 CET	443	49859	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.048280954 CET	49863	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.048306942 CET	443	49863	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.048379898 CET	49863	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.048583984 CET	49863	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.048599005 CET	443	49863	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.093189001 CET	443	49858	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.096535921 CET	443	49858	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.096601963 CET	49858	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.096651077 CET	49858	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.096667051 CET	443	49858	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.096673012 CET	49858	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.096678972 CET	443	49858	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.099375010 CET	49864	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.099400043 CET	443	49864	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.099448919 CET	49864	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.099508047 CET	443	49862	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.099592924 CET	49864	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.099611998 CET	443	49864	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.099905968 CET	49862	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.099986076 CET	443	49862	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.100442886 CET	49862	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.100457907 CET	443	49862	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.155128956 CET	443	49861	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.155533075 CET	49861	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.155544043 CET	443	49861	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.156076908 CET	49861	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.156083107 CET	443	49861	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.159183025 CET	443	49860	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.159514904 CET	49860	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.159576893 CET	443	49860	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.159903049 CET	49860	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.159917116 CET	443	49860	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.533811092 CET	443	49862	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.536884069 CET	443	49862	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.539335966 CET	49862	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.539437056 CET	49862	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.539437056 CET	49862	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.539483070 CET	443	49862	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.539510012 CET	443	49862	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.542028904 CET	49865	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.542119026 CET	443	49865	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.542210102 CET	49865	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.542351961 CET	49865	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.542385101 CET	443	49865	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.602382898 CET	443	49860	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.605756044 CET	443	49860	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.605812073 CET	443	49860	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.607511044 CET	49860	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.607511044 CET	49860	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.609916925 CET	49866	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.609935999 CET	49860	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.609956980 CET	443	49866	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.610023975 CET	443	49860	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.610485077 CET	443	49861	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.610718012 CET	49866	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.610718012 CET	49866	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.610754967 CET	443	49866	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.613432884 CET	443	49861	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.615498066 CET	49861	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.615498066 CET	49861	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.617216110 CET	49861	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.617219925 CET	49867	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.617233038 CET	443	49861	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.617291927 CET	443	49867	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:53.619453907 CET	49867	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.619453907 CET	49867	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:53.619529009 CET	443	49867	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:54.685890913 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:54.763262033 CET	443	49863	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:54.764218092 CET	49863	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:54.764240026 CET	443	49863	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:54.765161037 CET	49863	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:54.765168905 CET	443	49863	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:54.805774927 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:54.805856943 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:54.891979933 CET	443	49864	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:54.892426968 CET	49864	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:54.892441034 CET	443	49864	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:54.892935991 CET	49864	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:54.892939091 CET	443	49864	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:54.925729990 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:55.144360065 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:55.197566986 CET	443	49863	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.200651884 CET	443	49863	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.200715065 CET	49863	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.200788975 CET	49863	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.200810909 CET	443	49863	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.200823069 CET	49863	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.200830936 CET	443	49863	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.203979015 CET	49868	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.204020977 CET	443	49868	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.204081059 CET	49868	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.204267979 CET	49868	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.204282999 CET	443	49868	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.322803974 CET	443	49865	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.323281050 CET	49865	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.323374033 CET	443	49865	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.323837996 CET	49865	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.323853970 CET	443	49865	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.325866938 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:55.335835934 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:55.337364912 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:55.363002062 CET	443	49864	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.365981102 CET	443	49864	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.366020918 CET	49864	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.366023064 CET	443	49864	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.366061926 CET	49864	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.366126060 CET	49864	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.366126060 CET	49864	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.366138935 CET	443	49864	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.366149902 CET	443	49864	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.368659973 CET	49869	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.368751049 CET	443	49869	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.368818045 CET	49869	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.368963003 CET	49869	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.368998051 CET	443	49869	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.391552925 CET	443	49866	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.391887903 CET	49866	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.391895056 CET	443	49866	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.392354965 CET	49866	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.392359018 CET	443	49866	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.398922920 CET	443	49867	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.399332047 CET	49867	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.399354935 CET	443	49867	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.399924994 CET	49867	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.399936914 CET	443	49867	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.456878901 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:55.457007885 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:55.576761961 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:55.768569946 CET	443	49865	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.768634081 CET	443	49865	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.769922018 CET	49865	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.769922018 CET	49865	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.772501945 CET	49870	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.772522926 CET	49865	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.772536993 CET	443	49870	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.772588968 CET	443	49865	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.773677111 CET	49870	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.773677111 CET	49870	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.773708105 CET	443	49870	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.839472055 CET	443	49866	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.842458010 CET	443	49867	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.842565060 CET	443	49866	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.842622995 CET	443	49866	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.845617056 CET	443	49867	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.845623970 CET	49866	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.845623970 CET	49866	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.845666885 CET	49866	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.845680952 CET	443	49866	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.845719099 CET	49867	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.845720053 CET	49867	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.848644972 CET	49867	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.848650932 CET	49871	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.848685026 CET	443	49867	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.848730087 CET	49872	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.848742008 CET	443	49871	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.848778009 CET	443	49872	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.848850012 CET	49871	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.848851919 CET	49872	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.849013090 CET	49871	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.849014997 CET	49872	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:55.849051952 CET	443	49871	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:55.849061966 CET	443	49872	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:56.990247965 CET	443	49868	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.012521029 CET	49868	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.012542009 CET	443	49868	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.013226986 CET	49868	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.013231993 CET	443	49868	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.147746086 CET	443	49869	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.148344994 CET	49869	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.148425102 CET	443	49869	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.148847103 CET	49869	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.148901939 CET	443	49869	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.433729887 CET	443	49868	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.437063932 CET	443	49868	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.437108994 CET	443	49868	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.437115908 CET	49868	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.437155962 CET	49868	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.437201023 CET	49868	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.437212944 CET	443	49868	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.437221050 CET	49868	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.437226057 CET	443	49868	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.439996958 CET	49873	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.440026999 CET	443	49873	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.440105915 CET	49873	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.440258026 CET	49873	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.440272093 CET	443	49873	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.491472006 CET	443	49870	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.491966963 CET	49870	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.491976976 CET	443	49870	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.492398977 CET	49870	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.492403030 CET	443	49870	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.564814091 CET	443	49871	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.565502882 CET	49871	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.565567017 CET	443	49871	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.565834999 CET	49871	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.565853119 CET	443	49871	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.566310883 CET	443	49872	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.566870928 CET	49872	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.566935062 CET	443	49872	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.567246914 CET	49872	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.567303896 CET	443	49872	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.591135979 CET	443	49869	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.591198921 CET	443	49869	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.591660976 CET	49869	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.591661930 CET	49869	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.591661930 CET	49869	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.595444918 CET	49874	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.595541000 CET	443	49874	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.599507093 CET	49874	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.599508047 CET	49874	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.599646091 CET	443	49874	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.907331944 CET	49869	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.907413960 CET	443	49869	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.925679922 CET	443	49870	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.925745964 CET	443	49870	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.925800085 CET	443	49870	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.925827980 CET	49870	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.926052094 CET	49870	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.926052094 CET	49870	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.926073074 CET	443	49870	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.926098108 CET	49870	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.926109076 CET	443	49870	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.931343079 CET	49875	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.931375027 CET	443	49875	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.935378075 CET	49875	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.939322948 CET	49875	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:57.939333916 CET	443	49875	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.999886036 CET	443	49872	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:57.999888897 CET	443	49871	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:58.003223896 CET	443	49872	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:58.003287077 CET	443	49872	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:58.003360033 CET	49872	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.003673077 CET	443	49871	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:58.003765106 CET	49871	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.003783941 CET	49872	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.003784895 CET	49872	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.003784895 CET	49872	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.003937960 CET	49871	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.003977060 CET	443	49871	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:58.004070997 CET	49871	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.004087925 CET	443	49871	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:58.006737947 CET	49877	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.006762981 CET	443	49877	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:58.006856918 CET	49876	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.006934881 CET	49877	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.006947994 CET	443	49876	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:58.007040024 CET	49876	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.007069111 CET	49877	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.007081032 CET	443	49877	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:58.007347107 CET	49876	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.007409096 CET	443	49876	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:58.311372042 CET	49872	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:58.311439991 CET	443	49872	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:58.515326977 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:58.635071039 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:58.635132074 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:58.754841089 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:58.972096920 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:59.013395071 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:59.163965940 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:59.166152000 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:59.172873974 CET	443	49873	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.173469067 CET	49873	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.173489094 CET	443	49873	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.174031019 CET	49873	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.174035072 CET	443	49873	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.285789967 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:59.285846949 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:18:59.391202927 CET	443	49874	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.394284010 CET	49874	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.394347906 CET	443	49874	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.398310900 CET	49874	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.398365974 CET	443	49874	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.405582905 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:18:59.621407032 CET	443	49873	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.624492884 CET	443	49873	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.631334066 CET	49873	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.631335974 CET	443	49873	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.639300108 CET	49873	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.736004114 CET	443	49877	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.786282063 CET	443	49875	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.798738956 CET	443	49876	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.811299086 CET	49877	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.834425926 CET	443	49874	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.837661028 CET	443	49874	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.841520071 CET	49876	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.841531992 CET	49874	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.910125017 CET	49876	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.910125017 CET	49876	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.910145044 CET	443	49876	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.910183907 CET	443	49876	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.910290003 CET	49873	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.910290003 CET	49873	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.910305023 CET	443	49873	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.910315037 CET	443	49873	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.910490990 CET	49874	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.910490990 CET	49874	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.910562038 CET	443	49874	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.910598993 CET	443	49874	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.913106918 CET	49877	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.913106918 CET	49877	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.913120031 CET	443	49877	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.913134098 CET	443	49877	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.913633108 CET	49875	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.913633108 CET	49875	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.913641930 CET	443	49875	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.913655043 CET	443	49875	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.916086912 CET	49878	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.916090012 CET	49879	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.916119099 CET	443	49879	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.916126966 CET	443	49878	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.916197062 CET	49878	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.916199923 CET	49879	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.916352987 CET	49878	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.916356087 CET	49879	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:18:59.916368008 CET	443	49879	13.107.246.63	192.168.2.4
Nov 24, 2024 03:18:59.916374922 CET	443	49878	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.237736940 CET	443	49877	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.237849951 CET	443	49877	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.237948895 CET	49877	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.238660097 CET	49877	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.238676071 CET	443	49877	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.238707066 CET	49877	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.238713026 CET	443	49877	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.242161989 CET	49880	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.242258072 CET	443	49880	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.242861986 CET	49880	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.243009090 CET	49880	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.243042946 CET	443	49880	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.249146938 CET	443	49876	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.249211073 CET	443	49875	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.252536058 CET	443	49876	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.252590895 CET	443	49876	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.252815962 CET	49876	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.252866983 CET	443	49875	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.253019094 CET	49875	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.253058910 CET	49876	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.253087044 CET	443	49876	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.253117085 CET	49876	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.253123999 CET	443	49876	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.255023956 CET	49875	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.255023956 CET	49875	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.255039930 CET	443	49875	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.255048990 CET	443	49875	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.257015944 CET	49881	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.257045984 CET	443	49881	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.257793903 CET	49881	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.257842064 CET	49882	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.257930040 CET	443	49882	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.257967949 CET	49881	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.257982969 CET	443	49881	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:00.258110046 CET	49882	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.258219004 CET	49882	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:00.258246899 CET	443	49882	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:01.697370052 CET	443	49879	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:01.697947025 CET	443	49878	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:01.697982073 CET	49879	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:01.698007107 CET	443	49879	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:01.698271990 CET	49878	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:01.698303938 CET	443	49878	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:01.698518991 CET	49879	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:01.698523998 CET	443	49879	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:01.698704004 CET	49878	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:01.698710918 CET	443	49878	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.023046017 CET	443	49880	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.032691956 CET	49880	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.032757044 CET	443	49880	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.039454937 CET	49880	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.039509058 CET	443	49880	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.042187929 CET	443	49882	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.043459892 CET	443	49881	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.048326015 CET	49882	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.048410892 CET	443	49882	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.048731089 CET	49882	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.048748970 CET	443	49882	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.108345985 CET	49881	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.108359098 CET	443	49881	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.109204054 CET	49881	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.109209061 CET	443	49881	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.150561094 CET	443	49879	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.153572083 CET	443	49879	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.153626919 CET	49879	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.156069040 CET	49879	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.156090975 CET	443	49879	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.159827948 CET	49883	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.159862041 CET	443	49883	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.159929037 CET	49883	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.160523891 CET	49883	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.160538912 CET	443	49883	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.182126999 CET	443	49878	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.185058117 CET	443	49878	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.185103893 CET	443	49878	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.185276985 CET	49878	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.185277939 CET	49878	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.186321020 CET	49878	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.186346054 CET	443	49878	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.186363935 CET	49878	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.186371088 CET	443	49878	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.189491034 CET	49884	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.189538956 CET	443	49884	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.189831018 CET	49884	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.189990997 CET	49884	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.190007925 CET	443	49884	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.467540026 CET	443	49880	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.467608929 CET	443	49880	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.469861031 CET	49880	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.470252991 CET	49880	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.470252991 CET	49880	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.470299959 CET	443	49880	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.470330000 CET	443	49880	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.479832888 CET	49885	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.479923010 CET	443	49885	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.480005980 CET	49885	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.480163097 CET	49885	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.480185986 CET	443	49885	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.487530947 CET	443	49882	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.487587929 CET	443	49881	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.490677118 CET	443	49881	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.490691900 CET	443	49882	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.490753889 CET	443	49882	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.490777969 CET	49881	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.490782022 CET	49882	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.490813971 CET	49882	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.491045952 CET	49881	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.491061926 CET	443	49881	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.492911100 CET	49886	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.492944956 CET	443	49886	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.493129015 CET	49886	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.493439913 CET	49886	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.493455887 CET	443	49886	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.493597984 CET	49882	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.493619919 CET	443	49882	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.493645906 CET	49882	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.493660927 CET	443	49882	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.496619940 CET	49887	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.496649027 CET	443	49887	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:02.496798038 CET	49887	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.497170925 CET	49887	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:02.497195959 CET	443	49887	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:03.949081898 CET	443	49883	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:03.949832916 CET	49883	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:03.949850082 CET	443	49883	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:03.951024055 CET	49883	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:03.951029062 CET	443	49883	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.034758091 CET	443	49884	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.035201073 CET	49884	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.035229921 CET	443	49884	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.035649061 CET	49884	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.035655975 CET	443	49884	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.216979980 CET	443	49886	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.217468977 CET	49886	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.217499971 CET	443	49886	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.217973948 CET	49886	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.217982054 CET	443	49886	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.261722088 CET	443	49885	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.262368917 CET	49885	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.262453079 CET	443	49885	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.262968063 CET	49885	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.263021946 CET	443	49885	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.345433950 CET	443	49887	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.345894098 CET	49887	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.345952988 CET	443	49887	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.346529961 CET	49887	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.346584082 CET	443	49887	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.398416996 CET	443	49883	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.398482084 CET	443	49883	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.398591042 CET	49883	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.398746967 CET	49883	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.398761034 CET	443	49883	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.398772955 CET	49883	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.398777962 CET	443	49883	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.401470900 CET	49888	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.401581049 CET	443	49888	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.401679039 CET	49888	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.401793957 CET	49888	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.401827097 CET	443	49888	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.498100042 CET	443	49884	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.500988960 CET	443	49884	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.501029015 CET	443	49884	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.501043081 CET	49884	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.501086950 CET	49884	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.501147032 CET	49884	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.501169920 CET	443	49884	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.501187086 CET	49884	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.501197100 CET	443	49884	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.503761053 CET	49889	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.503794909 CET	443	49889	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.503918886 CET	49889	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.504131079 CET	49889	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.504143953 CET	443	49889	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.655530930 CET	443	49886	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.659780979 CET	443	49886	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.659826040 CET	49886	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.659909964 CET	49886	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.659931898 CET	443	49886	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.659948111 CET	49886	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.659955978 CET	443	49886	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.663914919 CET	49890	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.664006948 CET	443	49890	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.664096117 CET	49890	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.664294958 CET	49890	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.664347887 CET	443	49890	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.705420971 CET	443	49885	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.708563089 CET	443	49885	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.708636045 CET	49885	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.708719015 CET	49885	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.708719015 CET	49885	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.708760977 CET	443	49885	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.708795071 CET	443	49885	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.711438894 CET	49891	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.711462975 CET	443	49891	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.711509943 CET	49891	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.711688042 CET	49891	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.711699963 CET	443	49891	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.806806087 CET	443	49887	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.806899071 CET	443	49887	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.807152987 CET	49887	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.807264090 CET	49887	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.807306051 CET	443	49887	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.807384968 CET	49887	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.807403088 CET	443	49887	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.811054945 CET	49892	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.811096907 CET	443	49892	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:04.811158895 CET	49892	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.811480999 CET	49892	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:04.811500072 CET	443	49892	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.123162031 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:06.184034109 CET	443	49888	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.184700966 CET	49888	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.184766054 CET	443	49888	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.185266018 CET	49888	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.185282946 CET	443	49888	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.242742062 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:06.242918968 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:06.347604990 CET	443	49889	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.348047018 CET	49889	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.348068953 CET	443	49889	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.348545074 CET	49889	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.348556995 CET	443	49889	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.362644911 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:06.515713930 CET	443	49890	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.521136045 CET	49890	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.521136045 CET	49890	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.521202087 CET	443	49890	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.521258116 CET	443	49890	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.563716888 CET	443	49891	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.564188957 CET	49891	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.564215899 CET	443	49891	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.567354918 CET	49891	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.567359924 CET	443	49891	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.580364943 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:06.611963034 CET	443	49892	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.612562895 CET	49892	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.612647057 CET	443	49892	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.613104105 CET	49892	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.613158941 CET	443	49892	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.622793913 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:06.628360033 CET	443	49888	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.631273985 CET	443	49888	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.631356955 CET	49888	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.631443977 CET	49888	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.631443977 CET	49888	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.631489038 CET	443	49888	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.631519079 CET	443	49888	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.635257959 CET	49893	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.635298014 CET	443	49893	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.635355949 CET	49893	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.635549068 CET	49893	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.635562897 CET	443	49893	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.772130013 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:06.774048090 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:06.809756994 CET	443	49889	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.812702894 CET	443	49889	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.812748909 CET	49889	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.812789917 CET	49889	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.812805891 CET	443	49889	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.812813997 CET	49889	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.812819958 CET	443	49889	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.816653013 CET	49894	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.816747904 CET	443	49894	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.816823006 CET	49894	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.817054033 CET	49894	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.817090988 CET	443	49894	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.893851995 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:06.893907070 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:06.969218969 CET	443	49890	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.971961021 CET	443	49890	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.972086906 CET	49890	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.972189903 CET	49890	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.972232103 CET	443	49890	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.972280025 CET	49890	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.972296000 CET	443	49890	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.976011992 CET	49895	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.976042032 CET	443	49895	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:06.976092100 CET	49895	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.976351023 CET	49895	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:06.976361990 CET	443	49895	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.013736010 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:07.022337914 CET	443	49891	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.025027037 CET	443	49891	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.025197029 CET	49891	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.025252104 CET	49891	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.025269032 CET	443	49891	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.025279999 CET	49891	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.025285006 CET	443	49891	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.027220011 CET	49896	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.027334929 CET	443	49896	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.027610064 CET	49896	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.027611017 CET	49896	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.027744055 CET	443	49896	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.054811001 CET	443	49892	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.058029890 CET	443	49892	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.058115959 CET	443	49892	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.058325052 CET	49892	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.058325052 CET	49892	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.058325052 CET	49892	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.060182095 CET	49897	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.060210943 CET	443	49897	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.060309887 CET	49897	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.060477972 CET	49897	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.060482979 CET	443	49897	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:07.372946024 CET	49892	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:07.373013020 CET	443	49892	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.416372061 CET	443	49893	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.416877985 CET	49893	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.416898966 CET	443	49893	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.419347048 CET	49893	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.419353008 CET	443	49893	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.618434906 CET	443	49894	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.619122028 CET	49894	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.619185925 CET	443	49894	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.619760036 CET	49894	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.619777918 CET	443	49894	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.755131960 CET	443	49896	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.755764961 CET	49896	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.755829096 CET	443	49896	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.756503105 CET	49896	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.756558895 CET	443	49896	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.768855095 CET	443	49895	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.769270897 CET	49895	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.769289970 CET	443	49895	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.769798994 CET	49895	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.769804955 CET	443	49895	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.843113899 CET	443	49897	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.843524933 CET	49897	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.843539000 CET	443	49897	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.844137907 CET	49897	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.844144106 CET	443	49897	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.860343933 CET	443	49893	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.860404968 CET	443	49893	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.860449076 CET	49893	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.860595942 CET	49893	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.860609055 CET	443	49893	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.860635996 CET	49893	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.860642910 CET	443	49893	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.864298105 CET	49898	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.864392042 CET	443	49898	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:08.864454985 CET	49898	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.864658117 CET	49898	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:08.864695072 CET	443	49898	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.069135904 CET	443	49894	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.069195032 CET	443	49894	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.069397926 CET	49894	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.069483042 CET	49894	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.069530964 CET	443	49894	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.069564104 CET	49894	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.069581032 CET	443	49894	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.072200060 CET	49899	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.072227955 CET	443	49899	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.072312117 CET	49899	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.072468042 CET	49899	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.072475910 CET	443	49899	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.189330101 CET	443	49896	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.189352036 CET	443	49896	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.189412117 CET	49896	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.189492941 CET	443	49896	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.189726114 CET	49896	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.189749956 CET	443	49896	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.189789057 CET	49896	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.189971924 CET	443	49896	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.190010071 CET	443	49896	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.190057993 CET	49896	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.192450047 CET	49900	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.192485094 CET	443	49900	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.192560911 CET	49900	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.192677975 CET	49900	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.192687035 CET	443	49900	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.212285995 CET	443	49895	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.215826035 CET	443	49895	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.215876102 CET	49895	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.215964079 CET	49895	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.215976954 CET	443	49895	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.219363928 CET	49901	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.219407082 CET	443	49901	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.219464064 CET	49901	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.219616890 CET	49901	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.219639063 CET	443	49901	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.286869049 CET	443	49897	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.289843082 CET	443	49897	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.289908886 CET	443	49897	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.289911032 CET	49897	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.289954901 CET	49897	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.290019035 CET	49897	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.290047884 CET	443	49897	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.290056944 CET	49897	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.290065050 CET	443	49897	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.292623997 CET	49902	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.292668104 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:09.292862892 CET	49902	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.292915106 CET	49902	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:09.292923927 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:10.709419966 CET	443	49898	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:10.710226059 CET	49898	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:10.710264921 CET	443	49898	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:10.710905075 CET	49898	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:10.710917950 CET	443	49898	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:10.802692890 CET	443	49899	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:10.803153038 CET	49899	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:10.803170919 CET	443	49899	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:10.803741932 CET	49899	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:10.803746939 CET	443	49899	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:10.977601051 CET	443	49900	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:10.978152037 CET	49900	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:10.978189945 CET	443	49900	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:10.978480101 CET	49900	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:10.978490114 CET	443	49900	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.066725969 CET	443	49901	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.067260981 CET	49901	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.067349911 CET	443	49901	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.067723036 CET	49901	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.067776918 CET	443	49901	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.083101034 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.083389997 CET	49902	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.083420992 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.083719969 CET	49902	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.083726883 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.162843943 CET	443	49898	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.165967941 CET	443	49898	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.166012049 CET	443	49898	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.166043043 CET	49898	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.166085958 CET	49898	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.166130066 CET	49898	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.166131020 CET	49898	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.166161060 CET	443	49898	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.166215897 CET	443	49898	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.169239998 CET	49903	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.169327974 CET	443	49903	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.169413090 CET	49903	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.169575930 CET	49903	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.169614077 CET	443	49903	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.237159014 CET	443	49899	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.240304947 CET	443	49899	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.240358114 CET	49899	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.240381002 CET	49899	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.240396976 CET	443	49899	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.240406036 CET	49899	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.240411043 CET	443	49899	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.242309093 CET	49904	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.242331028 CET	443	49904	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.242392063 CET	49904	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.242501974 CET	49904	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.242506981 CET	443	49904	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.314387083 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:11.357196093 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:11.422108889 CET	443	49900	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.425165892 CET	443	49900	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.425209045 CET	49900	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.425228119 CET	443	49900	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.425262928 CET	443	49900	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.425297022 CET	49900	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.425378084 CET	49900	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.425394058 CET	443	49900	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.425406933 CET	49900	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.425415993 CET	443	49900	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.429049015 CET	49905	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.429140091 CET	443	49905	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.429229021 CET	49905	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.429389954 CET	49905	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.429425001 CET	443	49905	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.506417036 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:11.520770073 CET	443	49901	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.523663998 CET	443	49901	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.523735046 CET	49901	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.523809910 CET	49901	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.523809910 CET	49901	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.523854017 CET	443	49901	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.523885965 CET	443	49901	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.525624990 CET	49906	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.525650024 CET	443	49906	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.525717020 CET	49906	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.525839090 CET	49906	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.525852919 CET	443	49906	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.528687000 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.528743029 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.528795004 CET	49902	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.528820038 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.528888941 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.528929949 CET	49902	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.528949976 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.528964996 CET	49902	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.528964996 CET	49902	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.528974056 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.528983116 CET	443	49902	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.530930042 CET	49907	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.531018972 CET	443	49907	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.531125069 CET	49907	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.531239986 CET	49907	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:11.531291008 CET	443	49907	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:11.560323954 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:12.973689079 CET	443	49903	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:12.974162102 CET	49903	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:12.974208117 CET	443	49903	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:12.974633932 CET	49903	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:12.974647999 CET	443	49903	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.153999090 CET	443	49904	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.154712915 CET	49904	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.154731989 CET	443	49904	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.155098915 CET	49904	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.155105114 CET	443	49904	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.202946901 CET	443	49905	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.203433037 CET	49905	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.203510046 CET	443	49905	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.203865051 CET	49905	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.203919888 CET	443	49905	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.416501045 CET	443	49906	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.418207884 CET	49906	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.418220043 CET	443	49906	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.418453932 CET	443	49903	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.419215918 CET	49906	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.419220924 CET	443	49906	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.421447039 CET	443	49903	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.421495914 CET	443	49903	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.421494961 CET	49903	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.421540976 CET	49903	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.421570063 CET	49903	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.421592951 CET	443	49903	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.421607018 CET	49903	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.421613932 CET	443	49903	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.424870968 CET	49908	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.424907923 CET	443	49908	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.424954891 CET	49908	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.425132990 CET	49908	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.425153017 CET	443	49908	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.426626921 CET	443	49907	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.427232027 CET	49907	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.427295923 CET	443	49907	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.427803993 CET	49907	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.427860022 CET	443	49907	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.597980976 CET	443	49904	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.600791931 CET	443	49904	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.600832939 CET	49904	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.600833893 CET	443	49904	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.600877047 CET	49904	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.600996971 CET	49904	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.601011992 CET	443	49904	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.601020098 CET	49904	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.601025105 CET	443	49904	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.603607893 CET	49909	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.603658915 CET	443	49909	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.603715897 CET	49909	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.603841066 CET	49909	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.603857040 CET	443	49909	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.637677908 CET	443	49905	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.637758970 CET	443	49905	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.641578913 CET	49905	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.641644955 CET	49905	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.641644955 CET	49905	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.641666889 CET	443	49905	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.641684055 CET	443	49905	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.645415068 CET	49910	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.645457983 CET	443	49910	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.650240898 CET	49910	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.650240898 CET	49910	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.650298119 CET	443	49910	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.859782934 CET	443	49906	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.862617016 CET	443	49906	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.862814903 CET	49906	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.862839937 CET	49906	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.862839937 CET	49906	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.862857103 CET	443	49906	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.862868071 CET	443	49906	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.865267038 CET	49911	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.865312099 CET	443	49911	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.865439892 CET	49911	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.865592957 CET	49911	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.865608931 CET	443	49911	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.868570089 CET	443	49907	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.871915102 CET	443	49907	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.872139931 CET	49907	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.872139931 CET	49907	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.872340918 CET	49907	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.872380972 CET	443	49907	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.877481937 CET	49912	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.877526045 CET	443	49912	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:13.881891966 CET	49912	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.881995916 CET	49912	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:13.882018089 CET	443	49912	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.142324924 CET	443	49908	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.142839909 CET	49908	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.142896891 CET	443	49908	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.143352032 CET	49908	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.143366098 CET	443	49908	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.318998098 CET	443	49909	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.319672108 CET	49909	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.319689035 CET	443	49909	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.320354939 CET	49909	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.320359945 CET	443	49909	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.577150106 CET	443	49908	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.577758074 CET	443	49908	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.577809095 CET	443	49908	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.577837944 CET	49908	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.577900887 CET	49908	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.577900887 CET	49908	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.577949047 CET	49908	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.577984095 CET	443	49908	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.580425024 CET	49913	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.580462933 CET	443	49913	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.580532074 CET	49913	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.580661058 CET	49913	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.580681086 CET	443	49913	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.617970943 CET	443	49910	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.622591019 CET	49910	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.622591019 CET	49910	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.622622013 CET	443	49910	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.622648954 CET	443	49910	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.648082018 CET	443	49911	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.650172949 CET	49911	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.650172949 CET	49911	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.650198936 CET	443	49911	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.650222063 CET	443	49911	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.667592049 CET	443	49912	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.670429945 CET	49912	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.670429945 CET	49912	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.670443058 CET	443	49912	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.670455933 CET	443	49912	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.801889896 CET	443	49909	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.804873943 CET	443	49909	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.805064917 CET	49909	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.805177927 CET	49909	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.805177927 CET	49909	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.805197001 CET	443	49909	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.805206060 CET	443	49909	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.809453964 CET	49914	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.809493065 CET	443	49914	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:15.809881926 CET	49914	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.809881926 CET	49914	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:15.809916019 CET	443	49914	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.069380045 CET	443	49910	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.072611094 CET	443	49910	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.072742939 CET	443	49910	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.072840929 CET	49910	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.072840929 CET	49910	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.072968006 CET	49910	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.072995901 CET	443	49910	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.077800035 CET	49915	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.077898979 CET	443	49915	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.078036070 CET	49915	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.081599951 CET	49915	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.081634998 CET	443	49915	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.092827082 CET	443	49911	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.096304893 CET	443	49911	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.097748041 CET	49911	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.097748041 CET	49911	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.097925901 CET	49911	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.097934961 CET	443	49911	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.101378918 CET	49916	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.101417065 CET	443	49916	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.105726004 CET	49916	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.109462023 CET	49916	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.109476089 CET	443	49916	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.114908934 CET	443	49912	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.117732048 CET	443	49912	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.117882013 CET	49912	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.117898941 CET	443	49912	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.117940903 CET	443	49912	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.118014097 CET	49912	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.118014097 CET	49912	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.118032932 CET	443	49912	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.118061066 CET	49912	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.118067026 CET	443	49912	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.119867086 CET	49917	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.119952917 CET	443	49917	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:16.121701956 CET	49917	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.121701956 CET	49917	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:16.121830940 CET	443	49917	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.295866013 CET	443	49913	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.296564102 CET	49913	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.296622992 CET	443	49913	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.297321081 CET	49913	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.297336102 CET	443	49913	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.653258085 CET	443	49914	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.656263113 CET	49914	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.656263113 CET	49914	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.656275988 CET	443	49914	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.656289101 CET	443	49914	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.733172894 CET	443	49913	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.733305931 CET	443	49913	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.735605955 CET	49913	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.735606909 CET	49913	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.738329887 CET	49918	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.738332033 CET	49913	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.738364935 CET	443	49918	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.738375902 CET	443	49913	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.738583088 CET	49918	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.738583088 CET	49918	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.738615036 CET	443	49918	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.887274981 CET	443	49916	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.888253927 CET	49916	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.888253927 CET	49916	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.888273001 CET	443	49916	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.888287067 CET	443	49916	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.894435883 CET	443	49915	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.896084070 CET	49915	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.896084070 CET	49915	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.896126032 CET	443	49915	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.896188974 CET	443	49915	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.907501936 CET	443	49917	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.912024021 CET	49917	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.912024975 CET	49917	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:17.912086964 CET	443	49917	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:17.912131071 CET	443	49917	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.106108904 CET	443	49914	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.109260082 CET	443	49914	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.111480951 CET	49914	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.111480951 CET	49914	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.111516953 CET	49914	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.111532927 CET	443	49914	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.115375042 CET	49919	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.115441084 CET	443	49919	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.115564108 CET	49919	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.119374990 CET	49919	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.119406939 CET	443	49919	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.333774090 CET	443	49916	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.336173058 CET	443	49915	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.336792946 CET	443	49916	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.336872101 CET	49916	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.336940050 CET	49916	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.336951017 CET	443	49916	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.336978912 CET	49916	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.336985111 CET	443	49916	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.339809895 CET	443	49915	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.340007067 CET	49915	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.340393066 CET	49920	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.340400934 CET	49915	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.340415955 CET	443	49920	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.340452909 CET	443	49915	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.340488911 CET	49915	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.340490103 CET	49920	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.340508938 CET	443	49915	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.341923952 CET	49920	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.341938019 CET	443	49920	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.343911886 CET	49921	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.344005108 CET	443	49921	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.344161987 CET	49921	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.344269991 CET	49921	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.344319105 CET	443	49921	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.351084948 CET	443	49917	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.354163885 CET	443	49917	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.354298115 CET	49917	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.354298115 CET	49917	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.354357004 CET	49917	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.354381084 CET	443	49917	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.356139898 CET	49922	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.356151104 CET	443	49922	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:18.356262922 CET	49922	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.356336117 CET	49922	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:18.356342077 CET	443	49922	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:19.584534883 CET	443	49918	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:19.586883068 CET	49918	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:19.586899996 CET	443	49918	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:19.587770939 CET	49918	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:19.587775946 CET	443	49918	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:19.907061100 CET	443	49919	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:19.908246040 CET	49919	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:19.908246040 CET	49919	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:19.908283949 CET	443	49919	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:19.908309937 CET	443	49919	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.038281918 CET	443	49918	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.041371107 CET	443	49918	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.041429043 CET	443	49918	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.041459084 CET	49918	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.043453932 CET	49918	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.043502092 CET	49918	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.043502092 CET	49918	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.043518066 CET	443	49918	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.043525934 CET	443	49918	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.046291113 CET	49923	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.046386957 CET	443	49923	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.046565056 CET	49923	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.046895027 CET	49923	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.046930075 CET	443	49923	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.081532001 CET	443	49922	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.081923008 CET	49922	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.081943035 CET	443	49922	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.082405090 CET	49922	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.082411051 CET	443	49922	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.124604940 CET	443	49921	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.125046968 CET	49921	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.125087976 CET	443	49921	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.125467062 CET	49921	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.125480890 CET	443	49921	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.194750071 CET	443	49920	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.195138931 CET	49920	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.195148945 CET	443	49920	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.195765018 CET	49920	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.195770025 CET	443	49920	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.367132902 CET	443	49919	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.367203951 CET	443	49919	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.367331982 CET	49919	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.367536068 CET	49919	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.367536068 CET	49919	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.367557049 CET	443	49919	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.367569923 CET	443	49919	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.370676994 CET	49924	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.370706081 CET	443	49924	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.370820999 CET	49924	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.370995998 CET	49924	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.371011972 CET	443	49924	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.436031103 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:20.514986038 CET	443	49922	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.517853022 CET	443	49922	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.517985106 CET	49922	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.517997026 CET	443	49922	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.518017054 CET	443	49922	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.518094063 CET	49922	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.518094063 CET	49922	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.518120050 CET	443	49922	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.518141985 CET	49922	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.518147945 CET	443	49922	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.520680904 CET	49925	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.520714998 CET	443	49925	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.520864010 CET	49925	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.523370981 CET	49925	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.523381948 CET	443	49925	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.555617094 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:20.555711031 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:20.571273088 CET	443	49921	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.574348927 CET	443	49921	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.574533939 CET	49921	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.574632883 CET	49921	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.574632883 CET	49921	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.574677944 CET	443	49921	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.574704885 CET	443	49921	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.579394102 CET	49926	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.579480886 CET	443	49926	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.579590082 CET	49926	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.583381891 CET	49926	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.583416939 CET	443	49926	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.647200108 CET	443	49920	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.650317907 CET	443	49920	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.650365114 CET	49920	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.650369883 CET	443	49920	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.650444984 CET	49920	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.650495052 CET	49920	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.650506973 CET	443	49920	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.650516987 CET	49920	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.650521040 CET	443	49920	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.654290915 CET	49927	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.654324055 CET	443	49927	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.654381990 CET	49927	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.654556036 CET	49927	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:20.654570103 CET	443	49927	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:20.675230026 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:20.893723965 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:20.935359955 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:21.085397959 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:21.086932898 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:21.206511974 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:21.206584930 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:21.326217890 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:21.906744003 CET	443	49923	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:21.910363913 CET	49923	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:21.910363913 CET	49923	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:21.910433054 CET	443	49923	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:21.910481930 CET	443	49923	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.096750021 CET	443	49924	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.097605944 CET	49924	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.097670078 CET	443	49924	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.100763083 CET	49924	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.100779057 CET	443	49924	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.316756010 CET	443	49925	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.317277908 CET	49925	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.317300081 CET	443	49925	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.317828894 CET	49925	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.317836046 CET	443	49925	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.359752893 CET	443	49923	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.359837055 CET	443	49923	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.359910011 CET	49923	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.360086918 CET	49923	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.360086918 CET	49923	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.360131979 CET	443	49923	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.360165119 CET	443	49923	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.362499952 CET	443	49926	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.363379002 CET	49928	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.363410950 CET	443	49928	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.363415003 CET	49926	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.363493919 CET	443	49926	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.363500118 CET	49928	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.363950014 CET	49926	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.363965988 CET	443	49926	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.364161968 CET	49928	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.364182949 CET	443	49928	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.498706102 CET	443	49927	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.499145031 CET	49927	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.499181986 CET	443	49927	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.499600887 CET	49927	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.499608040 CET	443	49927	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.532207966 CET	443	49924	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.535331964 CET	443	49924	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.535373926 CET	443	49924	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.535418987 CET	49924	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.535506010 CET	49924	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.535506010 CET	49924	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.535553932 CET	49924	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.535592079 CET	443	49924	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.537780046 CET	49929	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.537887096 CET	443	49929	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.538075924 CET	49929	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.538223982 CET	49929	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.538259029 CET	443	49929	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.760394096 CET	443	49925	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.763382912 CET	443	49925	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.763446093 CET	49925	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.763542891 CET	49925	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.763556004 CET	443	49925	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.763569117 CET	49925	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.763572931 CET	443	49925	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.767299891 CET	49930	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.767333031 CET	443	49930	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.767389059 CET	49930	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.767576933 CET	49930	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.767589092 CET	443	49930	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.831041098 CET	443	49926	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.831060886 CET	443	49926	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.831126928 CET	49926	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.831192017 CET	443	49926	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.831329107 CET	49926	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.831330061 CET	49926	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.831370115 CET	443	49926	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.831532955 CET	443	49926	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.831566095 CET	443	49926	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.831609011 CET	49926	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.834079027 CET	49931	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.834127903 CET	443	49931	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.834198952 CET	49931	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.834352970 CET	49931	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.834382057 CET	443	49931	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.951064110 CET	443	49927	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.951091051 CET	443	49927	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.951150894 CET	49927	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.951158047 CET	443	49927	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.951206923 CET	49927	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.951453924 CET	49927	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.951466084 CET	443	49927	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.951482058 CET	49927	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.951487064 CET	443	49927	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.953634024 CET	49932	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.953664064 CET	443	49932	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:22.953721046 CET	49932	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.953869104 CET	49932	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:22.953881979 CET	443	49932	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.160031080 CET	443	49928	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.164494038 CET	49928	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.164494038 CET	49928	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.164510965 CET	443	49928	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.164519072 CET	443	49928	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.252449036 CET	443	49929	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.252839088 CET	49929	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.252907038 CET	443	49929	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.255397081 CET	49929	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.255412102 CET	443	49929	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.583791971 CET	443	49930	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.584677935 CET	49930	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.584706068 CET	443	49930	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.585122108 CET	49930	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.585134983 CET	443	49930	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.603202105 CET	443	49928	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.606291056 CET	443	49928	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.606337070 CET	443	49928	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.606365919 CET	49928	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.606573105 CET	49928	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.606607914 CET	49928	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.606607914 CET	49928	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.606622934 CET	443	49928	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.606632948 CET	443	49928	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.611401081 CET	49933	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.611495018 CET	443	49933	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.611588001 CET	49933	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.611745119 CET	49933	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.611778975 CET	443	49933	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.615056992 CET	443	49931	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.616099119 CET	49931	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.616099119 CET	49931	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.616167068 CET	443	49931	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.616214991 CET	443	49931	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.671067953 CET	443	49932	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.671458006 CET	49932	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.671479940 CET	443	49932	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.672123909 CET	49932	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.672130108 CET	443	49932	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.687932014 CET	443	49929	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.690975904 CET	443	49929	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.691034079 CET	49929	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.691134930 CET	49929	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.691134930 CET	49929	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.691180944 CET	443	49929	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.691207886 CET	443	49929	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.694154024 CET	49934	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.694183111 CET	443	49934	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:24.694233894 CET	49934	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.694431067 CET	49934	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:24.694444895 CET	443	49934	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.026452065 CET	443	49930	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.029405117 CET	443	49930	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.029464960 CET	49930	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.029484987 CET	443	49930	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.029521942 CET	443	49930	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.029571056 CET	49930	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.034178972 CET	49930	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.034204006 CET	443	49930	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.034240961 CET	49930	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.034246922 CET	443	49930	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.036725044 CET	49935	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.036818981 CET	443	49935	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.036887884 CET	49935	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.037039995 CET	49935	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.037072897 CET	443	49935	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.060452938 CET	443	49931	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.063535929 CET	443	49931	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.063596964 CET	49931	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.063663960 CET	49931	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.063664913 CET	49931	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.063698053 CET	443	49931	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.063739061 CET	443	49931	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.065965891 CET	49936	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.066013098 CET	443	49936	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.066066980 CET	49936	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.066221952 CET	49936	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.066252947 CET	443	49936	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.190905094 CET	443	49932	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.191162109 CET	443	49932	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.191210985 CET	49932	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.191215992 CET	443	49932	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.191253901 CET	49932	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.191318989 CET	49932	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.191334963 CET	443	49932	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.191345930 CET	49932	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.191350937 CET	443	49932	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.193764925 CET	49937	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.193805933 CET	443	49937	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:25.193896055 CET	49937	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.194040060 CET	49937	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:25.194056988 CET	443	49937	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.325851917 CET	443	49933	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.326843977 CET	49933	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.326843977 CET	49933	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.326915026 CET	443	49933	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.326962948 CET	443	49933	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.414185047 CET	443	49934	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.414592981 CET	49934	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.414616108 CET	443	49934	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.415028095 CET	49934	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.415033102 CET	443	49934	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.760996103 CET	443	49935	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.761399031 CET	443	49933	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.761718035 CET	49935	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.761770010 CET	443	49935	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.762301922 CET	49935	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.762319088 CET	443	49935	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.764552116 CET	443	49933	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.764621019 CET	49933	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.764708996 CET	49933	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.764741898 CET	443	49933	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.764770031 CET	49933	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.764786005 CET	443	49933	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.768893003 CET	49938	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.768959045 CET	443	49938	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.769027948 CET	49938	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.769211054 CET	49938	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.769242048 CET	443	49938	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.780329943 CET	443	49936	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.780766010 CET	49936	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.780807972 CET	443	49936	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.781279087 CET	49936	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.781290054 CET	443	49936	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.848784924 CET	443	49934	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.851878881 CET	443	49934	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.851919889 CET	443	49934	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.851922989 CET	49934	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.851963997 CET	49934	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.852055073 CET	49934	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.852072001 CET	443	49934	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.852082014 CET	49934	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.852087975 CET	443	49934	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.855396986 CET	49939	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.855429888 CET	443	49939	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.855493069 CET	49939	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.855669975 CET	49939	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.855686903 CET	443	49939	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.983329058 CET	443	49937	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.983840942 CET	49937	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.983851910 CET	443	49937	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:26.984474897 CET	49937	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:26.984478951 CET	443	49937	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.194273949 CET	443	49935	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.194437027 CET	443	49935	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.194526911 CET	49935	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.194649935 CET	49935	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.194649935 CET	49935	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.194699049 CET	443	49935	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.194725990 CET	443	49935	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.197340965 CET	49940	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.197388887 CET	443	49940	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.197485924 CET	49940	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.197643042 CET	49940	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.197674990 CET	443	49940	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.218924046 CET	443	49936	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.221965075 CET	443	49936	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.222033024 CET	443	49936	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.222029924 CET	49936	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.222100019 CET	49936	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.222141981 CET	49936	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.222141981 CET	49936	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.222193003 CET	443	49936	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.222222090 CET	443	49936	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.224251986 CET	49941	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.224297047 CET	443	49941	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.224353075 CET	49941	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.224484921 CET	49941	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.224498987 CET	443	49941	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.426094055 CET	443	49937	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.429519892 CET	443	49937	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.429588079 CET	49937	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.429630995 CET	49937	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.429630995 CET	49937	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.429646969 CET	443	49937	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.429656029 CET	443	49937	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.431754112 CET	49942	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.431891918 CET	443	49942	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:27.431988955 CET	49942	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.432118893 CET	49942	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:27.432149887 CET	443	49942	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.548235893 CET	443	49938	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.548768997 CET	49938	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.548824072 CET	443	49938	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.549314022 CET	49938	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.549326897 CET	443	49938	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.644439936 CET	443	49939	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.644798994 CET	49939	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.644809961 CET	443	49939	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.645248890 CET	49939	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.645253897 CET	443	49939	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.939280987 CET	443	49941	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.939915895 CET	49941	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.939950943 CET	443	49941	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.940527916 CET	49941	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.940535069 CET	443	49941	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.984164000 CET	443	49940	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.984647036 CET	49940	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.984709978 CET	443	49940	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.985085011 CET	49940	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.985100985 CET	443	49940	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.991043091 CET	443	49938	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.994590998 CET	443	49938	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.994707108 CET	49938	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.994793892 CET	49938	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.994793892 CET	49938	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.994837999 CET	443	49938	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.994863987 CET	443	49938	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.998001099 CET	49943	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.998038054 CET	443	49943	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:28.998097897 CET	49943	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.998239040 CET	49943	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:28.998254061 CET	443	49943	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.088766098 CET	443	49939	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.092310905 CET	443	49939	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.092358112 CET	443	49939	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.092387915 CET	49939	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.092401028 CET	49939	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.092602968 CET	49939	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.092618942 CET	443	49939	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.092628002 CET	49939	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.092633009 CET	443	49939	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.095561028 CET	49944	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.095642090 CET	443	49944	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.095717907 CET	49944	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.095865965 CET	49944	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.095901012 CET	443	49944	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.212491989 CET	443	49942	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.213013887 CET	49942	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.213041067 CET	443	49942	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.213591099 CET	49942	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.213603020 CET	443	49942	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.373929977 CET	443	49941	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.377058029 CET	443	49941	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.377105951 CET	49941	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.377168894 CET	49941	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.377182007 CET	443	49941	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.377193928 CET	49941	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.377202988 CET	443	49941	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.380769968 CET	49945	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.380804062 CET	443	49945	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.380872965 CET	49945	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.381150007 CET	49945	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.381164074 CET	443	49945	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.429362059 CET	443	49940	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.429513931 CET	443	49940	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.429568052 CET	49940	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.429711103 CET	49940	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.429725885 CET	443	49940	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.429738998 CET	49940	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.429744959 CET	443	49940	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.431845903 CET	49946	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.431885958 CET	443	49946	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.431956053 CET	49946	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.432137966 CET	49946	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.432168961 CET	443	49946	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.655524969 CET	443	49942	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.661596060 CET	443	49942	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.661648035 CET	443	49942	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.661772966 CET	49942	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.661875963 CET	49942	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.661875963 CET	49942	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.661919117 CET	443	49942	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.661946058 CET	443	49942	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.665514946 CET	49947	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.665539980 CET	443	49947	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.665622950 CET	49947	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.665929079 CET	49947	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:29.665941954 CET	443	49947	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:29.677421093 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:29.797035933 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:29.797103882 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:29.916616917 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:30.134203911 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:30.265614033 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:30.325522900 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:30.327363968 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:30.448973894 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:30.449069023 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:30.568630934 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:30.828511953 CET	443	49944	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:30.829076052 CET	49944	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:30.829155922 CET	443	49944	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:30.830091000 CET	49944	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:30.830106020 CET	443	49944	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:30.842561960 CET	443	49943	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:30.843302965 CET	49943	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:30.843350887 CET	443	49943	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:30.844017982 CET	49943	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:30.844023943 CET	443	49943	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:30.855515957 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:30.974999905 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:30.975059986 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:31.094713926 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:31.094763994 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:31.214215994 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:31.223295927 CET	443	49945	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.223768950 CET	49945	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.223793983 CET	443	49945	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.224297047 CET	49945	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.224302053 CET	443	49945	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.262921095 CET	443	49944	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.266027927 CET	443	49944	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.266079903 CET	443	49944	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.266083956 CET	49944	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.266128063 CET	49944	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.266387939 CET	49944	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.266419888 CET	443	49944	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.274898052 CET	49948	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.274928093 CET	443	49948	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.274986982 CET	49948	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.275186062 CET	49948	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.275197029 CET	443	49948	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.275618076 CET	443	49946	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.275991917 CET	49946	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.276031971 CET	443	49946	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.276546955 CET	49946	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.276559114 CET	443	49946	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.295171976 CET	443	49943	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.298278093 CET	443	49943	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.298324108 CET	49943	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.298382998 CET	49943	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.298403978 CET	443	49943	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.298415899 CET	49943	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.298424959 CET	443	49943	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.301060915 CET	49949	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.301110029 CET	443	49949	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.301177025 CET	49949	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.301331043 CET	49949	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.301362991 CET	443	49949	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.312205076 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:31.406280994 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:31.406344891 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:31.407880068 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:31.454219103 CET	443	49947	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.454596043 CET	49947	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.454603910 CET	443	49947	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.455051899 CET	49947	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.455055952 CET	443	49947	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.504071951 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:31.504139900 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:31.533850908 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:31.598155022 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:31.624687910 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:31.624753952 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:31.678858995 CET	443	49945	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.681999922 CET	443	49945	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.682137966 CET	49945	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.682137966 CET	49945	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.682250977 CET	49945	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.682265043 CET	443	49945	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.684849024 CET	49950	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.684861898 CET	443	49950	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.684941053 CET	49950	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.685432911 CET	49950	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.685441971 CET	443	49950	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.718097925 CET	443	49946	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.721206903 CET	443	49946	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.721383095 CET	49946	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.721384048 CET	49946	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.721496105 CET	49946	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.721519947 CET	443	49946	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.723408937 CET	49951	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.723459005 CET	443	49951	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.723671913 CET	49951	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.723671913 CET	49951	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.723747015 CET	443	49951	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.744261026 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:31.905258894 CET	443	49947	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.905288935 CET	443	49947	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.905328989 CET	443	49947	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.905355930 CET	49947	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.905417919 CET	49947	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.905523062 CET	49947	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.905523062 CET	49947	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.905533075 CET	443	49947	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.905539989 CET	443	49947	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.907452106 CET	49952	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.907522917 CET	443	49952	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:31.907772064 CET	49952	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.907772064 CET	49952	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:31.907851934 CET	443	49952	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:32.817595959 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:32.937211990 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:32.937263012 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:33.056982994 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:33.078968048 CET	443	49949	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.079502106 CET	49949	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.079566002 CET	443	49949	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.079931974 CET	49949	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.079963923 CET	443	49949	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.125463009 CET	443	49948	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.125981092 CET	49948	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.126002073 CET	443	49948	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.126487970 CET	49948	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.126493931 CET	443	49948	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.274732113 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:33.464245081 CET	443	49950	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.464751005 CET	49950	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.464764118 CET	443	49950	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.465239048 CET	49950	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.465245008 CET	443	49950	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.466747046 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:33.509187937 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:33.510489941 CET	443	49951	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.510888100 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:33.512207031 CET	49951	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.512243986 CET	443	49951	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.513310909 CET	49951	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.513326883 CET	443	49951	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.522984028 CET	443	49949	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.523101091 CET	443	49949	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.523156881 CET	49949	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.523372889 CET	49949	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.523407936 CET	443	49949	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.523469925 CET	49949	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.523484945 CET	443	49949	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.527299881 CET	49953	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.527335882 CET	443	49953	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.527488947 CET	49953	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.527581930 CET	49953	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.527596951 CET	443	49953	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.577860117 CET	443	49948	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.581017971 CET	443	49948	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.581063986 CET	49948	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.581198931 CET	49948	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.581211090 CET	443	49948	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.581228018 CET	49948	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.581232071 CET	443	49948	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.584692001 CET	49954	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.584748030 CET	443	49954	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.584815025 CET	49954	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.585078955 CET	49954	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.585109949 CET	443	49954	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.630338907 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:33.630460024 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:33.749931097 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:33.761061907 CET	443	49952	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.774534941 CET	49952	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.774595976 CET	443	49952	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.775046110 CET	49952	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.775058985 CET	443	49952	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.908606052 CET	443	49950	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.911685944 CET	443	49950	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.911732912 CET	443	49950	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.911767006 CET	49950	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.913532019 CET	49950	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.939626932 CET	49950	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.939626932 CET	49950	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.939637899 CET	443	49950	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.939646959 CET	443	49950	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.945492029 CET	49955	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.945537090 CET	443	49955	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.950062037 CET	49955	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.950062037 CET	49955	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.950098038 CET	443	49955	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.954191923 CET	443	49951	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.957278967 CET	443	49951	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.958081961 CET	49951	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.958082914 CET	49951	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.960336924 CET	49951	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.960346937 CET	49956	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.960361004 CET	443	49951	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.960452080 CET	443	49956	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:33.960874081 CET	49956	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.960874081 CET	49956	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:33.960953951 CET	443	49956	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:34.251996994 CET	443	49952	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:34.254905939 CET	443	49952	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:34.254997969 CET	443	49952	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:34.255094051 CET	49952	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:34.259521008 CET	49952	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:34.271812916 CET	49952	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:34.271846056 CET	443	49952	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:34.271887064 CET	49952	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:34.271903992 CET	443	49952	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:34.275444984 CET	49957	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:34.275535107 CET	443	49957	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:34.275640965 CET	49957	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:34.275818110 CET	49957	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:34.275851965 CET	443	49957	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.243746042 CET	443	49953	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.244262934 CET	49953	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.244277954 CET	443	49953	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.244757891 CET	49953	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.244761944 CET	443	49953	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.363979101 CET	443	49954	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.364360094 CET	49954	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.364392996 CET	443	49954	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.364792109 CET	49954	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.364806890 CET	443	49954	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.457912922 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:35.577393055 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:35.577450037 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:35.678221941 CET	443	49953	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.681332111 CET	443	49953	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.681404114 CET	49953	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.681473017 CET	49953	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.681485891 CET	443	49953	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.681495905 CET	49953	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.681500912 CET	443	49953	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.684093952 CET	49958	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.684174061 CET	443	49958	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.684267998 CET	49958	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.684432983 CET	49958	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.684470892 CET	443	49958	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.696872950 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:35.728090048 CET	443	49955	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.728642941 CET	49955	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.728650093 CET	443	49955	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.729131937 CET	49955	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.729136944 CET	443	49955	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.761826992 CET	443	49956	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.762222052 CET	49956	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.762280941 CET	443	49956	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.762641907 CET	49956	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.762655020 CET	443	49956	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.808098078 CET	443	49954	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.811196089 CET	443	49954	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.811295986 CET	49954	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.811371088 CET	49954	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.811371088 CET	49954	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.811400890 CET	443	49954	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.811424971 CET	443	49954	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.814059973 CET	49959	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.814116955 CET	443	49959	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.814327002 CET	49959	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.814512968 CET	49959	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:35.814548969 CET	443	49959	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:35.918150902 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:35.966679096 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:36.110130072 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:36.111726999 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:36.122256994 CET	443	49957	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.122803926 CET	49957	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.122821093 CET	443	49957	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.123673916 CET	49957	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.123680115 CET	443	49957	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.172226906 CET	443	49955	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.175246954 CET	443	49955	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.175456047 CET	49955	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.175482035 CET	49955	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.175482035 CET	49955	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.175501108 CET	443	49955	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.175509930 CET	443	49955	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.178203106 CET	49960	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.178308010 CET	443	49960	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.178469896 CET	49960	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.178617001 CET	49960	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.178668976 CET	443	49960	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.204436064 CET	443	49956	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.204531908 CET	443	49956	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.204648018 CET	443	49956	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.204711914 CET	49956	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.204782009 CET	49956	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.204819918 CET	443	49956	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.204853058 CET	49956	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.204868078 CET	443	49956	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.206800938 CET	49961	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.206840038 CET	443	49961	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.206923962 CET	49961	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.207066059 CET	49961	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.207081079 CET	443	49961	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.231197119 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:36.231354952 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:36.350864887 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:36.579721928 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:36.609417915 CET	443	49957	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.612407923 CET	443	49957	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.612479925 CET	49957	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.612690926 CET	49957	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.612731934 CET	443	49957	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.615617037 CET	49962	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.615669012 CET	443	49962	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.615876913 CET	49962	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.616215944 CET	49962	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:36.616230965 CET	443	49962	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:36.763571978 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:36.771783113 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:36.773226976 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:36.892743111 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:36.893438101 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:37.013052940 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:37.541435003 CET	443	49958	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:37.542520046 CET	49958	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:37.542553902 CET	443	49958	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:37.543025017 CET	49958	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:37.543040991 CET	443	49958	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:37.593194962 CET	443	49959	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:37.593590021 CET	49959	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:37.593663931 CET	443	49959	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:37.594114065 CET	49959	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:37.594130993 CET	443	49959	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:37.779208899 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:37.896612883 CET	443	49960	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:37.897171974 CET	49960	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:37.897193909 CET	443	49960	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:37.897696018 CET	49960	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:37.897703886 CET	443	49960	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:37.898690939 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:37.898755074 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:37.990770102 CET	443	49961	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:37.991266012 CET	49961	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:37.991280079 CET	443	49961	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:37.991734028 CET	49961	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:37.991740942 CET	443	49961	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.003211975 CET	443	49958	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.006297112 CET	443	49958	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.006349087 CET	443	49958	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.006351948 CET	49958	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.006402016 CET	49958	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.006581068 CET	49958	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.006628036 CET	443	49958	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.006663084 CET	49958	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.006695986 CET	443	49958	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.009318113 CET	49963	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.009342909 CET	443	49963	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.009546995 CET	49963	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.009692907 CET	49963	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.009706020 CET	443	49963	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.018207073 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.018362045 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:38.036912918 CET	443	49959	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.040018082 CET	443	49959	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.040071011 CET	49959	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.040277958 CET	49959	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.040316105 CET	443	49959	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.040344954 CET	49959	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.040360928 CET	443	49959	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.043078899 CET	49964	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.043103933 CET	443	49964	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.043289900 CET	49964	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.043452978 CET	49964	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.043463945 CET	443	49964	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.137816906 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.235634089 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.329866886 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.329927921 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:38.330116034 CET	443	49960	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.331507921 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:38.333534002 CET	443	49960	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.333575964 CET	443	49960	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.333642006 CET	49960	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.333744049 CET	49960	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.333744049 CET	49960	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.333782911 CET	443	49960	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.333810091 CET	443	49960	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.336175919 CET	49965	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.336258888 CET	443	49965	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.336324930 CET	49965	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.336638927 CET	49965	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.336673975 CET	443	49965	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.427592039 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.427761078 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:38.450949907 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.465614080 CET	443	49962	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.466125965 CET	49962	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.466175079 CET	443	49962	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.466856003 CET	49962	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.466871023 CET	443	49962	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.521819115 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.521943092 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:38.547262907 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.547420025 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:38.652245045 CET	443	49961	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.655193090 CET	443	49961	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.655322075 CET	49961	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.655349970 CET	49961	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.655364990 CET	443	49961	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.655375004 CET	49961	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.655380011 CET	443	49961	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.658159971 CET	49966	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.658189058 CET	443	49966	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.658467054 CET	49966	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.658641100 CET	49966	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.658662081 CET	443	49966	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.666872025 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.666940928 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:38.765067101 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.786384106 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.859060049 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.859160900 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:38.861650944 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:38.917629004 CET	443	49962	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.920526981 CET	443	49962	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.920613050 CET	49962	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.920695066 CET	49962	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.920695066 CET	49962	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.920722008 CET	443	49962	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.920743942 CET	443	49962	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.923369884 CET	49967	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.923466921 CET	443	49967	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.923671961 CET	49967	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.923844099 CET	49967	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:38.923876047 CET	443	49967	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:38.981075048 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:38.981142998 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:39.093391895 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:39.100601912 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:39.100694895 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:39.220297098 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:39.830492973 CET	443	49964	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:39.831058979 CET	49964	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:39.831080914 CET	443	49964	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:39.831547022 CET	49964	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:39.831552982 CET	443	49964	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:39.831845999 CET	443	49963	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:39.832200050 CET	49963	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:39.832210064 CET	443	49963	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:39.832640886 CET	49963	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:39.832644939 CET	443	49963	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.119735003 CET	443	49965	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.120424986 CET	49965	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.120481968 CET	443	49965	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.120973110 CET	49965	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.120987892 CET	443	49965	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.273137093 CET	443	49964	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.274476051 CET	443	49963	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.276633978 CET	443	49964	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.276689053 CET	443	49964	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.276690960 CET	49964	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.276882887 CET	49964	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.276926994 CET	49964	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.276942968 CET	443	49964	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.276954889 CET	49964	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.276959896 CET	443	49964	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.277306080 CET	443	49963	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.277359009 CET	49963	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.277518988 CET	49963	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.277534008 CET	443	49963	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.277558088 CET	49963	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.277564049 CET	443	49963	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.280849934 CET	49968	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.280873060 CET	443	49968	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.280925989 CET	49968	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.281146049 CET	49969	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.281234026 CET	443	49969	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.281243086 CET	49968	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.281255007 CET	443	49968	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.281306028 CET	49969	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.281487942 CET	49969	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.281527042 CET	443	49969	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.383554935 CET	443	49966	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.383933067 CET	49966	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.383943081 CET	443	49966	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.384391069 CET	49966	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.384396076 CET	443	49966	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.564300060 CET	443	49965	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.564373970 CET	443	49965	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.564440966 CET	49965	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.564614058 CET	49965	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.564659119 CET	443	49965	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.564707994 CET	49965	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.564723969 CET	443	49965	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.567346096 CET	49970	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.567374945 CET	443	49970	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.567433119 CET	49970	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.567600012 CET	49970	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.567612886 CET	443	49970	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.684984922 CET	443	49967	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.686225891 CET	49967	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.686254978 CET	443	49967	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.686861038 CET	49967	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.686877012 CET	443	49967	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.818358898 CET	443	49966	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.821427107 CET	443	49966	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.821501970 CET	49966	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.821578979 CET	49966	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.821588993 CET	443	49966	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.821618080 CET	49966	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.821621895 CET	443	49966	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.824114084 CET	49971	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.824166059 CET	443	49971	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:40.824404955 CET	49971	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.824561119 CET	49971	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:40.824589968 CET	443	49971	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:41.119215012 CET	443	49967	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:41.123784065 CET	443	49967	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:41.123857975 CET	49967	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:41.123948097 CET	49967	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:41.123949051 CET	49967	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:41.123980999 CET	443	49967	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:41.124007940 CET	443	49967	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:41.126684904 CET	49972	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:41.126735926 CET	443	49972	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:41.127017021 CET	49972	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:41.127192020 CET	49972	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:41.127223015 CET	443	49972	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:41.317725897 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:41.466723919 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:41.553256989 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:41.654248953 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:41.670830011 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:41.790421963 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:41.790482998 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:41.910003901 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:42.010472059 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:42.062227011 CET	443	49969	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.063019991 CET	49969	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.063097954 CET	443	49969	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.063909054 CET	49969	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.063925028 CET	443	49969	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.064538002 CET	443	49968	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.064842939 CET	49968	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.064861059 CET	443	49968	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.065258980 CET	49968	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.065263033 CET	443	49968	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.128406048 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:42.128488064 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:42.129964113 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:42.248819113 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:42.320127964 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:42.324889898 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:42.345336914 CET	443	49970	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.348205090 CET	49970	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.348233938 CET	443	49970	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.348591089 CET	49970	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.348594904 CET	443	49970	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.445749998 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:42.447487116 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:42.509711027 CET	443	49968	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.512845039 CET	443	49968	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.512959003 CET	49968	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.513005018 CET	49968	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.513020039 CET	443	49968	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.513030052 CET	49968	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.513035059 CET	443	49968	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.515579939 CET	49973	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.515609980 CET	443	49973	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.515686035 CET	49973	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.515826941 CET	49973	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.515837908 CET	443	49973	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.525929928 CET	443	49969	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.528980970 CET	443	49969	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.531486034 CET	49969	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.531522036 CET	49969	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.531547070 CET	443	49969	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.531559944 CET	49969	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.531567097 CET	443	49969	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.533428907 CET	49974	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.533509016 CET	443	49974	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.533591032 CET	49974	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.533714056 CET	49974	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.533752918 CET	443	49974	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.553230047 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:42.555510044 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:42.566942930 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:42.566992044 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:42.609127045 CET	443	49971	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.610124111 CET	49971	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.610184908 CET	443	49971	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.610891104 CET	49971	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.610905886 CET	443	49971	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.686538935 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:42.788005114 CET	443	49970	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.791369915 CET	443	49970	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.791431904 CET	49970	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.791531086 CET	49970	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.791543007 CET	443	49970	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.791574001 CET	49970	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.791579008 CET	443	49970	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.795454025 CET	49975	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.795476913 CET	443	49975	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.795721054 CET	49975	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.796063900 CET	49975	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.796070099 CET	443	49975	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.910026073 CET	443	49972	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.910420895 CET	49972	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.910491943 CET	443	49972	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:42.910933018 CET	49972	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:42.910948038 CET	443	49972	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.053112984 CET	443	49971	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.056643009 CET	443	49971	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.056936026 CET	49971	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.057043076 CET	49971	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.057043076 CET	49971	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.057082891 CET	443	49971	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.057110071 CET	443	49971	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.063563108 CET	49976	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.063604116 CET	443	49976	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.067611933 CET	49976	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.071463108 CET	49976	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.071475983 CET	443	49976	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.353456974 CET	443	49972	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.356617928 CET	443	49972	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.356744051 CET	443	49972	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.356791019 CET	49972	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.356884956 CET	49972	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.356884956 CET	49972	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.356971025 CET	49972	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.357014894 CET	443	49972	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.363467932 CET	49977	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.363528967 CET	443	49977	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.367546082 CET	49977	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.371469975 CET	49977	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:43.371501923 CET	443	49977	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:43.696505070 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:43.816174030 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:43.816236019 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:43.936570883 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:44.155754089 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:44.235104084 CET	443	49973	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.236110926 CET	49973	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.236124992 CET	443	49973	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.236819983 CET	49973	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.236824036 CET	443	49973	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.251044989 CET	443	49974	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.251380920 CET	49974	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.251441002 CET	443	49974	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.251749992 CET	49974	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.251769066 CET	443	49974	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.263629913 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:44.389375925 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:44.390950918 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:44.510543108 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:44.510592937 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:44.575943947 CET	443	49975	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.576916933 CET	49975	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.576934099 CET	443	49975	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.578279018 CET	49975	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.578285933 CET	443	49975	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.630096912 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:44.669717073 CET	443	49973	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.672734022 CET	443	49973	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.672801018 CET	49973	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.674010038 CET	49973	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.674021959 CET	443	49973	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.677191973 CET	49978	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.677221060 CET	443	49978	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.677467108 CET	49978	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.677788973 CET	49978	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.677802086 CET	443	49978	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.686204910 CET	443	49974	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.689326048 CET	443	49974	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.689364910 CET	443	49974	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.689388990 CET	49974	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.689436913 CET	49974	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.689620018 CET	49974	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.689620018 CET	49974	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.689660072 CET	443	49974	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.689683914 CET	443	49974	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.710725069 CET	49979	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.710813999 CET	443	49979	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.710932016 CET	49979	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.711107016 CET	49979	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.711143017 CET	443	49979	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.921355009 CET	443	49976	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.921824932 CET	49976	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.921833992 CET	443	49976	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:44.922632933 CET	49976	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:44.922637939 CET	443	49976	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.019068956 CET	443	49975	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.022242069 CET	443	49975	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.022298098 CET	49975	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.022361994 CET	49975	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.022370100 CET	443	49975	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.022378922 CET	49975	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.022382975 CET	443	49975	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.024908066 CET	49980	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.024939060 CET	443	49980	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.025196075 CET	49980	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.025351048 CET	49980	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.025363922 CET	443	49980	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.221086025 CET	443	49977	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.221606016 CET	49977	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.221641064 CET	443	49977	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.222142935 CET	49977	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.222155094 CET	443	49977	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.373467922 CET	443	49976	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.376454115 CET	443	49976	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.376539946 CET	49976	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.376555920 CET	443	49976	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.376578093 CET	443	49976	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.376724958 CET	49976	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.376832962 CET	49976	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.376847982 CET	443	49976	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.376868963 CET	49976	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.376874924 CET	443	49976	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.379681110 CET	49981	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.379774094 CET	443	49981	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.379842043 CET	49981	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.380187035 CET	49981	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.380240917 CET	443	49981	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.672312975 CET	443	49977	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.675857067 CET	443	49977	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.676059008 CET	49977	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.676161051 CET	49977	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.676161051 CET	49977	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.676191092 CET	443	49977	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.676218033 CET	443	49977	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.678956985 CET	49982	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.679025888 CET	443	49982	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:45.679105043 CET	49982	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.679389954 CET	49982	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:45.679426908 CET	443	49982	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.262608051 CET	443	49978	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.263166904 CET	49978	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.263180017 CET	443	49978	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.263571024 CET	49978	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.263576031 CET	443	49978	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.555882931 CET	443	49979	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.556366920 CET	49979	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.556392908 CET	443	49979	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.556807995 CET	49979	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.556822062 CET	443	49979	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.566492081 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:46.686089039 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:46.686254978 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:46.713512897 CET	443	49978	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.717849970 CET	443	49978	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.717919111 CET	49978	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.717986107 CET	49978	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.717986107 CET	49978	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.718002081 CET	443	49978	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.718044043 CET	443	49978	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.720518112 CET	49983	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.720576048 CET	443	49983	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.720752954 CET	49983	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.720915079 CET	49983	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.720952034 CET	443	49983	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.804164886 CET	443	49980	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.804825068 CET	49980	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.804881096 CET	443	49980	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.805272102 CET	49980	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:46.805286884 CET	443	49980	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:46.805747032 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.007874966 CET	443	49979	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.011375904 CET	443	49979	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.011555910 CET	49979	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.011605978 CET	49979	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.011606932 CET	49979	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.011636019 CET	443	49979	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.011662006 CET	443	49979	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.014583111 CET	49984	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.014621973 CET	443	49984	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.014709949 CET	49984	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.014880896 CET	49984	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.014909029 CET	443	49984	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.024229050 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.050590038 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:47.114912033 CET	443	49981	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.115415096 CET	49981	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.115456104 CET	443	49981	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.115907907 CET	49981	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.115919113 CET	443	49981	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.170571089 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.170644045 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:47.216145992 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.250946045 CET	443	49980	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.254076004 CET	443	49980	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.254129887 CET	443	49980	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.254184961 CET	49980	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.254249096 CET	49980	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.254295111 CET	49980	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.254295111 CET	49980	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.254334927 CET	443	49980	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.254364014 CET	443	49980	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.256926060 CET	49985	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.256978989 CET	443	49985	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.257158995 CET	49985	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.257316113 CET	49985	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.257348061 CET	443	49985	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.263710022 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:47.290211916 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.290271997 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:47.411006927 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.465615034 CET	443	49982	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.469811916 CET	49982	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.469811916 CET	49982	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.469861984 CET	443	49982	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.469903946 CET	443	49982	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.507966042 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.547678947 CET	443	49981	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.551060915 CET	443	49981	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.553791046 CET	49981	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.556291103 CET	49981	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.556291103 CET	49981	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.556291103 CET	49986	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.556327105 CET	443	49981	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.556353092 CET	443	49981	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.556381941 CET	443	49986	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.556458950 CET	49986	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.556596041 CET	49986	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.556621075 CET	443	49986	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.560568094 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:47.572163105 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:47.603053093 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.605705976 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:47.691714048 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.691787004 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:47.725486040 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.725733995 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:47.811359882 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.845338106 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:47.909360886 CET	443	49982	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.909584999 CET	443	49982	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.909733057 CET	49982	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.909842014 CET	49982	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.909884930 CET	443	49982	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.909913063 CET	49982	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.909929037 CET	443	49982	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.912589073 CET	49987	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.912643909 CET	443	49987	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.912995100 CET	49987	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.913163900 CET	49987	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:47.913196087 CET	443	49987	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:47.975675106 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:48.037424088 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:48.037611008 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:48.041735888 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:48.161248922 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:48.161993980 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:48.167562008 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:48.263611078 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:48.325490952 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:48.325566053 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:48.445234060 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:48.498801947 CET	443	49983	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.499492884 CET	49983	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:48.499550104 CET	443	49983	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.506280899 CET	49983	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:48.506306887 CET	443	49983	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.664144993 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:48.763732910 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:48.795242071 CET	443	49984	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.798913002 CET	49984	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:48.798968077 CET	443	49984	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.799361944 CET	49984	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:48.799379110 CET	443	49984	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.856296062 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:48.877340078 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:48.947241068 CET	443	49983	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.947263956 CET	443	49983	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.947350025 CET	49983	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:48.947380066 CET	443	49983	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.947551966 CET	49983	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:48.947590113 CET	443	49983	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.947613001 CET	49983	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:48.947750092 CET	443	49983	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.947777987 CET	443	49983	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.947823048 CET	49983	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:48.950095892 CET	49988	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:48.950182915 CET	443	49988	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.950263023 CET	49988	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:48.950419903 CET	49988	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:48.950455904 CET	443	49988	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:48.996920109 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:48.997013092 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:49.043875933 CET	443	49985	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.044255018 CET	49985	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.044308901 CET	443	49985	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.044662952 CET	49985	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.044677019 CET	443	49985	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.116636992 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:49.226388931 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:49.238333941 CET	443	49984	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.238409996 CET	443	49984	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.238476992 CET	49984	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.238768101 CET	49984	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.238815069 CET	443	49984	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.238843918 CET	49984	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.238862038 CET	443	49984	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.241842985 CET	49989	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.241888046 CET	443	49989	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.241976976 CET	49989	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.242141962 CET	49989	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.242156982 CET	443	49989	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.340054035 CET	443	49986	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.340459108 CET	49986	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.340495110 CET	443	49986	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.340930939 CET	49986	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.340941906 CET	443	49986	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.345952034 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:49.346024990 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:49.466265917 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:49.492362022 CET	443	49985	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.492387056 CET	443	49985	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.492450953 CET	49985	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.492494106 CET	443	49985	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.492599010 CET	49985	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.492599010 CET	49985	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.492638111 CET	443	49985	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.492798090 CET	443	49985	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.492831945 CET	443	49985	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.492875099 CET	49985	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.494851112 CET	49990	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.494904995 CET	443	49990	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.494993925 CET	49990	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.495125055 CET	49990	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.495158911 CET	443	49990	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.637201071 CET	443	49987	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.637713909 CET	49987	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.637751102 CET	443	49987	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.638250113 CET	49987	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.638262987 CET	443	49987	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.683795929 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:49.763601065 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:49.785540104 CET	443	49986	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.785566092 CET	443	49986	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.785629034 CET	49986	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.785656929 CET	443	49986	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.785917997 CET	49986	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.785947084 CET	443	49986	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.785993099 CET	49986	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.786109924 CET	443	49986	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.786147118 CET	443	49986	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.786201000 CET	49986	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.789019108 CET	49991	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.789060116 CET	443	49991	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.789278984 CET	49991	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.789351940 CET	49991	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:49.789366961 CET	443	49991	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:49.875531912 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:49.877093077 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:49.996721983 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:49.996913910 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:50.070295095 CET	443	49987	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:50.070353031 CET	443	49987	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:50.070425987 CET	49987	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:50.070460081 CET	443	49987	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:50.070653915 CET	49987	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:50.070688009 CET	443	49987	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:50.070710897 CET	49987	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:50.071065903 CET	443	49987	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:50.071139097 CET	443	49987	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:50.071280003 CET	49987	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:50.073731899 CET	49992	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:50.073765039 CET	443	49992	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:50.073822021 CET	49992	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:50.073955059 CET	49992	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:50.073971033 CET	443	49992	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:50.116453886 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:50.664308071 CET	443	49988	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:50.664885044 CET	49988	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:50.664930105 CET	443	49988	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:50.665355921 CET	49988	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:50.665374994 CET	443	49988	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.028142929 CET	443	49989	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.028702021 CET	49989	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.028712988 CET	443	49989	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.029176950 CET	49989	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.029181004 CET	443	49989	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.101449966 CET	443	49988	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.101471901 CET	443	49988	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.101541042 CET	49988	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.101574898 CET	443	49988	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.101843119 CET	49988	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.101880074 CET	443	49988	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.101902008 CET	49988	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.102027893 CET	443	49988	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.102060080 CET	443	49988	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.102123022 CET	49988	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.104446888 CET	49993	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.104510069 CET	443	49993	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.104753971 CET	49993	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.104896069 CET	49993	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.104931116 CET	443	49993	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.276597977 CET	443	49990	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.277121067 CET	49990	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.277144909 CET	443	49990	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.277672052 CET	49990	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.277683020 CET	443	49990	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.471839905 CET	443	49989	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.471982002 CET	443	49989	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.472187042 CET	49989	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.472533941 CET	49989	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.472552061 CET	443	49989	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.472562075 CET	49989	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.472565889 CET	443	49989	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.475594997 CET	49994	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.475625038 CET	443	49994	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.475682974 CET	49994	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.475878954 CET	49994	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.475895882 CET	443	49994	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.571435928 CET	443	49991	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.572206974 CET	49991	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.572218895 CET	443	49991	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.572791100 CET	49991	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.572794914 CET	443	49991	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.722487926 CET	443	49990	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.722551107 CET	443	49990	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.722655058 CET	49990	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.722827911 CET	49990	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.722827911 CET	49990	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.722867966 CET	443	49990	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.722893000 CET	443	49990	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.725862026 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.725904942 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.725984097 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.726150990 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.726181030 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.797065020 CET	443	49992	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.797477007 CET	49992	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.797501087 CET	443	49992	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:51.797935009 CET	49992	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:51.797940969 CET	443	49992	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.014101982 CET	443	49991	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.014246941 CET	443	49991	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.014305115 CET	49991	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.014363050 CET	49991	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.014571905 CET	49991	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.014571905 CET	49991	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.014585018 CET	443	49991	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.014596939 CET	443	49991	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.017270088 CET	49996	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.017333984 CET	443	49996	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.017525911 CET	49996	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.017671108 CET	49996	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.017705917 CET	443	49996	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.045418024 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:52.164978981 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:52.165041924 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:52.230278015 CET	443	49992	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.233486891 CET	443	49992	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.233565092 CET	49992	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.233807087 CET	49992	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.233825922 CET	443	49992	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.233851910 CET	49992	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.233866930 CET	443	49992	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.236711979 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.236751080 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.236943007 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.237133980 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.237145901 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.284662962 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:52.302755117 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:52.422342062 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:52.422399998 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:52.503050089 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:52.541943073 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:52.560492992 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:52.614521980 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:52.616427898 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:52.736599922 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:52.736916065 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:52.806289911 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:52.856463909 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:52.889241934 CET	443	49993	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.889694929 CET	49993	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.889725924 CET	443	49993	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.890243053 CET	49993	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:52.890256882 CET	443	49993	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:52.928745031 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:52.928822041 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:52.930175066 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:53.049683094 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:53.049916983 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:53.169521093 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:53.321733952 CET	443	49994	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.322259903 CET	49994	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.322285891 CET	443	49994	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.322777033 CET	49994	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.322784901 CET	443	49994	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.338323116 CET	443	49993	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.338344097 CET	443	49993	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.338403940 CET	49993	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.338433027 CET	443	49993	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.338665962 CET	49993	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.338987112 CET	49993	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.338987112 CET	49993	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.339005947 CET	443	49993	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.339174032 CET	443	49993	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.339195967 CET	443	49993	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.339330912 CET	49993	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.342519045 CET	49998	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.342617035 CET	443	49998	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.342812061 CET	49998	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.342961073 CET	49998	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.343009949 CET	443	49998	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.445468903 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.445847034 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.445868015 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.446382999 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.446394920 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.919424057 CET	443	49994	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.919451952 CET	443	49994	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.919501066 CET	49994	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.919521093 CET	443	49994	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.919542074 CET	443	49994	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.919583082 CET	49994	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.921430111 CET	49994	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.921444893 CET	443	49994	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.921458006 CET	49994	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.921463966 CET	443	49994	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.925513029 CET	443	49996	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.927454948 CET	49996	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.927484035 CET	443	49996	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.928917885 CET	49996	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.928924084 CET	443	49996	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.933060884 CET	49999	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.933111906 CET	443	49999	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.933163881 CET	49999	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.933412075 CET	49999	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.933434010 CET	443	49999	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.935564995 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.935585022 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.935600042 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.935642958 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.935677052 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:53.935705900 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:53.935728073 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.029155016 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.044539928 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.044575930 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.045809031 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.045816898 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.078099012 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.078186035 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.078201056 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.078249931 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.140294075 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.140294075 CET	49995	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.140335083 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.140355110 CET	443	49995	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.216249943 CET	50000	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.216347933 CET	443	50000	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.216583967 CET	50000	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.262622118 CET	50000	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.262698889 CET	443	50000	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.368880987 CET	443	49996	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.368942976 CET	443	49996	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.369013071 CET	49996	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.369066000 CET	443	49996	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.371398926 CET	49996	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.371439934 CET	443	49996	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.371484041 CET	49996	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.371859074 CET	443	49996	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.371947050 CET	443	49996	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.372004032 CET	49996	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.376193047 CET	50001	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.376246929 CET	443	50001	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.376301050 CET	50001	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.376477003 CET	50001	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.376491070 CET	443	50001	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.525912046 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.525938988 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.525954962 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.525999069 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.526022911 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.526041031 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.526066065 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.711019039 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.711090088 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.711095095 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.711127996 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.711137056 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.711153030 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.711169004 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.711606979 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.711632013 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.711642981 CET	49997	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.711651087 CET	443	49997	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.714802027 CET	50002	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.714850903 CET	443	50002	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:54.714915991 CET	50002	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.715101004 CET	50002	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:54.715118885 CET	443	50002	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.122216940 CET	443	49998	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.123565912 CET	49998	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.123619080 CET	443	49998	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.123987913 CET	49998	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.124006987 CET	443	49998	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.473263979 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:55.579202890 CET	443	49998	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.579226017 CET	443	49998	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.579299927 CET	49998	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.579348087 CET	443	49998	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.579421997 CET	49998	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.579602003 CET	49998	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.579602003 CET	49998	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.579622030 CET	443	49998	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.579797983 CET	443	49998	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.579828024 CET	443	49998	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.579875946 CET	49998	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.582509995 CET	50003	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.582539082 CET	443	50003	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.582602978 CET	50003	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.582742929 CET	50003	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.582752943 CET	443	50003	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.592768908 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:55.592833996 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:55.712311983 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:55.712394953 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:55.781393051 CET	443	49999	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.781882048 CET	49999	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.781910896 CET	443	49999	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.782517910 CET	49999	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.782526016 CET	443	49999	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.831959009 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:55.930687904 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:55.978888035 CET	443	50000	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.979485035 CET	50000	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.979562044 CET	443	50000	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:55.980042934 CET	50000	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:55.980061054 CET	443	50000	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.024405003 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:56.024471045 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:56.025789022 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:56.122181892 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:56.122251034 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:56.145267963 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:56.145342112 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:56.160608053 CET	443	50001	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.161084890 CET	50001	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.161119938 CET	443	50001	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.162864923 CET	50001	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.162879944 CET	443	50001	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.238293886 CET	443	49999	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.238318920 CET	443	49999	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.238388062 CET	49999	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.238420963 CET	443	49999	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.238676071 CET	49999	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.238691092 CET	443	49999	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.238723993 CET	49999	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.238888025 CET	443	49999	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.238928080 CET	443	49999	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.239239931 CET	49999	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.241365910 CET	50004	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.241406918 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.241741896 CET	50004	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.241751909 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:56.241895914 CET	50004	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.241910934 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.264861107 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:56.413799047 CET	443	50000	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.416764975 CET	443	50000	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.416836023 CET	50000	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.416919947 CET	50000	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.416919947 CET	50000	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.416955948 CET	443	50000	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.416980028 CET	443	50000	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.419681072 CET	50005	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.419750929 CET	443	50005	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.419831038 CET	50005	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.420145988 CET	50005	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.420177937 CET	443	50005	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.557914972 CET	443	50002	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.558356047 CET	50002	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.558381081 CET	443	50002	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.558861017 CET	50002	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.558873892 CET	443	50002	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.604965925 CET	443	50001	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.605117083 CET	443	50001	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.605285883 CET	50001	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.605689049 CET	50001	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.605700970 CET	443	50001	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.605710030 CET	50001	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.605714083 CET	443	50001	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.616205931 CET	50006	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.616245985 CET	443	50006	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:56.616313934 CET	50006	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.617225885 CET	50006	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:56.617244959 CET	443	50006	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.013783932 CET	443	50002	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.016889095 CET	443	50002	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.016957998 CET	50002	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.048856974 CET	50002	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.048885107 CET	443	50002	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.048911095 CET	50002	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.048926115 CET	443	50002	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.186372042 CET	50007	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.186422110 CET	443	50007	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.186491013 CET	50007	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.194453001 CET	50007	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.194483995 CET	443	50007	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.298312902 CET	443	50003	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.379322052 CET	50003	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.379338026 CET	443	50003	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.380064011 CET	50003	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.380069971 CET	443	50003	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.395276070 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:57.514873028 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:57.514935970 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:57.634449005 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:57.733325958 CET	443	50003	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.736407042 CET	443	50003	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.739561081 CET	50003	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.739594936 CET	50003	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.739605904 CET	443	50003	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.739634991 CET	50003	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.739639997 CET	443	50003	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.742249012 CET	50008	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.742281914 CET	443	50008	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.742347956 CET	50008	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.742528915 CET	50008	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:57.742542028 CET	443	50008	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:57.852351904 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:57.966825008 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:58.085351944 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:58.088917971 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:58.092962980 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.095957041 CET	50004	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.095974922 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.096430063 CET	50004	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.096436977 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.140373945 CET	443	50005	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.141050100 CET	50005	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.141122103 CET	443	50005	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.141567945 CET	50005	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.141582966 CET	443	50005	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.208475113 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:58.208532095 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:58.328140974 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:58.328195095 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:58.429930925 CET	443	50006	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.431946039 CET	50006	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.431976080 CET	443	50006	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.432526112 CET	50006	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.432533026 CET	443	50006	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.447685003 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:58.544125080 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.547440052 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.547501087 CET	50004	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.547517061 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.547590971 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.547631025 CET	50004	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.547669888 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.547688961 CET	50004	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.547688961 CET	50004	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.547698975 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.547707081 CET	443	50004	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.575000048 CET	443	50005	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.578049898 CET	443	50005	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.578110933 CET	50005	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.578161955 CET	50005	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.578190088 CET	443	50005	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.578217030 CET	50005	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.578229904 CET	443	50005	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.665570021 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:58.763633013 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:58.857430935 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:58.858954906 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:58.871968031 CET	443	50006	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.875107050 CET	443	50006	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.875231981 CET	50006	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.875468016 CET	50006	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.875488997 CET	443	50006	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.875499964 CET	50006	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.875504971 CET	443	50006	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.972779989 CET	443	50007	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.973253965 CET	50007	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.973330021 CET	443	50007	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.973737955 CET	50007	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:58.973752975 CET	443	50007	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:58.978465080 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:58.978523016 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:59.098298073 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:59.310973883 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:59.416095972 CET	443	50007	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:59.419248104 CET	443	50007	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:59.419342995 CET	50007	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:59.419512033 CET	50007	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:59.419512033 CET	50007	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:59.419545889 CET	443	50007	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:59.419572115 CET	443	50007	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:59.430572987 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:59.430649996 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:59.455873966 CET	443	50008	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:59.456336975 CET	50008	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:59.456353903 CET	443	50008	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:59.456861973 CET	50008	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:59.456867933 CET	443	50008	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:59.550088882 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:59.650476933 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:59.767213106 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:59.767265081 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:19:59.769946098 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:59.886749983 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:59.931930065 CET	443	50008	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:59.931998014 CET	443	50008	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:59.932044983 CET	50008	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:59.932238102 CET	50008	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:59.932255030 CET	443	50008	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:59.932265043 CET	50008	443	192.168.2.4	13.107.246.63
Nov 24, 2024 03:19:59.932271004 CET	443	50008	13.107.246.63	192.168.2.4
Nov 24, 2024 03:19:59.959054947 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:19:59.962009907 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:00.081463099 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:00.081509113 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:00.193159103 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:00.201035976 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:00.201143980 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:00.320610046 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:00.467317104 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:00.587004900 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:00.587063074 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:00.706667900 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:00.924726963 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:01.060527086 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:01.159986973 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:01.161438942 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:01.280936956 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:01.281224012 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:01.400793076 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:02.296379089 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:02.416029930 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:02.416081905 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:02.535624981 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:02.535667896 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:02.655184031 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:02.753180027 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:02.847369909 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:02.847544909 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:02.849014997 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:02.944860935 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:02.944931030 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:02.968542099 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:02.968589067 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:03.064796925 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:03.088104010 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:03.327023983 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:03.466784954 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:03.561366081 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:03.563182116 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:03.682885885 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:03.682940960 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:03.802495956 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:03.810142994 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:03.929732084 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:03.929877043 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:04.021492004 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.049432039 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.122066975 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.122140884 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:04.123580933 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:04.243181944 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.243252039 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:04.357377052 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.359587908 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:04.362760067 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.362849951 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:04.479191065 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.482328892 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.604923964 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:04.696861982 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.696934938 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:04.724543095 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.816570997 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.916881084 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:04.920964956 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:05.040477991 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:05.043581009 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:05.149617910 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:05.163533926 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:05.163727999 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:05.283366919 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:07.661582947 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:07.781218052 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:07.781289101 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:07.901051044 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:08.126195908 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:08.263680935 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:08.361360073 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:08.363198042 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:08.482922077 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:08.483006954 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:08.602725029 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:08.732283115 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:08.852149010 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:08.852222919 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:08.972032070 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:08.972095013 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:09.091934919 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.180398941 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:09.190526962 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.190592051 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:09.284301996 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.284378052 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:09.300044060 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.300101042 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:09.310030937 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.382383108 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.403995037 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.404105902 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:09.419697046 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.523771048 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.596112013 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.654313087 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:09.715958118 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.717848063 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:09.837455034 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:09.839642048 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:09.959275007 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:10.736272097 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:10.915965080 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:10.916019917 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:11.039505959 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.178888083 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:11.257118940 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.257179022 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:11.298516035 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.378592014 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.450757027 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.453165054 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:11.572860956 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.572941065 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:11.642663002 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.642738104 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:11.692786932 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.692856073 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:11.762393951 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.765346050 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.765641928 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:11.853832960 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.857657909 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:11.977427006 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:11.983267069 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:12.155644894 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:12.169655085 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:12.173062086 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:12.333518982 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:12.333683014 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:12.453408003 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:12.563565969 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:12.683396101 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:12.683630943 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:12.803736925 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.021076918 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.155143976 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:13.213089943 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.213314056 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:13.274887085 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.274955988 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:13.333231926 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.394710064 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.394771099 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:13.514446020 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.514579058 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:13.570625067 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.634290934 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.654426098 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:13.706470966 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.707968950 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:13.762749910 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.767703056 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:13.826298952 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.827493906 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.887412071 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.887624979 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:13.898296118 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.954349995 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:13.959677935 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:14.049666882 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:14.049807072 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:14.169775009 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:14.758326054 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:14.878134966 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:14.878204107 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:14.997981071 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:15.216103077 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:15.240394115 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:15.360084057 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:15.360147953 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:15.407763004 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:15.451205969 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:15.479814053 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:15.479938984 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:15.599627972 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:15.697968006 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:15.734217882 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:15.792123079 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:15.795052052 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:15.853852987 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:15.858338118 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:15.898773909 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:15.914666891 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:15.915353060 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:15.977924109 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:16.034878969 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:16.140645027 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:16.227166891 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:16.227274895 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:16.228795052 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:16.348340988 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:16.348594904 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:16.468251944 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:16.864373922 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:16.983844995 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:16.983916998 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:17.103468895 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:17.321893930 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:17.451211929 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:17.513633013 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:17.514996052 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:17.634609938 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:17.634740114 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:17.754443884 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:19.612660885 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:19.732295990 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:19.732469082 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:19.852133989 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:20.069536924 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:20.154346943 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:20.261054993 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:20.266036034 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:20.385905027 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:20.389933109 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:20.509663105 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:21.077040911 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:21.196938992 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:21.197005033 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:21.316705942 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:21.534542084 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:21.654381037 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:21.726440907 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:21.740020990 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:21.861428976 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:21.861502886 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:21.981231928 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:26.621509075 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:26.741281033 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:26.741358995 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:26.860979080 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:27.078582048 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:27.263761997 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:27.270075083 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:27.271595955 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:27.391125917 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:27.391565084 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:27.511466980 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:28.884754896 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:29.004360914 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:29.004416943 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:29.124224901 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:29.341495991 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:29.451284885 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:29.533267021 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:29.534879923 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:29.654459953 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:29.654551029 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:29.774188042 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:30.420526981 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:30.540203094 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:30.543659925 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:30.663364887 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:30.880934000 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:30.993382931 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:31.074084997 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:31.074151039 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:31.112988949 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:31.113049984 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:31.193733931 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:31.193803072 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:31.232798100 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:31.313576937 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:31.411041975 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:31.466895103 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:31.505548000 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:31.507164001 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:31.626718044 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:31.629913092 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:31.645339966 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:31.763763905 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:31.809413910 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:31.809477091 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:31.929024935 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:32.060172081 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:32.180048943 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:32.181813955 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:32.301373959 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:32.518500090 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:32.710464001 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:32.710530996 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:32.711918116 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:32.831398010 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:32.831450939 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:32.950998068 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:33.211096048 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:33.263864040 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:33.402733088 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:33.405781984 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:33.525563002 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:33.525780916 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:33.645315886 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:35.012058973 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:35.131756067 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:35.131814003 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:35.251346111 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:35.316999912 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:35.436578035 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:35.438232899 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:35.469839096 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:35.601619005 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:35.628628969 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:35.628690958 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:35.630740881 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:35.750200033 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:35.750247002 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:35.820564032 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:35.869875908 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:35.942380905 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:35.942508936 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:35.944082022 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:36.063611984 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:36.063704967 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:36.183382988 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:36.841440916 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:36.972278118 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:36.972332954 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:37.096071959 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:37.313380957 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:37.466933012 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:37.505278111 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:37.506684065 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:37.626251936 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:37.626316071 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:37.745870113 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:37.745924950 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:37.865539074 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:37.974206924 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:38.040311098 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:38.057960033 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:38.058078051 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:38.159826994 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:38.163681030 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:38.165602922 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:38.221441984 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:38.221508026 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:38.283237934 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:38.341234922 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:38.454811096 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:38.533278942 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:38.533370018 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:38.535649061 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:38.655159950 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:38.655262947 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:38.774931908 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:38.957421064 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:39.078608990 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:39.078684092 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:39.198395967 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:39.277895927 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:39.397506952 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:39.397569895 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:39.415276051 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:39.466929913 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:39.558532000 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:39.590573072 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:39.592199087 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:39.713310957 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:39.713393927 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:39.781399965 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:39.833017111 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:39.903961897 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:39.904212952 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:39.905545950 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:40.025357008 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:40.025438070 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:40.145121098 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:40.248116970 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:40.368439913 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:40.368515015 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:40.405066967 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:40.466924906 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:40.529448986 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:40.561642885 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:40.562844038 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:40.682527065 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:40.682594061 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:40.758420944 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:40.802166939 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:40.875230074 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:40.875291109 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:40.877110004 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:40.996788025 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:40.996845961 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:41.116461039 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:41.116520882 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:41.237297058 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:41.316965103 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:41.429445028 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:41.429655075 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:41.508865118 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:41.621651888 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:41.621964931 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:41.622776985 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:41.742492914 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:41.742635012 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:41.862190008 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:42.498763084 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:42.618736982 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:42.619611979 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:42.739337921 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:42.957163095 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:43.149219036 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:43.149287939 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:43.152041912 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:43.271579027 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:43.271648884 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:43.391336918 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:43.467269897 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:43.586997032 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:43.587057114 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:43.706603050 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:43.706660986 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:43.826236963 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:43.923450947 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:43.969851017 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:44.018672943 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:44.022986889 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:44.115277052 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:44.121968031 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:44.142563105 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:44.210437059 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:44.214047909 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:44.241597891 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:44.241790056 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:44.361332893 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:44.834738970 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:44.954366922 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:44.954423904 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:45.074193001 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:45.292514086 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:45.451349020 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:45.525782108 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:45.541872025 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:45.661468983 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:45.661627054 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:45.781368017 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:45.958923101 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:46.078697920 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:46.078759909 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:46.198338985 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:46.198399067 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:46.317954063 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:46.419334888 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:46.466955900 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:46.510257959 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:46.514677048 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:46.611278057 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:46.614082098 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:46.634227037 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:46.637763023 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:46.733675003 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:46.757446051 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:47.967515945 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:48.087254047 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:48.087325096 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:48.206963062 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:48.424875975 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:48.466979027 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:48.657468081 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:48.658510923 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:48.778223991 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:48.778872013 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:48.898547888 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:49.430344105 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:49.550834894 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:49.550898075 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:49.671555996 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:49.808939934 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:49.981295109 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:49.981360912 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:49.984720945 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:50.080595016 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:50.080655098 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:50.101152897 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:50.101205111 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:50.222798109 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:50.222858906 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:50.318923950 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:50.342510939 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:50.414916992 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:50.415218115 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:50.415819883 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:50.535346031 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:50.535520077 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:50.649643898 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:50.655025005 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:50.655100107 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:50.774605989 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:51.188319921 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:51.307929993 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:51.308047056 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:51.427685976 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:51.644906044 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:51.767697096 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:51.834306002 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:51.877415895 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:51.877480984 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:51.989845037 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:51.989892960 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:51.996967077 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:52.110990047 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:52.273495913 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:52.451366901 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:52.465327024 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:52.492546082 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:52.612603903 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:52.612662077 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:52.732316971 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:53.844029903 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:53.963593960 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:53.963644981 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:54.083448887 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:54.300981045 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:54.385238886 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:54.493031979 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:54.493110895 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:54.504792929 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:54.504851103 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:54.612898111 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:54.624522924 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:54.831021070 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:54.967711926 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:55.065671921 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:55.079709053 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:55.199477911 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:55.201395988 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:55.320975065 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:55.990863085 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:56.110601902 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:56.110654116 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:56.230334044 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:56.448156118 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:56.639928102 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:56.640057087 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:56.640697956 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:56.760184050 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:56.760252953 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:56.879920959 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:56.879982948 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:56.999615908 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:57.217560053 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:57.263894081 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:57.409677029 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:57.410432100 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:57.530044079 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:57.530122042 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:57.649765968 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:57.916871071 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:58.065058947 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:58.104942083 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:58.112740040 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:58.233438015 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:58.235750914 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:58.355505943 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:58.807502985 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:58.927067995 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:58.927162886 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:59.046941996 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:59.264821053 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:59.456835032 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:59.457068920 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:59.457591057 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:59.577127934 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:20:59.577251911 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:20:59.696943045 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:21:03.407071114 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:21:03.526808023 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:21:03.526866913 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:21:03.646445990 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:21:03.864299059 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:21:03.951735020 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:21:04.056495905 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:21:04.263901949 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:21:04.632356882 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:21:04.751954079 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:21:04.752046108 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:21:04.871567011 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:21:05.088928938 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:21:05.264040947 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:21:05.280774117 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:21:05.281466961 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:21:05.401015043 CET	6606	49737	3.145.156.44	192.168.2.4
Nov 24, 2024 03:21:05.403827906 CET	49737	6606	192.168.2.4	3.145.156.44
Nov 24, 2024 03:21:05.523466110 CET	6606	49737	3.145.156.44	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 24, 2024 03:17:03.668446064 CET	51946	53	192.168.2.4	1.1.1.1
Nov 24, 2024 03:17:04.027918100 CET	53	51946	1.1.1.1	192.168.2.4
Nov 24, 2024 03:17:15.607589006 CET	64493	53	192.168.2.4	1.1.1.1
Nov 24, 2024 03:17:15.979428053 CET	53	64493	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 24, 2024 03:17:03.668446064 CET	192.168.2.4	1.1.1.1	0xf200	Standard query (0)	skype.onthewifi.com	A (IP address)	IN (0x0001)	false
Nov 24, 2024 03:17:15.607589006 CET	192.168.2.4	1.1.1.1	0x396d	Standard query (0)	ronymahmoud.casacam.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 24, 2024 03:17:04.027918100 CET	1.1.1.1	192.168.2.4	0xf200	No error (0)	skype.onthewifi.com		0.0.0.0	A (IP address)	IN (0x0001)	false
Nov 24, 2024 03:17:15.394355059 CET	1.1.1.1	192.168.2.4	0x2b65	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Nov 24, 2024 03:17:15.394355059 CET	1.1.1.1	192.168.2.4	0x2b65	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Nov 24, 2024 03:17:15.979428053 CET	1.1.1.1	192.168.2.4	0x396d	No error (0)	ronymahmoud.casacam.net		3.145.156.44	A (IP address)	IN (0x0001)	false
Nov 24, 2024 03:17:16.811156034 CET	1.1.1.1	192.168.2.4	0x9649	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 24, 2024 03:17:16.811156034 CET	1.1.1.1	192.168.2.4	0x9649	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Nov 24, 2024 03:17:30.900962114 CET	1.1.1.1	192.168.2.4	0xd14e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 24, 2024 03:17:30.900962114 CET	1.1.1.1	192.168.2.4	0xd14e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Nov 24, 2024 03:17:56.190851927 CET	1.1.1.1	192.168.2.4	0x65d4	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 24, 2024 03:17:56.190851927 CET	1.1.1.1	192.168.2.4	0x65d4	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	21:16:56
Start date:	23/11/2024
Path:	C:\Users\user\Desktop\4yOuoT4GFy.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\4yOuoT4GFy.exe"
Imagebase:	0x80000
File size:	643'072 bytes
MD5 hash:	A6D1D3DC7A39BA925EBC17953A7D6B24
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000000.00000002.1720656894.0000000002612000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	21:16:58
Start date:	23/11/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe"
Imagebase:	0x2b0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	21:16:58
Start date:	23/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	21:16:58
Start date:	23/11/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\StcHfDkbCv.exe"
Imagebase:	0x2b0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	21:16:58
Start date:	23/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	21:16:59
Start date:	23/11/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp"
Imagebase:	0x5e0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	21:16:59
Start date:	23/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	21:16:59
Start date:	23/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x8a0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000008.00000002.4127051817.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	21:17:01
Start date:	23/11/2024
Path:	C:\Users\user\AppData\Roaming\StcHfDkbCv.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\StcHfDkbCv.exe
Imagebase:	0x360000
File size:	643'072 bytes
MD5 hash:	A6D1D3DC7A39BA925EBC17953A7D6B24
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000009.00000002.1765381766.0000000002812000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000009.00000002.1765381766.0000000002812000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 83%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	21:17:02
Start date:	23/11/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff693ab0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	21:17:04
Start date:	23/11/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp25D9.tmp"
Imagebase:	0x5e0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	21:17:04
Start date:	23/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	21:17:04
Start date:	23/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0xc50000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 0000000D.00000002.1766444123.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	8.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	37.2%
Total number of Nodes:	196
Total number of Limit Nodes:	10

Executed Functions

Function 02556F08 Relevance: 74.0, Strings: 56, Instructions: 4007
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 02559590
1, xrefs: 02557BCA
D, xrefs: 025586E6
g, xrefs: 0255807F
2, xrefs: 02559F52
6, xrefs: 0255978A
l, xrefs: 0255836F
$^q, xrefs: 02557764
:, xrefs: 02557D3A
), xrefs: 0255A686
6, xrefs: 02558379
c, xrefs: 02558477
{, xrefs: 02557C1F
n, xrefs: 02557A79
6, xrefs: 0255821C
W, xrefs: 025598BA
g, xrefs: 02558CF1
1, xrefs: 02559CBE
6, xrefs: 02559306
J, xrefs: 0255ABB5
2, xrefs: 02559E08
5, xrefs: 02558089
V, xrefs: 025586DC, 0255965A
g, xrefs: 02558A11
$^q, xrefs: 02557733
p, xrefs: 02559780
/, xrefs: 0255AD9C
', xrefs: 02559143
Y, xrefs: 0255887E
:, xrefs: 02558E0C
1, xrefs: 02559B74
g, xrefs: 025584CC
4, xrefs: 0255AC14
$, xrefs: 025584D6
6, xrefs: 0255A3B9
6, xrefs: 0255A533
6, xrefs: 0255A529
i, xrefs: 02557D8F
8, xrefs: 0255867D
6, xrefs: 02557A83
6, xrefs: 02557EF6
B, xrefs: 02558829
:, xrefs: 02558B2C
$^q, xrefs: 02557702
K, xrefs: 0255AD92
), xrefs: 0255A92D
M, xrefs: 02558B81
$^q, xrefs: 025577CC
c, xrefs: 025581BD
g, xrefs: 02558212
6, xrefs: 0255A3C3
!, xrefs: 02557636
', xrefs: 02557BC0
$^q, xrefs: 02557799
o, xrefs: 02558FD1
c, xrefs: 02557E97

Memory Dump Source

Source File: 00000000.00000002.1719853440.0000000002550000.00000040.00000800.00020000.00000000.sdmp, Offset: 02550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2550000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID: !$$$'$'$)$)$/$1$1$1$2$2$4$5$6$6$6$6$6$6$6$6$6$6$8$:$:$:$B$D$J$K$M$M$V$W$Y$c$c$c$g$g$g$g$g$i$l$n$o$p${$$^q$$^q$$^q$$^q$$^q
API String ID: 0-3120552240
Opcode ID: a8c7fd274bda520b7c5a86f0fe2ed7ef73caf2b21cf3e9a1e55a94e8f1913a4e
Instruction ID: 0cb6f59c7a103a4cf14076ebddfe095f2a608ef8e7119cfe3ef9fc907309f7e5
Opcode Fuzzy Hash: a8c7fd274bda520b7c5a86f0fe2ed7ef73caf2b21cf3e9a1e55a94e8f1913a4e
Instruction Fuzzy Hash: DAA33734A10219CFCB15DF24C894A99B7B2FF89304F5085EAE909AF365DB71AE85CF50

Function 02556F18 Relevance: 74.0, Strings: 56, Instructions: 4003
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 02559590
1, xrefs: 02557BCA
D, xrefs: 025586E6
g, xrefs: 0255807F
2, xrefs: 02559F52
6, xrefs: 0255978A
l, xrefs: 0255836F
$^q, xrefs: 02557764
:, xrefs: 02557D3A
), xrefs: 0255A686
6, xrefs: 02558379
c, xrefs: 02558477
{, xrefs: 02557C1F
n, xrefs: 02557A79
6, xrefs: 0255821C
W, xrefs: 025598BA
g, xrefs: 02558CF1
1, xrefs: 02559CBE
6, xrefs: 02559306
J, xrefs: 0255ABB5
2, xrefs: 02559E08
5, xrefs: 02558089
V, xrefs: 025586DC, 0255965A
g, xrefs: 02558A11
$^q, xrefs: 02557733
p, xrefs: 02559780
/, xrefs: 0255AD9C
', xrefs: 02559143
Y, xrefs: 0255887E
:, xrefs: 02558E0C
1, xrefs: 02559B74
g, xrefs: 025584CC
4, xrefs: 0255AC14
$, xrefs: 025584D6
6, xrefs: 0255A3B9
6, xrefs: 0255A533
6, xrefs: 0255A529
i, xrefs: 02557D8F
8, xrefs: 0255867D
6, xrefs: 02557A83
6, xrefs: 02557EF6
B, xrefs: 02558829
:, xrefs: 02558B2C
$^q, xrefs: 02557702
K, xrefs: 0255AD92
), xrefs: 0255A92D
M, xrefs: 02558B81
$^q, xrefs: 025577CC
c, xrefs: 025581BD
g, xrefs: 02558212
6, xrefs: 0255A3C3
!, xrefs: 02557636
', xrefs: 02557BC0
$^q, xrefs: 02557799
o, xrefs: 02558FD1
c, xrefs: 02557E97

Memory Dump Source

Source File: 00000000.00000002.1719853440.0000000002550000.00000040.00000800.00020000.00000000.sdmp, Offset: 02550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2550000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID: !$$$'$'$)$)$/$1$1$1$2$2$4$5$6$6$6$6$6$6$6$6$6$6$8$:$:$:$B$D$J$K$M$M$V$W$Y$c$c$c$g$g$g$g$g$i$l$n$o$p${$$^q$$^q$$^q$$^q$$^q
API String ID: 0-3120552240
Opcode ID: 4008486e2c56780f20d993286cb32a9532a91c673cc764a47500e76348de381b
Instruction ID: c1afee9c24afbd7887d479be1c46b880a224f6c7975532cb90790054d5e3a6ce
Opcode Fuzzy Hash: 4008486e2c56780f20d993286cb32a9532a91c673cc764a47500e76348de381b
Instruction Fuzzy Hash: 8AA33734A10219CFCB15DF24C894A99B7B2FF89304F5085EAE909AF365DB71AE85CF50

Function 00A6D3F1 Relevance: 6.1, APIs: 4, Instructions: 132
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00A6D47E
GetCurrentThread.KERNEL32 ref: 00A6D4BB
GetCurrentProcess.KERNEL32 ref: 00A6D4F8
GetCurrentThreadId.KERNEL32 ref: 00A6D551

Memory Dump Source

Source File: 00000000.00000002.1717320912.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_4yOuoT4GFy.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: c725d32172604b30b2983a72fa477cf244f23e9e0b8735e527f25c266d4ca0fa
Instruction ID: 265b7268e47479423b0c99efd2507bafe6e3532d0237b2dd15b4586ac4804ac9
Opcode Fuzzy Hash: c725d32172604b30b2983a72fa477cf244f23e9e0b8735e527f25c266d4ca0fa
Instruction Fuzzy Hash: 6F5147B0E002498FDB14DFA9D548BDEBBF1EB88304F20C469D459A7360CB759984CF65

Function 00A6D400 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00A6D47E
GetCurrentThread.KERNEL32 ref: 00A6D4BB
GetCurrentProcess.KERNEL32 ref: 00A6D4F8
GetCurrentThreadId.KERNEL32 ref: 00A6D551

Memory Dump Source

Source File: 00000000.00000002.1717320912.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_4yOuoT4GFy.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 5208c2f65b6ba97e2af2a67767d7690d0dfd12839053e6a1c5a6c92789a16f1b
Instruction ID: 7926410522da14560c504d385e6554f0d114f9f2a264edb3617fc4529edce8f5
Opcode Fuzzy Hash: 5208c2f65b6ba97e2af2a67767d7690d0dfd12839053e6a1c5a6c92789a16f1b
Instruction Fuzzy Hash: 5C5146B0E003498FDB14DFA9D548B9EBBF5EB88304F20C469E419A7360DB74A984CF65

Function 00A6AD68 Relevance: 1.7, APIs: 1, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A6AFBE

Memory Dump Source

Source File: 00000000.00000002.1717320912.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_4yOuoT4GFy.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 2d1c940f993d6bf647cccd93e59caf5b8fb6d18bffe429163ac8fd45c5cab314
Instruction ID: 76bb6f82ec548e5ad54ea3581dcb2924a31f6f6f319f8008872f024373426210
Opcode Fuzzy Hash: 2d1c940f993d6bf647cccd93e59caf5b8fb6d18bffe429163ac8fd45c5cab314
Instruction Fuzzy Hash: 017123B0A00B048FDB24DF29D54579ABBF5FF98300F008A29D48AE7A50D775E846CF92

Function 025518E4 Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02551A02

Memory Dump Source

Source File: 00000000.00000002.1719853440.0000000002550000.00000040.00000800.00020000.00000000.sdmp, Offset: 02550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2550000_4yOuoT4GFy.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 8ff11e98cf21d8899bfe7181001871fc53227fce63e380091f900dc35b011ec8
Instruction ID: 77e8e462a69c73189a9610c7c70266112169cea84d5661c7dd8b70aeb70aca16
Opcode Fuzzy Hash: 8ff11e98cf21d8899bfe7181001871fc53227fce63e380091f900dc35b011ec8
Instruction Fuzzy Hash: E451E2B1D00359DFDB15CFA9C994ADEBFB1BF88314F24812AE818AB220D7709945CF90

Function 025518F0 Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02551A02

Memory Dump Source

Source File: 00000000.00000002.1719853440.0000000002550000.00000040.00000800.00020000.00000000.sdmp, Offset: 02550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2550000_4yOuoT4GFy.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 0f6b97ee06768b2392228e8f66c9c8bf5325714822e85744c35899d4811391af
Instruction ID: 3bab646d6830938f1c32c4a1d79ad929bb8e5bc3463f4acc3909391ad9b1427b
Opcode Fuzzy Hash: 0f6b97ee06768b2392228e8f66c9c8bf5325714822e85744c35899d4811391af
Instruction Fuzzy Hash: 9541E0B1D003599FDB14CFA9C984ADEBFB5BF48314F24812AE818AB210D7709885CF95

Function 00A658FD Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A659B9

Memory Dump Source

Source File: 00000000.00000002.1717320912.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_4yOuoT4GFy.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: a359d9d7bd43a9432b1ebbabf6314e51f090d19dae254371166cc1d4b96cafea
Instruction ID: c95c7485a38420e52d9630619032848ae4e7cbd95a76b6fd3ddc4f9464a7df75
Opcode Fuzzy Hash: a359d9d7bd43a9432b1ebbabf6314e51f090d19dae254371166cc1d4b96cafea
Instruction Fuzzy Hash: B841E3B0C00719CFDB24CFA9C884B8EFBB5BF49314F2481AAD419AB255DB755985CF90

Function 00A644F0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A659B9

Memory Dump Source

Source File: 00000000.00000002.1717320912.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_4yOuoT4GFy.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 13c81d36431745a19173628e4c38f7e611cafbbf64496fe8f3312830f0a468ed
Instruction ID: 51da52ff24a4edd20ed9058dd75730cb3ed7f9f3728a832e288b0ef5e7ad1df8
Opcode Fuzzy Hash: 13c81d36431745a19173628e4c38f7e611cafbbf64496fe8f3312830f0a468ed
Instruction Fuzzy Hash: D241D2B0C00B19CBDB24CFA9C884B9EBBB5BF48304F2481AAD419AB255DB756945CF90

Function 02554040 Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 02554101

Memory Dump Source

Source File: 00000000.00000002.1719853440.0000000002550000.00000040.00000800.00020000.00000000.sdmp, Offset: 02550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2550000_4yOuoT4GFy.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: bd295568b19971bf7d4b44ae2268c99a201916b2d6a255d4e3a20f4bb9f76958
Instruction ID: 4b91953a665744d9562ba5e6f7cefe4299ccac20642c52b4a7e2a0a1fc44315d
Opcode Fuzzy Hash: bd295568b19971bf7d4b44ae2268c99a201916b2d6a255d4e3a20f4bb9f76958
Instruction Fuzzy Hash: 1741F9B4A00315DFDB14CF99C848AAABBF5FF88314F24C499D519AB321D775A841CFA4

Function 00A6D640 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A6D6CF

Memory Dump Source

Source File: 00000000.00000002.1717320912.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_4yOuoT4GFy.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: bbbb9013a73a4f93ff5a50e1336902a4f6fa44deb714aaa9b7bec5856b67d3ac
Instruction ID: 09e19b8f3e82ead39972a5203367bd5b68072293cfe8577cf52d9ee583da52ae
Opcode Fuzzy Hash: bbbb9013a73a4f93ff5a50e1336902a4f6fa44deb714aaa9b7bec5856b67d3ac
Instruction Fuzzy Hash: F921E4B5D002589FDB10CFA9D584AEEBFF4FB48314F14841AE958A7311C374A945CF64

Function 00A6D648 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A6D6CF

Memory Dump Source

Source File: 00000000.00000002.1717320912.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_4yOuoT4GFy.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2e4bc07978a42039c904f175c454023c22eaae28b76272682a1bbba4e16baa6b
Instruction ID: cc9cb1d16fdb81010c69d114c9a2bbe51f0615c31593dcab387533f18decefd3
Opcode Fuzzy Hash: 2e4bc07978a42039c904f175c454023c22eaae28b76272682a1bbba4e16baa6b
Instruction Fuzzy Hash: 8221E4B5D002489FDB10CF9AD984ADEBBF4EB48314F14801AE958A7310D374A940CFA5

Function 00A6AF58 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A6AFBE

Memory Dump Source

Source File: 00000000.00000002.1717320912.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_4yOuoT4GFy.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: bf942469ca38da92d999281be167197b7fc83953229134d4e8ea5303b5d1d6a1
Instruction ID: 8d4c62f0d1bc00b075c5abebb8de78b466ce7fc42e95566f9ac2f3d571f060b7
Opcode Fuzzy Hash: bf942469ca38da92d999281be167197b7fc83953229134d4e8ea5303b5d1d6a1
Instruction Fuzzy Hash: AD11E0B5C003498FCB10DF9AD444ADEFBF4EB88324F10846AD469B7610C379A545CFA6

Function 00A0D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715478086.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0d000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13a87228abf8bff5ceb99c27b5282dd582e2db69783b192d296c9a3f18b6677d
Instruction ID: 96a98aadef33111b11c117184ba39190498df45704455516ad0d4a3b96ce805a
Opcode Fuzzy Hash: 13a87228abf8bff5ceb99c27b5282dd582e2db69783b192d296c9a3f18b6677d
Instruction Fuzzy Hash: 89212572500248DFCB05DF54E9C0B26BF65FB98318F20C569EC090B296C336E856CAA1

Function 00A1D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715661598.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1d000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6055e0324cc59068f152bfdc904b91de1597a24d8f8b9bd5548562366224d285
Instruction ID: eea40d4a0584a79a5928fc7e7e894db8e7dd54649a73daf1e1f2fcf5052c6711
Opcode Fuzzy Hash: 6055e0324cc59068f152bfdc904b91de1597a24d8f8b9bd5548562366224d285
Instruction Fuzzy Hash: 9C212671504200EFDB05DF14D9C0BA6BBB5FB94314F34C66DE8494F296C33AD886CA61

Function 00A1D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715661598.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1d000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b781eeaf8369ba7ef7cde2507dc5ddff339a80d2b07f0aa0a87d5108f017e6c
Instruction ID: 45c64f429e6f4ae2d2b6132cc48b1fa6dc318399da97428a177a9edd78abba04
Opcode Fuzzy Hash: 2b781eeaf8369ba7ef7cde2507dc5ddff339a80d2b07f0aa0a87d5108f017e6c
Instruction Fuzzy Hash: 23210475604200EFCB14DF14D9C4B66BFA5FB88314F24C56DD80A4B296C33BD887CA61

Function 00A1D006 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715661598.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1d000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1f2a4e2423c1d9bb38dd46447dbbc4e85e9aba742387b84e0a1d66e1c5fb6ba
Instruction ID: 53e7c314b832f233340dc367907f6f55279a04710e9d1024d943a58975f20cdd
Opcode Fuzzy Hash: f1f2a4e2423c1d9bb38dd46447dbbc4e85e9aba742387b84e0a1d66e1c5fb6ba
Instruction Fuzzy Hash: 05219F755093808FCB02CF24D994B15BF71EB49314F28C5DAD8498B2A7C33A984ACB62

Function 00A0D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715478086.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0d000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 58e5198d92fe7ae436025f199571cb1fcc2ebc7571cf1c78c5139a5b9c4481f4
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: BE11D376504284CFCB16CF54E9C4B16BF71FB98318F24C6A9DC490B696C336E85ACBA1

Function 00A1D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715661598.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1d000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 2ca15c785c415407043fe16553466e46c2d4698e82e41f7b2832dd53c48e7882
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 7511BB75504280DFCB02CF14C5C4B95BBA1FB84314F28C6AAD8494B696C33AD84ACB61

Function 00A0D745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715478086.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0d000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c172e5d7160abde633923d0c582a39c999b52ad2216008df1b3648d09972b3b3
Instruction ID: 1b81df3c74ceb6ae565cc9dbf917f3b16e43212e06e4dadf43680da6ad39b08d
Opcode Fuzzy Hash: c172e5d7160abde633923d0c582a39c999b52ad2216008df1b3648d09972b3b3
Instruction Fuzzy Hash: 3A01DB720083489AE7105F69DDC4B67FFA8DF81324F18C52AED194E2C6D679D841CA71

Function 00A0D744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715478086.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0d000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a1c91c0db3bda6a65e49441b8b6093365e9e6a64d5f6083f2ab108406eaf6c8
Instruction ID: 6df48bb79b2de580ae11c6a26b53c02510546d393fbb9768d78d0f6132eeec23
Opcode Fuzzy Hash: 3a1c91c0db3bda6a65e49441b8b6093365e9e6a64d5f6083f2ab108406eaf6c8
Instruction Fuzzy Hash: 9FF062724083449AE7108F1ADD88B62FFA8EB91734F18C45AED084E286C2799844CAB1

Non-executed Functions

Function 02550040 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719853440.0000000002550000.00000040.00000800.00020000.00000000.sdmp, Offset: 02550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2550000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ca23994c8a5cf5bff2b77e8f3170e2feda63866c676d21e72885b575626019a
Instruction ID: 939f3be2c38431422e98e23238e72296c71b165023df252080f03572b2521169
Opcode Fuzzy Hash: 4ca23994c8a5cf5bff2b77e8f3170e2feda63866c676d21e72885b575626019a
Instruction Fuzzy Hash: F8128FF4C01F468AE710CFB5ED4C2897BB1BB85328B908609DE616A2F1DBB8154BCF45

Function 00A6EEE4 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717320912.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c87cec6d5929e9e76b690fdcffacfe5bdf907af4f1ceaa69c15a1445db49eef4
Instruction ID: e527a5e453fc594a61329770a6bcda76e89c9cd1e4036b62f933bf1eeeea25c9
Opcode Fuzzy Hash: c87cec6d5929e9e76b690fdcffacfe5bdf907af4f1ceaa69c15a1445db49eef4
Instruction Fuzzy Hash: DBA16F36E002058FCF05DFB5D94459EB7B2FF84300B2585BAE906AB265EB71ED56CB80

Function 0255001A Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719853440.0000000002550000.00000040.00000800.00020000.00000000.sdmp, Offset: 02550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2550000_4yOuoT4GFy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b9e605fce2dfd0cecd48425eb5105e93f3dbc7f27f211dcc07c0b111d11fc9c
Instruction ID: 7afc727d979b59e4e4731cf7e1397fb8a027b0b97000844d54fc36268bcda947
Opcode Fuzzy Hash: 5b9e605fce2dfd0cecd48425eb5105e93f3dbc7f27f211dcc07c0b111d11fc9c
Instruction Fuzzy Hash: DDC1D1F4C01B468BE710DFB9EC482897BB1BB85328B558609DD616B2F1DBB8158BCF44

Analysis Process: MSBuild.exePID: 7948, Parent PID: 7492COMMON

Executed Functions

Function 0128A278 Relevance: 12.3, Strings: 9, Instructions: 1021COMMON

Download Yara Rule

Strings

D@, xrefs: 0128AF31
x{, xrefs: 0128A9F9
x{, xrefs: 0128A940
x{, xrefs: 0128A3DA
x{, xrefs: 0128ACE8
x{, xrefs: 0128ABE2
D@, xrefs: 0128AEFB
x{, xrefs: 0128A302
x{, xrefs: 0128AADC

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: D@$D@$x{$x{$x{$x{$x{$x{$x{
API String ID: 0-754842710
Opcode ID: 171a74bdf32779139a65e812328e6c15e26015a46a64cd102dac9ba692583e52
Instruction ID: 2957ea3fa66b86a686a49766e3aba803eb093a8b35a9cc779f3be84fdf81e392
Opcode Fuzzy Hash: 171a74bdf32779139a65e812328e6c15e26015a46a64cd102dac9ba692583e52
Instruction Fuzzy Hash: A9824C307102058FDB14EF69C995B2EBBE2FF84300F108979E5469B3A6DF719D4A8B51

Function 01285F60 Relevance: 1.5, Strings: 1, Instructions: 281COMMON

Download Yara Rule

Strings

\Vam, xrefs: 01286217

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: \Vam
API String ID: 0-2269870599
Opcode ID: 5f923d644ec82e202d81d8412140933aa2ebde2d22395afb0ed2d820ab8d67ab
Instruction ID: ed1f288894d823cbe78b96bf2adf5f0dac9bfd13554f49927a98c8a954cec283
Opcode Fuzzy Hash: 5f923d644ec82e202d81d8412140933aa2ebde2d22395afb0ed2d820ab8d67ab
Instruction Fuzzy Hash: A5B17C70E1120ACFDF14DFA9C8857AEBBF2BF88314F148129D515A7395EB749846CB81

Function 01286830 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c8509f9cd0c695ba495d892bc0b024e37625588aefe00775e4f635dd4240301
Instruction ID: 5defb25a8c9022e32890d6b4383c81ccb56b7eb049fc7129595a7ee8b33515c8
Opcode Fuzzy Hash: 0c8509f9cd0c695ba495d892bc0b024e37625588aefe00775e4f635dd4240301
Instruction Fuzzy Hash: C7B15D70E2120ACFDB10EFA9D9817EDBBF2BF88314F148129D559A7294EB749845CB81

Function 01280EEF Relevance: 6.4, Strings: 5, Instructions: 134COMMON

Download Yara Rule

Strings

(bq, xrefs: 012811BA
D@, xrefs: 012811CB
D@, xrefs: 0128102C
Te^q, xrefs: 01280F15
d7p, xrefs: 01280F2D

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: (bq$D@$D@$Te^q$d7p
API String ID: 0-2670463302
Opcode ID: a83d4531cca18669f8ffb026a0a02726eb42eb446e72f50b11b407196ac3880f
Instruction ID: e3df92b2f88bf4dd2e4d892c9adba5cca72650aaa89bf4af4054acd29cd533a8
Opcode Fuzzy Hash: a83d4531cca18669f8ffb026a0a02726eb42eb446e72f50b11b407196ac3880f
Instruction Fuzzy Hash: F9418F34B101148FC744AF2DC458A6EBBF6EF88710F2581A9E906DB3E6CE75DC068B91

Function 0128175B Relevance: 4.2, Strings: 3, Instructions: 415COMMON

Download Yara Rule

Strings

a^q, xrefs: 01281CF1
xbq, xrefs: 01281D3F
,, xrefs: 01281890

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: a^q$,$xbq
API String ID: 0-3273861135
Opcode ID: f131076f7d0386d288258baec6fa77afe24acd1b8fa02b1e0259ed90190f9ab9
Instruction ID: cd4305efb8c0281734f70961e69355ff61e6e1455ff92a51fde5084766d03109
Opcode Fuzzy Hash: f131076f7d0386d288258baec6fa77afe24acd1b8fa02b1e0259ed90190f9ab9
Instruction Fuzzy Hash: FAF17C707112019FDB05EF68D554B2EBBA2FB88304F10896AE405AB3E9DF71DC86CB91

Function 0128B080 Relevance: 3.8, Strings: 3, Instructions: 79COMMON

Download Yara Rule

Strings

a^q, xrefs: 0128B156
x{, xrefs: 0128B095
+-, xrefs: 0128B14E

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: a^q$x{$+-
API String ID: 0-4239825293
Opcode ID: ef79adcc9b1484da5b320a9bdb1e8cbcb98e10967f036e89862d8fe59c88f2f2
Instruction ID: 43f36c148f0d1cc9a04fc3fa56b4429948a36e0f3fa05127dde3b8cb15d1ad9a
Opcode Fuzzy Hash: ef79adcc9b1484da5b320a9bdb1e8cbcb98e10967f036e89862d8fe59c88f2f2
Instruction Fuzzy Hash: FB21E4307112019FCB06FB389810A6EBBA2EFC1344B14866ED1059F2E6EF719D4E87D0

Function 0128B090 Relevance: 3.8, Strings: 3, Instructions: 69COMMON

Download Yara Rule

Strings

a^q, xrefs: 0128B156
x{, xrefs: 0128B095
+-, xrefs: 0128B14E

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: a^q$x{$+-
API String ID: 0-4239825293
Opcode ID: a032a92e327a2f299c1f8264e2c96f8e6cb8ba08a3f8091798b04a3bc1b86915
Instruction ID: a2a2ed706dee55bca83cc23af93a5ce5d79ae5188d6036b5c8a8a8111f9ab40f
Opcode Fuzzy Hash: a032a92e327a2f299c1f8264e2c96f8e6cb8ba08a3f8091798b04a3bc1b86915
Instruction Fuzzy Hash: 26219D307516019FCB05FB29D840A2EBBE2EBC0354B508A29D1069B2E9DF71AD4E8BD4

Function 01282D70 Relevance: 2.7, Strings: 2, Instructions: 202COMMON

Download Yara Rule

Strings

p @, xrefs: 01282DA0
x{, xrefs: 01282E64

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: p @$x{
API String ID: 0-910549308
Opcode ID: 821262c170c27b8306f85c038d30f1a169d09d994de8f7869acf5b827ae1caeb
Instruction ID: 926f2265c52a22ba5ae0048f5e0c7a8eb40e0ee9ad6fc368ef4ff76a027f9a18
Opcode Fuzzy Hash: 821262c170c27b8306f85c038d30f1a169d09d994de8f7869acf5b827ae1caeb
Instruction Fuzzy Hash: 8F71F331A11205CFCB15EF68C48456EBBF2FF85310B0985AAC5569F396DB30EC4ACB91

Function 01289CF8 Relevance: 2.7, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

x{, xrefs: 01289D13
x{, xrefs: 01289DC2

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: x{$x{
API String ID: 0-396818700
Opcode ID: 8a4e8447c02347067488ebca255683aba46c5e871e20e38e01a0adb7106c0f90
Instruction ID: c8f1140dbc2d4c03f2b2a2ff4550e4e20fb11f772a56692c1c8152b90f1ce2a4
Opcode Fuzzy Hash: 8a4e8447c02347067488ebca255683aba46c5e871e20e38e01a0adb7106c0f90
Instruction Fuzzy Hash: F2719E30B11205DFCB09EF78D48066EBBF2EFD9204B10856AD406AB395DF319D4ACB91

Function 01281982 Relevance: 2.7, Strings: 2, Instructions: 161COMMON

Download Yara Rule

Strings

a^q, xrefs: 01281CF1
xbq, xrefs: 01281D3F

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: a^q$xbq
API String ID: 0-2265834418
Opcode ID: fc2bf69a04a52f4e7dbd10c80e3c89f09397ca86da6ea1e94f04359f7fed5d2c
Instruction ID: ea73e961413da399e49e1856ae3875357beed33f6a140a46be0b7f561b01a82d
Opcode Fuzzy Hash: fc2bf69a04a52f4e7dbd10c80e3c89f09397ca86da6ea1e94f04359f7fed5d2c
Instruction Fuzzy Hash: EC517B747002009FD705AF69D844B2A7BA2FB89304F11856AE106AF3E5DBB1ED4ACB95

Function 012891C0 Relevance: 2.6, Strings: 2, Instructions: 111COMMON

Download Yara Rule

Strings

$^q, xrefs: 012891F5
$^q, xrefs: 012891FF

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: ddcef6183827eb57204d0091e832637b38b7d446359f741e75b771ee3b2bc3f0
Instruction ID: 08f2732136bfac27e1a9b94f47922a07c0a047eab8c4ae11ca9880bf985e59d5
Opcode Fuzzy Hash: ddcef6183827eb57204d0091e832637b38b7d446359f741e75b771ee3b2bc3f0
Instruction Fuzzy Hash: D8416A30665405CFCB186F6AA44A53DBBB3BBC4B097788849E1069B2D8CF319D97DB81

Function 01283589 Relevance: 2.6, Strings: 2, Instructions: 95COMMON

Download Yara Rule

Strings

|, xrefs: 012835E8
x{, xrefs: 0128353C

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: x{$|
API String ID: 0-2839937792
Opcode ID: b12741edebb4af50a4033ad05ea57b8dec0e2197be3020cd7e0459d02bf6149c
Instruction ID: 94454b52d30d935a9f9fab627cf4bdfdcd04882c51a39c5d2293b01568684600
Opcode Fuzzy Hash: b12741edebb4af50a4033ad05ea57b8dec0e2197be3020cd7e0459d02bf6149c
Instruction Fuzzy Hash: DD31DC71B142119FCB00EB38E80466D7BF1EB88A10F00496AE50ADB3A6EB34D9058BA5

Function 01285F54 Relevance: 1.5, Strings: 1, Instructions: 278COMMON

Download Yara Rule

Strings

\Vam, xrefs: 01286217

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: \Vam
API String ID: 0-2269870599
Opcode ID: 8fabd83cb1e5ecf331dfed5fbce27729ee3f0f3fda0f7178b5fe1435c27035c8
Instruction ID: 1ec5004b30232f6f88c03622bcff8c470319badb01f6e440d77754ceac7351ac
Opcode Fuzzy Hash: 8fabd83cb1e5ecf331dfed5fbce27729ee3f0f3fda0f7178b5fe1435c27035c8
Instruction Fuzzy Hash: A4B16CB0E2121ACFDF10DFA8C8857ADBBF2BF48314F148129D515A7395EB749846CB91

Function 012829E8 Relevance: 1.5, Strings: 1, Instructions: 231COMMON

Download Yara Rule

Strings

x{, xrefs: 01282A0C

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: x{
API String ID: 0-3347943765
Opcode ID: b9d1e5e22e9a89412dad36a01471615761490cd8850a577203bfbbb4bd026868
Instruction ID: 92fec2e3611fdbcbc41929e7ff63ce1e10162490d16f88acf25853e2b7d01554
Opcode Fuzzy Hash: b9d1e5e22e9a89412dad36a01471615761490cd8850a577203bfbbb4bd026868
Instruction Fuzzy Hash: DBA15E74601245AFCB05EF34D458A1E7BB2FF88314B208A6AD5069B3A9DF35994BCFD0

Function 012829F8 Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

x{, xrefs: 01282A0C

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: x{
API String ID: 0-3347943765
Opcode ID: 37d3ab42757d77c43dcf2e553e6a062c66fabb62de14b68ba6b05e72100b1f15
Instruction ID: 3c179f831d443f20a64ec848a0e7597829648f25008bc83c74dc8d34e144e810
Opcode Fuzzy Hash: 37d3ab42757d77c43dcf2e553e6a062c66fabb62de14b68ba6b05e72100b1f15
Instruction Fuzzy Hash: AEA15F74601245DFCB05EF34D458A1E7BB2FF88314B208A6AD5069B3A9DF35994ACFD0

Function 01289900 Relevance: 1.5, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

xbq, xrefs: 01289C46

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: xbq
API String ID: 0-73991425
Opcode ID: 4535cb23def87b9c8c50c4f8bc0134a84930cf4345a21ca45d777108852a60f8
Instruction ID: a1b3106600ec9cc701f0d982c68955c55a833ecc653acc5a59a7fdc7f4dcefca
Opcode Fuzzy Hash: 4535cb23def87b9c8c50c4f8bc0134a84930cf4345a21ca45d777108852a60f8
Instruction Fuzzy Hash: 6A916DF45112018FDB25EFAAE854B257BE2F78D318F06451BC500A72E4DBB1DA8ACB91

Function 012896F8 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

Te^q, xrefs: 0128979A

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: d5029cf2d3c7b470f8eff56bafe8ed1c49f8c17053a09254890037fb92156509
Instruction ID: 11c15b736553f1efedefd693b59065ffb015875a81f7edd4e8b33952c8a7d857
Opcode Fuzzy Hash: d5029cf2d3c7b470f8eff56bafe8ed1c49f8c17053a09254890037fb92156509
Instruction Fuzzy Hash: 97518F74A20201DFEB15EF69C858B697BB2FF88714F144159E511AB3E5CFB1AC81CB40

Function 01283660 Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

t|, xrefs: 012836FE

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: t|
API String ID: 0-2678736109
Opcode ID: de1b8648b64ad7dafde183dea53ad9c55edb7183e952240675dabc59de26c708
Instruction ID: 32d9b2703b303915733b2200fb725eddad6dbb99c8479ea598053f7838fd0a37
Opcode Fuzzy Hash: de1b8648b64ad7dafde183dea53ad9c55edb7183e952240675dabc59de26c708
Instruction Fuzzy Hash: 0141DF71A042488FCB18EB7ED8546AEBBE6EFC9714F14842DD10AAB380CF35D9058B95

Function 012891A9 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

$^q, xrefs: 012891F5

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: baaface13e049d70ec0295ee1adee68ed07dd3ef80b89b7c3a13ca57f86b9a4f
Instruction ID: 08a6fecdb6ac5b1820da1f712ac149144d0625699d2580eec215f96863aff746
Opcode Fuzzy Hash: baaface13e049d70ec0295ee1adee68ed07dd3ef80b89b7c3a13ca57f86b9a4f
Instruction Fuzzy Hash: 5841B330625441CFCB196F6EA80A038BF73BFC570936C8886E1029B2D5CB319D5BDB41

Function 01280AD0 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

\U, xrefs: 01280B16

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: \U
API String ID: 0-3005333660
Opcode ID: 204e265eec131feb4b20e47cc3a8b899f88b2eff4f833e66175122744415567a
Instruction ID: 2ff2fc809ef2ab10c0d2015b099e2741ec6d74dd955857cdaad8545e7495fc3e
Opcode Fuzzy Hash: 204e265eec131feb4b20e47cc3a8b899f88b2eff4f833e66175122744415567a
Instruction Fuzzy Hash: 3C51A178201205DFCB07EF74E9489597776EB883057508A6BD406AB3AADF71AD4BCF80

Function 0128A14D Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

Te^q, xrefs: 0128A17B

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: f8b4b0686dd7ce333836ff32d2633d4e9372a4ee600b06c3b41728c592a0be94
Instruction ID: 016d35983f1128be1cdc80e4d04ce1184052e9655c34c28e8a95b8befb7235cd
Opcode Fuzzy Hash: f8b4b0686dd7ce333836ff32d2633d4e9372a4ee600b06c3b41728c592a0be94
Instruction Fuzzy Hash: D131A330B501058FDB14AF69C858BBEBBF6AF88B10F24405AE505EB3E5CEB59C05CB94

Function 01281370 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

LR^q, xrefs: 012813B3

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: 1acf374d44e408deb90654661b6ca8c9e04926b454de0f95b3bec606fe058489
Instruction ID: dd682acd548964100565d461f65c72dbdd65831a1a28d88252a78bc1f08f25f4
Opcode Fuzzy Hash: 1acf374d44e408deb90654661b6ca8c9e04926b454de0f95b3bec606fe058489
Instruction Fuzzy Hash: 96217E34F112169FCB54EB7D8551A6FBBF6EFC8600B144069E50ADB3A4EE709D028791

Function 01280D44 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

dLdq, xrefs: 01280D83

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: dLdq
API String ID: 0-3390252261
Opcode ID: 8c92068baff37c0143d8ac32c2b54dd76990bb10f97f1ea97dfcc33edb05446e
Instruction ID: 974bbefd5105490c53b8abfe899c6198608e303300e679573636c6ac5d5e8272
Opcode Fuzzy Hash: 8c92068baff37c0143d8ac32c2b54dd76990bb10f97f1ea97dfcc33edb05446e
Instruction Fuzzy Hash: C2318135A002058FDB15DF69C598BAEBBF2FF48300F148569E501AB3A1CB75ED09CB54

Function 012890D8 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

Te^q, xrefs: 012890F2

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: ea7570036447928c17fbab918333e824af90dceb5f21cc8b81272d504bcdfb7e
Instruction ID: d7475963bf00b9e788518f621d7929ed3abc4d6120bffe010283e8e811e610e8
Opcode Fuzzy Hash: ea7570036447928c17fbab918333e824af90dceb5f21cc8b81272d504bcdfb7e
Instruction Fuzzy Hash: 18216D307251158FDB04AB68D858BAE7BF6AFC8B14F20405AE506EB3E1CF719C048B91

Function 01289CEB Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

x{, xrefs: 01289D13

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: x{
API String ID: 0-3347943765
Opcode ID: 4935d8ef5c332998f3ae5ca5871ad8246c149d2122d2bc0dea3218158fab56f5
Instruction ID: 35f2fa8eeeed9b8fda88e7e660d363c5ada23c68ca17bfded9df42830ad002fa
Opcode Fuzzy Hash: 4935d8ef5c332998f3ae5ca5871ad8246c149d2122d2bc0dea3218158fab56f5
Instruction Fuzzy Hash: C21129307102055FCB06BB78D89056E7BE6DBC5608B00843BC905A7386DF31DD0B83D2

Function 012895DF Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

Te^q, xrefs: 0128960B

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 416cacbcdd6036cc8d2629bef0921735a0adca0a540e349ea8397d8409f27435
Instruction ID: 4b4005af7797c69870eccc20ed92acb7bde99c8e3106ee8fb0f19dac19850ff3
Opcode Fuzzy Hash: 416cacbcdd6036cc8d2629bef0921735a0adca0a540e349ea8397d8409f27435
Instruction Fuzzy Hash: 5811A270B102118FDB14DB2CC898B7ABBE2AF88724F148059E501AF3E6CA729C42CB50

Function 012895F0 Relevance: 1.3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

Strings

Te^q, xrefs: 0128960B

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: dc978d851ea7b98e60a0d6ad0867a151f665be96088bbce0b5e5b4a785c81851
Instruction ID: 289ffbd681c882cd22a0aef84615785067eab18a57fd96156744d34b1c268c0a
Opcode Fuzzy Hash: dc978d851ea7b98e60a0d6ad0867a151f665be96088bbce0b5e5b4a785c81851
Instruction Fuzzy Hash: AC118F30B50205CFDB14AB69C498FBDBBE6AF88714F144059E902AB3E5CEB5AC41CB90

Function 0128B191 Relevance: 1.3, Strings: 1, Instructions: 55COMMON

Download Yara Rule

Strings

LR^q, xrefs: 0128B1B5

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: 3922eff4370127e9d3243a6d91a50badab83b41a81adb287c00a4ee056cc16d7
Instruction ID: 11df0ba7be1c54aa1b5cc3f0cc959493b6d9e8b365cf45ac8ddb9857f220496a
Opcode Fuzzy Hash: 3922eff4370127e9d3243a6d91a50badab83b41a81adb287c00a4ee056cc16d7
Instruction Fuzzy Hash: 76110471B22116AFCB19FBAC88016BE77B5EF89210F50416DE509DF2D1F7709912CB90

Function 0128A0B3 Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

Te^q, xrefs: 0128A0CD

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 35bbbb03b009b724790302df88aef2e7feacb29ffac0f5c558bd93044b4c3bbd
Instruction ID: 3c5ae2f047da5eb3d0ce9a66edc15cc393d6b34d418506949bf6cf4bfed7055a
Opcode Fuzzy Hash: 35bbbb03b009b724790302df88aef2e7feacb29ffac0f5c558bd93044b4c3bbd
Instruction Fuzzy Hash: 330192317201008FDB14AB18C958BAE7BF2AF8C710F20405AE506EB3E0CFB19D05CB90

Function 01286827 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f65da80f34077aa4a4e0b1861d59716a480f9bb1e68f0188e2216297ca011eab
Instruction ID: fd4f9c00c0fe70edfe62e45356c7d6ad8c38f604a0f0a84dc47bdc9ba22ea87a
Opcode Fuzzy Hash: f65da80f34077aa4a4e0b1861d59716a480f9bb1e68f0188e2216297ca011eab
Instruction Fuzzy Hash: 01A16D70E2120ACFDB10EFA9D9857DDBBF1BF48314F188129D958E7294EB749885CB81

Function 01289383 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 362fd51e16012ac5a4912e402776b530fbdd88e33a41f26896945bdf83f31767
Instruction ID: 10aab332ccf25c0da84c9aa8706e6fcfdef196705a86f5066c1a987896d7e0b9
Opcode Fuzzy Hash: 362fd51e16012ac5a4912e402776b530fbdd88e33a41f26896945bdf83f31767
Instruction Fuzzy Hash: C6516E74A00115DFCB04EF68D584A6EFBB2FF84319F2184A5E405AB7A6DB31ED41CB91

Function 0128406C Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76fa9aaf8165205c67c5483b4c639e6bea8fb57582301660f2082c32b8919d7f
Instruction ID: 6ae7bd44c44abc83a8911c7a95cab22ad720a3d56350ec28b91ebbb7807d21f7
Opcode Fuzzy Hash: 76fa9aaf8165205c67c5483b4c639e6bea8fb57582301660f2082c32b8919d7f
Instruction Fuzzy Hash: 064110B1D00389DFCB10EFA9C484ADEBFF5EF48314F148029E419AB250DB75A946CB91

Function 01284078 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd35b1bc2d242ab749a5be36cb88b131d4719a8cb4117eabb21545aac60a4f1c
Instruction ID: 757b05adffef6d698c5dfd38f5ad2b6b72f92a98408d52acbc7ab2e45b805509
Opcode Fuzzy Hash: cd35b1bc2d242ab749a5be36cb88b131d4719a8cb4117eabb21545aac60a4f1c
Instruction Fuzzy Hash: 4841EEB0D0124DDFDB10EFA9C484ADEBFB5FF48314F14802AE919AB254DB75A949CB90

Function 012809A8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03f209300f043872dc7eeadf96b1e5915f7ab96d8ded56c036417f79a1c073e2
Instruction ID: 346144f0df2f8a4e4fc9a1b9236585df46f8ca05aec4d1bfa6335dd645f8eb7f
Opcode Fuzzy Hash: 03f209300f043872dc7eeadf96b1e5915f7ab96d8ded56c036417f79a1c073e2
Instruction Fuzzy Hash: 8121B6317222038FDF55BBB9D91462E7BB4AF44605B00452BB707E62D1EE70C809CB99

Function 01281058 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6a5c6009d3e920d3cccf45805e595d2ecdee79ed3e19a6d35e45e5804e021ed
Instruction ID: 655a80a3d409b35e80cbb692ba859a56d9e1721550f13d8780349f6e20d9eb7d
Opcode Fuzzy Hash: b6a5c6009d3e920d3cccf45805e595d2ecdee79ed3e19a6d35e45e5804e021ed
Instruction Fuzzy Hash: E7213734B111048FE714EF69D995BAE7BE2EF88B10F248158E902EB3E5DB709C02CB50

Function 00D6D3B4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4125096556.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_d6d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27615120c71d65a6bc937a7e7e87466d425136678a62be582c7421933d03846d
Instruction ID: e1acee254cfef36ec0abe557b519cd4f810f57eb60610688458753297061ee3f
Opcode Fuzzy Hash: 27615120c71d65a6bc937a7e7e87466d425136678a62be582c7421933d03846d
Instruction Fuzzy Hash: 6F2122B1A04240DFCB05DF14E9C0B26BF66FB98324F24C569E8494B256C736F856CAB2

Function 01281273 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889e6d46864bd2397a9db204bed26016f7daed96f93bec2dba649ce4a574548c
Instruction ID: facc2add611314fab65b47c84dd9684b95623eba1101e66e1c14d336dd4f5c38
Opcode Fuzzy Hash: 889e6d46864bd2397a9db204bed26016f7daed96f93bec2dba649ce4a574548c
Instruction Fuzzy Hash: EF118171B002159FCB48ABBD895836E7AEAEFC8700B10482ED01AD7395DE348D0947B1

Function 01288F4B Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84062268ebc45d91f1bc8343005d8d5f789ae761a3e2deaebaede35c8701accb
Instruction ID: 8a208be2f9522a8fc6f28c28536224c23c7f24f58e44e850391ea8595db26614
Opcode Fuzzy Hash: 84062268ebc45d91f1bc8343005d8d5f789ae761a3e2deaebaede35c8701accb
Instruction Fuzzy Hash: 75214930A01219CFCB15FB78D5546AE7BB2EF89608F144429D506AB3A8DF319C87CB91

Function 00D6D3AF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4125096556.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_d6d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 6343dc1ad6edb7efeb4d3bebd8097820cb2a179effa26f7f20fb6e2f0fcad30a
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 1511E676904280CFCB16CF10D5C4B16BF72FB94314F28C5A9DC490B656C336E85ACBA1

Function 01283651 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d670698fb92fc345baa1e914cc201108b398c7793eae96ec12ff1d6c8bede48
Instruction ID: 6360c2c21a1cac60fa75c1aec08f52e868f4169e33015e6b3737c117fca6e19b
Opcode Fuzzy Hash: 0d670698fb92fc345baa1e914cc201108b398c7793eae96ec12ff1d6c8bede48
Instruction Fuzzy Hash: 3401C4313092414FC715BB2DA9A063D3693BBCA668748457ED20ACB3D2DF75DC068396

Function 01281468 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f69f24633ea6803af2d1618dd5b79bf2fe028a7ab40e7889d0d0694c35fedccf
Instruction ID: fcd10d3f60385af76f1a18fd96a6a9a2c79d6409b7244afe3658de9ea899d881
Opcode Fuzzy Hash: f69f24633ea6803af2d1618dd5b79bf2fe028a7ab40e7889d0d0694c35fedccf
Instruction Fuzzy Hash: 25113974B112099FCB54EBBDD404A6A7BE6EF88615711087AD40AEB3A4EA31DC52CB90

Function 01281467 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7cf23f14670a5976d65a2f0d39c91ed8c45b1949cdb405b5fe85294295a538
Instruction ID: 34483ed9eca6a9d8e559860003ee554c7c4f4dffded82fd8013882945de3c06d
Opcode Fuzzy Hash: 6c7cf23f14670a5976d65a2f0d39c91ed8c45b1949cdb405b5fe85294295a538
Instruction Fuzzy Hash: 3D016974B112059FCB55EB7CD404A6E7BF6EF8821571108BAD40AEB3E5EA30CC52CB80

Function 012899AF Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98115da1c5b1c97ee82757bf64980449d3dae3558bd249202812fddc15888b87
Instruction ID: 91233992f49d78900a91ce2e1ec223ca964575872f312c21dee88ba1dad9ae80
Opcode Fuzzy Hash: 98115da1c5b1c97ee82757bf64980449d3dae3558bd249202812fddc15888b87
Instruction Fuzzy Hash: 09119EF8512101CFDB20EF9AE844B2037A2F3C830CF02501BC501A72E0D7B1CA8ACB91

Function 0128B229 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46b5f055cfe27e4cca6a01f59b98d4fbf513e0e2dfe85c84465b51f1d438f1dc
Instruction ID: 194c3748b4f1d188ccbd616846f475a8c37b1f8d706b314c981b84fca2071862
Opcode Fuzzy Hash: 46b5f055cfe27e4cca6a01f59b98d4fbf513e0e2dfe85c84465b51f1d438f1dc
Instruction Fuzzy Hash: AC1103B5800249CFDB10EF9AC485BDEBFF4EB08324F208419D558A7254D375A544CFA5

Function 0128B230 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fcd79d0485c1a65643c14aff00c8586f0776501217ee78a8854a96f8f8a0785
Instruction ID: 5be5491972128035f0aacd3e251bf7a19d344f7a63a7257f1cf3dd14f8f1ee3e
Opcode Fuzzy Hash: 0fcd79d0485c1a65643c14aff00c8586f0776501217ee78a8854a96f8f8a0785
Instruction Fuzzy Hash: 95111EB5800249CFCB20DF9AC485BDEBBF4EB08324F20841AD558A7354C375A984CFA5

Function 01280EA8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a71624f9f27617d71f5db1bd4e0ce25f40c3de4885752a71fbf6e546ab8e4cd0
Instruction ID: 1d5d8c1836066d1dbe26eacdb9d1f4636b9d2b55182e474398811dca5f739a54
Opcode Fuzzy Hash: a71624f9f27617d71f5db1bd4e0ce25f40c3de4885752a71fbf6e546ab8e4cd0
Instruction Fuzzy Hash: 5AE08C323002045F8348962EF88885AB7DAEBC852431508BAE10DC7322DD60CC014390

Function 01280A73 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0860ff1d45af28126c1b942b7bf79b1d9e3fb0b9a760d360e4d6f8221b95ca64
Instruction ID: 9ac2caaa66e2ebdebaf72c222742068b845d2aa0b9abe6039dc36b030e12dea6
Opcode Fuzzy Hash: 0860ff1d45af28126c1b942b7bf79b1d9e3fb0b9a760d360e4d6f8221b95ca64
Instruction Fuzzy Hash: 76E0D831B502048FC7016B78C41861D37A2AF85705F000057E106AB3F5CDB4DC498B99

Function 01288B03 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 082c21c7515b6e06e11e0c9b971ce1ee9d4dd0fb83e40aad2952d01f0cec948e
Instruction ID: 03b84bbad30134296910b11949ce065cace7c9c337de654c3519b4314c0664f2
Opcode Fuzzy Hash: 082c21c7515b6e06e11e0c9b971ce1ee9d4dd0fb83e40aad2952d01f0cec948e
Instruction Fuzzy Hash: 24D0A9323000208FC700AABCA00489E329AAFCA20136000A9E009CB3A4CE20CC020790

Function 012825B8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d97031217013953231d449815637e24882163e49edca89fd78fd2fbeb417c3c1
Instruction ID: 3cc71fc21bc2c9c328f803c5058191a01cb6f467f270398803b50fe08f3603f7
Opcode Fuzzy Hash: d97031217013953231d449815637e24882163e49edca89fd78fd2fbeb417c3c1
Instruction Fuzzy Hash: AED0C9361502048FC740EF6DE985E5277B8FF48B00B4100AAE4819B3B2C722F816DF56

Function 012825C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4126410034.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1280000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dce3d2a974165434a0a6bc21bc7433f8391d6cc990ae2622b068ac04e91c33d2
Instruction ID: d1a79d803cac47e19d588b18a1f9bfceceed8a22dd84ffa6a9882de19c55c988
Opcode Fuzzy Hash: dce3d2a974165434a0a6bc21bc7433f8391d6cc990ae2622b068ac04e91c33d2
Instruction Fuzzy Hash: 48C048392602088F8244EB99E588C12B7A8FF58A00341009AE5018B762CB21FC10DA61

Analysis Process: StcHfDkbCv.exePID: 8044, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	8.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	72
Total number of Limit Nodes:	6

Executed Functions

Function 04D4AC9F Relevance: 7.6, Strings: 6, Instructions: 138
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LR^q, xrefs: 04D4ACFD
$^q, xrefs: 04D4ACC2
$^q, xrefs: 04D4AD89
$^q, xrefs: 04D4ACB6
LR^q, xrefs: 04D4AC28
$^q, xrefs: 04D4AD99

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: LR^q$LR^q$$^q$$^q$$^q$$^q
API String ID: 0-4154641970
Opcode ID: 05597294137700436d455ffdf3fd46419256d0ec2f91bf38b70ad0c7028eb922
Instruction ID: 5d5aa6bf7b2c48648843a8140f842468480e9ceecb2076d43c09faeec6006bc2
Opcode Fuzzy Hash: 05597294137700436d455ffdf3fd46419256d0ec2f91bf38b70ad0c7028eb922
Instruction Fuzzy Hash: D2418E34B84219DFEB148E69D805B7EB7A2FBC4702F14842AF152DF391EB74E8819751

Function 00D6D400 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00D6D47E
GetCurrentThread.KERNEL32 ref: 00D6D4BB
GetCurrentProcess.KERNEL32 ref: 00D6D4F8
GetCurrentThreadId.KERNEL32 ref: 00D6D551

Memory Dump Source

Source File: 00000009.00000002.1764701256.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d60000_StcHfDkbCv.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: bd42e03d9e9249b05b95c356d60a6e6e8bbad049079f99ab727dc80b0b672c2a
Instruction ID: 685a7e6bad187b22e4f178d8f5df71ea17675a22d54e80a10055fefa3a0c5341
Opcode Fuzzy Hash: bd42e03d9e9249b05b95c356d60a6e6e8bbad049079f99ab727dc80b0b672c2a
Instruction Fuzzy Hash: 685125B0E00249CFDB14DFA9D548B9EBBF1AB48314F24C469E419A7360DB74A984CB65

Function 00D6D3F1 Relevance: 6.1, APIs: 4, Instructions: 127
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00D6D47E
GetCurrentThread.KERNEL32 ref: 00D6D4BB
GetCurrentProcess.KERNEL32 ref: 00D6D4F8
GetCurrentThreadId.KERNEL32 ref: 00D6D551

Memory Dump Source

Source File: 00000009.00000002.1764701256.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d60000_StcHfDkbCv.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 8acdea8d6d552a8785723c925358d8c4ef830e53d44ef24dd1f19e4ac60ca03b
Instruction ID: 771277b170db72cd548a43c875d7937a517d2d258c4bd4a187654d5a1a6889a2
Opcode Fuzzy Hash: 8acdea8d6d552a8785723c925358d8c4ef830e53d44ef24dd1f19e4ac60ca03b
Instruction Fuzzy Hash: 1B5135B0E00349CFDB14DFA9D548BAEBBF2AB48314F24C469D419A7360DB74A984CF65

Function 04D4B108 Relevance: 5.1, Strings: 4, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LR^q, xrefs: 04D4B535
8bq, xrefs: 04D4B652
LR^q, xrefs: 04D4B541
8bq, xrefs: 04D4B61B

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: 8bq$8bq$LR^q$LR^q
API String ID: 0-2909150258
Opcode ID: 58d879c41686245525d53c480db64722a6fce3279d9eb2b9f0b3e8d9fd8b3679
Instruction ID: 8b57959e176d9e45716da8f7f6e1e2eb894f6000a8f089f4d02de4576a1cb398
Opcode Fuzzy Hash: 58d879c41686245525d53c480db64722a6fce3279d9eb2b9f0b3e8d9fd8b3679
Instruction Fuzzy Hash: 21419370911208DFCB08DFA9C5949AEBBB2FF84300F14D85AD0121B765D735E946CB91

Function 04D41570 Relevance: 4.0, Strings: 3, Instructions: 287
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 04D417E6
(bq, xrefs: 04D4163A
Hbq, xrefs: 04D416F8

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: (bq$Hbq$Hbq
API String ID: 0-2817990774
Opcode ID: af546ead4d4c8d58d99d6a9cfdd96f35fb588f4307c9c04f6a89ed7fc43f5cf6
Instruction ID: aa4b5ab719ceee73510ff3075f62a175f0a4a35a55dbee0fd336ecf31f2ea117
Opcode Fuzzy Hash: af546ead4d4c8d58d99d6a9cfdd96f35fb588f4307c9c04f6a89ed7fc43f5cf6
Instruction Fuzzy Hash: 52A1BF70B002589FCB14EFA8C4446AE7FF6EFC8310F148969E449A7391DA34ED45CBA5

Function 04D42EC0 Relevance: 2.7, Strings: 2, Instructions: 208
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 04D42F88
Hbq, xrefs: 04D42FEE

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: Hbq$Hbq
API String ID: 0-4258043069
Opcode ID: 0091abef53e7f578442df386980706e1a9a22b0433c485b405b979c2ce9fe848
Instruction ID: b97743aba617019f1db477371a916b4d7254404e1dffb23db732c55bdb01383d
Opcode Fuzzy Hash: 0091abef53e7f578442df386980706e1a9a22b0433c485b405b979c2ce9fe848
Instruction Fuzzy Hash: C0815C70E003599FDB14DFA9C4946AEBBF6FF88300F14852AE409BB351DB349945CBA1

Function 04D41050 Relevance: 2.6, Strings: 2, Instructions: 147
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 04D410C3
Hbq, xrefs: 04D4111A

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: Hbq$Hbq
API String ID: 0-4258043069
Opcode ID: f94f94eb78659ae65b3a74a9637f455d0f2acd567aa6056e00230482c963cf44
Instruction ID: b7d86769e1118347573ff1948e2245b3d00584f25a951c1a46c7ef38c342e196
Opcode Fuzzy Hash: f94f94eb78659ae65b3a74a9637f455d0f2acd567aa6056e00230482c963cf44
Instruction Fuzzy Hash: 34519974E002588FCB14DFA9D4586AEBBF6FF88310F14842ED449E7351DB38AA45CBA5

Function 04D41560 Relevance: 2.6, Strings: 2, Instructions: 124
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 04D4163A
Hbq, xrefs: 04D416F8

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: c9ea4aacc86f4f1fe20c1a47d11c6754246f02ebb57e6c4011f0c863b2374c14
Instruction ID: 2eb37e3a2db65c5fe7b36cb4fe2330cd2e3409629230e09002552738ea2787e3
Opcode Fuzzy Hash: c9ea4aacc86f4f1fe20c1a47d11c6754246f02ebb57e6c4011f0c863b2374c14
Instruction Fuzzy Hash: FF41DF30B002599FCB19ABB8941857F7EAAEFC4340B25886DD00AAB395CE349D1687A5

Function 04D4F390 Relevance: 2.6, Strings: 2, Instructions: 91
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*, xrefs: 04D4F448
", xrefs: 04D4F441

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: "$*
API String ID: 0-4007355372
Opcode ID: 7910bb18f30b239de30bb6b7d7262c1a4acc4974b80de4f4e40230185ea226dc
Instruction ID: 5b0f42b1b9511495256a06aca3ce901985b621a90addf10d01fb7b6b5fcc6621
Opcode Fuzzy Hash: 7910bb18f30b239de30bb6b7d7262c1a4acc4974b80de4f4e40230185ea226dc
Instruction Fuzzy Hash: 0E315072B08166DFCB04CFA9C4986BEFBB0FB85300F00852EE59996266D734F545DBA1

Function 04D4F2A2 Relevance: 2.6, Strings: 2, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*, xrefs: 04D4F448
", xrefs: 04D4F441

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: "$*
API String ID: 0-4007355372
Opcode ID: 4d9fe2c2d460c956baf4ff1471ddb1fccf6145af1b3f1d28ab2e95c73bfb802f
Instruction ID: b344c91ef56ccd2b3dc17488da1b1af9ecb9f7f0df709633ef81a0e6feb1d9a0
Opcode Fuzzy Hash: 4d9fe2c2d460c956baf4ff1471ddb1fccf6145af1b3f1d28ab2e95c73bfb802f
Instruction Fuzzy Hash: C211E234780244DFE7298B559818B297BA7BBC5B00F26846EE502CF2B5C974DC41CB55

Function 00D6AD68 Relevance: 1.7, APIs: 1, Instructions: 192
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00D6AFBE

Memory Dump Source

Source File: 00000009.00000002.1764701256.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d60000_StcHfDkbCv.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 544067744e2862662306aa5b3f0786a4b36f501dccacb6610c46ed0485834b79
Instruction ID: 2cc893f2107cf65860de53bddae4307d315fbd29f876b07a17c00954902a42fe
Opcode Fuzzy Hash: 544067744e2862662306aa5b3f0786a4b36f501dccacb6610c46ed0485834b79
Instruction Fuzzy Hash: BD7113B0A00B058FD724DF69D04175ABBF1BF88304F04892EE486E7A51DB75E945CFA2

Function 00D658FD Relevance: 1.6, APIs: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00D659B9

Memory Dump Source

Source File: 00000009.00000002.1764701256.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d60000_StcHfDkbCv.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: ba9647e9791c9dbf9432d26560d8179437999b64b940d6dda9eddce4f812403a
Instruction ID: 01ae9bf8f49b00e05a323fe29ecc06cfbd4b20b0abcdca6dcebfa7f909ec567e
Opcode Fuzzy Hash: ba9647e9791c9dbf9432d26560d8179437999b64b940d6dda9eddce4f812403a
Instruction Fuzzy Hash: D641E3B0C00619CFDB24CFA9C884B9DBBF5BF44314F24816AD419AB255DB756985CF90

Function 00D644F0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00D659B9

Memory Dump Source

Source File: 00000009.00000002.1764701256.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d60000_StcHfDkbCv.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 726bb0861639b3d9b543c31044e1f9a4eada27c5d3c482a3f8ac9e853ed50cb8
Instruction ID: a20a8634d44e0b67c491126d706eb853cbf6b5ca895540a246b851e24e1f21c3
Opcode Fuzzy Hash: 726bb0861639b3d9b543c31044e1f9a4eada27c5d3c482a3f8ac9e853ed50cb8
Instruction Fuzzy Hash: 0141D2B0C00619CFDB24DFA9C844B9EFBF5BF48304F24816AD409AB255DB756985CF90

Function 00D6D648 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00D6D6CF

Memory Dump Source

Source File: 00000009.00000002.1764701256.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d60000_StcHfDkbCv.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: e63e6eca15118208e95559da3fda49a0646c1538974fceb8df44700653a950c3
Instruction ID: 8787a242054b4a696cbb8497a1b22ebfb0bec14ac1b4f9eba7d0099ffb86d3e0
Opcode Fuzzy Hash: e63e6eca15118208e95559da3fda49a0646c1538974fceb8df44700653a950c3
Instruction Fuzzy Hash: A721E4B5D002089FDB10CF9AD584ADEFBF5EB48320F14801AE918A7310D374A944CFA4

Function 00D6D640 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00D6D6CF

Memory Dump Source

Source File: 00000009.00000002.1764701256.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d60000_StcHfDkbCv.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5d39e3818427dce4a25a0dcaf3a492deff1ebecdaa4c31cb6edff7dcefb53dec
Instruction ID: 0b5252c874347ffb5445318ae7ceee7ff19c9897005d54139a2efceb05744d0b
Opcode Fuzzy Hash: 5d39e3818427dce4a25a0dcaf3a492deff1ebecdaa4c31cb6edff7dcefb53dec
Instruction Fuzzy Hash: EE21E2B5D00249DFDB10CFA9D584AEEBBF5EB08324F14841AE958A7350D378A954CF64

Function 00D6AF58 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00D6AFBE

Memory Dump Source

Source File: 00000009.00000002.1764701256.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d60000_StcHfDkbCv.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 6242d296fc7e03c562e1039429fba9df88556447f8d2fdc8de5b3bf021c17d23
Instruction ID: 75995432bcfdcbeb0ecac6a65235308dea517cc37806f17f547a95157712a266
Opcode Fuzzy Hash: 6242d296fc7e03c562e1039429fba9df88556447f8d2fdc8de5b3bf021c17d23
Instruction Fuzzy Hash: 4511DFB5C002498FCB10DF9AD444BDEFBF4AF88324F14842AE459B7610D379A545CFA6

Function 04D43C28 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

(bq, xrefs: 04D43E1A

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: fba95c281b34d9e54670b940fe3426d3c149822323eec7ae2275cdde1f61c306
Instruction ID: 081afa917349925276bf8b3c66225d4783f07b26e7cebf7870f8b890e0396324
Opcode Fuzzy Hash: fba95c281b34d9e54670b940fe3426d3c149822323eec7ae2275cdde1f61c306
Instruction Fuzzy Hash: C381CE71A01208DFDB18DFA9D84469EBFF2FF85310F11846AE445A7751DB34A946CBA0

Function 04D4A88C Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

Te^q, xrefs: 04D4C159

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: b765dd06a3242d93f82cb48c2b90cafee31c3ac1763171e0a7aa0b505debe852
Instruction ID: 415e55b8b40d8add4d8f5cd9cdf0e2be37bb9f8666fe1ed81eeb0a67abfbc8f2
Opcode Fuzzy Hash: b765dd06a3242d93f82cb48c2b90cafee31c3ac1763171e0a7aa0b505debe852
Instruction Fuzzy Hash: 3151BD35B002058FCB15DF79D84896EBBF6EFC43507258929E459DB391EB30ED0687A0

Function 04D42560 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

Hbq, xrefs: 04D42571

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: 11a15e349601a444e4fe897c375ce6869281c7df2680ce08caf6d3b56e922c3c
Instruction ID: c7138aac663c330d11a96e66ec5c148a1b4471a023131cb8dbcdf66b04889d50
Opcode Fuzzy Hash: 11a15e349601a444e4fe897c375ce6869281c7df2680ce08caf6d3b56e922c3c
Instruction Fuzzy Hash: F331F270A00209AFDB05EFA4D85499EBBB6FFC9300F108569E406AB354DF34A945CB91

Function 04D4B5A8 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

8bq, xrefs: 04D4B61B

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: 5f89d670317e81829e03c6bfd0daa13fb03373c4ec635dfdcca1fcd1358c8946
Instruction ID: 828580147981a6c54eb116fc2f678088cdab7dc80a38113fab965443a28aa97e
Opcode Fuzzy Hash: 5f89d670317e81829e03c6bfd0daa13fb03373c4ec635dfdcca1fcd1358c8946
Instruction Fuzzy Hash: 052180B0B00244CFDB548F68E4555ADBBB2BB98311F10856BD646DB295EE30EA058B92

Function 04D4BF18 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

Te^q, xrefs: 04D4BF83

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 553fd4c8c47adfa624f5d01f6f8e55de720686d65905eab4d0e308c4711fe8c3
Instruction ID: 28b7317d826197eb85dea3c87d531cb85eed7812550fdd6512b6af09c6b3a269
Opcode Fuzzy Hash: 553fd4c8c47adfa624f5d01f6f8e55de720686d65905eab4d0e308c4711fe8c3
Instruction Fuzzy Hash: D0110D31B0020A8BCB54EBA999505EEB6B6BFD4310B50446AD509E7244EB36ED15CBE1

Function 04D46578 Relevance: .5, Instructions: 480COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af8a64e5c6c11b158c2f42e23b7a617d899f75f0a96282e9a8bcb1b76e67d536
Instruction ID: ad87ad8050404ea2cff9a4648642bcd81cc92f79aa4094accd7cad8c4a47618c
Opcode Fuzzy Hash: af8a64e5c6c11b158c2f42e23b7a617d899f75f0a96282e9a8bcb1b76e67d536
Instruction Fuzzy Hash: 50224DB0A06B82CFDB74DBA4958429D7AA0FB45310F204D9BD1FA8F2D9D735A085CF85

Function 04D465BA Relevance: .4, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2898f8de7b37ff354185c9e02c66db05cedf77c14035266ac818bf444868060
Instruction ID: e9d934a481353f4fd973603cb5d58b3c28e961d25f4602c699dd254d2e8d8f27
Opcode Fuzzy Hash: b2898f8de7b37ff354185c9e02c66db05cedf77c14035266ac818bf444868060
Instruction Fuzzy Hash: CB123EB0A06B82CFDB78DBA4858429D6AA0FB45300F204D5BD1FA8F2D9D735A085DF85

Function 04D4EA48 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ea4038d3b717aaba9003415aa58d232453c91f0db3a198a30c84c61f225d8c3
Instruction ID: 9c7eea5d9fbf830eeb3d3bc54995d486f24f7b9a4c1673a2e2df356fe81115d6
Opcode Fuzzy Hash: 2ea4038d3b717aaba9003415aa58d232453c91f0db3a198a30c84c61f225d8c3
Instruction Fuzzy Hash: 10818F30A04248EFCB04CFA9C580AAEBBF2BF84300F1589A6E485DB395E734ED45DB51

Function 04D45A88 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5836b44134b9c21725a3ed50bf33dddc71686cbfbdb441b8d11fd864bcbfbc47
Instruction ID: 79876e9bea964c0f64fb84bc96a6b2e87853bb0e9bdee678e24b701f9c12fcc6
Opcode Fuzzy Hash: 5836b44134b9c21725a3ed50bf33dddc71686cbfbdb441b8d11fd864bcbfbc47
Instruction Fuzzy Hash: A7717F74A01208EFCB15DF59E894DAEBBB6FF89714F114498FA01AB361DB31E881CB50

Function 04D4C7C0 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d448d5dbd221a7bc1347a4b65b8b86b40d070a3e8293df0c59cabe6c4ed49f0
Instruction ID: a315a62edb4bcf162e385d2cd5dc9211a2304c77666bd7cdd8bbcfe6190fe0fe
Opcode Fuzzy Hash: 7d448d5dbd221a7bc1347a4b65b8b86b40d070a3e8293df0c59cabe6c4ed49f0
Instruction Fuzzy Hash: F4614835A10609DFDB04DFA9C444A9DBBF2FF88714F218169E809AB360DB70ED81CB90

Function 04D419C0 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7474bd47ce09d6eb3e1979772ad8815a0231b521508c6d822d79295a8ae8585b
Instruction ID: 2b8b0d5ed0fdf3e8eabcf882de14d2f88569a8ddadae59d6c2011e0019a342ff
Opcode Fuzzy Hash: 7474bd47ce09d6eb3e1979772ad8815a0231b521508c6d822d79295a8ae8585b
Instruction Fuzzy Hash: C9516A307002048FDB15DF69C589B6EB7A6EF89304F148169E50ADB3A1DB75FC86CB61

Function 04D4D154 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4c1eb74bfeeacca74ee3be39366090341492ddd25707c464bd1668f3ce2e0b1
Instruction ID: 16d97b8cabd3b11b989f42675a0d8513e0792c62434066154772eb98c4d7bb4a
Opcode Fuzzy Hash: e4c1eb74bfeeacca74ee3be39366090341492ddd25707c464bd1668f3ce2e0b1
Instruction Fuzzy Hash: F151C375A04348AFCF05DFA9D844A9EBFF5EF86210F1484AAE844E7351D734E905CB61

Function 04D4E2E8 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26401e52519c86bfb54d729b9f740697a76a6a35ce4712e1adad588fab45b356
Instruction ID: 94080600c720905fc4d07294fef355c28c478d0b82599398541496fbc2eb4272
Opcode Fuzzy Hash: 26401e52519c86bfb54d729b9f740697a76a6a35ce4712e1adad588fab45b356
Instruction Fuzzy Hash: F651A434F40205ABEB049FA9D881B7EBBB2FBC4710F108466E591EB385DB34D9429791

Function 04D4C7B0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eb5e7440ece099191a9510b24101a000d561eb3ce1d99d86f91f7592334c67e
Instruction ID: 6f13afa16c1b1795a4f9f5e589a3c3dc108a18a9f12b61ca0b41789e0bfb78d0
Opcode Fuzzy Hash: 3eb5e7440ece099191a9510b24101a000d561eb3ce1d99d86f91f7592334c67e
Instruction Fuzzy Hash: ED614835A10609DFDB04DFA8C454A9DBBF2FF89715F218159E809AB3A0DB70ED81CB80

Function 04D4E410 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8140cd3619e374613774eb27fc57ca9a25ea050bd1090382c7438c7c0b378f82
Instruction ID: 542763c2ec4cbad869ec36f8cbedb6ed2cd1d19df41395a9b48eface7159fedc
Opcode Fuzzy Hash: 8140cd3619e374613774eb27fc57ca9a25ea050bd1090382c7438c7c0b378f82
Instruction Fuzzy Hash: 93519334F00215ABEB049FA9D88177EB7B2BBC4710F108466E981EB384DB34D9429B91

Function 04D420F0 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab37b4965bbbed8f271436e8697268be541e201dfd7c7ba083090d10bc5144fe
Instruction ID: 02f26d356a09e08ed6f12a660d97ee15b01d135b25beda04d34c1c30255c6c04
Opcode Fuzzy Hash: ab37b4965bbbed8f271436e8697268be541e201dfd7c7ba083090d10bc5144fe
Instruction Fuzzy Hash: 78518F71E00218CFEB24EFA9C4847EEBBF1EF88354F108469D445A7350DB35A985CBA1

Function 04D419AF Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53b13a911ea60c491862efeeb3ecad57c14d9868b3b93c092a2be01044b70e88
Instruction ID: eeb4bea8a1a1e1777082de00c31d3e0e4ee9d21c35218138e91eb4c4fd1a40c8
Opcode Fuzzy Hash: 53b13a911ea60c491862efeeb3ecad57c14d9868b3b93c092a2be01044b70e88
Instruction Fuzzy Hash: E3515A307002149FDB14EF68C585BADB7F6EF8A304F148169E509AB3A1DB75EC86CB61

Function 04D42100 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6b56f97feff6fb913843beb628d9af8574f99c26caf0796fe27359d447b597c
Instruction ID: 50f39604a2fe06d1fc34e84389016761dcd292a7100858f9ff5e8b268b8e6fd6
Opcode Fuzzy Hash: b6b56f97feff6fb913843beb628d9af8574f99c26caf0796fe27359d447b597c
Instruction Fuzzy Hash: 58418175A00209CFEB14EFB4C0947ADBBB2EFC8358F144969D501A7384DB35A985CBA5

Function 04D4F089 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 963915b46fcd8c0c7f136f50d6051b378a54c6c87b6260924b446660ffdb7178
Instruction ID: 1e143df03b76d5940b404b45d5f31906d3deddb3567600a1576f9f3dcf634c80
Opcode Fuzzy Hash: 963915b46fcd8c0c7f136f50d6051b378a54c6c87b6260924b446660ffdb7178
Instruction Fuzzy Hash: A941DC71A04255CFDB10CFA8D9847BABBF1BBC5304F14856EE495EB2A5E334E940CB61

Function 04D4137C Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9ef8f49712afa65917b652fcf4d993ed67006cde972529bd014597d7d63503f
Instruction ID: 987ca7943842b731380238acdaf5505d01dc70efdffeacb2beaeae4c621bd135
Opcode Fuzzy Hash: d9ef8f49712afa65917b652fcf4d993ed67006cde972529bd014597d7d63503f
Instruction Fuzzy Hash: 6341E6B1D01219DFDB10DFA9C5846CDFBF5BF48314F25806AD408AB211E775A98ACF90

Function 04D4AB34 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2eeaa208918e5ada75df212421053ae107134e9f2aaeab3cb5028cccbfb9a43
Instruction ID: 56f23af2157a2625223f0c975f5d691286a790968dd6de9eeed9b04e4a6af8c1
Opcode Fuzzy Hash: c2eeaa208918e5ada75df212421053ae107134e9f2aaeab3cb5028cccbfb9a43
Instruction Fuzzy Hash: 99412571D1074A9BCB10DFAAD8446EEFBF4EF89310F10851AD558B3200EB74A685CBA1

Function 04D40E5C Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f524511d7ee3cd4617cf2b5c10b46c1c8cf824ab0b2a99dd675d2c194cf1c15
Instruction ID: b85fc57d163e68921b15a4db1f7e17d680e00ef8b7576077346bd40233fc44bd
Opcode Fuzzy Hash: 1f524511d7ee3cd4617cf2b5c10b46c1c8cf824ab0b2a99dd675d2c194cf1c15
Instruction Fuzzy Hash: 1241C2B1D00609DBDB20CFD9C584ADEBBF5BF48314F648029D408BB215D775AA89CF91

Function 04D40E60 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e30065231404b9b2120d2ad7080e8f731da459e263e0f1adea910507f1514307
Instruction ID: 553ab819d6a4faa260eccc3b038dcfc3e178ae7dc0a02b92a7770ebeedf07a00
Opcode Fuzzy Hash: e30065231404b9b2120d2ad7080e8f731da459e263e0f1adea910507f1514307
Instruction Fuzzy Hash: D241C3B1D00209DBDB20CFD9C584ADEBBF5BF48314F648029D408BB215D775AA8ACF91

Function 04D41F38 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b618729b0dfd002fa8813796fda2107fb4db551c1608f822e1cf495c31bfce8b
Instruction ID: f7bb0ee56ee64c61434b85456c384ed17e8c890a8e2a10a3784e8ad3e742d564
Opcode Fuzzy Hash: b618729b0dfd002fa8813796fda2107fb4db551c1608f822e1cf495c31bfce8b
Instruction Fuzzy Hash: 6B41AFB0D00358DFDB14CF9AC884A9EFBB5BF88714F64812AE418BB254D774A845CF91

Function 04D41280 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c51013b3a00a5c3fecc6371b0930f282b8cdcdfa08d7341b8c8b099f85d10c98
Instruction ID: f2f3cda571c2c1ce93ba3366ca6e052adc9a8a6393efe327b7e7e896c3923c32
Opcode Fuzzy Hash: c51013b3a00a5c3fecc6371b0930f282b8cdcdfa08d7341b8c8b099f85d10c98
Instruction Fuzzy Hash: A031C171A002008FCB15DF78D44889EBBE2EFC530071189A9E54ADB351EB31ED0A8BA1

Function 04D47D80 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61fd15103d1b29163a25be2406672e584e11e9e846112ba3d9c56edd0d28c9dc
Instruction ID: 19106804336352bd2badc9e0e777d80d2655932ad5ba442ca947a52642d7236e
Opcode Fuzzy Hash: 61fd15103d1b29163a25be2406672e584e11e9e846112ba3d9c56edd0d28c9dc
Instruction Fuzzy Hash: 9F217C367102158FDB14DB7DD81496E77EAEFC866571580AAE505CB370EB31EC018BA0

Function 04D4997F Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1239da6e23e0e525670b4a117d2b595d312a514d0d85db907789e78f9aff910e
Instruction ID: 5b36572fa8bf63c633af45cf4a71b4293d3525a5350256316c7271fb522d430d
Opcode Fuzzy Hash: 1239da6e23e0e525670b4a117d2b595d312a514d0d85db907789e78f9aff910e
Instruction Fuzzy Hash: 653102B0D122189FDB20CF99C584BCEBFF0BB49714F14805AE444BB251C7B5A845CFA5

Function 00CCD4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1764480627.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_ccd000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e807b87c34a8a8e4c955200c0bce3e9d8a127013f964dc58f185fe9070a6d1e4
Instruction ID: 6bb19bf9b2cae84afaf3a662f39e6618d1898dbbf27a78292d406410272b5d0b
Opcode Fuzzy Hash: e807b87c34a8a8e4c955200c0bce3e9d8a127013f964dc58f185fe9070a6d1e4
Instruction Fuzzy Hash: F32100B2500240DFCB05DF14D9C0F2ABF65FB98318F20C5BDE90A4B256C336D956CAA2

Function 04D42EAC Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbb0e25b373f5dc789cc18c82b3d4ce6f0c822bb578ec77f150d88fb80798575
Instruction ID: 8bf4545eae230edad23ebd1ae286fb67ce18804d9b4bab586ca5d98ff7d42209
Opcode Fuzzy Hash: fbb0e25b373f5dc789cc18c82b3d4ce6f0c822bb578ec77f150d88fb80798575
Instruction Fuzzy Hash: A521C575E0021A8FDF05DFB988405EEBBB6FFC8344B54456AD405E7291EB349A4287B1

Function 04D40E43 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f0743fac8beb4c194848ba8b362afe4798811333ac0b23128948efc3e89a491
Instruction ID: d9eaee2b1dc938a0e7623069c71aab9c4bd4b0cd19bce122c876ab080eab879d
Opcode Fuzzy Hash: 2f0743fac8beb4c194848ba8b362afe4798811333ac0b23128948efc3e89a491
Instruction Fuzzy Hash: A6216DB18053989FCB11DFA9C848ADEFFF4FF49310F05806AD554AB252C374A944CBA5

Function 00CDD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1764530702.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_cdd000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a6f0b1bcb639b7ea1fcbfb2ce727fd4a56e7c9e8e40041563ecf96cc442aec6
Instruction ID: dc5d3d7eb4bdfe095ea69968de7f348a8c35f4b8a7c7a9e0347b44db407a4692
Opcode Fuzzy Hash: 0a6f0b1bcb639b7ea1fcbfb2ce727fd4a56e7c9e8e40041563ecf96cc442aec6
Instruction Fuzzy Hash: F921F571904200DFCB14DF14D9C4B26BBA5EBC4314F24C56EDA0A4B356C336E847CA61

Function 00CDD1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1764530702.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_cdd000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dd17caf34a37dacbebdcb023931afdd570315d157df1eccd071ba9e8519cf5e
Instruction ID: 638166f6da61f359b22956b79003546413151f2f9ffbcfcc3e3ab9e27d655451
Opcode Fuzzy Hash: 6dd17caf34a37dacbebdcb023931afdd570315d157df1eccd071ba9e8519cf5e
Instruction Fuzzy Hash: 9F212671944200EFDB05DF14D9C0B26FBA5FB84314F20C6AEEA4A4B396C336DC46CA61

Function 04D44164 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47f0aaadef065d3bd53177950aa5f0fa0b49eb25c2539be5c9ac07fa79655564
Instruction ID: a1d0b18f44d0775957e746993bba265b7e4a1ad9efcdabee1ac1bfb040af6430
Opcode Fuzzy Hash: 47f0aaadef065d3bd53177950aa5f0fa0b49eb25c2539be5c9ac07fa79655564
Instruction Fuzzy Hash: 50215E35700214AFCB249F59E590B6AB7B6FBC6720F14842EEA8687751CB71FC41CBA0

Function 04D4A6E0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a02e0462bac3b10e6b1416defef6c87acb028fee23f6f982b3a2a75475c91e54
Instruction ID: a9840829c33e0126e53899302e048855681d6163dbbd829b07e1bb22aab675e8
Opcode Fuzzy Hash: a02e0462bac3b10e6b1416defef6c87acb028fee23f6f982b3a2a75475c91e54
Instruction Fuzzy Hash: DD110E323985508BD3208B6DDC5076A6BA9E7C4324F148137F15ACB392E668EC818396

Function 04D4C19C Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c892eef99357ae666d3b2d2b6e9c5d97f5b111119bf4217294f2acabef13e1b
Instruction ID: 7ccacefaf7536a3918c41d9a683c381b5f22670ffd62f1afd4ef5aa29c6bb0a5
Opcode Fuzzy Hash: 8c892eef99357ae666d3b2d2b6e9c5d97f5b111119bf4217294f2acabef13e1b
Instruction Fuzzy Hash: 263100B0D122189FDB20CFD9C584BCEBFB4AB49714F24805AE444BB251C7B5A845CFA4

Function 04D462E7 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a074c546e9b842dad3db82007084ddca9959d7b156e5e167501f8e2c872d86c4
Instruction ID: 5dd9b447b0662966c615d266dfc4ccba30773be2ed5152cb4a55691cf6ed7a90
Opcode Fuzzy Hash: a074c546e9b842dad3db82007084ddca9959d7b156e5e167501f8e2c872d86c4
Instruction Fuzzy Hash: D421FF71E0021A9FCB04DFA9C8848AFFBF5FF99300B11855AE515DB211E774A956CB90

Function 04D4998C Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 887f0576893a5e210a05378e277fae4bccbdfca2acc7fc552dc29a4cdf8e4bf3
Instruction ID: debb13262ee433b0e7f6c056cb0deeac90eaca917d2bf3776602b4cab3bc6d12
Opcode Fuzzy Hash: 887f0576893a5e210a05378e277fae4bccbdfca2acc7fc552dc29a4cdf8e4bf3
Instruction Fuzzy Hash: FA31E0B0D122189FDB20DFD9C584B9EBBF4BB48714F208059E444BB250C7B5A845CFA4

Function 04D45930 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 584c7dd031cb2bb94077f77e8613f05aa86ddf61e3a086ca6045215fc5d31a3d
Instruction ID: d41bc5f05ec3d361a5b16ca1ade78fb94fe4d13c49cda7cc176908cbbea0a46c
Opcode Fuzzy Hash: 584c7dd031cb2bb94077f77e8613f05aa86ddf61e3a086ca6045215fc5d31a3d
Instruction Fuzzy Hash: 92216A35700214AFCB20DF59D490A6AB7B6FFCA720F15446EEA8687761CB31F841CB60

Function 04D4A5D0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 091e2ba11d325564d791b75b46792d0e97f3239ccfcd0d8d845a3368fbf5d094
Instruction ID: b471b8d029992aca65e8374c1989da58235072f2dd9bcc691454a55f6c2c4e30
Opcode Fuzzy Hash: 091e2ba11d325564d791b75b46792d0e97f3239ccfcd0d8d845a3368fbf5d094
Instruction Fuzzy Hash: 2A114F757401548BD708ABB9A16C22E6BD3E7C8212F10883AA907C73C4EE39CC4287A1

Function 04D4A5C0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d1347f44e84b53b1fc0a8a3d72323af33081b0a4c451d761b3e22be1602544f
Instruction ID: 934820286cc0f76b11199ee80c4cf80004b591db66e8fb71ab1390ec5dfdbe1e
Opcode Fuzzy Hash: 0d1347f44e84b53b1fc0a8a3d72323af33081b0a4c451d761b3e22be1602544f
Instruction Fuzzy Hash: A5112E757441548FD758ABB8A16C22E6BD3E7C8312F10887AA947C73C5EE79CC428791

Function 04D4BFE9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bbf41978e94e7464aa3cb63cb8924c5c276e2f8cd535f5b50a86d1818b25d46
Instruction ID: d56e9a4c8762a86f18493aede9966b81eb00d170c2de4480277598de519f430d
Opcode Fuzzy Hash: 9bbf41978e94e7464aa3cb63cb8924c5c276e2f8cd535f5b50a86d1818b25d46
Instruction Fuzzy Hash: CD11E075B013055B8B15DE79A8405BFBBF6FBC52603168529D469D7380EF309D068760

Function 00CDD005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1764530702.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_cdd000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b481b1c51909a920a09171fd248cb20c23666d62370b3bfad304b904083934a2
Instruction ID: c018b52a969eedd300f93598135edf5d108f6b1b40a0faffbd3f05a24ae23048
Opcode Fuzzy Hash: b481b1c51909a920a09171fd248cb20c23666d62370b3bfad304b904083934a2
Instruction Fuzzy Hash: 55218E755093808FCB12CF24D994715BF71EB86314F28C5EBD9498F6A7C33A980ACB62

Function 04D46278 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ba070f2ad1c67fffb7df3a21f56d52b847f43a58dc810e4dbfe88bcc6f0922d
Instruction ID: 14429e8bdc22f9bcb0908db4da3e725193f2128454aafb33eb2d76b0c73d0ae2
Opcode Fuzzy Hash: 6ba070f2ad1c67fffb7df3a21f56d52b847f43a58dc810e4dbfe88bcc6f0922d
Instruction Fuzzy Hash: 91211D71E0021A9FCB04DFA9C8808AFFBF5FF99200B11C55AE425E7225E774A956CB90

Function 04D4A6D0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b092c273b71c2936cb4adb7266d21e1e8dfb338983e4cc7c822ee1bc28e2906
Instruction ID: 4b938347a69220234444003d7aba4ea3f72a3c225702d840b632d22bfa326752
Opcode Fuzzy Hash: 2b092c273b71c2936cb4adb7266d21e1e8dfb338983e4cc7c822ee1bc28e2906
Instruction Fuzzy Hash: BD1126327885508BD3308B6DDC50B6A7BA9E7C1324F048137F55ACB3D2D66CEC808395

Function 04D4D193 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3bc38dc21be2934e4a9963b36672e8543b0b1ada697f856efcc612d5569d94e
Instruction ID: e1012ad1b594465317bb51e6dcb6a263959c0dece9db3f107ed13d687c6dccc0
Opcode Fuzzy Hash: e3bc38dc21be2934e4a9963b36672e8543b0b1ada697f856efcc612d5569d94e
Instruction Fuzzy Hash: 472142B58043489FCB10CFAAC845ADEBFF4FB98320F10801AE958A7211C334A940CFA2

Function 04D462F8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f24346a1228ca22589c29991464764f7426913bc12d417e2e0818c5a47ceb36
Instruction ID: 394115922fee5e74acaec30435d55ade7d94ff64dcc4b9be849075475b75ab9f
Opcode Fuzzy Hash: 7f24346a1228ca22589c29991464764f7426913bc12d417e2e0818c5a47ceb36
Instruction Fuzzy Hash: 0921BD71E0020A9F8B04DFA9C8448AFFBF9FF99210B10C55AE515E7215E774A956CB90

Function 04D40E24 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9fec335cc38280664e427e2d925b4191f4c914d0b3069b4fda8181da8feec0a
Instruction ID: fd5a1a331673e6af45d13e5bc00bb49a832eca9479d78e0b89a1add45860c80c
Opcode Fuzzy Hash: d9fec335cc38280664e427e2d925b4191f4c914d0b3069b4fda8181da8feec0a
Instruction Fuzzy Hash: 4121E3B59003199FDB10CF9AD888A9EFBF4FB88320F10842AE459A7301D374A944CBA5

Function 04D43701 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0ffad0ce657634c1f5eca7906124cb07561c91cf52cecc05e392b977720083b
Instruction ID: 86b8acc811d91a2de3be7c63e165b68a78f4a83622742f3408fdf8c3c1a42cdb
Opcode Fuzzy Hash: f0ffad0ce657634c1f5eca7906124cb07561c91cf52cecc05e392b977720083b
Instruction Fuzzy Hash: 3D01F977B011249FDB21ABAC98508FEBBF6EFC4214B14406AE505E7351DB316D16C7B2

Function 00CCD4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1764480627.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_ccd000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 00bdaf61bbe237e27747104282405220ed79553b28c3668fb221a6f2ccc80bd9
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 4B11D3B6504280CFCB16CF14D9C4B16BF71FB94318F24C6ADD84A0B656C336D95ACBA1

Function 04D4D19C Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3db737d81da9f2388138759c270e9d6175eeec1dac48e0967a3f2291536d0d55
Instruction ID: 74a0dad6d588d51264f2c6e094167b5bd702020e49ba00db426ae592babba6a4
Opcode Fuzzy Hash: 3db737d81da9f2388138759c270e9d6175eeec1dac48e0967a3f2291536d0d55
Instruction Fuzzy Hash: 8521F2B59042499FCB10CF9AD845ADEBBF5FB88320F108419E918A7310C374A944CFA1

Function 04D40EB0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cbf0a48076d54fc107da70d16d3c111cbbbeb5d1040a5e921bf6682565b9b88
Instruction ID: b18db6f153bf2b203df707e6a9e590fd20313846dca521a3b802dca5f73d796d
Opcode Fuzzy Hash: 6cbf0a48076d54fc107da70d16d3c111cbbbeb5d1040a5e921bf6682565b9b88
Instruction Fuzzy Hash: 9021D3B5900248AFDB10DF9AD488BDEFBF4FB48320F10842AE959A7310D375A944CFA5

Function 04D4DA41 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0837449279807b7d3c0f700be9309431eb0bd884fb057ccf44894337f017af62
Instruction ID: 10a7c32ce7e9969058a0df3aac1c9a197c986fc5991fccd0cee4895a4c9f3363
Opcode Fuzzy Hash: 0837449279807b7d3c0f700be9309431eb0bd884fb057ccf44894337f017af62
Instruction Fuzzy Hash: 9F21D0B59003499FCB10CFAAD988ADEBFF5FB89320F14841AE958A7350C774A554CFA1

Function 00CDD1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1764530702.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_cdd000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: f3cfcc8c1c8de2127cab39264dffd9966475ceb17eaf03264fcb4178efa3a53c
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 3911BB75904280DFCB02CF10C5C4B15FBB1FB84314F24C6AAD94A4B796C33AD84ACB61

Function 04D43420 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97a6b3de8962fa7a6893332a09969dcae716e27b4a76d2d99ce9318e7debb165
Instruction ID: e2e75ea99564aa75ada22a103bada7873fe87b0ad5cac72fd0febe00dfe9d311
Opcode Fuzzy Hash: 97a6b3de8962fa7a6893332a09969dcae716e27b4a76d2d99ce9318e7debb165
Instruction Fuzzy Hash: F211F0B5D006189FDB10DFAAD444BDEFBF4EF88320F14842AD858A7210D778A945CFA1

Function 04D420CC Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74dcb3793afbd5e3314e6ebf6f7fe53adfac37772d188f74948a28544837e7f8
Instruction ID: f6bb058723f12fc9eda1471dcdbf47feeff96d84aaddb86346cd966059667831
Opcode Fuzzy Hash: 74dcb3793afbd5e3314e6ebf6f7fe53adfac37772d188f74948a28544837e7f8
Instruction Fuzzy Hash: 0F11E2B59006489FDB10DF9AC444ADEFBF4EB88320F10841AD859B7310D374A544CFA1

Function 04D420BC Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 599c079d1c7fcf46a35bb47fe4c2d47adf44f46d73ca4a1a42f25ec9cee8158f
Instruction ID: 26fa26f7e9d4baf5ae0c6df934cb6c1168b87fced06d482e9b99197afc35c9f7
Opcode Fuzzy Hash: 599c079d1c7fcf46a35bb47fe4c2d47adf44f46d73ca4a1a42f25ec9cee8158f
Instruction Fuzzy Hash: 5801F2317092646FDB09EBA998544AD7FEADFC5124B0484BBD809D7242ED34DE024395

Function 04D41F7C Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87fff6681d1fdc2ce3dcf79379922a6173a90065062c164756310fef20928887
Instruction ID: 5cd717bf02c9f8074870578187849b254b656b45420711c0d65370f613b0b1ed
Opcode Fuzzy Hash: 87fff6681d1fdc2ce3dcf79379922a6173a90065062c164756310fef20928887
Instruction Fuzzy Hash: DC11E2B59006489FDB10DF9AD444ADEFBF4EB88320F10841AD859A7310D374A544CFA1

Function 04D459F0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad03ffdf74a386bed3aeced8640727ff9a8ecfe918387b99906dd3f0f80bfe9
Instruction ID: 1150958f888118fd03d846164c4e860e2402061985dad006765e909d16e45c45
Opcode Fuzzy Hash: aad03ffdf74a386bed3aeced8640727ff9a8ecfe918387b99906dd3f0f80bfe9
Instruction Fuzzy Hash: 7611A075B002499FDB01DF28E8906AE7BF6FF88300F08842AEA55C7361DB30EA15CB51

Function 04D45A00 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f005f3c1c85bbb55e72dce63fdf7b4763c46f52210516453a2fe20ef6d89f422
Instruction ID: 040e74b94a1220d7918c80be5a9c2df7bf49936bf18cc7179a1622b252cdcdc8
Opcode Fuzzy Hash: f005f3c1c85bbb55e72dce63fdf7b4763c46f52210516453a2fe20ef6d89f422
Instruction Fuzzy Hash: F5115E71A00209AFDB11DF69D994AAE7BF5FF88710F04842AFA15D7350DB30EA10DBA1

Function 04D46418 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a556d6fd3b05931aa05e7149e979922c56fe1f776db88634961dca2ed21351f
Instruction ID: 284d6f778059c6deb68a333fb557ad59b2cafe5b25671e088f71a991f194198b
Opcode Fuzzy Hash: 1a556d6fd3b05931aa05e7149e979922c56fe1f776db88634961dca2ed21351f
Instruction Fuzzy Hash: 0E01B1303082104FCF25AB68D85092AB7A6BFC2324B54C57ED44A8B296DB75EC46C7A1

Function 04D4218A Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a6bdbdbbbc375428adad375292f201863b591b0d7dacc3779bb3372d5371237
Instruction ID: c44b15604166db6bad6554437714626752490cd9dab333370dd3ccbfb9ef8dc0
Opcode Fuzzy Hash: 4a6bdbdbbbc375428adad375292f201863b591b0d7dacc3779bb3372d5371237
Instruction Fuzzy Hash: D1118870A00209CFEB24EFB4C4547AD7AB1FFC8395F148579E501A7284DB785A84CFA5

Function 04D447A8 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3e18efd6cbe5466491744759bf00f9caae80eca5588a596a27bf3a7c51fc65e
Instruction ID: b22a066139a3f7870d3b027388a03106da6c06da1964c8b50711d827b0306d65
Opcode Fuzzy Hash: d3e18efd6cbe5466491744759bf00f9caae80eca5588a596a27bf3a7c51fc65e
Instruction Fuzzy Hash: B01133B9800258CFDB20DF99C484BEEFBF4EB48320F20841AD458A7310C734A985CFA0

Function 00CCD745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1764480627.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_ccd000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5be7717a67a75bd9d865f3a45a587ff8f65f23f68300ac38db3ca804681de6aa
Instruction ID: 636597ed7bdcc60f2a9a5cccb28d4495f8fe92e5ebf265333aad123cd91d4b8d
Opcode Fuzzy Hash: 5be7717a67a75bd9d865f3a45a587ff8f65f23f68300ac38db3ca804681de6aa
Instruction Fuzzy Hash: D601F7310083449AE7105A26CD84F67BF98DF41324F18C57EED1A4A28AD239D880C771

Function 04D46428 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3ccdf6a8b46228f137f143a553648855d0f54ae41347ec6bc188c4eb6028931
Instruction ID: 216b4342f278cb8e8bcdcd411d45940f5a2c9b7e1cdb48dc49e04a901f53b23f
Opcode Fuzzy Hash: b3ccdf6a8b46228f137f143a553648855d0f54ae41347ec6bc188c4eb6028931
Instruction Fuzzy Hash: 6701AD343082104FCB18AA69D810A2AB3EABFC1320B54C47DD44A8B354DF79EC4687A1

Function 04D447B0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06b18ec432a220d6342e98ab90619bb9752d905198db44c1ca18bc80878ce5d9
Instruction ID: 4b62202b8157fe4f3c3941f67b14b69ff9d37f731e8a0061a9337d1df22b0b3b
Opcode Fuzzy Hash: 06b18ec432a220d6342e98ab90619bb9752d905198db44c1ca18bc80878ce5d9
Instruction Fuzzy Hash: 541112B59003488FDB20DF9AC545BDEFBF4EB48320F20841AD558A7310C774A984CFA5

Function 04D46398 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6293ed3e555c222ccdf09496fb051d99e4ad97b659248d015f339e6b94f1c37
Instruction ID: 2a8469b3e6d6612c7cba2754ed051b7f8812f6ab6fe18f5468f62a6a434c34b6
Opcode Fuzzy Hash: e6293ed3e555c222ccdf09496fb051d99e4ad97b659248d015f339e6b94f1c37
Instruction Fuzzy Hash: 5D012C303042508FCB18DB69E44491AB7AAFFC6721B68C579D40A8B365DB76EC0ACB91

Function 04D463A0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b783dc21848e3bcbdea2cd6bf96050f4d27210d569025d989c97ba10c612910
Instruction ID: 2748be6bf953c5166b55f7edc85f4ea1e7350187c076768bc888aeeccf89f140
Opcode Fuzzy Hash: 0b783dc21848e3bcbdea2cd6bf96050f4d27210d569025d989c97ba10c612910
Instruction Fuzzy Hash: 61016D303042008FCB18DB29D444D2AB3EAFFC6720B54C479D40A8B364DB76EC068B90

Function 04D4C5F8 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a5864fae4ff36a5d9157daab7faf24e0a51e316d9b11ac014e40355cf34bd19
Instruction ID: a8f833d9baa91807a5c51b6ed3b09ccaba0f602c17b69b8a53324e781e634f7b
Opcode Fuzzy Hash: 5a5864fae4ff36a5d9157daab7faf24e0a51e316d9b11ac014e40355cf34bd19
Instruction Fuzzy Hash: 24F0E2767041501FD3049B6EAC88DABBBF9EBC9360316846BE50CCB322D9308D0587A0

Function 04D41040 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f92e6f5b243b0f778fe118e29d80c6a822cdaf49d076b1da477fb5d7dd782aa
Instruction ID: 945991f231b2b644c28c8306f9222b47713a808ec614777ccab1229f10ecba66
Opcode Fuzzy Hash: 0f92e6f5b243b0f778fe118e29d80c6a822cdaf49d076b1da477fb5d7dd782aa
Instruction Fuzzy Hash: 32012174F042509FCB25CB6EC4045EEBBF4EFC5320B09C2BAD869C7281E630A984CB40

Function 04D4CA00 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2f8991d964659bd14aea7fe1ebd35306b599b8f30e9b8ce5f36446d84d54034
Instruction ID: 1d08e502b65f5c13d1599ead584d6b115f3cd181db98409aa052ad9483140008
Opcode Fuzzy Hash: a2f8991d964659bd14aea7fe1ebd35306b599b8f30e9b8ce5f36446d84d54034
Instruction Fuzzy Hash: 2511AD32D14B878ACB11DFA9C8004D9FBB0FE9A320B14875AD5A8B7141EB70B2C5CB81

Function 04D4C55D Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ef99e68642739133f7db6add3ea1ea54b41c884049e4f7c253b8b14afe45b36
Instruction ID: 82aad0612241f4246e56e0f9734ceb9d5492c0a5ab7c2b108d71491fa9c30695
Opcode Fuzzy Hash: 4ef99e68642739133f7db6add3ea1ea54b41c884049e4f7c253b8b14afe45b36
Instruction Fuzzy Hash: 85012871C11219DFDB14CFA9C4083EEBFF1BF89714F168629E824AA2A0D7745A85CF94

Function 00CCD744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1764480627.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_ccd000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5466c0612c971e82f6f328e657277b5b78d164d67a802f91720f240cf4025c9
Instruction ID: 5e8e72313fb44ce4b68734590bbff13ff53f308694bb2aac5dba411234e67855
Opcode Fuzzy Hash: f5466c0612c971e82f6f328e657277b5b78d164d67a802f91720f240cf4025c9
Instruction Fuzzy Hash: 37F06271404344AEE7108E16C8C8B66FFA8EB51734F18C45AED195E28AC2799844CBB1

Function 04D44198 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59bce746ce5bf7321a54f7b0a45164fd358e19da7e29f3fc38f7bd3a373f7c04
Instruction ID: 4e796ede7416c03b0564818a055306bae0e96593c3ddcbe2519e12bfc136b34a
Opcode Fuzzy Hash: 59bce746ce5bf7321a54f7b0a45164fd358e19da7e29f3fc38f7bd3a373f7c04
Instruction Fuzzy Hash: 1FF0A9329542598FCB50EFACC9853ACBBB1FF45300F0888BAD059D7296E638D649CB80

Function 04D44BC1 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b752b3174c8c8fd69304bfc3e83ac2dfe7355b07173a85d7a3202917808371c4
Instruction ID: 2040835502d17dfd4c0a7496f55e9d94202e153a2c00ee690db012910f47b27f
Opcode Fuzzy Hash: b752b3174c8c8fd69304bfc3e83ac2dfe7355b07173a85d7a3202917808371c4
Instruction Fuzzy Hash: 19F09031B053549FD714AB75F45863E7BE6EBC5315B04886EE48687341CF34AD46CB60

Function 04D441A4 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cec1980320844eb026fe2a710cbd17b8a9f5db1551b7158d946a3f6e5853cd0
Instruction ID: 4f7c1d3b03a224d5d0bd885b77c1d718498bce6c5a41f0814644f237d25c887a
Opcode Fuzzy Hash: 7cec1980320844eb026fe2a710cbd17b8a9f5db1551b7158d946a3f6e5853cd0
Instruction Fuzzy Hash: E4F06D329502098FCB50DFA8C8457BCBBE0FB44301F0489BAE419D3245EA38DA058B80

Function 04D4C568 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75c27af1284983cfb18b054a956c4082ab87adac04018116af452be45356597c
Instruction ID: 8201cae93bb81e0dbd6e1ca2a3dc8244f20b1cd7c1033884b130096111f8eed0
Opcode Fuzzy Hash: 75c27af1284983cfb18b054a956c4082ab87adac04018116af452be45356597c
Instruction Fuzzy Hash: 1501E871811219DFDB14CF6AC4087AEBBF1BF88750F118625E824AB290D7749A44CF90

Function 04D44BD0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b88f901a5771b2c0f40bdd4ed57acf3e5ed6608e422a165baa9b2f5ed776a8c1
Instruction ID: d38fbaf1875061c2f88c268d47c322d11af8911cf199aab522f904ca62f7219f
Opcode Fuzzy Hash: b88f901a5771b2c0f40bdd4ed57acf3e5ed6608e422a165baa9b2f5ed776a8c1
Instruction Fuzzy Hash: AFF08231B003149FCB18AB75F41863E77EAEBC5315B00882EE44687340CF74AC01CBA0

Function 04D4C608 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08eb86a4017d30e2f5428eddce4f708957cfaf827e73ed1cb329db730658d84f
Instruction ID: 19a9bab3057185dfca6512570fb6f05d14421337216c58ccc20cc28a6986feb3
Opcode Fuzzy Hash: 08eb86a4017d30e2f5428eddce4f708957cfaf827e73ed1cb329db730658d84f
Instruction Fuzzy Hash: 96E039727041286F93049A6EE884D6BBBEEEBCC660311807AF508C7311DA319C0186A0

Function 04D464A8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64e74c4e57ce0166c4b4e05c30ce2ee1ba55db93b65f2893e60d5104519f5b28
Instruction ID: f70ab4e7e758878c5eb6a39942071b956048fdeb1db42223dcb384cf941c3e15
Opcode Fuzzy Hash: 64e74c4e57ce0166c4b4e05c30ce2ee1ba55db93b65f2893e60d5104519f5b28
Instruction Fuzzy Hash: BBF06D7290024A8FDB50DF68C8457ACBBF0FF04300F0488BAE454D7256E678DA45CB80

Function 04D4802C Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 838aaff2e84c185e99aef9c385984ad4c9ce86157aa275967c2759beff2cbc7a
Instruction ID: 8bca7f2b5d0d46739429bffc02c14f1e3e9966da9a78b50d27633e7b89f164ec
Opcode Fuzzy Hash: 838aaff2e84c185e99aef9c385984ad4c9ce86157aa275967c2759beff2cbc7a
Instruction Fuzzy Hash: 79F01735710105CFEB41AF68E8497A873F0FB8535AF000076E00AD72A0DB78E986DB31

Function 04D421E5 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c14d46cc6b7c27538f35e62ecc63648bb827ea9d42135e430f35906304efd21
Instruction ID: edf53873bedfb29a46b7661086a1e9d7e01f05eabaf6e717faba398ac6f45dfb
Opcode Fuzzy Hash: 9c14d46cc6b7c27538f35e62ecc63648bb827ea9d42135e430f35906304efd21
Instruction Fuzzy Hash: 18F03070B006098BDB18EFB5D45479E7BB2FF84345F008978D00597684DF7459858FA1

Function 04D40E94 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecde739cddd5401210cac763dc478dcf3bfd926af3bcef7d9a97382cdc34b33e
Instruction ID: fb54e2306cc274d19ef3558856a278e06cd8fd05cb59937d44fe8dbaa815e947
Opcode Fuzzy Hash: ecde739cddd5401210cac763dc478dcf3bfd926af3bcef7d9a97382cdc34b33e
Instruction Fuzzy Hash: F5E09271200304ABAA359A25D844837B7ADFBC5764700892DE54AC3610DB31F885C6A4

Function 04D4D9E0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05f1695b770508c2ad9be0017bab29eb87a4c1a4fa873e5f67039bbc3440a2fb
Instruction ID: 1cdcb84191b0baef4b03838306bb2ec0e567abdf9bc0a0786a5362a267a10d8d
Opcode Fuzzy Hash: 05f1695b770508c2ad9be0017bab29eb87a4c1a4fa873e5f67039bbc3440a2fb
Instruction Fuzzy Hash: 85F065726041087F9F08DF59D841D9E7FEFEF84254B10C06AE408D7314E671E9508790

Function 04D46520 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ae329edd979bc61d3fc8282ec47fbaea04448df3ab863607b869af2e45da06d
Instruction ID: 6b39ec05aa1ebe85390018d9100788eb1df59ac9e6f55798316cbc8ea72110bf
Opcode Fuzzy Hash: 4ae329edd979bc61d3fc8282ec47fbaea04448df3ab863607b869af2e45da06d
Instruction Fuzzy Hash: 2CE0ED33200624878750DB9CF8854B5B3A9E785A6A3298157E50CCA725F636D852C7E0

Function 04D4C650 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3162b73ed3d499976c72d38dd4fa5c7c05ab7b611546753cc4af4179bb0005c0
Instruction ID: aa3d954ff85c4360909a7b8c7b29964293d515440c0f41de40d634780df9f4bf
Opcode Fuzzy Hash: 3162b73ed3d499976c72d38dd4fa5c7c05ab7b611546753cc4af4179bb0005c0
Instruction Fuzzy Hash: CCE0DF3A3016008FC3018709E808E89BFB1EFCA32070B9097F209CB6B2CA619C02C750

Function 04D4D9D0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df0ca9dac108e74521e3ba95e666e4b248927e3a16a7ae9e0f12b5d89b4ea1c7
Instruction ID: 0beb9b9fe5a20c6c7c7a79da9505e10144e2a397be4b525f9c796642afe97302
Opcode Fuzzy Hash: df0ca9dac108e74521e3ba95e666e4b248927e3a16a7ae9e0f12b5d89b4ea1c7
Instruction Fuzzy Hash: 22F02071608284AFEF06DF48DC40D9A7FFAEF91358F1480AAE844CB275D670EA10CB41

Function 04D43D5E Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8de3f5095e851963995a2e3dc1dffd8b0c3cb60e48e816eb5a615c302b74cdc4
Instruction ID: edf937f008bf65d46e1289175eca7d0d345cfd958b411679c2513c7940c2c465
Opcode Fuzzy Hash: 8de3f5095e851963995a2e3dc1dffd8b0c3cb60e48e816eb5a615c302b74cdc4
Instruction Fuzzy Hash: 01E04F71B5011DDBCF14AF95E5447EDBB70FB85356F300412E512F1550C7751594CBA0

Function 04D4D124 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fed69a03f234fe52238c8732f4cdab9e2c3749e8dc67cfc8ddbbada2129fec8
Instruction ID: 29111d4bf4ff69f947bc50ceec60fb668aff8252eeaf04b28623d971e8f946a2
Opcode Fuzzy Hash: 8fed69a03f234fe52238c8732f4cdab9e2c3749e8dc67cfc8ddbbada2129fec8
Instruction Fuzzy Hash: CDE0467255E7E06EE3036BBC8860B803FA19F97714F1A00DBD0C08A0B3D565945AD37A

Function 04D47FF0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3cd28084a6ddd9bb6eed404e45d954f9fbd292d517847b3d3b14c6bcb100bf0
Instruction ID: 153b22a32139dc3999d5c767be1d38062db6401b7a4d3055a920db6e22657089
Opcode Fuzzy Hash: d3cd28084a6ddd9bb6eed404e45d954f9fbd292d517847b3d3b14c6bcb100bf0
Instruction Fuzzy Hash: 90E01A353100148FDB40AF69E8487E873F0FB84357F4040B5E005DB2A0CB34E986CB20

Function 04D4656A Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42e532db20e4217451c3b879fbf1021eca0ca36b07a6fd2a99c63ffc4c1b1e06
Instruction ID: b169f9163d091447f9498f580cd73d7e1ff64c24fcfd2bfe3c28203ac8b5acaf
Opcode Fuzzy Hash: 42e532db20e4217451c3b879fbf1021eca0ca36b07a6fd2a99c63ffc4c1b1e06
Instruction Fuzzy Hash: F3E086316016909FEF11EF48D5886943B71EB42351F478499D186CB49AC73CE895CF45

Function 04D4C660 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdf6f0f1a66c5cdfd0824082dc4c6d02dc82ebb06cf8a8a4daec97a88a28a6fa
Instruction ID: 7eebae5eed371c77c89e68012d822235d103c20d57aa5ded5038a004cbad26d8
Opcode Fuzzy Hash: cdf6f0f1a66c5cdfd0824082dc4c6d02dc82ebb06cf8a8a4daec97a88a28a6fa
Instruction Fuzzy Hash: DAD012363005149FC3149A4AE804D4ABBE9DFC9731B158066F609C7770CE71EC01C794

Function 04D41228 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b897ed84f92e702450cbe9e2dcdb1f407a3fbe4a40d186e944b4993705785ac
Instruction ID: 1a32a5ff34cc830215525c27f464ff5e6c4579f1ff4548ec7551e84d19315786
Opcode Fuzzy Hash: 1b897ed84f92e702450cbe9e2dcdb1f407a3fbe4a40d186e944b4993705785ac
Instruction Fuzzy Hash: 3DE0E6B5A01109EFC700EFE4E54196DBBB5FB45314710C5A9E809D3718DB366F049B55

Function 04D4A862 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbfafffdccd65f8ab544c1bb61de1e6fc521c32a9bb9e3b3e7b2fe9d50c5e506
Instruction ID: 602c3e2708523e83d9492a4f3aed8385f78602e5e3ebbfb18ae5547cd279fdc5
Opcode Fuzzy Hash: fbfafffdccd65f8ab544c1bb61de1e6fc521c32a9bb9e3b3e7b2fe9d50c5e506
Instruction Fuzzy Hash: 77D0A93E1481049FC621AB6488809DABF72FFA0744300C593C2840B03A9231E91EA332

Function 04D42258 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86d8f054d802101d63e9c82487ca81299c4d1b6e3a81bb69a34dd0f04affadf1
Instruction ID: 65daf9fd5b01c3b9a421f5830d0495bfdfe3c25e35173bb79d3f6df1df395756
Opcode Fuzzy Hash: 86d8f054d802101d63e9c82487ca81299c4d1b6e3a81bb69a34dd0f04affadf1
Instruction Fuzzy Hash: 1EE0E274A4020ACFCB00CFA4D498AADBBB0EB48344F208499E006A7260CB34A804CF50

Function 04D4590A Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 282dfad0593a632ffca8cf459ab9a71e268f6f9a888f92aa64a76ea3a58d75a9
Instruction ID: 6d5f1a00902e5d1fa4dd3bfe6e92247e7b0d02fec4abd1f07dd7b3a188bff7f9
Opcode Fuzzy Hash: 282dfad0593a632ffca8cf459ab9a71e268f6f9a888f92aa64a76ea3a58d75a9
Instruction Fuzzy Hash: 09D0C932144128BFCB026F81D841E497F69FB99758F248058F6044F062D773D563DBD0

Function 04D44620 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63fbe4aa20fbbfa10896cd911427c44b80c4f1e1b4949a471c3e5d9204297aab
Instruction ID: 6cfa8cb922fe82426e9826366d228be4939bae14a9f5ef4361f2627d4cd3822e
Opcode Fuzzy Hash: 63fbe4aa20fbbfa10896cd911427c44b80c4f1e1b4949a471c3e5d9204297aab
Instruction Fuzzy Hash: C1B09B3231513513D609719D64105BD728D87C9569F400177950D97741CCD59D4203EE

Function 04D41CB8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0341e22ac4ccae61cdef8a3ff083d54396a024643692306cffbcf3889b6861ae
Instruction ID: d88228b56b83480997ab3dd2069e883146199d3b504729af0335e990fcc5a23e
Opcode Fuzzy Hash: 0341e22ac4ccae61cdef8a3ff083d54396a024643692306cffbcf3889b6861ae
Instruction Fuzzy Hash: 21D0C938403901CEFF90BB61E819B987734E7C832AF40C4129064112D88A38A4C8DEE5

Function 04D4BEE1 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dbf8107071d88923427d7a4e682d538ec56e82b4778c822876e49147aded3c6
Instruction ID: 2a86b0f0f8e1e4cd01b6edce9e5f93a0aeb679ef1ba100178dde94c34d826b26
Opcode Fuzzy Hash: 4dbf8107071d88923427d7a4e682d538ec56e82b4778c822876e49147aded3c6
Instruction Fuzzy Hash: 26D0127A0092805FDB0397A18800904BF71FF5721430AC0CBD1C487073D214E81DEB22

Function 04D4D9A9 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55b8239f606082e3b44649f1e164cc3d4634cd9cf188aa4bce9bb485016b0850
Instruction ID: b2d1e1f02d6c28cba8beecc3d3f203131f76c8af7c732c1dbc584eb9b59ceb29
Opcode Fuzzy Hash: 55b8239f606082e3b44649f1e164cc3d4634cd9cf188aa4bce9bb485016b0850
Instruction Fuzzy Hash: D7C08CA204D3C07EE303A3F088209417FB29F7321131AC0C3E184D70A3C014A418E733

Function 04D45910 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a0cea0e12ac40fb993574ac5f9e535dce83faf6b2a9e9e7a9d54b812937896a
Instruction ID: 13b343b4cc2930d2c59e8583156cd8afe3e30c2687f499d933525e868650682a
Opcode Fuzzy Hash: 7a0cea0e12ac40fb993574ac5f9e535dce83faf6b2a9e9e7a9d54b812937896a
Instruction Fuzzy Hash: B3C00232144208BBDB026A81D801E5ABF6AAB956A4F188055F7040D161D673E562AB94

Function 04D4D144 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46021a8c3e822b9407d7a37a92a2a7476aafc4a4f8f1f23d5babe34f1a5cad15
Instruction ID: 4082bf747065a4a3c11c0fb18a6a82fd4cc69b6f7e0551495f1865cd83284639
Opcode Fuzzy Hash: 46021a8c3e822b9407d7a37a92a2a7476aafc4a4f8f1f23d5babe34f1a5cad15
Instruction Fuzzy Hash: FCB012753D4140B37600B3E84940D3AD443FBFB704B50CC127786E0054C431F468A237

Function 04D47D50 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1767805953.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4d40000_StcHfDkbCv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c4eeda96e59ff92e8bade4b33ad9b3daa963fdf22c3ddd0748105c557757b52
Instruction ID: cc53b9eabebf4a74b8522c3316c7c8cb3278de7aff1c05dd38bbc602343e618b
Opcode Fuzzy Hash: 9c4eeda96e59ff92e8bade4b33ad9b3daa963fdf22c3ddd0748105c557757b52
Instruction Fuzzy Hash: CFC04C91409AC6AAEF53021898685A57F10AB47301F4A11DE88805A06ED354242993C6

Analysis Process: MSBuild.exePID: 2800, Parent PID: 8044COMMON

Executed Functions

Function 015A0EE0 Relevance: 3.9, Strings: 3, Instructions: 155COMMON

Download Yara Rule

Strings

Te^q, xrefs: 015A0F15
(bq, xrefs: 015A11BA
d7p, xrefs: 015A0F2D

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID: (bq$Te^q$d7p
API String ID: 0-1699803613
Opcode ID: 11990a4601278c18b1af6815662807fd85476ad962011af21a29e6762048d7f5
Instruction ID: 7ca505084f887e6af4b1b202a70e72071762776f79c75c7d54652a16baac7902
Opcode Fuzzy Hash: 11990a4601278c18b1af6815662807fd85476ad962011af21a29e6762048d7f5
Instruction Fuzzy Hash: FB518E34B501148FCB44DF6DC498A6EBBF6FF88700F2581A9E806EB3A5DA35DC018B80

Function 015A0D48 Relevance: 2.6, Strings: 2, Instructions: 128COMMON

Download Yara Rule

Strings

Hbq, xrefs: 015A0E68
dLdq, xrefs: 015A0D83

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID: Hbq$dLdq
API String ID: 0-411705877
Opcode ID: c797f7f6fbca7a8073d74da4df5a94fc419aa3a372daa40660bbd29d273abfc1
Instruction ID: a547ff2cb3362650c8b3f3d79ad13d2550ac4847462716bf1989e3bbbdcb611b
Opcode Fuzzy Hash: c797f7f6fbca7a8073d74da4df5a94fc419aa3a372daa40660bbd29d273abfc1
Instruction Fuzzy Hash: FF419171B002048FDB15DF69D458AAEBBF6BF88300F1485AAE505EB3A1DA75DC05CB91

Function 015A1361 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

LR^q, xrefs: 015A13B3

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: 8f5de48f2315b7463d9ca23765de322fed9221b8f4652d0e50317ee0d33dd6e9
Instruction ID: 69e23bbb294c8153aceab3b55819f9ca4280b700b63320242d831f3d76700fd1
Opcode Fuzzy Hash: 8f5de48f2315b7463d9ca23765de322fed9221b8f4652d0e50317ee0d33dd6e9
Instruction Fuzzy Hash: 4A319E74F102168FCB44EB798590A6FBBF6BFC8600B144469E10ADF3A4EE30DD068792

Function 015A0D38 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

dLdq, xrefs: 015A0D83

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID: dLdq
API String ID: 0-3390252261
Opcode ID: 09525dae4afbe488fcfb34f649535f50e2e10ff3e1933fcc4a9e712bece38e3d
Instruction ID: b260aece6d9528bb6fd119c54ae93f13b55ceb6f63853952e9bed850f5515e8e
Opcode Fuzzy Hash: 09525dae4afbe488fcfb34f649535f50e2e10ff3e1933fcc4a9e712bece38e3d
Instruction Fuzzy Hash: 9E317E75A102058FDB15DF68C598BAEBBF2BF88300F148569E505AB3A1CB75ED09CB90

Function 015A0E67 Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

Hbq, xrefs: 015A0E68

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: e8fd9f323f23f3191e48b33e3a804f319386169836c5d1e53b1e02292e6006ed
Instruction ID: 4b35913a83693acdc59da2b1eced3cb0f6ea2371506e6ae9f250bad0c492d0bc
Opcode Fuzzy Hash: e8fd9f323f23f3191e48b33e3a804f319386169836c5d1e53b1e02292e6006ed
Instruction Fuzzy Hash: 3CF02B717042504FC3899B3DA45456F7FE7AFD925076648FFD00ACB392ED298C068795

Function 015A0AC8 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 209a14213013b29fd525bfe043d1a535b91399296c55398eec528e59aa0e6b66
Instruction ID: b2398e1763cdb8b94fc1c95faf20640ca6ee23436f69ca0c1cb2fa4d5c335e9f
Opcode Fuzzy Hash: 209a14213013b29fd525bfe043d1a535b91399296c55398eec528e59aa0e6b66
Instruction Fuzzy Hash: BE51B6B858020ADFC716EF34E5E49597767FF883097508A6AD4028B36DFB31A946DF80

Function 015A11F8 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6da4ccde6ad2c60fda36caf61ba3b8394adac2eb97f383cd88f1c3c0cde5c1e
Instruction ID: fe642301e51458084e9c203cbfdb315a065139d824375571afc7ea25eeac0ba0
Opcode Fuzzy Hash: d6da4ccde6ad2c60fda36caf61ba3b8394adac2eb97f383cd88f1c3c0cde5c1e
Instruction Fuzzy Hash: 5F41A0B0E00209AFCB04DFB9C58466EBBFABFC8300F24C569D459DB345DA34D9468B90

Function 015A0999 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6b64daad727b3c5e78af3aa9c5d120381038e5eee0509693e2141565fdc6ece
Instruction ID: 3d5ce7f009a743de1fddf73e4d12613144a9c5b2fc5e7badf0042e135f269239
Opcode Fuzzy Hash: b6b64daad727b3c5e78af3aa9c5d120381038e5eee0509693e2141565fdc6ece
Instruction Fuzzy Hash: 0D21B170BA03028FDB65AB78946862E3BE9BF44705F80452DF407DB195EA70E8408B51

Function 015A09A8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a999ceb3d7fe3ec5b14ba998e6763aa60ddbc8d42d04065065ba68ba27e769f5
Instruction ID: dba51f62c8d8ce4b15ffe030d4b6a17b9bc304ed74286302e59fb73cb423d6d2
Opcode Fuzzy Hash: a999ceb3d7fe3ec5b14ba998e6763aa60ddbc8d42d04065065ba68ba27e769f5
Instruction Fuzzy Hash: 0121A2707A03068FDB65AF78946862E3BE9BF44705F800529B507DB184EEB0E841CB92

Function 0123D3B4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1766736402.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_123d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e15cb82b974e6660a7dafcab028039c714e33f3d340263ae656f5b4de001d239
Instruction ID: 3aaeca1b7eba406814ae1404f9f2188d0f39190db60666532d02ede01b28543b
Opcode Fuzzy Hash: e15cb82b974e6660a7dafcab028039c714e33f3d340263ae656f5b4de001d239
Instruction Fuzzy Hash: C92145B1510208DFCB01DF58D9C0B66BF65FBC4314F60C569EA090B256C336E456CBA1

Function 0123D3AF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1766736402.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_123d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 57a765c6b396a46796497104fb8d21d6b443c304451c3933274441939398c553
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: D51103B6404284CFCB02CF54D5C4B56BF72FB84314F24C5A9DA090B657C336E45ACBA1

Function 015A1459 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abfd2de4a55299c80ffe85f4ba67700350df1a27222aff8e8a86d5ae528d08c7
Instruction ID: d079f63a0f218f12d8a686a892e6796353d77cb22c19bc9757c760b4870e46c5
Opcode Fuzzy Hash: abfd2de4a55299c80ffe85f4ba67700350df1a27222aff8e8a86d5ae528d08c7
Instruction Fuzzy Hash: 401179B0A402159FCB55EB78E454A6E7BF6BF88614B5148BAD00ADB364EA31CC42CB90

Function 015A1468 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c79540f6a992042ae0624630ba12aca1ef17116ef6ba7a5ea9bff4f93a29185a
Instruction ID: f6b867554e49c97a9ea4ca04fda69d751557cc47400d8c9289d42d1749205b72
Opcode Fuzzy Hash: c79540f6a992042ae0624630ba12aca1ef17116ef6ba7a5ea9bff4f93a29185a
Instruction Fuzzy Hash: 2711ADB0B402099FCB54EBBDD454A6E7BEABF88611B500879D00ADB358EA31DC41CB90

Function 015A0EA8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1767307057.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_15a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc70bd2191e47e7db26262a9f0c31224785a2bf7928d91cc3db5e7f4d9103792
Instruction ID: 5b2e98032bddff754d6c4db675881cbd77633b4fc4a7dc877456456c9700a3c2
Opcode Fuzzy Hash: dc70bd2191e47e7db26262a9f0c31224785a2bf7928d91cc3db5e7f4d9103792
Instruction Fuzzy Hash: 3EE08C323002045F83489A2EF88885AB7DAEBC862431508B9E10EC7325DD60DC014390

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 4yOuoT4GFy.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: AsyncRAT

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4yOuoT4GFy.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\StcHfDkbCv.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ammdbpsj.b0f.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h0qgkaht.0mg.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_inc1as5t.kyl.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jqkzcae0.ekn.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nknxhoy0.tfj.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pcmi03ya.qkz.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pxkclzjc.cqb.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uibbunsl.kxm.ps1

Windows Analysis Report
4yOuoT4GFy.exe